Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6f/211354-ebe4-4797-98f3-1b2ac35c09aa/1/XcKo7ctmpUBqVfx0JPs9RsSZGCs.roa
File:                     XcKo7ctmpUBqVfx0JPs9RsSZGCs.roa (raw, json)
Hash identifier:          1T8ZHVnMW4fbGLyFMTAkhaxOama9czmojEH2rCd/x6I=
Subject key identifier:   5D:C2:A8:ED:CB:66:A5:40:6A:55:FC:74:24:FB:3D:46:C4:99:18:2B
Certificate issuer:       /CN=d588212bf5dace1080dc45e2c55b92ff85c6c192
Certificate serial:       01951D72453C3CBCE21F4CF67EF28F36FBE1
Authority key identifier: D5:88:21:2B:F5:DA:CE:10:80:DC:45:E2:C5:5B:92:FF:85:C6:C1:92
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1YghK_XazhCA3EXixVuS_4XGwZI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6f/211354-ebe4-4797-98f3-1b2ac35c09aa/1/XcKo7ctmpUBqVfx0JPs9RsSZGCs.roa
Signing time:             Wed 19 Feb 2025 09:03:02 +0000
ROA not before:           Wed 19 Feb 2025 09:03:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     33280
IP address blocks:        2a01:8840:c::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6f/211354-ebe4-4797-98f3-1b2ac35c09aa/1/1YghK_XazhCA3EXixVuS_4XGwZI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6f/211354-ebe4-4797-98f3-1b2ac35c09aa/1/1YghK_XazhCA3EXixVuS_4XGwZI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1YghK_XazhCA3EXixVuS_4XGwZI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Mar 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:1d:72:45:3c:3c:bc:e2:1f:4c:f6:7e:f2:8f:36:fb:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d588212bf5dace1080dc45e2c55b92ff85c6c192
        Validity
            Not Before: Feb 19 09:03:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5dc2a8edcb66a5406a55fc7424fb3d46c499182b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:21:77:7f:bd:76:2b:dc:b4:80:fe:54:dd:1a:
                    f4:2d:1b:d6:d1:cf:a5:e6:c6:3d:c4:d2:04:e5:4a:
                    9b:b0:55:b3:a1:ba:51:71:75:05:00:a0:ff:40:b4:
                    9d:ea:21:27:b4:73:43:0f:a4:a9:3e:a8:3e:f5:88:
                    0d:9b:c6:56:60:1e:4e:5e:af:39:ad:4d:4b:6d:47:
                    2d:3a:7c:fb:7b:81:e9:07:3e:70:6d:4b:7d:c0:76:
                    f3:24:c4:da:2a:df:71:bb:e6:65:b8:b7:b1:b0:56:
                    81:59:c0:17:25:01:b4:64:0c:eb:06:f8:80:ec:84:
                    60:cd:7d:73:3c:00:85:2d:c5:b3:16:ae:ed:34:96:
                    ae:bf:cc:ca:18:62:56:4a:06:d9:94:50:09:62:64:
                    a6:75:8c:d0:ec:84:70:61:0c:e4:c1:8c:18:8e:d2:
                    8f:d5:8e:09:f2:d2:73:98:9e:ef:8a:f6:21:81:ed:
                    4d:0c:cf:97:77:b4:d1:59:d4:8a:50:27:28:6a:cd:
                    7b:d0:a2:3f:5c:cf:5f:9a:58:8d:13:fd:f8:f9:0c:
                    1f:d4:a9:03:10:ef:f7:a0:80:85:61:3d:34:75:e3:
                    0e:fc:68:59:52:09:1e:54:f1:53:60:2a:57:75:8f:
                    1c:1d:96:a6:7f:cc:9b:7e:39:25:e2:eb:41:8d:32:
                    c2:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:C2:A8:ED:CB:66:A5:40:6A:55:FC:74:24:FB:3D:46:C4:99:18:2B
            X509v3 Authority Key Identifier:
