Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/745bdb-104b-49c7-99d5-cec33ba1bdf5/1/G-7uTcKf4R76KSJdYf98itHFuPU.roa
File:                     G-7uTcKf4R76KSJdYf98itHFuPU.roa (raw, json)
Hash identifier:          uB9gNVUlSjqGsS16y0z5ke/O0agEGAvuljoiA6PJrUM=
Subject key identifier:   1B:EE:EE:4D:C2:9F:E1:1E:FA:29:22:5D:61:FF:7C:8A:D1:C5:B8:F5
Certificate issuer:       /CN=9d5de490ff874e9689cecf726cbb4e2f51f6c731
Certificate serial:       019421B1A038DF0AE48B2F06CAD5AC072F36
Authority key identifier: 9D:5D:E4:90:FF:87:4E:96:89:CE:CF:72:6C:BB:4E:2F:51:F6:C7:31
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nV3kkP-HTpaJzs9ybLtOL1H2xzE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/745bdb-104b-49c7-99d5-cec33ba1bdf5/1/G-7uTcKf4R76KSJdYf98itHFuPU.roa
Signing time:             Wed 01 Jan 2025 11:47:56 +0000
ROA not before:           Wed 01 Jan 2025 11:47:56 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     29063
IP address blocks:        2a01:8180:3000::/36 maxlen: 42
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/745bdb-104b-49c7-99d5-cec33ba1bdf5/1/nV3kkP-HTpaJzs9ybLtOL1H2xzE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/745bdb-104b-49c7-99d5-cec33ba1bdf5/1/nV3kkP-HTpaJzs9ybLtOL1H2xzE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nV3kkP-HTpaJzs9ybLtOL1H2xzE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 16 Apr 2025 15:22:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b1:a0:38:df:0a:e4:8b:2f:06:ca:d5:ac:07:2f:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9d5de490ff874e9689cecf726cbb4e2f51f6c731
        Validity
            Not Before: Jan  1 11:47:56 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1beeee4dc29fe11efa29225d61ff7c8ad1c5b8f5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:80:7d:a1:21:10:25:17:47:4c:8e:20:c6:14:
                    59:ef:72:bf:62:78:30:ba:a5:88:40:b6:85:1b:4c:
                    d1:86:f5:ff:4f:3e:4c:5e:a7:f7:94:34:af:44:b7:
                    30:f2:8e:21:46:a6:b5:26:3c:e8:40:e5:79:87:f7:
                    1d:07:27:3d:2d:eb:17:17:30:ad:54:07:08:3e:65:
                    75:cb:da:e4:dc:8d:e0:f7:f2:35:a9:ad:90:a0:42:
                    ef:a5:e3:9b:e1:ce:89:35:d6:3a:b1:c1:7b:f5:8a:
                    ea:5e:0d:dd:06:15:78:13:26:55:9f:bf:71:12:4f:
                    8e:8c:46:b1:61:62:a6:56:1c:5b:11:a5:41:3a:2e:
                    21:a2:af:7a:92:24:17:03:33:fa:f7:13:91:6f:c8:
                    9c:9d:9a:2c:28:34:d0:ea:e7:f4:39:ea:c3:b0:d9:
                    55:c0:f4:37:85:05:3c:f3:31:d4:fe:e4:1b:eb:65:
                    99:ab:fc:ad:de:8c:8b:60:47:b4:be:2f:12:32:a9:
                    00:e2:2f:fb:c1:c7:f4:6f:82:1d:70:2e:ff:51:86:
                    a1:3c:51:36:ac:e8:ba:23:81:ec:13:d9:1d:3a:a2:
                    71:45:62:47:91:64:2f:42:26:1b:70:f4:70:ab:70:
                    17:42:28:be:99:58:32:52:c4:63:06:d3:e5:82:28:
                    f2:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:EE:EE:4D:C2:9F:E1:1E:FA:29:22:5D:61:FF:7C:8A:D1:C5:B8:F5
            X509v3 Authority Key Identifier:
