Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/4d8a74-60b8-410e-aa35-392a752464b1/1/DI4vBCoaFwWH56fastsgpI_OzV4.roa
File:                     DI4vBCoaFwWH56fastsgpI_OzV4.roa (raw, json)
Hash identifier:          G2unu3ORD0MMoGD5/yRPHnaWwSlBATtxNpmWR5aHEM4=
Subject key identifier:   0C:8E:2F:04:2A:1A:17:05:87:E7:A7:DA:B2:DB:20:A4:8F:CE:CD:5E
Certificate issuer:       /CN=6f2c0c66b6b4612c8949800f09291cafa3865fd3
Certificate serial:       019421438ADC1EED766D8BA6D4607C9C3E46
Authority key identifier: 6F:2C:0C:66:B6:B4:61:2C:89:49:80:0F:09:29:1C:AF:A3:86:5F:D3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bywMZra0YSyJSYAPCSkcr6OGX9M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/40/4d8a74-60b8-410e-aa35-392a752464b1/1/DI4vBCoaFwWH56fastsgpI_OzV4.roa
Signing time:             Wed 01 Jan 2025 09:47:41 +0000
ROA not before:           Wed 01 Jan 2025 09:47:41 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206946
IP address blocks:        2001:678:2b8::/48 maxlen: 48
                          2001:678:2b9::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/40/4d8a74-60b8-410e-aa35-392a752464b1/1/bywMZra0YSyJSYAPCSkcr6OGX9M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/40/4d8a74-60b8-410e-aa35-392a752464b1/1/bywMZra0YSyJSYAPCSkcr6OGX9M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bywMZra0YSyJSYAPCSkcr6OGX9M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 06:00:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:43:8a:dc:1e:ed:76:6d:8b:a6:d4:60:7c:9c:3e:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f2c0c66b6b4612c8949800f09291cafa3865fd3
        Validity
            Not Before: Jan  1 09:47:41 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0c8e2f042a1a170587e7a7dab2db20a48fcecd5e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:81:32:cf:47:75:b6:c0:f9:0c:44:e2:2a:ee:
                    fd:f9:f4:27:c6:b7:7d:cc:e5:ff:dc:90:ec:8d:45:
                    1a:c5:6e:b0:f6:c7:ee:58:31:76:1c:0f:25:85:da:
                    2e:e7:91:ec:e2:dc:4d:f6:e3:a6:36:96:db:e4:3f:
                    cb:46:c5:60:d1:53:5b:0e:9a:9a:ee:a1:12:5d:12:
                    ad:7a:a9:e0:39:b2:03:85:28:38:84:b7:9d:51:04:
                    6f:85:2e:a0:3b:28:32:5a:df:c8:09:9b:af:04:51:
                    69:fb:d0:52:e3:85:2d:3f:38:5d:6b:53:c7:a0:de:
                    bd:42:de:de:fc:91:8c:0a:a5:79:28:ca:27:e0:0c:
                    10:07:ae:da:69:6a:2f:00:3b:83:89:f5:ab:28:19:
                    20:48:ac:dc:04:23:8a:ba:d7:7c:a2:80:30:0b:bb:
                    5b:f1:fd:f1:57:e9:c4:e8:11:e9:29:0f:42:4a:bd:
                    60:12:b4:16:8f:50:62:f3:95:01:d0:57:ba:31:fa:
                    df:ed:d2:af:da:7c:37:eb:ae:47:14:cd:ee:4d:67:
                    e0:0a:33:cd:cd:c4:c5:1a:ff:e0:75:0e:ce:9f:7e:
                    e9:12:48:54:49:68:e6:ff:65:48:c4:e2:5d:f5:8e:
                    04:ce:8c:c0:25:d0:da:25:40:fc:a7:51:ea:ef:94:
                    26:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:8E:2F:04:2A:1A:17:05:87:E7:A7:DA:B2:DB:20:A4:8F:CE:CD:5E
            X509v3 Authority Key Identifier:
