Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/49bbd2-fe36-45d7-8def-81fa874ee2ed/1/x3IHGK1LHuOlcRhBY1DkJyUPPNE.roa
File:                     x3IHGK1LHuOlcRhBY1DkJyUPPNE.roa (raw, json)
Hash identifier:          3HWLZe2T3pntWqcoKlGGtGIvMY4jmETllZDIMuRWnAc=
Subject key identifier:   C7:72:07:18:AD:4B:1E:E3:A5:71:18:41:63:50:E4:27:25:0F:3C:D1
Certificate issuer:       /CN=e1257eaabbf604d4570055c2cd8ac249bb29c106
Certificate serial:       019425FC66503CF756B611AFFFD2FAA1F34A
Authority key identifier: E1:25:7E:AA:BB:F6:04:D4:57:00:55:C2:CD:8A:C2:49:BB:29:C1:06
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4SV-qrv2BNRXAFXCzYrCSbspwQY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/75/49bbd2-fe36-45d7-8def-81fa874ee2ed/1/x3IHGK1LHuOlcRhBY1DkJyUPPNE.roa
Signing time:             Thu 02 Jan 2025 07:48:05 +0000
ROA not before:           Thu 02 Jan 2025 07:48:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214652
IP address blocks:        2a14:4c40::/40 maxlen: 40
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/75/49bbd2-fe36-45d7-8def-81fa874ee2ed/1/4SV-qrv2BNRXAFXCzYrCSbspwQY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/75/49bbd2-fe36-45d7-8def-81fa874ee2ed/1/4SV-qrv2BNRXAFXCzYrCSbspwQY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4SV-qrv2BNRXAFXCzYrCSbspwQY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 10:01:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fc:66:50:3c:f7:56:b6:11:af:ff:d2:fa:a1:f3:4a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e1257eaabbf604d4570055c2cd8ac249bb29c106
        Validity
            Not Before: Jan  2 07:48:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c7720718ad4b1ee3a57118416350e427250f3cd1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:c0:5f:9a:41:da:03:f3:83:85:a2:8b:a4:98:
                    b9:0c:33:dd:18:ad:02:cc:a0:a7:cb:29:5a:dd:37:
                    12:ab:f8:7e:d7:c2:bd:b7:e1:8a:1c:41:2d:d4:c9:
                    48:9a:c3:12:8f:b8:f1:c9:7e:05:cf:81:d5:21:7b:
                    c9:75:3f:04:3e:22:05:f7:70:1b:61:d1:7b:5a:6f:
                    e0:2d:de:95:85:12:da:eb:83:4a:c0:48:c9:76:8e:
                    43:6b:e5:09:e0:78:b3:f3:dc:b2:2e:05:7d:81:35:
                    a1:51:16:ae:ca:db:d5:c0:b9:d2:0a:d8:96:ba:74:
                    c7:d0:bb:6e:80:1e:ba:82:6e:aa:2b:a7:2a:83:20:
                    0b:ee:0c:54:fa:9d:ff:87:15:06:64:ad:24:c5:a8:
                    9a:42:a1:a1:b0:f5:bb:45:bf:78:9b:e0:43:a8:16:
                    56:1b:60:48:c1:49:0e:57:a9:de:78:d2:ff:30:e5:
                    68:b7:31:13:3b:43:f4:74:2c:dd:ec:d6:a8:d1:c8:
                    6d:8a:85:97:b0:44:ca:86:c7:bc:ac:91:49:e3:a8:
                    58:a6:b5:72:c5:52:bf:55:e3:96:a1:a0:a2:de:4c:
                    73:b5:24:4d:54:43:2d:96:63:77:ba:c2:d5:8c:5b:
                    01:58:43:9c:d9:e3:b9:f9:d8:e5:00:6d:c1:c9:76:
                    06:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:72:07:18:AD:4B:1E:E3:A5:71:18:41:63:50:E4:27:25:0F:3C:D1
            X509v3 Authority Key Identifier:
                keyid:E1:25:7E:AA:BB:F6:04:D4:57:00:55:C2:CD:8A:C2:49:BB:29:C1:06

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4SV-qrv2BNRXAFXCzYrCSbspwQY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/49bbd2-fe36-45d7-8def-81fa874ee2ed/1/x3IHGK1LHuOlcRhBY1DkJyUPPNE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/75/49bbd2-fe36-45d7-8def-81fa874ee2ed/1/4SV-qrv2BNRXAFXCzYrCSbspwQY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:4c40::/40

    Signature Algorithm: sha256WithRSAEncryption
         97:0c:38:c7:10:82:f8:1b:70:1b:e4:8c:4d:53:f9:73:23:3f:
         49:c0:dc:99:f9:80:0d:65:f1:fd:49:81:06:77:0b:67:a3:48:
         87:02:1f:62:80:f3:9a:1f:38:c4:df:b2:11:79:df:34:d2:ca:
         0b:26:03:b9:ce:9f:90:ca:9f:e0:37:32:1e:69:c5:03:18:c2:
         30:fd:18:1e:a4:f5:fb:56:3f:57:8b:58:7b:b5:00:b7:d0:57:
         e2:50:e6:7e:88:f1:5e:56:47:f9:a6:83:af:53:1c:8f:64:d4:
         4e:af:e0:06:7d:43:38:ae:18:f2:e6:be:bc:3a:b2:90:10:41:
         4b:e2:82:38:e4:40:af:30:36:ad:69:be:0c:49:1d:5a:73:c3:
         9a:c6:b6:b3:34:93:d6:28:c5:37:ac:7d:4e:09:20:aa:b8:f6:
         73:02:8b:c7:00:e8:21:bd:cd:6c:a1:3e:a4:70:04:54:55:71:
         c1:ea:22:f2:03:71:8a:60:c5:da:cb:93:1a:30:cc:a4:fb:a9:
         b8:40:a6:fa:14:9f:ff:c8:c7:74:bb:89:75:a3:af:c9:59:a0:
         98:b3:87:7e:12:4d:9c:93:48:b9:0a:e5:45:12:d6:1e:42:26:
         2d:f4:ad:ef:b7:91:8f:04:94:a2:bf:6a:72:b0:cf:24:67:3a:
         d9:e9:80:0b
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZQl/GZQPPdWthGv/9L6ofNKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUxMjU3ZWFhYmJmNjA0ZDQ1NzAwNTVjMmNkOGFjMjQ5YmIy
OWMxMDYwHhcNMjUwMTAyMDc0ODA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNzcyMDcxOGFkNGIxZWUzYTU3MTE4NDE2MzUwZTQyNzI1MGYzY2QxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqsBfmkHaA/ODhaKLpJi5DDPdGK0C
zKCnyyla3TcSq/h+18K9t+GKHEEt1MlImsMSj7jxyX4Fz4HVIXvJdT8EPiIF93Ab
YdF7Wm/gLd6VhRLa64NKwEjJdo5Da+UJ4Hiz89yyLgV9gTWhURauytvVwLnSCtiW
unTH0LtugB66gm6qK6cqgyAL7gxU+p3/hxUGZK0kxaiaQqGhsPW7Rb94m+BDqBZW
G2BIwUkOV6neeNL/MOVotzETO0P0dCzd7Nao0chtioWXsETKhse8rJFJ46hYprVy
xVK/VeOWoaCi3kxztSRNVEMtlmN3usLVjFsBWEOc2eO5+djlAG3ByXYGuQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFMdyBxitSx7jpXEYQWNQ5CclDzzRMB8GA1UdIwQY
MBaAFOElfqq79gTUVwBVws2Kwkm7KcEGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNFNWLXFydjJCTlJYQUZYQ3pZckNTYnNwd1FZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS80OWJiZDItZmUzNi00NWQ3LThkZWYt
ODFmYTg3NGVlMmVkLzEveDNJSEdLMUxIdU9sY1JoQlkxRGtKeVVQUE5FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS80OWJiZDItZmUzNi00NWQ3LThkZWYtODFmYTg3NGVlMmVk
LzEvNFNWLXFydjJCTlJYQUZYQ3pZckNTYnNwd1FZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKhRMQAAw
DQYJKoZIhvcNAQELBQADggEBAJcMOMcQgvgbcBvkjE1T+XMjP0nA3Jn5gA1l8f1J
gQZ3C2ejSIcCH2KA85ofOMTfshF53zTSygsmA7nOn5DKn+A3Mh5pxQMYwjD9GB6k
9ftWP1eLWHu1ALfQV+JQ5n6I8V5WR/mmg69THI9k1E6v4AZ9QziuGPLmvrw6spAQ
QUvigjjkQK8wNq1pvgxJHVpzw5rGtrM0k9YoxTesfU4JIKq49nMCi8cA6CG9zWyh
PqRwBFRVccHqIvIDcYpgxdrLkxowzKT7qbhApvoUn//Ix3S7iXWjr8lZoJizh34S
TZyTSLkK5UUS1h5CJi30re+3kY8ElKK/anKwzyRnOtnpgAs=
-----END CERTIFICATE-----