Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/67/566cb1-7915-4ffd-8570-6b93af613d7d/1/EWrLpH4Sf73kpylzjyIWqmsW4Ak.roa
File:                     EWrLpH4Sf73kpylzjyIWqmsW4Ak.roa (raw, json)
Hash identifier:          WAVleiEyABWuPtt06sTvvo12euN11LhTBCh1lmQSM18=
Subject key identifier:   11:6A:CB:A4:7E:12:7F:BD:E4:A7:29:73:8F:22:16:AA:6B:16:E0:09
Certificate issuer:       /CN=8d3f356a02d9679ce890b5d51e0dec2f3f363361
Certificate serial:       019425218B773FDE5C3183B845C53C08A8D8
Authority key identifier: 8D:3F:35:6A:02:D9:67:9C:E8:90:B5:D5:1E:0D:EC:2F:3F:36:33:61
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jT81agLZZ5zokLXVHg3sLz82M2E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/67/566cb1-7915-4ffd-8570-6b93af613d7d/1/EWrLpH4Sf73kpylzjyIWqmsW4Ak.roa
Signing time:             Thu 02 Jan 2025 03:49:02 +0000
ROA not before:           Thu 02 Jan 2025 03:49:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210490
IP address blocks:        2a11:4e07:f000::/48 maxlen: 48
                          2a11:4e07:f001::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/67/566cb1-7915-4ffd-8570-6b93af613d7d/1/jT81agLZZ5zokLXVHg3sLz82M2E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/67/566cb1-7915-4ffd-8570-6b93af613d7d/1/jT81agLZZ5zokLXVHg3sLz82M2E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jT81agLZZ5zokLXVHg3sLz82M2E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 10 Apr 2025 16:11:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:8b:77:3f:de:5c:31:83:b8:45:c5:3c:08:a8:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8d3f356a02d9679ce890b5d51e0dec2f3f363361
        Validity
            Not Before: Jan  2 03:49:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=116acba47e127fbde4a729738f2216aa6b16e009
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:68:73:4c:16:71:b1:97:75:83:9d:32:71:54:
                    8d:94:7f:c2:2c:e6:2a:21:0a:f2:5e:2b:3b:9a:1b:
                    b8:b7:1c:0a:e6:c5:22:ba:e9:08:fd:ac:91:4e:fa:
                    ac:8a:38:73:85:11:18:91:bb:69:27:62:82:0b:0a:
                    96:ca:6a:a8:cf:ef:a3:18:3e:62:fa:ac:82:b0:d7:
                    a8:3f:12:4d:a6:0c:e5:58:71:2c:ca:48:52:98:91:
                    e4:f1:9f:9a:ae:c6:d0:4d:b8:ee:03:cf:c9:18:7f:
                    02:4c:b7:f4:19:36:a6:60:64:75:a8:28:0b:f8:79:
                    5e:23:dd:a7:75:9c:2b:74:c6:92:89:7d:cc:69:92:
                    86:53:6b:72:2d:3d:2a:fa:08:1c:50:4c:6c:ab:65:
                    04:01:1d:c9:fc:4b:bd:bc:46:19:3f:21:43:b6:38:
                    a3:15:fb:5b:7e:29:63:d1:f3:ce:2c:a0:38:15:a9:
                    95:3c:35:1e:b9:58:20:a8:c6:08:b0:e3:d7:37:a5:
                    1e:84:26:96:90:a1:89:cb:60:4c:c1:47:72:4b:d8:
                    cc:00:1a:65:aa:62:33:1c:f2:c9:63:8d:0f:cb:21:
                    af:1f:09:b3:b5:e2:54:a7:8e:24:ee:51:49:bf:4d:
                    e8:91:44:bb:c9:89:de:52:7a:bb:08:11:91:31:a3:
                    e7:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:6A:CB:A4:7E:12:7F:BD:E4:A7:29:73:8F:22:16:AA:6B:16:E0:09
            X509v3 Authority Key Identifier:
                keyid:8D:3F:35:6A:02:D9:67:9C:E8:90:B5:D5:1E:0D:EC:2F:3F:36:33:61

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jT81agLZZ5zokLXVHg3sLz82M2E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/67/566cb1-7915-4ffd-8570-6b93af613d7d/1/EWrLpH4Sf73kpylzjyIWqmsW4Ak.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/67/566cb1-7915-4ffd-8570-6b93af613d7d/1/jT81agLZZ5zokLXVHg3sLz82M2E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a11:4e07:f000::/47

    Signature Algorithm: sha256WithRSAEncryption
         31:80:75:3d:fe:57:64:b6:13:f5:bd:0b:6a:8b:16:a3:56:17:
         ef:33:ad:20:23:35:a3:c5:7a:0f:e7:26:88:7f:82:80:a2:85:
         8c:2c:75:63:97:a4:4b:39:26:dc:04:e4:ac:4b:c2:cf:5c:3b:
         23:fe:a7:f2:50:38:8e:56:af:04:ab:a1:8b:a9:4a:ca:da:b0:
         93:89:0f:b7:66:9d:47:a1:c1:fd:8a:3b:39:b4:75:30:d2:63:
         f8:5f:06:09:1d:54:0a:a7:ba:1a:1c:8a:c9:45:ad:90:fb:b0:
         84:7e:18:59:55:90:60:29:0a:2e:9d:5d:8f:37:82:22:8e:d8:
         87:5c:81:47:9f:bc:b2:63:7b:41:54:ea:60:f0:85:55:14:71:
         1e:8d:78:0f:e6:f2:73:4e:9e:ce:8c:67:41:a6:fd:fa:92:5f:
         2a:ba:3b:d4:e4:51:e7:1c:75:72:b6:bf:c3:99:e1:c7:b7:b1:
         74:50:bb:14:19:7f:11:c0:ba:fe:b1:10:b0:07:5d:a8:f7:1b:
         74:d9:7d:50:17:2a:a9:6d:8b:3e:ba:38:a6:bd:6e:3a:0e:47:
         01:e3:03:72:28:a1:0e:40:b9:04:1a:8f:f0:4d:d7:31:53:6a:
         11:bc:07:f8:e9:97:67:ea:76:3e:f4:fd:52:33:db:be:96:95:
         9d:ba:7d:68
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQlIYt3P95cMYO4RcU8CKjYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkM2YzNTZhMDJkOTY3OWNlODkwYjVkNTFlMGRlYzJmM2Yz
NjMzNjEwHhcNMjUwMTAyMDM0OTAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMTZhY2JhNDdlMTI3ZmJkZTRhNzI5NzM4ZjIyMTZhYTZiMTZlMDA5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1mhzTBZxsZd1g50ycVSNlH/CLOYq
IQryXis7mhu4txwK5sUiuukI/ayRTvqsijhzhREYkbtpJ2KCCwqWymqoz++jGD5i
+qyCsNeoPxJNpgzlWHEsykhSmJHk8Z+arsbQTbjuA8/JGH8CTLf0GTamYGR1qCgL
+HleI92ndZwrdMaSiX3MaZKGU2tyLT0q+ggcUExsq2UEAR3J/Eu9vEYZPyFDtjij
Fftbfilj0fPOLKA4FamVPDUeuVggqMYIsOPXN6UehCaWkKGJy2BMwUdyS9jMABpl
qmIzHPLJY40PyyGvHwmzteJUp44k7lFJv03okUS7yYneUnq7CBGRMaPn4QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFBFqy6R+En+95Kcpc48iFqprFuAJMB8GA1UdIwQY
MBaAFI0/NWoC2Wec6JC11R4N7C8/NjNhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvalQ4MWFnTFpaNXpva0xYVkhnM3NMejgyTTJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ny81NjZjYjEtNzkxNS00ZmZkLTg1NzAt
NmI5M2FmNjEzZDdkLzEvRVdyTHBINFNmNzNrcHlsemp5SVdxbXNXNEFrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ny81NjZjYjEtNzkxNS00ZmZkLTg1NzAtNmI5M2FmNjEzZDdk
LzEvalQ4MWFnTFpaNXpva0xYVkhnM3NMejgyTTJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcBKhFOB/AA
MA0GCSqGSIb3DQEBCwUAA4IBAQAxgHU9/ldkthP1vQtqixajVhfvM60gIzWjxXoP
5yaIf4KAooWMLHVjl6RLOSbcBOSsS8LPXDsj/qfyUDiOVq8Eq6GLqUrK2rCTiQ+3
Zp1HocH9ijs5tHUw0mP4XwYJHVQKp7oaHIrJRa2Q+7CEfhhZVZBgKQounV2PN4Ii
jtiHXIFHn7yyY3tBVOpg8IVVFHEejXgP5vJzTp7OjGdBpv36kl8qujvU5FHnHHVy
tr/DmeHHt7F0ULsUGX8RwLr+sRCwB12o9xt02X1QFyqpbYs+ujimvW46DkcB4wNy
KKEOQLkEGo/wTdcxU2oRvAf46Zdn6nY+9P1SM9u+lpWdun1o
-----END CERTIFICATE-----