Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/41/cec6d6-6d34-4107-b672-92bef34e77aa/1/dNOgTjs7jrbB9SKSSUszlaLVAjo.roa
File:                     dNOgTjs7jrbB9SKSSUszlaLVAjo.roa (raw, json)
Hash identifier:          8MLaPme8W4wf5oENh8ADBmwmizbYMot4/vQ2rLYnm0c=
Subject key identifier:   74:D3:A0:4E:3B:3B:8E:B6:C1:F5:22:92:49:4B:33:95:A2:D5:02:3A
Certificate issuer:       /CN=59f2470c03a0f0bad00846b0f67c7a232d557288
Certificate serial:       019422FBF7E52F96BD9F1F89F947504587D0
Authority key identifier: 59:F2:47:0C:03:A0:F0:BA:D0:08:46:B0:F6:7C:7A:23:2D:55:72:88
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WfJHDAOg8LrQCEaw9nx6Iy1Vcog.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/41/cec6d6-6d34-4107-b672-92bef34e77aa/1/dNOgTjs7jrbB9SKSSUszlaLVAjo.roa
Signing time:             Wed 01 Jan 2025 17:48:45 +0000
ROA not before:           Wed 01 Jan 2025 17:48:45 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211595
IP address blocks:        2001:678:f10::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/41/cec6d6-6d34-4107-b672-92bef34e77aa/1/WfJHDAOg8LrQCEaw9nx6Iy1Vcog.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/41/cec6d6-6d34-4107-b672-92bef34e77aa/1/WfJHDAOg8LrQCEaw9nx6Iy1Vcog.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WfJHDAOg8LrQCEaw9nx6Iy1Vcog.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fb:f7:e5:2f:96:bd:9f:1f:89:f9:47:50:45:87:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=59f2470c03a0f0bad00846b0f67c7a232d557288
        Validity
            Not Before: Jan  1 17:48:45 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=74d3a04e3b3b8eb6c1f52292494b3395a2d5023a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:4d:56:04:dc:78:47:0b:5e:86:73:ed:f2:24:
                    09:dc:33:d8:3a:4e:ac:18:15:a8:51:da:7e:08:26:
                    ba:ec:85:80:30:35:23:67:34:d2:87:f3:34:e3:15:
                    6b:c2:40:b1:db:4a:d1:db:13:2e:09:ae:07:60:06:
                    2c:66:da:d2:80:85:8d:26:5a:6b:91:81:e7:c2:c3:
                    4e:9c:98:33:8a:cd:3c:b2:2f:72:4d:93:60:f1:e3:
                    cd:7e:27:4e:60:e9:74:6a:f8:a1:84:7f:f9:43:db:
                    0f:98:70:1a:07:f0:e5:d8:4e:7d:72:fb:30:47:a9:
                    b5:a0:4e:cd:18:f0:0e:bc:77:cc:3f:84:6e:8d:1f:
                    29:61:1d:54:26:72:a9:b5:d5:65:94:66:b8:4e:c7:
                    9d:f0:f9:1c:2e:c3:c4:eb:ab:9e:c7:70:3f:1f:24:
                    37:64:87:c3:fc:dc:4b:d5:62:98:f3:83:9c:2a:a5:
                    b1:85:7e:32:3f:bc:1b:38:c3:b1:ad:ee:e5:67:5b:
                    f1:b4:e4:8a:af:1d:29:13:00:51:f1:45:29:70:58:
                    14:7b:77:83:42:b7:f0:84:24:53:13:c9:42:14:3d:
                    4c:7b:e3:00:f7:a3:f6:05:80:e2:88:0d:2f:e5:8a:
                    46:46:20:66:0e:2a:86:a9:0d:53:80:64:56:fe:c2:
                    7c:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:D3:A0:4E:3B:3B:8E:B6:C1:F5:22:92:49:4B:33:95:A2:D5:02:3A
            X509v3 Authority Key Identifier:
                keyid:59:F2:47:0C:03:A0:F0:BA:D0:08:46:B0:F6:7C:7A:23:2D:55:72:88

