Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/4be222-6482-4db9-9a5f-752e9b8b0756/1/pYMEzjMmoF7fFNP0-wloJu6W4vc.roa
File:                     pYMEzjMmoF7fFNP0-wloJu6W4vc.roa (raw, json)
Hash identifier:          IL07ig7Bpq656fWNgVYspfIH+B2/5c+7wcjKfg/Ljo0=
Subject key identifier:   A5:83:04:CE:33:26:A0:5E:DF:14:D3:F4:FB:09:68:26:EE:96:E2:F7
Certificate issuer:       /CN=70fee176f51ce8fd81424ff73a5417341279c0f1
Certificate serial:       0194BD1E9B205958DA10A22AEC77E5879F30
Authority key identifier: 70:FE:E1:76:F5:1C:E8:FD:81:42:4F:F7:3A:54:17:34:12:79:C0:F1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cP7hdvUc6P2BQk_3OlQXNBJ5wPE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/75/4be222-6482-4db9-9a5f-752e9b8b0756/1/pYMEzjMmoF7fFNP0-wloJu6W4vc.roa
Signing time:             Fri 31 Jan 2025 16:08:06 +0000
ROA not before:           Fri 31 Jan 2025 16:08:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213671
IP address blocks:        2a05:b100:2000::/36 maxlen: 36
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/75/4be222-6482-4db9-9a5f-752e9b8b0756/1/cP7hdvUc6P2BQk_3OlQXNBJ5wPE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/75/4be222-6482-4db9-9a5f-752e9b8b0756/1/cP7hdvUc6P2BQk_3OlQXNBJ5wPE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cP7hdvUc6P2BQk_3OlQXNBJ5wPE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 13:16:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:bd:1e:9b:20:59:58:da:10:a2:2a:ec:77:e5:87:9f:30
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=70fee176f51ce8fd81424ff73a5417341279c0f1
        Validity
            Not Before: Jan 31 16:08:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a58304ce3326a05edf14d3f4fb096826ee96e2f7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:5e:f7:67:eb:56:f2:5e:e4:b4:a9:d7:99:60:
                    65:84:47:cd:45:27:e5:40:d1:f8:ca:77:b5:f9:21:
                    bd:d7:d6:66:c1:ce:22:84:57:63:a9:65:4d:2d:6e:
                    f8:05:9a:78:a7:c9:01:01:03:a6:80:dc:b5:54:5c:
                    6a:a4:27:ab:45:90:7e:c2:09:e1:da:d7:66:79:42:
                    90:11:f7:7c:6b:d2:df:3a:90:c4:26:1e:d0:cd:8c:
                    3a:67:46:6a:68:c0:ae:9a:64:4b:02:9f:ca:fe:af:
                    55:be:0c:a9:a9:71:a1:92:d0:c9:77:5e:b8:e3:f5:
                    9c:74:44:7f:76:71:e9:79:b0:e7:f4:8a:53:39:ef:
                    fd:78:40:9c:27:2d:b7:61:44:65:7e:12:ec:bb:5b:
                    11:6d:5a:3b:4d:b7:46:b7:0e:aa:60:36:48:6e:a7:
                    43:cb:36:73:27:55:fe:2b:93:81:ce:48:2e:0d:d2:
                    ed:2a:ff:ff:c7:e1:76:68:71:ba:df:b5:9f:1a:64:
                    00:74:c4:46:63:f2:ae:71:a1:b0:38:f9:3d:85:52:
                    e0:59:8b:5d:90:87:fd:25:e4:ac:7d:25:d1:20:79:
                    1c:c0:5e:0c:ad:c8:39:61:21:27:60:e4:0b:8b:8f:
                    43:2e:5c:be:b3:ea:64:b9:11:5c:5c:d9:d9:26:03:
                    24:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:83:04:CE:33:26:A0:5E:DF:14:D3:F4:FB:09:68:26:EE:96:E2:F7
            X509v3 Authority Key Identifier:
                keyid:70:FE:E1:76:F5:1C:E8:FD:81:42:4F:F7:3A:54:17:34:12:79:C0:F1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cP7hdvUc6P2BQk_3OlQXNBJ5wPE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/4be222-6482-4db9-9a5f-752e9b8b0756/1/pYMEzjMmoF7fFNP0-wloJu6W4vc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/75/4be222-6482-4db9-9a5f-752e9b8b0756/1/cP7hdvUc6P2BQk_3OlQXNBJ5wPE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:b100:2000::/36

    Signature Algorithm: sha256WithRSAEncryption
         25:ca:73:9c:59:b2:3d:58:10:d2:f0:b7:ae:dc:6d:13:1a:e3:
         cc:dd:7c:18:ae:11:18:79:22:4c:21:6d:fe:54:a3:4a:30:89:
         6f:a7:72:ba:5f:42:8e:74:4b:da:32:76:4f:6c:06:41:3e:61:
         cc:ba:32:56:86:f1:25:e0:56:b0:63:36:48:9b:94:53:ad:cd:
         53:4c:05:54:26:b7:0a:96:fc:ed:6e:cd:9e:b6:a5:91:9a:24:
         1c:04:3e:5c:87:22:1e:fd:6a:7d:a1:37:50:d3:d0:aa:8a:77:
         b8:dc:f0:79:93:fd:d8:62:50:71:01:6b:b1:05:37:a1:1b:e7:
         da:ca:66:d8:08:38:5b:58:e5:3c:40:9a:e1:a5:43:f9:6d:a4:
         42:7c:0a:8b:7e:22:32:59:08:18:6f:d5:9b:5c:59:ed:8c:60:
         74:b6:7b:5e:64:73:7a:cf:8b:20:5e:16:32:ec:13:c2:15:64:
         6a:02:fb:fa:e5:01:5f:36:cb:91:47:da:99:ce:81:b8:c4:83:
         8d:a1:f1:fd:e7:6b:a0:0b:20:59:d8:51:b6:db:98:8f:4b:72:
         a7:1b:09:93:52:f2:66:cd:90:f0:d4:a7:34:bd:bf:56:77:3a:
         1c:c1:e2:c3:96:3f:97:7f:53:9a:cb:e7:a7:e4:17:73:a2:a0:
         91:11:c6:82
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZS9HpsgWVjaEKIq7Hflh58wMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcwZmVlMTc2ZjUxY2U4ZmQ4MTQyNGZmNzNhNTQxNzM0MTI3
OWMwZjEwHhcNMjUwMTMxMTYwODA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNTgzMDRjZTMzMjZhMDVlZGYxNGQzZjRmYjA5NjgyNmVlOTZlMmY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1173Z+tW8l7ktKnXmWBlhEfNRSfl
QNH4yne1+SG919Zmwc4ihFdjqWVNLW74BZp4p8kBAQOmgNy1VFxqpCerRZB+wgnh
2tdmeUKQEfd8a9LfOpDEJh7QzYw6Z0ZqaMCummRLAp/K/q9VvgypqXGhktDJd164
4/WcdER/dnHpebDn9IpTOe/9eECcJy23YURlfhLsu1sRbVo7TbdGtw6qYDZIbqdD
yzZzJ1X+K5OBzkguDdLtKv//x+F2aHG637WfGmQAdMRGY/KucaGwOPk9hVLgWYtd
kIf9JeSsfSXRIHkcwF4Mrcg5YSEnYOQLi49DLly+s+pkuRFcXNnZJgMkkQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFKWDBM4zJqBe3xTT9PsJaCbuluL3MB8GA1UdIwQY
MBaAFHD+4Xb1HOj9gUJP9zpUFzQSecDxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY1A3aGR2VWM2UDJCUWtfM09sUVhOQko1d1BFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS80YmUyMjItNjQ4Mi00ZGI5LTlhNWYt
NzUyZTliOGIwNzU2LzEvcFlNRXpqTW1vRjdmRk5QMC13bG9KdTZXNHZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS80YmUyMjItNjQ4Mi00ZGI5LTlhNWYtNzUyZTliOGIwNzU2
LzEvY1A3aGR2VWM2UDJCUWtfM09sUVhOQko1d1BFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYEKgWxACAw
DQYJKoZIhvcNAQELBQADggEBACXKc5xZsj1YENLwt67cbRMa48zdfBiuERh5Ikwh
bf5Uo0owiW+ncrpfQo50S9oydk9sBkE+Ycy6MlaG8SXgVrBjNkiblFOtzVNMBVQm
twqW/O1uzZ62pZGaJBwEPlyHIh79an2hN1DT0KqKd7jc8HmT/dhiUHEBa7EFN6Eb
59rKZtgIOFtY5TxAmuGlQ/ltpEJ8Cot+IjJZCBhv1ZtcWe2MYHS2e15kc3rPiyBe
FjLsE8IVZGoC+/rlAV82y5FH2pnOgbjEg42h8f3na6ALIFnYUbbbmI9LcqcbCZNS
8mbNkPDUpzS9v1Z3OhzB4sOWP5d/U5rL56fkF3OioJERxoI=
-----END CERTIFICATE-----