                keyid:6F:2C:0C:66:B6:B4:61:2C:89:49:80:0F:09:29:1C:AF:A3:86:5F:D3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bywMZra0YSyJSYAPCSkcr6OGX9M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/4d8a74-60b8-410e-aa35-392a752464b1/1/DI4vBCoaFwWH56fastsgpI_OzV4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/40/4d8a74-60b8-410e-aa35-392a752464b1/1/bywMZra0YSyJSYAPCSkcr6OGX9M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:2b8::/47

    Signature Algorithm: sha256WithRSAEncryption
         af:a9:61:ea:19:3c:04:96:b2:e9:04:55:2b:6b:41:82:4c:73:
         50:55:e2:a8:57:bd:52:65:c7:9e:39:2a:de:e2:46:b8:96:18:
         85:53:fd:ff:ff:be:17:01:d5:39:b1:d5:e0:c4:21:6b:cd:00:
         d5:06:b7:a8:ad:5b:8c:14:18:2a:e5:07:c7:97:cc:2f:b6:c3:
         63:ca:5f:c1:0f:64:0d:fc:fe:1e:46:5f:55:f8:30:cb:b3:1a:
         06:1f:3a:70:5b:f8:65:d4:21:bb:1a:00:81:bb:ff:85:44:cf:
         32:6a:2f:e5:82:c0:4c:47:14:b0:12:12:44:74:37:b5:ca:aa:
         b1:08:6e:1f:6a:79:01:77:ab:d0:3b:38:d4:16:62:f3:71:cc:
         88:b8:17:d7:43:72:5d:18:29:8f:64:fd:2a:16:7b:a1:f0:dc:
         90:e4:5a:7d:09:16:f5:76:72:6b:b0:c9:49:06:8c:f5:b2:5b:
         02:5c:52:61:d1:08:71:40:8c:8a:56:e6:1d:54:4f:41:a0:22:
         3b:92:2f:a2:44:fc:b4:69:d6:0f:4d:00:3e:dc:ba:77:e0:84:
         7c:1f:c5:2c:a6:3b:21:c3:d2:92:fd:51:94:59:d7:ae:81:91:
         0a:1c:b6:c3:61:d4:12:48:1e:73:df:8c:7e:f9:a7:8e:0a:b9:
         94:f5:60:f1
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQhQ4rcHu12bYum1GB8nD5GMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmMmMwYzY2YjZiNDYxMmM4OTQ5ODAwZjA5MjkxY2FmYTM4
NjVmZDMwHhcNMjUwMTAxMDk0NzQxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYzhlMmYwNDJhMWExNzA1ODdlN2E3ZGFiMmRiMjBhNDhmY2VjZDVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt4Eyz0d1tsD5DETiKu79+fQnxrd9
zOX/3JDsjUUaxW6w9sfuWDF2HA8lhdou55Hs4txN9uOmNpbb5D/LRsVg0VNbDpqa
7qESXRKteqngObIDhSg4hLedUQRvhS6gOygyWt/ICZuvBFFp+9BS44UtPzhda1PH
oN69Qt7e/JGMCqV5KMon4AwQB67aaWovADuDifWrKBkgSKzcBCOKutd8ooAwC7tb
8f3xV+nE6BHpKQ9CSr1gErQWj1Bi85UB0Fe6Mfrf7dKv2nw3665HFM3uTWfgCjPN
zcTFGv/gdQ7On37pEkhUSWjm/2VIxOJd9Y4EzozAJdDaJUD8p1Hq75QmFwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFAyOLwQqGhcFh+en2rLbIKSPzs1eMB8GA1UdIwQY
MBaAFG8sDGa2tGEsiUmADwkpHK+jhl/TMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYnl3TVpyYTBZU3lKU1lBUENTa2NyNk9HWDlNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC80ZDhhNzQtNjBiOC00MTBlLWFhMzUt
MzkyYTc1MjQ2NGIxLzEvREk0dkJDb2FGd1dINTZmYXN0c2dwSV9PelY0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC80ZDhhNzQtNjBiOC00MTBlLWFhMzUtMzkyYTc1MjQ2NGIx
LzEvYnl3TVpyYTBZU3lKU1lBUENTa2NyNk9HWDlNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcBIAEGeAK4
MA0GCSqGSIb3DQEBCwUAA4IBAQCvqWHqGTwElrLpBFUra0GCTHNQVeKoV71SZcee
OSre4ka4lhiFU/3//74XAdU5sdXgxCFrzQDVBreorVuMFBgq5QfHl8wvtsNjyl/B
D2QN/P4eRl9V+DDLsxoGHzpwW/hl1CG7GgCBu/+FRM8yai/lgsBMRxSwEhJEdDe1
yqqxCG4fankBd6vQOzjUFmLzccyIuBfXQ3JdGCmPZP0qFnuh8NyQ5Fp9CRb1dnJr
sMlJBoz1slsCXFJh0QhxQIyKVuYdVE9BoCI7ki+iRPy0adYPTQA+3Lp34IR8H8Us
pjshw9KS/VGUWdeugZEKHLbDYdQSSB5z34x++aeOCrmU9WDx
-----END CERTIFICATE-----