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WfJHDAOg8LrQCEaw9nx6Iy1Vcog.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/41/cec6d6-6d34-4107-b672-92bef34e77aa/1/dNOgTjs7jrbB9SKSSUszlaLVAjo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/41/cec6d6-6d34-4107-b672-92bef34e77aa/1/WfJHDAOg8LrQCEaw9nx6Iy1Vcog.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:f10::/48

    Signature Algorithm: sha256WithRSAEncryption
         ab:43:1e:56:53:e6:7f:8f:98:54:c6:f7:9e:0b:84:d9:79:8e:
         11:ba:5d:38:8f:ea:12:d2:da:16:0a:db:56:66:4a:fc:cb:33:
         d6:72:71:c4:e6:5d:fb:3e:f8:a8:d9:9a:c6:b3:5e:89:0e:03:
         d8:2a:61:a2:c4:64:c4:8c:24:c9:b3:11:be:c0:4a:62:18:1a:
         d8:5a:ed:1e:fe:19:f9:75:c3:af:74:5b:f0:f2:ad:9d:b8:14:
         09:2f:b0:9e:09:f3:e8:f4:e9:66:bc:ce:ae:40:67:a3:42:b4:
         7c:8d:ac:c6:84:97:75:14:28:27:0a:6b:73:be:dd:0a:40:c6:
         0d:d6:85:61:12:89:4a:76:d0:87:9c:d3:03:b2:33:ac:ca:4c:
         65:a2:f8:e8:45:eb:b9:69:c1:15:95:92:8a:a5:dc:aa:f9:f1:
         b8:be:cf:1b:ae:0c:f2:4a:f2:25:5d:f4:87:91:f2:7c:64:97:
         5d:a2:95:59:fd:b9:ff:3a:33:75:21:00:1f:59:99:6e:a6:7c:
         21:a3:4e:0e:4b:48:67:51:d4:74:2f:2d:7f:4d:85:53:f8:f1:
         8b:3f:05:9e:34:1b:dd:d3:b7:a4:3a:97:c4:d5:71:d9:eb:95:
         21:5c:9a:a0:5e:b6:bf:79:f5:20:fd:bd:f9:2a:4a:e7:3b:bf:
         09:74:48:76
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQi+/flL5a9nx+J+UdQRYfQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU5ZjI0NzBjMDNhMGYwYmFkMDA4NDZiMGY2N2M3YTIzMmQ1
NTcyODgwHhcNMjUwMTAxMTc0ODQ1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NGQzYTA0ZTNiM2I4ZWI2YzFmNTIyOTI0OTRiMzM5NWEyZDUwMjNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv01WBNx4RwtehnPt8iQJ3DPYOk6s
GBWoUdp+CCa67IWAMDUjZzTSh/M04xVrwkCx20rR2xMuCa4HYAYsZtrSgIWNJlpr
kYHnwsNOnJgzis08si9yTZNg8ePNfidOYOl0avihhH/5Q9sPmHAaB/Dl2E59cvsw
R6m1oE7NGPAOvHfMP4RujR8pYR1UJnKptdVllGa4Tsed8PkcLsPE66uex3A/HyQ3
ZIfD/NxL1WKY84OcKqWxhX4yP7wbOMOxre7lZ1vxtOSKrx0pEwBR8UUpcFgUe3eD
QrfwhCRTE8lCFD1Me+MA96P2BYDiiA0v5YpGRiBmDiqGqQ1TgGRW/sJ84QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFHTToE47O462wfUikklLM5Wi1QI6MB8GA1UdIwQY
MBaAFFnyRwwDoPC60AhGsPZ8eiMtVXKIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV2ZKSERBT2c4THJRQ0VhdzlueDZJeTFWY29nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MS9jZWM2ZDYtNmQzNC00MTA3LWI2NzIt
OTJiZWYzNGU3N2FhLzEvZE5PZ1RqczdqcmJCOVNLU1NVc3psYUxWQWpvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MS9jZWM2ZDYtNmQzNC00MTA3LWI2NzItOTJiZWYzNGU3N2Fh
LzEvV2ZKSERBT2c4THJRQ0VhdzlueDZJeTFWY29nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeA8Q
MA0GCSqGSIb3DQEBCwUAA4IBAQCrQx5WU+Z/j5hUxveeC4TZeY4Rul04j+oS0toW
CttWZkr8yzPWcnHE5l37Pvio2ZrGs16JDgPYKmGixGTEjCTJsxG+wEpiGBrYWu0e
/hn5dcOvdFvw8q2duBQJL7CeCfPo9OlmvM6uQGejQrR8jazGhJd1FCgnCmtzvt0K
QMYN1oVhEolKdtCHnNMDsjOsykxlovjoReu5acEVlZKKpdyq+fG4vs8brgzySvIl
XfSHkfJ8ZJddopVZ/bn/OjN1IQAfWZlupnwho04OS0hnUdR0Ly1/TYVT+PGLPwWe
NBvd07ekOpfE1XHZ65UhXJqgXra/efUg/b35KkrnO78JdEh2
-----END CERTIFICATE-----