Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/f00ccc-ec3f-40df-a9fc-7cc79917300a/1/jV6ZfPR6YwqVEX_jWrfo-E3Ut1A.roa
File:                     jV6ZfPR6YwqVEX_jWrfo-E3Ut1A.roa (raw, json)
Hash identifier:          aKYc4lH7d/oqBFxJQA9n8W63icM0UlQYroSqqHHtI28=
Subject key identifier:   8D:5E:99:7C:F4:7A:63:0A:95:11:7F:E3:5A:B7:E8:F8:4D:D4:B7:50
Certificate issuer:       /CN=2dbdb89fb4118ffa55fafdbf45e19282be0e7acf
Certificate serial:       0194221F72C5122C576B9C0A06925D000247
Authority key identifier: 2D:BD:B8:9F:B4:11:8F:FA:55:FA:FD:BF:45:E1:92:82:BE:0E:7A:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Lb24n7QRj_pV-v2_ReGSgr4Oes8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/42/f00ccc-ec3f-40df-a9fc-7cc79917300a/1/jV6ZfPR6YwqVEX_jWrfo-E3Ut1A.roa
Signing time:             Wed 01 Jan 2025 13:47:53 +0000
ROA not before:           Wed 01 Jan 2025 13:47:53 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     34182
IP address blocks:        2a00:5647::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/42/f00ccc-ec3f-40df-a9fc-7cc79917300a/1/Lb24n7QRj_pV-v2_ReGSgr4Oes8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/42/f00ccc-ec3f-40df-a9fc-7cc79917300a/1/Lb24n7QRj_pV-v2_ReGSgr4Oes8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Lb24n7QRj_pV-v2_ReGSgr4Oes8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 14:28:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:72:c5:12:2c:57:6b:9c:0a:06:92:5d:00:02:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2dbdb89fb4118ffa55fafdbf45e19282be0e7acf
        Validity
            Not Before: Jan  1 13:47:53 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8d5e997cf47a630a95117fe35ab7e8f84dd4b750
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:6e:3a:bc:56:1c:4c:be:20:ca:11:70:18:f3:
                    6b:ae:61:9f:0c:69:50:fa:ff:63:ab:30:c6:3a:67:
                    5e:2a:70:ab:49:cd:d3:c4:6d:55:2d:d6:c0:ab:44:
                    ca:ac:8c:9d:12:96:25:d6:fe:a4:79:3e:64:f5:5b:
                    83:9a:b8:59:6b:b1:69:95:48:9e:0f:b7:59:ca:f3:
                    d1:da:76:d6:de:09:cb:a9:7e:6c:1a:dc:90:21:04:
                    ef:0d:9c:60:90:3d:73:91:84:06:e3:19:3d:c6:b0:
                    4e:96:70:80:b6:c8:61:57:0a:e0:a4:0b:b2:2a:70:
                    93:51:62:2c:66:bb:e5:bf:b3:c3:d9:2b:7e:00:a3:
                    e6:17:07:16:3d:11:85:c4:c0:76:4c:c7:d6:25:58:
                    58:0c:44:54:f4:b1:0c:10:71:03:03:f3:e8:bf:5b:
                    1c:52:64:94:ac:af:ab:ea:bb:6f:82:d8:7f:da:65:
                    2b:a8:41:13:8b:3b:cf:fa:d7:ae:57:7e:51:c5:76:
                    8c:f1:ca:2a:c0:75:23:e4:da:f9:9d:53:39:7c:4b:
                    0c:78:7c:18:7c:2c:42:28:12:f3:1f:9c:37:18:98:
                    dc:4a:75:23:ec:d1:f1:60:86:0a:0d:c1:ad:b4:06:
                    aa:02:df:66:e6:55:24:e8:dd:f9:d0:fe:c9:c5:ef:
                    2a:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:5E:99:7C:F4:7A:63:0A:95:11:7F:E3:5A:B7:E8:F8:4D:D4:B7:50
            X509v3 Authority Key Identifier:
                keyid:2D:BD:B8:9F:B4:11:8F:FA:55:FA:FD:BF:45:E1:92:82:BE:0E:7A:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Lb24n7QRj_pV-v2_ReGSgr4Oes8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/f00ccc-ec3f-40df-a9fc-7cc79917300a/1/jV6ZfPR6YwqVEX_jWrfo-E3Ut1A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/42/f00ccc-ec3f-40df-a9fc-7cc79917300a/1/Lb24n7QRj_pV-v2_ReGSgr4Oes8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a00:5647::/32

    Signature Algorithm: sha256WithRSAEncryption
         0f:2b:de:d9:72:33:a8:7e:96:77:9c:1d:06:79:1d:c8:ca:ee:
         13:27:c1:f1:8f:82:79:15:38:a4:b3:f5:98:5b:fc:9d:1a:6c:
         ad:12:cd:2a:90:11:d4:03:da:af:df:7c:a3:78:06:e4:b4:d6:
         9c:c3:da:2d:f6:ec:6e:9b:50:37:59:50:e0:62:3c:1d:af:d3:
         83:ce:57:80:25:d9:89:65:64:4d:41:69:b8:95:42:1a:de:58:
         fb:0c:f9:71:43:09:f8:45:a1:c7:08:f9:5c:29:52:68:ac:d7:
         e4:51:18:71:c6:d1:04:d7:eb:f8:93:c4:6c:5b:c0:37:af:d7:
         cb:39:cb:7e:c2:c5:0e:21:30:a5:1e:b8:10:74:63:9b:52:56:
         c0:43:2a:10:57:32:9b:60:86:ef:d1:48:72:6d:6b:0c:4d:98:
         41:d2:69:ef:ab:73:72:b9:4d:b3:50:ba:14:78:11:ff:ca:ec:
         f4:58:c4:ac:be:e5:17:01:83:11:6a:ec:1a:89:03:94:1b:ae:
         04:42:40:c7:98:07:c0:af:7d:5d:b8:e6:ce:93:28:75:1b:e7:
         ca:9b:9c:43:14:42:57:b2:f2:55:0e:57:f1:6a:51:f7:4e:14:
         c3:08:56:a1:f2:09:9f:d7:72:59:12:f5:9b:fb:cb:d3:db:22:
         d4:79:c3:b4
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQiH3LFEixXa5wKBpJdAAJHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJkYmRiODlmYjQxMThmZmE1NWZhZmRiZjQ1ZTE5MjgyYmUw
ZTdhY2YwHhcNMjUwMTAxMTM0NzUzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZDVlOTk3Y2Y0N2E2MzBhOTUxMTdmZTM1YWI3ZThmODRkZDRiNzUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3G46vFYcTL4gyhFwGPNrrmGfDGlQ
+v9jqzDGOmdeKnCrSc3TxG1VLdbAq0TKrIydEpYl1v6keT5k9VuDmrhZa7FplUie
D7dZyvPR2nbW3gnLqX5sGtyQIQTvDZxgkD1zkYQG4xk9xrBOlnCAtshhVwrgpAuy
KnCTUWIsZrvlv7PD2St+AKPmFwcWPRGFxMB2TMfWJVhYDERU9LEMEHEDA/Pov1sc
UmSUrK+r6rtvgth/2mUrqEETizvP+teuV35RxXaM8coqwHUj5Nr5nVM5fEsMeHwY
fCxCKBLzH5w3GJjcSnUj7NHxYIYKDcGttAaqAt9m5lUk6N350P7Jxe8qCwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFI1emXz0emMKlRF/41q36PhN1LdQMB8GA1UdIwQY
MBaAFC29uJ+0EY/6Vfr9v0XhkoK+DnrPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTGIyNG43UVJqX3BWLXYyX1JlR1NncjRPZXM4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi9mMDBjY2MtZWMzZi00MGRmLWE5ZmMt
N2NjNzk5MTczMDBhLzEvalY2WmZQUjZZd3FWRVhfaldyZm8tRTNVdDFBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi9mMDBjY2MtZWMzZi00MGRmLWE5ZmMtN2NjNzk5MTczMDBh
LzEvTGIyNG43UVJqX3BWLXYyX1JlR1NncjRPZXM4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgBWRzAN
BgkqhkiG9w0BAQsFAAOCAQEADyve2XIzqH6Wd5wdBnkdyMruEyfB8Y+CeRU4pLP1
mFv8nRpsrRLNKpAR1APar998o3gG5LTWnMPaLfbsbptQN1lQ4GI8Ha/Tg85XgCXZ
iWVkTUFpuJVCGt5Y+wz5cUMJ+EWhxwj5XClSaKzX5FEYccbRBNfr+JPEbFvAN6/X
yznLfsLFDiEwpR64EHRjm1JWwEMqEFcym2CG79FIcm1rDE2YQdJp76tzcrlNs1C6
FHgR/8rs9FjErL7lFwGDEWrsGokDlBuuBEJAx5gHwK99XbjmzpModRvnypucQxRC
V7LyVQ5X8WpR904UwwhWofIJn9dyWRL1m/vL09si1HnDtA==
-----END CERTIFICATE-----