Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/4be222-6482-4db9-9a5f-752e9b8b0756/1/0A3eCrBh6zPFdv4NnTG-Oyjc7lI.roa
File:                     0A3eCrBh6zPFdv4NnTG-Oyjc7lI.roa (raw, json)
Hash identifier:          Hpqtml2zx5yO1KtzPny+alx7D2TcQ3WX0ZxI8Mvqcow=
Subject key identifier:   D0:0D:DE:0A:B0:61:EB:33:C5:76:FE:0D:9D:31:BE:3B:28:DC:EE:52
Certificate issuer:       /CN=70fee176f51ce8fd81424ff73a5417341279c0f1
Certificate serial:       01941F8C42CDC54EADEB4380B39339AA7DF1
Authority key identifier: 70:FE:E1:76:F5:1C:E8:FD:81:42:4F:F7:3A:54:17:34:12:79:C0:F1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cP7hdvUc6P2BQk_3OlQXNBJ5wPE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/75/4be222-6482-4db9-9a5f-752e9b8b0756/1/0A3eCrBh6zPFdv4NnTG-Oyjc7lI.roa
Signing time:             Wed 01 Jan 2025 01:47:53 +0000
ROA not before:           Wed 01 Jan 2025 01:47:53 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     41354
IP address blocks:        2a05:b100::/36 maxlen: 36
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/75/4be222-6482-4db9-9a5f-752e9b8b0756/1/cP7hdvUc6P2BQk_3OlQXNBJ5wPE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/75/4be222-6482-4db9-9a5f-752e9b8b0756/1/cP7hdvUc6P2BQk_3OlQXNBJ5wPE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cP7hdvUc6P2BQk_3OlQXNBJ5wPE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 14 Apr 2025 15:01:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:42:cd:c5:4e:ad:eb:43:80:b3:93:39:aa:7d:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=70fee176f51ce8fd81424ff73a5417341279c0f1
        Validity
            Not Before: Jan  1 01:47:53 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d00dde0ab061eb33c576fe0d9d31be3b28dcee52
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:50:48:59:3e:88:a6:6a:e6:5c:8f:91:ab:2b:
                    98:1a:67:ce:8a:12:6d:cb:26:49:e2:0f:ae:9f:61:
                    b8:cd:5d:63:f2:8b:26:09:a2:de:46:73:23:0e:34:
                    51:4f:4f:13:5a:f4:6e:35:ad:aa:c6:f4:1f:5d:76:
                    97:e9:ad:9a:a3:2f:f5:78:8e:9e:58:d4:5e:7c:24:
                    a1:04:29:f9:08:05:7e:19:23:06:f6:a5:22:d1:c7:
                    e7:8b:54:c9:97:09:e6:2b:de:5c:93:62:c3:35:c0:
                    5c:c4:a1:9e:76:68:df:bd:70:aa:1f:78:b3:c1:30:
                    8d:a7:fd:46:2c:68:6c:b6:8c:7c:c6:68:35:7a:63:
                    61:e0:74:ab:96:16:bc:9d:13:39:14:e8:22:cd:4e:
                    7a:3d:37:7a:51:72:29:ae:54:67:4e:8d:af:45:33:
                    c5:6c:ec:9a:03:f9:02:da:2f:dd:31:a5:36:34:05:
                    9e:5f:e4:a5:9d:bf:08:70:30:2f:a4:f7:71:45:2c:
                    6c:ee:d2:97:d1:ae:f0:87:5e:52:d0:d8:52:3c:64:
                    24:a8:30:13:0b:ac:b3:9e:d0:c8:c4:16:9a:3d:4a:
                    ff:8e:36:44:76:e5:b6:23:03:80:9c:56:3a:68:a4:
                    6a:57:ab:81:08:9f:64:30:9a:bc:43:49:a7:58:b2:
                    4a:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:0D:DE:0A:B0:61:EB:33:C5:76:FE:0D:9D:31:BE:3B:28:DC:EE:52
            X509v3 Authority Key Identifier:
