Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/55/7a11b5-a405-41cb-81cb-f6bccf1e531f/1/PIhsP1al3YizxN861NowDoYoHI0.roa
File:                     PIhsP1al3YizxN861NowDoYoHI0.roa (raw, json)
Hash identifier:          R9+qOpDwEb0Q5efJFh94SK/9P5J9FFbPDMd4Z1g9adY=
Subject key identifier:   3C:88:6C:3F:56:A5:DD:88:B3:C4:DF:3A:D4:DA:30:0E:86:28:1C:8D
Certificate issuer:       /CN=d914da56e1a934649da02964ac12eba34c5cb84f
Certificate serial:       0195A3A366E03D40624275F89830FA2D2A14
Authority key identifier: D9:14:DA:56:E1:A9:34:64:9D:A0:29:64:AC:12:EB:A3:4C:5C:B8:4F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2RTaVuGpNGSdoClkrBLro0xcuE8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/55/7a11b5-a405-41cb-81cb-f6bccf1e531f/1/PIhsP1al3YizxN861NowDoYoHI0.roa
Signing time:             Mon 17 Mar 2025 10:25:49 +0000
ROA not before:           Mon 17 Mar 2025 10:25:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215563
IP address blocks:        2a13:e3c2::/33 maxlen: 33
                          2a13:e3c2:8000::/33 maxlen: 33
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/55/7a11b5-a405-41cb-81cb-f6bccf1e531f/1/2RTaVuGpNGSdoClkrBLro0xcuE8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/55/7a11b5-a405-41cb-81cb-f6bccf1e531f/1/2RTaVuGpNGSdoClkrBLro0xcuE8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2RTaVuGpNGSdoClkrBLro0xcuE8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 07:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:a3:a3:66:e0:3d:40:62:42:75:f8:98:30:fa:2d:2a:14
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d914da56e1a934649da02964ac12eba34c5cb84f
        Validity
            Not Before: Mar 17 10:25:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3c886c3f56a5dd88b3c4df3ad4da300e86281c8d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:54:a0:6f:fa:83:c2:53:93:d6:12:fe:2b:3e:
                    b7:60:e6:7d:eb:e6:a5:ca:6b:c8:33:00:23:2e:b4:
                    aa:4d:ae:3c:90:32:e5:3f:50:d1:51:e2:8a:9c:24:
                    f5:f6:d4:04:35:36:2e:23:f0:e2:9b:57:08:55:44:
                    df:05:43:b9:21:73:04:ea:ae:48:fe:69:93:7c:e3:
                    45:ab:cc:0c:43:c8:ce:87:ef:4d:ad:eb:ba:7d:a9:
                    d8:02:b9:1b:f2:35:f1:21:2b:f2:4d:7a:7d:7b:19:
                    d5:01:5e:39:65:a0:34:89:7c:65:14:ef:97:10:cb:
                    c1:18:30:21:fd:1d:05:bb:96:c3:99:ce:d5:aa:d8:
                    21:4c:3b:61:a8:5d:b8:c2:fd:c6:d4:e5:c1:1d:06:
                    b1:cd:0f:7d:3b:d1:15:29:3a:26:a2:c9:25:e4:d5:
                    b4:c7:43:9e:63:8d:8a:40:81:ff:e2:bf:46:14:6f:
                    f3:b0:2f:d1:58:1b:a0:95:03:0b:01:33:8a:11:b9:
                    4d:a1:9c:d1:d9:af:3b:d8:b4:b9:be:3f:46:c1:eb:
                    9f:c5:f5:91:86:f7:99:cc:ab:f8:53:45:65:01:44:
                    40:f4:b0:0a:81:7a:21:f6:4a:94:3c:11:96:de:ae:
                    4c:fd:a0:a7:53:87:a5:54:07:68:bd:1c:20:51:c8:
                    6a:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:88:6C:3F:56:A5:DD:88:B3:C4:DF:3A:D4:DA:30:0E:86:28:1C:8D
            X509v3 Authority Key Identifier:
