Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5d/c15ba7-d82f-4dda-903c-c14aac41a1c2/1/U8RX6_Xhgd2rniYJPgiw5XhDM14.roa
File:                     U8RX6_Xhgd2rniYJPgiw5XhDM14.roa (raw, json)
Hash identifier:          2r/ZPIhIP4vgQHcp4lEFNmYb4WZmbuMJWG8eyE6HlfQ=
Subject key identifier:   53:C4:57:EB:F5:E1:81:DD:AB:9E:26:09:3E:08:B0:E5:78:43:33:5E
Certificate issuer:       /CN=bc0078a27f1003263c4c561b0250766f2f526e7d
Certificate serial:       0194266B99CE932C5F643789DD6F53681EB1
Authority key identifier: BC:00:78:A2:7F:10:03:26:3C:4C:56:1B:02:50:76:6F:2F:52:6E:7D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vAB4on8QAyY8TFYbAlB2by9Sbn0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5d/c15ba7-d82f-4dda-903c-c14aac41a1c2/1/U8RX6_Xhgd2rniYJPgiw5XhDM14.roa
Signing time:             Thu 02 Jan 2025 09:49:33 +0000
ROA not before:           Thu 02 Jan 2025 09:49:33 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     30058
IP address blocks:        2001:3680::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5d/c15ba7-d82f-4dda-903c-c14aac41a1c2/1/vAB4on8QAyY8TFYbAlB2by9Sbn0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5d/c15ba7-d82f-4dda-903c-c14aac41a1c2/1/vAB4on8QAyY8TFYbAlB2by9Sbn0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vAB4on8QAyY8TFYbAlB2by9Sbn0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 09:01:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:99:ce:93:2c:5f:64:37:89:dd:6f:53:68:1e:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bc0078a27f1003263c4c561b0250766f2f526e7d
        Validity
            Not Before: Jan  2 09:49:33 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=53c457ebf5e181ddab9e26093e08b0e57843335e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:35:3c:3a:6e:51:8e:33:18:cd:67:34:ba:5d:
                    bd:da:f5:d7:58:08:f6:b0:5f:7a:88:8e:d6:6c:6e:
                    17:e6:b0:85:4f:ff:be:a9:06:aa:6d:ed:56:98:27:
                    c6:a2:1f:cc:3e:78:c5:f3:1f:0f:ce:0f:d5:00:c0:
                    f5:79:9e:17:36:6f:99:d0:f5:4d:4d:c3:2a:ce:84:
                    25:d5:a3:0d:7c:b7:95:03:09:36:07:da:ac:43:2d:
                    b7:44:75:73:53:6c:74:af:b6:60:b1:e0:89:80:4c:
                    7c:ab:e0:d3:6f:2c:8e:31:33:fc:c7:aa:2c:83:19:
                    be:aa:1b:19:cf:17:58:6f:9b:19:3c:70:86:7c:23:
                    93:be:1b:a8:80:68:97:5d:3a:54:f6:db:30:3f:6d:
                    66:da:38:3f:7d:39:73:f7:f8:f2:37:dd:3a:e4:90:
                    d7:69:18:f2:bd:9f:77:f0:b0:25:e2:d6:1e:41:da:
                    0a:52:da:99:6f:be:9f:ea:57:ea:65:0c:64:28:27:
                    23:13:e8:bd:e3:2c:d7:ed:97:4e:13:29:61:43:fa:
                    fd:2c:9c:16:98:8a:e9:ba:93:9c:e7:b4:3d:c2:9b:
                    9f:4c:1b:78:08:a6:fd:af:4b:4a:e4:08:fa:48:a7:
                    37:c9:1a:91:3b:09:20:df:3d:87:f3:62:1b:28:28:
                    49:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:C4:57:EB:F5:E1:81:DD:AB:9E:26:09:3E:08:B0:E5:78:43:33:5E
            X509v3 Authority Key Identifier:
                keyid:BC:00:78:A2:7F:10:03:26:3C:4C:56:1B:02:50:76:6F:2F:52:6E:7D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vAB4on8QAyY8TFYbAlB2by9Sbn0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/c15ba7-d82f-4dda-903c-c14aac41a1c2/1/U8RX6_Xhgd2rniYJPgiw5XhDM14.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/c15ba7-d82f-4dda-903c-c14aac41a1c2/1/vAB4on8QAyY8TFYbAlB2by9Sbn0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:3680::/29

    Signature Algorithm: sha256WithRSAEncryption
         45:c5:6a:fa:8a:06:e1:0f:25:cb:db:5b:a5:ae:35:49:d7:c0:
         0c:42:1b:25:71:95:20:42:25:98:59:be:a6:dc:ba:7b:b2:70:
         79:49:73:3a:47:e5:db:a8:04:a6:a0:9f:33:52:64:b2:0a:0e:
         30:21:14:40:45:20:12:9a:5d:a0:13:8e:d1:51:cf:66:44:2c:
         0b:26:57:51:a1:ab:c8:e2:45:1b:be:74:25:25:a5:06:ff:a3:
         bc:c2:a6:e2:e8:7c:70:b5:6d:81:03:8f:fd:58:74:17:ab:b0:
         be:04:de:ac:71:de:0e:fc:36:8f:f5:43:37:9c:3f:bb:0b:dd:
         f4:00:dd:a4:3d:07:36:c1:39:89:ae:5c:b8:d8:c4:4a:82:4f:
         67:53:59:af:29:09:bc:52:e7:49:78:d7:61:f7:51:97:61:80:
         03:9f:73:f3:e6:bb:86:ab:3c:6d:6e:b2:ed:be:48:9d:13:0a:
         7b:06:46:86:5a:b7:7d:8d:d4:43:c7:fe:21:4d:38:94:a8:f6:
         32:e6:63:ae:7f:c3:de:4b:00:23:e5:ba:54:9f:d2:d5:54:1d:
         32:23:c2:94:b3:85:0e:6b:76:ff:3c:33:39:1e:d5:67:6b:30:
         a2:83:58:04:97:96:16:d1:86:92:45:ff:87:7c:5d:98:e6:3a:
         4f:16:d1:ea
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQma5nOkyxfZDeJ3W9TaB6xMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJjMDA3OGEyN2YxMDAzMjYzYzRjNTYxYjAyNTA3NjZmMmY1
MjZlN2QwHhcNMjUwMTAyMDk0OTMzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1M2M0NTdlYmY1ZTE4MWRkYWI5ZTI2MDkzZTA4YjBlNTc4NDMzMzVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxjU8Om5RjjMYzWc0ul292vXXWAj2
sF96iI7WbG4X5rCFT/++qQaqbe1WmCfGoh/MPnjF8x8Pzg/VAMD1eZ4XNm+Z0PVN
TcMqzoQl1aMNfLeVAwk2B9qsQy23RHVzU2x0r7ZgseCJgEx8q+DTbyyOMTP8x6os
gxm+qhsZzxdYb5sZPHCGfCOTvhuogGiXXTpU9tswP21m2jg/fTlz9/jyN9065JDX
aRjyvZ938LAl4tYeQdoKUtqZb76f6lfqZQxkKCcjE+i94yzX7ZdOEylhQ/r9LJwW
mIrpupOc57Q9wpufTBt4CKb9r0tK5Aj6SKc3yRqROwkg3z2H82IbKChJmQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFFPEV+v14YHdq54mCT4IsOV4QzNeMB8GA1UdIwQY
MBaAFLwAeKJ/EAMmPExWGwJQdm8vUm59MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdkFCNG9uOFFBeVk4VEZZYkFsQjJieTlTYm4wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZC9jMTViYTctZDgyZi00ZGRhLTkwM2Mt
YzE0YWFjNDFhMWMyLzEvVThSWDZfWGhnZDJybmlZSlBnaXc1WGhETTE0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZC9jMTViYTctZDgyZi00ZGRhLTkwM2MtYzE0YWFjNDFhMWMy
LzEvdkFCNG9uOFFBeVk4VEZZYkFsQjJieTlTYm4wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDIAE2gDAN
BgkqhkiG9w0BAQsFAAOCAQEARcVq+ooG4Q8ly9tbpa41SdfADEIbJXGVIEIlmFm+
pty6e7JweUlzOkfl26gEpqCfM1JksgoOMCEUQEUgEppdoBOO0VHPZkQsCyZXUaGr
yOJFG750JSWlBv+jvMKm4uh8cLVtgQOP/Vh0F6uwvgTerHHeDvw2j/VDN5w/uwvd
9ADdpD0HNsE5ia5cuNjESoJPZ1NZrykJvFLnSXjXYfdRl2GAA59z8+a7hqs8bW6y
7b5InRMKewZGhlq3fY3UQ8f+IU04lKj2MuZjrn/D3ksAI+W6VJ/S1VQdMiPClLOF
Dmt2/zwzOR7VZ2swooNYBJeWFtGGkkX/h3xdmOY6TxbR6g==
-----END CERTIFICATE-----