                keyid:70:FE:E1:76:F5:1C:E8:FD:81:42:4F:F7:3A:54:17:34:12:79:C0:F1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cP7hdvUc6P2BQk_3OlQXNBJ5wPE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/4be222-6482-4db9-9a5f-752e9b8b0756/1/0A3eCrBh6zPFdv4NnTG-Oyjc7lI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/75/4be222-6482-4db9-9a5f-752e9b8b0756/1/cP7hdvUc6P2BQk_3OlQXNBJ5wPE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:b100::/36

    Signature Algorithm: sha256WithRSAEncryption
         3d:91:34:0a:6e:45:a1:ca:aa:e6:5d:b4:05:6a:a9:db:a2:8a:
         27:fd:e0:da:a6:d8:02:e3:54:0b:cb:b8:62:d3:c9:cb:b2:de:
         dc:3d:82:37:55:d1:00:25:18:f1:85:ba:12:0a:9e:1a:0d:aa:
         39:b2:12:ca:8a:47:0e:3c:6e:4d:83:db:bc:8a:cb:5b:f5:f1:
         f9:a1:1d:f5:1d:67:78:b2:76:e1:16:e9:1e:2e:7c:40:5c:1c:
         d3:f8:59:f1:33:10:49:f0:06:24:b3:94:94:d3:bc:d7:87:a8:
         0c:06:65:25:17:c8:2a:f7:34:04:c5:98:1a:aa:4d:e5:5b:06:
         d0:56:83:59:9c:70:2a:6d:31:08:13:9c:9a:ee:08:b5:7b:72:
         c0:31:be:05:6f:66:95:1b:40:95:bc:ea:f6:ba:87:7a:ba:1e:
         56:d6:43:cd:5b:72:94:7a:6a:1e:0d:c9:13:09:4b:78:e5:9e:
         18:65:37:fc:43:5e:0a:9f:e4:05:36:73:c1:93:04:32:50:eb:
         6b:0f:2d:57:b0:db:1c:01:b0:a8:65:ed:45:26:71:b1:7c:38:
         c0:76:86:5e:b4:5a:4e:a2:73:5a:b8:51:71:e3:ca:30:15:4e:
         cf:72:04:ed:7a:2d:f0:0d:ad:66:af:f2:4f:25:40:e3:c9:74:
         1a:85:5e:60
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZQfjELNxU6t60OAs5M5qn3xMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcwZmVlMTc2ZjUxY2U4ZmQ4MTQyNGZmNzNhNTQxNzM0MTI3
OWMwZjEwHhcNMjUwMTAxMDE0NzUzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMDBkZGUwYWIwNjFlYjMzYzU3NmZlMGQ5ZDMxYmUzYjI4ZGNlZTUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4FBIWT6IpmrmXI+RqyuYGmfOihJt
yyZJ4g+un2G4zV1j8osmCaLeRnMjDjRRT08TWvRuNa2qxvQfXXaX6a2aoy/1eI6e
WNRefCShBCn5CAV+GSMG9qUi0cfni1TJlwnmK95ck2LDNcBcxKGedmjfvXCqH3iz
wTCNp/1GLGhstox8xmg1emNh4HSrlha8nRM5FOgizU56PTd6UXIprlRnTo2vRTPF
bOyaA/kC2i/dMaU2NAWeX+Slnb8IcDAvpPdxRSxs7tKX0a7wh15S0NhSPGQkqDAT
C6yzntDIxBaaPUr/jjZEduW2IwOAnFY6aKRqV6uBCJ9kMJq8Q0mnWLJKLQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFNAN3gqwYeszxXb+DZ0xvjso3O5SMB8GA1UdIwQY
MBaAFHD+4Xb1HOj9gUJP9zpUFzQSecDxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY1A3aGR2VWM2UDJCUWtfM09sUVhOQko1d1BFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS80YmUyMjItNjQ4Mi00ZGI5LTlhNWYt
NzUyZTliOGIwNzU2LzEvMEEzZUNyQmg2elBGZHY0Tm5URy1PeWpjN2xJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS80YmUyMjItNjQ4Mi00ZGI5LTlhNWYtNzUyZTliOGIwNzU2
LzEvY1A3aGR2VWM2UDJCUWtfM09sUVhOQko1d1BFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYEKgWxAAAw
DQYJKoZIhvcNAQELBQADggEBAD2RNApuRaHKquZdtAVqqduiiif94Nqm2ALjVAvL
uGLTycuy3tw9gjdV0QAlGPGFuhIKnhoNqjmyEsqKRw48bk2D27yKy1v18fmhHfUd
Z3iyduEW6R4ufEBcHNP4WfEzEEnwBiSzlJTTvNeHqAwGZSUXyCr3NATFmBqqTeVb
BtBWg1mccCptMQgTnJruCLV7csAxvgVvZpUbQJW86va6h3q6HlbWQ81bcpR6ah4N
yRMJS3jlnhhlN/xDXgqf5AU2c8GTBDJQ62sPLVew2xwBsKhl7UUmcbF8OMB2hl60
Wk6ic1q4UXHjyjAVTs9yBO16LfANrWav8k8lQOPJdBqFXmA=
-----END CERTIFICATE-----