Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6d/ec1816-5466-45a6-ae61-3fb0870ea259/1/J2wzb8YKKVcFBB9aw2nmFsUG6Ac.roa
File:                     J2wzb8YKKVcFBB9aw2nmFsUG6Ac.roa (raw, json)
Hash identifier:          uNatwiz0kls9jaP1S1snowxFlS7dqcfH880Un/eLhPs=
Subject key identifier:   27:6C:33:6F:C6:0A:29:57:05:04:1F:5A:C3:69:E6:16:C5:06:E8:07
Certificate issuer:       /CN=f07be9d1189771b7337efc1ced2c825dc2472a56
Certificate serial:       019426D9A0167ABC0BAC4A331BA4AAC75868
Authority key identifier: F0:7B:E9:D1:18:97:71:B7:33:7E:FC:1C:ED:2C:82:5D:C2:47:2A:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8Hvp0RiXcbczfvwc7SyCXcJHKlY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6d/ec1816-5466-45a6-ae61-3fb0870ea259/1/J2wzb8YKKVcFBB9aw2nmFsUG6Ac.roa
Signing time:             Thu 02 Jan 2025 11:49:43 +0000
ROA not before:           Thu 02 Jan 2025 11:49:43 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42909
IP address blocks:        194.0.2.0/24 maxlen: 24
                          2001:678:5::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6d/ec1816-5466-45a6-ae61-3fb0870ea259/1/8Hvp0RiXcbczfvwc7SyCXcJHKlY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6d/ec1816-5466-45a6-ae61-3fb0870ea259/1/8Hvp0RiXcbczfvwc7SyCXcJHKlY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8Hvp0RiXcbczfvwc7SyCXcJHKlY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 09:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:a0:16:7a:bc:0b:ac:4a:33:1b:a4:aa:c7:58:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f07be9d1189771b7337efc1ced2c825dc2472a56
        Validity
            Not Before: Jan  2 11:49:43 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=276c336fc60a295705041f5ac369e616c506e807
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:38:af:b3:33:2b:e1:da:a2:29:6a:2b:cc:a0:
                    83:11:be:34:96:60:94:c3:af:1e:50:47:72:6d:bf:
                    ff:c3:bf:ea:93:37:1b:ae:c4:00:d6:5a:71:f7:4d:
                    c2:2f:3a:91:6b:1c:b6:7f:7f:b1:4f:0a:21:e9:1f:
                    cf:f6:77:bf:50:2e:ad:b9:5e:1e:a1:8b:e1:6f:ce:
                    85:4d:cc:c6:75:64:b9:55:87:16:dd:fc:81:1a:b9:
                    14:28:26:33:d5:6e:89:9a:66:a7:4b:70:a8:9c:4e:
                    a9:d3:68:e4:76:5b:ff:98:88:2f:0e:04:c5:87:3d:
                    c1:5c:b9:a8:52:14:89:a8:11:12:60:c0:a8:8e:cf:
                    40:9b:52:5e:4c:1f:bd:c7:82:e4:fa:33:b6:61:04:
                    ed:b6:c8:b7:56:82:1f:2a:04:5f:0d:8a:bf:34:54:
                    33:df:aa:88:d7:6f:e6:10:b6:31:46:2e:79:9e:ea:
                    28:a8:fe:03:2b:40:33:56:bb:07:7a:47:ad:57:27:
                    6f:1c:a2:15:7b:b5:c5:8f:5d:6e:ae:46:b2:38:98:
                    e8:23:62:1d:17:fb:c1:f1:a6:da:95:1f:82:93:78:
                    f9:9e:fc:3d:c3:79:48:62:9a:40:4d:c8:fd:02:17:
                    5d:41:31:54:06:15:aa:03:5f:ba:ea:54:48:89:ed:
                    55:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:6C:33:6F:C6:0A:29:57:05:04:1F:5A:C3:69:E6:16:C5:06:E8:07
            X509v3 Authority Key Identifier:
                keyid:F0:7B:E9:D1:18:97:71:B7:33:7E:FC:1C:ED:2C:82:5D:C2:47:2A:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8Hvp0RiXcbczfvwc7SyCXcJHKlY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/ec1816-5466-45a6-ae61-3fb0870ea259/1/J2wzb8YKKVcFBB9aw2nmFsUG6Ac.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/ec1816-5466-45a6-ae61-3fb0870ea259/1/8Hvp0RiXcbczfvwc7SyCXcJHKlY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.0.2.0/24
                IPv6:
                  2001:678:5::/48

    Signature Algorithm: sha256WithRSAEncryption
         e1:4b:4d:54:1b:14:b4:ae:30:c3:a0:a4:7a:8a:2a:fd:8c:51:
         31:d4:da:34:7a:c9:21:07:2b:ab:71:6b:d7:f9:a7:75:6a:78:
         ac:56:37:d1:88:a6:63:6e:80:bb:cb:0c:77:1d:4d:f6:d1:b9:
         ce:34:36:5e:68:7e:9f:ec:b9:91:47:b5:0b:3f:cf:8d:f9:e4:
         de:1e:59:29:a0:3f:f1:ab:be:46:8d:25:5f:fd:72:9e:3c:36:
         1c:7c:27:2c:79:64:b2:74:b3:f6:2b:9f:80:fa:5d:51:24:31:
         f6:21:1b:93:be:72:20:45:c9:2c:f3:9f:62:6e:ee:1c:74:09:
         e0:c3:0d:21:29:0a:03:14:d1:6e:29:65:f5:7b:ae:f4:b1:c9:
         1a:bc:85:6d:aa:6e:5e:5b:e9:44:5b:d5:a9:96:9a:57:b7:c7:
         3a:eb:2b:94:4f:5f:58:41:5b:fb:95:71:11:11:c5:1a:23:dd:
         89:87:ea:73:ce:a1:36:ca:f3:64:a5:49:29:c9:f1:fd:45:8f:
         d0:44:66:cd:d3:1b:ca:a7:9b:41:28:09:67:99:c6:5e:ca:04:
         28:5c:0d:6c:d1:0a:e2:ec:34:b2:64:90:e5:3e:18:93:00:6b:
         b7:76:e9:29:c2:45:16:eb:cb:7f:51:83:07:33:23:24:64:43:
         d6:54:15:e6
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZQm2aAWerwLrEozG6Sqx1hoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwN2JlOWQxMTg5NzcxYjczMzdlZmMxY2VkMmM4MjVkYzI0
NzJhNTYwHhcNMjUwMTAyMTE0OTQzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNzZjMzM2ZmM2MGEyOTU3MDUwNDFmNWFjMzY5ZTYxNmM1MDZlODA3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtjivszMr4dqiKWorzKCDEb40lmCU
w68eUEdybb//w7/qkzcbrsQA1lpx903CLzqRaxy2f3+xTwoh6R/P9ne/UC6tuV4e
oYvhb86FTczGdWS5VYcW3fyBGrkUKCYz1W6JmmanS3ConE6p02jkdlv/mIgvDgTF
hz3BXLmoUhSJqBESYMCojs9Am1JeTB+9x4Lk+jO2YQTttsi3VoIfKgRfDYq/NFQz
36qI12/mELYxRi55nuooqP4DK0AzVrsHeketVydvHKIVe7XFj11urkayOJjoI2Id
F/vB8abalR+Ck3j5nvw9w3lIYppATcj9AhddQTFUBhWqA1+66lRIie1V6QIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFCdsM2/GCilXBQQfWsNp5hbFBugHMB8GA1UdIwQY
MBaAFPB76dEYl3G3M378HO0sgl3CRypWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEh2cDBSaVhjYmN6ZnZ3YzdTeUNYY0pIS2xZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZC9lYzE4MTYtNTQ2Ni00NWE2LWFlNjEt
M2ZiMDg3MGVhMjU5LzEvSjJ3emI4WUtLVmNGQkI5YXcybm1Gc1VHNkFjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZC9lYzE4MTYtNTQ2Ni00NWE2LWFlNjEtM2ZiMDg3MGVhMjU5
LzEvOEh2cDBSaVhjYmN6ZnZ3YzdTeUNYY0pIS2xZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAwgACMA8E
AgACMAkDBwAgAQZ4AAUwDQYJKoZIhvcNAQELBQADggEBAOFLTVQbFLSuMMOgpHqK
Kv2MUTHU2jR6ySEHK6txa9f5p3VqeKxWN9GIpmNugLvLDHcdTfbRuc40Nl5ofp/s
uZFHtQs/z4355N4eWSmgP/GrvkaNJV/9cp48Nhx8Jyx5ZLJ0s/Yrn4D6XVEkMfYh
G5O+ciBFySzzn2Ju7hx0CeDDDSEpCgMU0W4pZfV7rvSxyRq8hW2qbl5b6URb1amW
mle3xzrrK5RPX1hBW/uVcRERxRoj3YmH6nPOoTbK82SlSSnJ8f1Fj9BEZs3TG8qn
m0EoCWeZxl7KBChcDWzRCuLsNLJkkOU+GJMAa7d26SnCRRbry39RgwczIyRkQ9ZU
FeY=
-----END CERTIFICATE-----