                keyid:9D:5D:E4:90:FF:87:4E:96:89:CE:CF:72:6C:BB:4E:2F:51:F6:C7:31

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nV3kkP-HTpaJzs9ybLtOL1H2xzE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/745bdb-104b-49c7-99d5-cec33ba1bdf5/1/G-7uTcKf4R76KSJdYf98itHFuPU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/745bdb-104b-49c7-99d5-cec33ba1bdf5/1/nV3kkP-HTpaJzs9ybLtOL1H2xzE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:8180:3000::/36

    Signature Algorithm: sha256WithRSAEncryption
         3a:8c:5c:d3:ca:f0:ad:2a:90:f4:ca:03:28:11:85:68:8e:a2:
         cb:58:6e:df:47:9e:3a:ea:4f:02:f3:25:81:7b:e4:f6:13:f3:
         f8:5b:57:2a:78:53:40:c1:00:ea:16:6b:96:d4:d8:e1:6c:22:
         a0:8f:b4:2c:c7:79:28:fb:43:3a:c4:67:d9:3f:e8:05:60:cc:
         03:c1:1b:7d:c7:dd:e0:42:01:e4:1c:0b:be:a2:e7:81:5c:be:
         be:0a:9b:ec:30:d3:43:92:cf:d9:72:82:79:0a:b3:02:6a:87:
         f1:80:b6:16:ba:89:b5:c5:60:d3:23:8a:5d:51:97:33:88:62:
         b0:f4:20:bc:64:7c:71:24:5b:2c:de:4d:3e:28:0f:b7:91:f4:
         17:94:31:61:01:11:87:59:87:b4:f1:83:eb:20:0a:4c:8f:40:
         78:f6:b1:b3:e3:73:18:1c:13:93:3e:cf:36:ad:6b:85:5a:fe:
         1b:03:f1:08:7a:5e:f4:55:ac:b2:05:a8:18:ff:31:e8:b5:71:
         55:c4:87:4e:7e:59:74:de:f5:eb:3f:b8:ef:f3:86:e2:d7:10:
         73:43:5e:f8:16:89:65:9b:cf:7c:45:65:5c:11:d4:6e:e4:02:
         d4:eb:00:6b:47:72:88:b3:02:a3:f4:08:a9:4e:a3:14:70:5a:
         83:4b:48:79
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZQhsaA43wrkiy8GytWsBy82MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkNWRlNDkwZmY4NzRlOTY4OWNlY2Y3MjZjYmI0ZTJmNTFm
NmM3MzEwHhcNMjUwMTAxMTE0NzU2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYmVlZWU0ZGMyOWZlMTFlZmEyOTIyNWQ2MWZmN2M4YWQxYzViOGY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqoB9oSEQJRdHTI4gxhRZ73K/Yngw
uqWIQLaFG0zRhvX/Tz5MXqf3lDSvRLcw8o4hRqa1JjzoQOV5h/cdByc9LesXFzCt
VAcIPmV1y9rk3I3g9/I1qa2QoELvpeOb4c6JNdY6scF79YrqXg3dBhV4EyZVn79x
Ek+OjEaxYWKmVhxbEaVBOi4hoq96kiQXAzP69xORb8icnZosKDTQ6uf0OerDsNlV
wPQ3hQU88zHU/uQb62WZq/yt3oyLYEe0vi8SMqkA4i/7wcf0b4IdcC7/UYahPFE2
rOi6I4HsE9kdOqJxRWJHkWQvQiYbcPRwq3AXQii+mVgyUsRjBtPlgijyNwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFBvu7k3Cn+Ee+ikiXWH/fIrRxbj1MB8GA1UdIwQY
MBaAFJ1d5JD/h06Wic7Pcmy7Ti9R9scxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvblYza2tQLUhUcGFKenM5eWJMdE9MMUgyeHpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC83NDViZGItMTA0Yi00OWM3LTk5ZDUt
Y2VjMzNiYTFiZGY1LzEvRy03dVRjS2Y0Ujc2S1NKZFlmOThpdEhGdVBVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC83NDViZGItMTA0Yi00OWM3LTk5ZDUtY2VjMzNiYTFiZGY1
LzEvblYza2tQLUhUcGFKenM5eWJMdE9MMUgyeHpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYEKgGBgDAw
DQYJKoZIhvcNAQELBQADggEBADqMXNPK8K0qkPTKAygRhWiOostYbt9HnjrqTwLz
JYF75PYT8/hbVyp4U0DBAOoWa5bU2OFsIqCPtCzHeSj7QzrEZ9k/6AVgzAPBG33H
3eBCAeQcC76i54Fcvr4Km+ww00OSz9lygnkKswJqh/GAtha6ibXFYNMjil1RlzOI
YrD0ILxkfHEkWyzeTT4oD7eR9BeUMWEBEYdZh7Txg+sgCkyPQHj2sbPjcxgcE5M+
zzata4Va/hsD8Qh6XvRVrLIFqBj/Mei1cVXEh05+WXTe9es/uO/zhuLXEHNDXvgW
iWWbz3xFZVwR1G7kAtTrAGtHcoizAqP0CKlOoxRwWoNLSHk=
-----END CERTIFICATE-----