                keyid:D5:88:21:2B:F5:DA:CE:10:80:DC:45:E2:C5:5B:92:FF:85:C6:C1:92

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1YghK_XazhCA3EXixVuS_4XGwZI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/211354-ebe4-4797-98f3-1b2ac35c09aa/1/XcKo7ctmpUBqVfx0JPs9RsSZGCs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/211354-ebe4-4797-98f3-1b2ac35c09aa/1/1YghK_XazhCA3EXixVuS_4XGwZI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:8840:c::/48

    Signature Algorithm: sha256WithRSAEncryption
         14:49:ef:e9:0e:62:8c:dd:59:5f:99:95:90:5a:62:42:cb:1b:
         d4:86:35:44:6c:3b:41:89:03:05:9f:f3:51:17:a5:1c:7c:bf:
         6c:80:d3:1d:42:9c:94:9d:af:19:af:ae:f3:7d:b0:54:12:37:
         04:c2:a0:cc:28:06:42:be:c2:48:7a:85:21:09:9b:a0:30:82:
         05:58:ce:32:1a:31:b2:1b:c2:c0:f5:36:61:85:50:c3:0b:76:
         58:50:87:61:db:be:75:dc:bb:13:9d:9a:96:f7:f3:61:20:20:
         dd:99:fc:38:6c:45:ff:2c:6f:b9:2d:ed:59:b9:da:d5:6f:4f:
         d7:b0:df:e4:bb:8a:3d:4f:e4:80:d8:21:a2:9f:36:a2:69:0b:
         d5:3f:d7:27:69:b1:92:65:ba:d6:8a:56:dd:3c:4b:0b:bc:5d:
         ea:65:43:a7:b7:b1:a3:8d:e3:9c:8b:e4:2e:0c:69:1a:d5:55:
         1c:b6:ed:d8:6f:f0:ac:9f:88:be:42:15:dc:5d:99:28:f5:c4:
         b8:47:8b:f5:08:90:37:08:71:ef:d2:9b:63:50:46:2d:4a:67:
         e0:aa:e1:24:2a:fb:49:f6:18:3a:b6:af:99:85:eb:81:b1:91:
         57:b4:36:8e:69:f2:d2:11:6c:c7:5c:48:43:b1:43:80:16:be:
         b8:84:1e:71
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZUdckU8PLziH0z2fvKPNvvhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ1ODgyMTJiZjVkYWNlMTA4MGRjNDVlMmM1NWI5MmZmODVj
NmMxOTIwHhcNMjUwMjE5MDkwMzAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZGMyYThlZGNiNjZhNTQwNmE1NWZjNzQyNGZiM2Q0NmM0OTkxODJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiiF3f712K9y0gP5U3Rr0LRvW0c+l
5sY9xNIE5UqbsFWzobpRcXUFAKD/QLSd6iEntHNDD6SpPqg+9YgNm8ZWYB5OXq85
rU1LbUctOnz7e4HpBz5wbUt9wHbzJMTaKt9xu+ZluLexsFaBWcAXJQG0ZAzrBviA
7IRgzX1zPACFLcWzFq7tNJauv8zKGGJWSgbZlFAJYmSmdYzQ7IRwYQzkwYwYjtKP
1Y4J8tJzmJ7vivYhge1NDM+Xd7TRWdSKUCcoas170KI/XM9fmliNE/34+Qwf1KkD
EO/3oICFYT00deMO/GhZUgkeVPFTYCpXdY8cHZamf8ybfjkl4utBjTLCVwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFF3CqO3LZqVAalX8dCT7PUbEmRgrMB8GA1UdIwQY
MBaAFNWIISv12s4QgNxF4sVbkv+FxsGSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMVlnaEtfWGF6aENBM0VYaXhWdVNfNFhHd1pJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Zi8yMTEzNTQtZWJlNC00Nzk3LTk4ZjMt
MWIyYWMzNWMwOWFhLzEvWGNLbzdjdG1wVUJxVmZ4MEpQczlSc1NaR0NzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Zi8yMTEzNTQtZWJlNC00Nzk3LTk4ZjMtMWIyYWMzNWMwOWFh
LzEvMVlnaEtfWGF6aENBM0VYaXhWdVNfNFhHd1pJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgGIQAAM
MA0GCSqGSIb3DQEBCwUAA4IBAQAUSe/pDmKM3VlfmZWQWmJCyxvUhjVEbDtBiQMF
n/NRF6UcfL9sgNMdQpyUna8Zr67zfbBUEjcEwqDMKAZCvsJIeoUhCZugMIIFWM4y
GjGyG8LA9TZhhVDDC3ZYUIdh27513LsTnZqW9/NhICDdmfw4bEX/LG+5Le1ZudrV
b0/XsN/ku4o9T+SA2CGinzaiaQvVP9cnabGSZbrWilbdPEsLvF3qZUOnt7GjjeOc
i+QuDGka1VUctu3Yb/Csn4i+QhXcXZko9cS4R4v1CJA3CHHv0ptjUEYtSmfgquEk
KvtJ9hg6tq+ZheuBsZFXtDaOafLSEWzHXEhDsUOAFr64hB5x
-----END CERTIFICATE-----