Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/48/727015-e14e-4d41-b05b-8d94553b75e1/1/FNzx-AXDWYQXweTOw5GW8wLwA8Y.roa
File:                     FNzx-AXDWYQXweTOw5GW8wLwA8Y.roa (raw, json)
Hash identifier:          pI2apPSLr8xZ4eK8bjFcepwZqTx3hkzwJixceRtYmFQ=
Subject key identifier:   14:DC:F1:F8:05:C3:59:84:17:C1:E4:CE:C3:91:96:F3:02:F0:03:C6
Certificate issuer:       /CN=69dbe1e7d9e87d68701a4035a76c51bfecd88d81
Certificate serial:       0194228DBC7DB7EBA775B54D332B95DAFEB5
Authority key identifier: 69:DB:E1:E7:D9:E8:7D:68:70:1A:40:35:A7:6C:51:BF:EC:D8:8D:81
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/advh59nofWhwGkA1p2xRv-zYjYE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/48/727015-e14e-4d41-b05b-8d94553b75e1/1/FNzx-AXDWYQXweTOw5GW8wLwA8Y.roa
Signing time:             Wed 01 Jan 2025 15:48:21 +0000
ROA not before:           Wed 01 Jan 2025 15:48:21 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214354
IP address blocks:        2a01:e281:ac00::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/48/727015-e14e-4d41-b05b-8d94553b75e1/1/advh59nofWhwGkA1p2xRv-zYjYE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/48/727015-e14e-4d41-b05b-8d94553b75e1/1/advh59nofWhwGkA1p2xRv-zYjYE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/advh59nofWhwGkA1p2xRv-zYjYE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 03:01:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:bc:7d:b7:eb:a7:75:b5:4d:33:2b:95:da:fe:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=69dbe1e7d9e87d68701a4035a76c51bfecd88d81
        Validity
            Not Before: Jan  1 15:48:21 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=14dcf1f805c3598417c1e4cec39196f302f003c6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:bf:2a:5e:68:a9:9a:76:52:70:59:ef:b9:71:
                    f3:3b:d1:76:6d:90:99:c5:ed:c7:20:94:b1:ae:03:
                    2c:15:07:d7:7c:26:de:51:a6:a3:f2:e6:e4:d2:3f:
                    9b:bc:12:fb:35:43:92:5f:ba:0e:f7:f2:e2:33:8d:
                    e8:03:a5:b6:92:d2:9b:e7:d7:41:e4:a6:8d:7a:b4:
                    ec:e1:d5:00:fc:a5:69:19:c3:5a:91:36:8f:3a:e7:
                    91:06:f3:aa:63:eb:81:b4:67:01:3e:fb:38:fe:69:
                    8a:cd:63:5a:e7:b5:c0:e1:28:47:b9:5e:f8:0f:0d:
                    79:e6:69:cf:48:81:ce:77:76:92:3a:97:dc:b5:a3:
                    4f:d1:31:5f:af:76:28:5b:67:ee:89:d6:57:9e:8b:
                    be:45:95:71:c9:e7:7d:af:a7:81:b0:e0:04:b6:6a:
                    d2:97:a1:09:bf:c5:65:03:d7:49:72:01:2d:bb:78:
                    fb:66:0e:57:ec:7c:23:5b:ab:01:e8:3a:19:e3:7c:
                    ee:f8:7b:20:a9:b5:04:e2:31:c5:4c:a6:b7:9e:27:
                    f9:c0:51:3e:70:da:0e:f1:82:01:f4:32:e9:aa:6f:
                    0a:27:83:47:bf:f6:6b:da:8a:bf:3b:59:c2:18:7b:
                    13:e8:10:00:4c:b9:5d:3c:0e:a2:30:f3:53:61:29:
                    73:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:DC:F1:F8:05:C3:59:84:17:C1:E4:CE:C3:91:96:F3:02:F0:03:C6
            X509v3 Authority Key Identifier:
                keyid:69:DB:E1:E7:D9:E8:7D:68:70:1A:40:35:A7:6C:51:BF:EC:D8:8D:81

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/advh59nofWhwGkA1p2xRv-zYjYE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/48/727015-e14e-4d41-b05b-8d94553b75e1/1/FNzx-AXDWYQXweTOw5GW8wLwA8Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/48/727015-e14e-4d41-b05b-8d94553b75e1/1/advh59nofWhwGkA1p2xRv-zYjYE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:e281:ac00::/40

    Signature Algorithm: sha256WithRSAEncryption
         c5:1d:e5:54:41:e0:8b:2c:43:ba:78:b1:09:9a:60:bb:5d:47:
         f4:51:03:6d:de:81:30:6f:ac:93:83:5c:3c:2d:1e:a1:17:24:
         0c:57:6b:66:2a:34:58:67:c2:63:54:f5:78:b7:36:08:66:dc:
         3f:3f:52:82:24:41:d4:1f:80:f4:18:00:77:00:04:24:03:73:
         27:c6:e4:fa:e2:28:fe:98:34:71:68:d3:87:f5:6e:ac:99:71:
         0f:40:60:95:f1:4f:9b:d5:ab:b1:e3:35:cc:54:0c:f5:9c:0f:
         fd:45:b7:9a:c2:59:78:80:f6:e0:48:d3:af:f1:2a:5e:4a:b7:
         45:f2:4f:52:00:2a:f4:07:c0:da:3c:c5:2f:70:cf:64:a2:39:
         56:2f:71:83:55:b1:4e:50:88:32:18:9a:6f:c4:a7:eb:e8:b4:
         e7:7a:d3:27:ab:0e:1c:8b:9c:4c:58:de:ba:0e:50:84:02:b7:
         e5:c1:1c:68:0f:9b:a3:1a:df:91:63:96:a6:a2:64:db:41:dd:
         dd:bf:0b:bd:a3:1b:ae:99:de:f8:da:bc:1d:5c:df:e6:de:20:
         9a:eb:bd:98:f2:6c:47:97:f8:e6:fd:80:a9:13:39:ab:c4:c9:
         c2:54:dc:10:04:c7:65:5a:d3:ef:79:6b:5f:60:6c:e6:73:bd:
         dd:80:a9:62
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZQijbx9t+undbVNMyuV2v61MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY5ZGJlMWU3ZDllODdkNjg3MDFhNDAzNWE3NmM1MWJmZWNk
ODhkODEwHhcNMjUwMTAxMTU0ODIxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNGRjZjFmODA1YzM1OTg0MTdjMWU0Y2VjMzkxOTZmMzAyZjAwM2M2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvL8qXmipmnZScFnvuXHzO9F2bZCZ
xe3HIJSxrgMsFQfXfCbeUaaj8ubk0j+bvBL7NUOSX7oO9/LiM43oA6W2ktKb59dB
5KaNerTs4dUA/KVpGcNakTaPOueRBvOqY+uBtGcBPvs4/mmKzWNa57XA4ShHuV74
Dw155mnPSIHOd3aSOpfctaNP0TFfr3YoW2fuidZXnou+RZVxyed9r6eBsOAEtmrS
l6EJv8VlA9dJcgEtu3j7Zg5X7HwjW6sB6DoZ43zu+HsgqbUE4jHFTKa3nif5wFE+
cNoO8YIB9DLpqm8KJ4NHv/Zr2oq/O1nCGHsT6BAATLldPA6iMPNTYSlz0wIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFBTc8fgFw1mEF8HkzsORlvMC8APGMB8GA1UdIwQY
MBaAFGnb4efZ6H1ocBpANadsUb/s2I2BMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYWR2aDU5bm9mV2h3R2tBMXAyeFJ2LXpZallFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OC83MjcwMTUtZTE0ZS00ZDQxLWIwNWIt
OGQ5NDU1M2I3NWUxLzEvRk56eC1BWERXWVFYd2VUT3c1R1c4d0x3QThZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OC83MjcwMTUtZTE0ZS00ZDQxLWIwNWItOGQ5NDU1M2I3NWUx
LzEvYWR2aDU5bm9mV2h3R2tBMXAyeFJ2LXpZallFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKgHigaww
DQYJKoZIhvcNAQELBQADggEBAMUd5VRB4IssQ7p4sQmaYLtdR/RRA23egTBvrJOD
XDwtHqEXJAxXa2YqNFhnwmNU9Xi3Nghm3D8/UoIkQdQfgPQYAHcABCQDcyfG5Pri
KP6YNHFo04f1bqyZcQ9AYJXxT5vVq7HjNcxUDPWcD/1Ft5rCWXiA9uBI06/xKl5K
t0XyT1IAKvQHwNo8xS9wz2SiOVYvcYNVsU5QiDIYmm/Ep+votOd60yerDhyLnExY
3roOUIQCt+XBHGgPm6Ma35FjlqaiZNtB3d2/C72jG66Z3vjavB1c3+beIJrrvZjy
bEeX+Ob9gKkTOavEycJU3BAEx2Va0+95a19gbOZzvd2AqWI=
-----END CERTIFICATE-----