                keyid:D9:14:DA:56:E1:A9:34:64:9D:A0:29:64:AC:12:EB:A3:4C:5C:B8:4F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2RTaVuGpNGSdoClkrBLro0xcuE8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/55/7a11b5-a405-41cb-81cb-f6bccf1e531f/1/PIhsP1al3YizxN861NowDoYoHI0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/55/7a11b5-a405-41cb-81cb-f6bccf1e531f/1/2RTaVuGpNGSdoClkrBLro0xcuE8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:e3c2::/32

    Signature Algorithm: sha256WithRSAEncryption
         c5:8c:87:23:86:77:1d:eb:c7:fe:04:28:7b:62:a3:66:96:11:
         ba:9c:20:77:f3:04:e2:ca:52:f5:e5:8d:7c:85:37:a6:56:41:
         44:75:89:a0:b4:72:51:66:1f:cc:cd:d2:c6:ec:45:09:3c:5a:
         db:99:ed:1f:7d:76:42:be:65:9e:d7:62:ea:5a:6e:8f:e9:3e:
         38:89:d3:62:30:c8:52:6c:24:1b:bc:7e:e0:2c:02:4c:5e:73:
         de:97:28:0b:e9:28:57:7a:b6:8a:e6:3e:68:55:91:9c:d6:3b:
         eb:e6:67:f2:47:85:75:20:34:be:3e:cb:c9:b9:79:f6:5d:6c:
         be:b5:af:1c:f9:14:9c:88:04:87:77:9d:b0:82:87:e0:f8:0b:
         c7:ab:af:9c:17:43:b4:72:d4:6b:8d:6b:1a:90:37:a9:41:09:
         7c:82:b2:17:f6:dd:a4:ac:d4:70:4a:ce:14:ff:9b:d1:48:4c:
         f8:b4:6b:b2:81:6f:38:52:62:83:2b:3d:5b:48:4d:5d:08:a8:
         55:eb:9c:56:39:38:bc:3d:74:20:bd:98:f4:28:04:04:a6:2f:
         6b:c1:d3:1e:5a:0a:7b:29:6c:80:fb:1b:51:17:92:fe:8b:de:
         53:90:38:d2:d5:27:30:32:d3:d1:57:77:52:8b:b2:af:05:d3:
         e8:f2:82:23
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZWjo2bgPUBiQnX4mDD6LSoUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ5MTRkYTU2ZTFhOTM0NjQ5ZGEwMjk2NGFjMTJlYmEzNGM1
Y2I4NGYwHhcNMjUwMzE3MTAyNTQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYzg4NmMzZjU2YTVkZDg4YjNjNGRmM2FkNGRhMzAwZTg2MjgxYzhkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr1Sgb/qDwlOT1hL+Kz63YOZ96+al
ymvIMwAjLrSqTa48kDLlP1DRUeKKnCT19tQENTYuI/Dim1cIVUTfBUO5IXME6q5I
/mmTfONFq8wMQ8jOh+9Nreu6fanYArkb8jXxISvyTXp9exnVAV45ZaA0iXxlFO+X
EMvBGDAh/R0Fu5bDmc7VqtghTDthqF24wv3G1OXBHQaxzQ99O9EVKTomoskl5NW0
x0OeY42KQIH/4r9GFG/zsC/RWBuglQMLATOKEblNoZzR2a872LS5vj9GweufxfWR
hveZzKv4U0VlAURA9LAKgXoh9kqUPBGW3q5M/aCnU4elVAdovRwgUchqAQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFDyIbD9Wpd2Is8TfOtTaMA6GKByNMB8GA1UdIwQY
MBaAFNkU2lbhqTRknaApZKwS66NMXLhPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMlJUYVZ1R3BOR1Nkb0Nsa3JCTHJvMHhjdUU4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NS83YTExYjUtYTQwNS00MWNiLTgxY2It
ZjZiY2NmMWU1MzFmLzEvUEloc1AxYWwzWWl6eE44NjFOb3dEb1lvSEkwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NS83YTExYjUtYTQwNS00MWNiLTgxY2ItZjZiY2NmMWU1MzFm
LzEvMlJUYVZ1R3BOR1Nkb0Nsa3JCTHJvMHhjdUU4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhPjwjAN
BgkqhkiG9w0BAQsFAAOCAQEAxYyHI4Z3HevH/gQoe2KjZpYRupwgd/ME4spS9eWN
fIU3plZBRHWJoLRyUWYfzM3SxuxFCTxa25ntH312Qr5lntdi6lpuj+k+OInTYjDI
UmwkG7x+4CwCTF5z3pcoC+koV3q2iuY+aFWRnNY76+Zn8keFdSA0vj7Lybl59l1s
vrWvHPkUnIgEh3edsIKH4PgLx6uvnBdDtHLUa41rGpA3qUEJfIKyF/bdpKzUcErO
FP+b0UhM+LRrsoFvOFJigys9W0hNXQioVeucVjk4vD10IL2Y9CgEBKYva8HTHloK
eylsgPsbUReS/oveU5A40tUnMDLT0Vd3UouyrwXT6PKCIw==
-----END CERTIFICATE-----