Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/zM7qvBzObT4TRPA1xfHDs_-cQdQ.roa
File:                     zM7qvBzObT4TRPA1xfHDs_-cQdQ.roa (raw, json)
Hash identifier:          ffCeSSCBeQ93odKdKRzFv0+gdaFz3UWj1W8taDqZSzQ=
Subject key identifier:   CC:CE:EA:BC:1C:CE:6D:3E:13:44:F0:35:C5:F1:C3:B3:FF:9C:41:D4
Certificate issuer:       /CN=73c69d04583500c5ef81136831237593e0bb86ce
Certificate serial:       019427463211FEEE0174A1AE05EF0BE16E48
Authority key identifier: 73:C6:9D:04:58:35:00:C5:EF:81:13:68:31:23:75:93:E0:BB:86:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/c8adBFg1AMXvgRNoMSN1k-C7hs4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/zM7qvBzObT4TRPA1xfHDs_-cQdQ.roa
Signing time:             Thu 02 Jan 2025 13:48:19 +0000
ROA not before:           Thu 02 Jan 2025 13:48:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202939
IP address blocks:        2a0d:2682::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/c8adBFg1AMXvgRNoMSN1k-C7hs4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/c8adBFg1AMXvgRNoMSN1k-C7hs4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/c8adBFg1AMXvgRNoMSN1k-C7hs4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 22:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:46:32:11:fe:ee:01:74:a1:ae:05:ef:0b:e1:6e:48
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=73c69d04583500c5ef81136831237593e0bb86ce
        Validity
            Not Before: Jan  2 13:48:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ccceeabc1cce6d3e1344f035c5f1c3b3ff9c41d4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:49:24:52:ce:36:9a:7c:c2:f0:76:bb:5e:2c:
                    01:a6:f7:f6:47:0a:d3:71:72:ff:ea:2c:f1:3b:20:
                    50:8a:f1:68:e5:4f:ee:f0:18:40:ac:84:f6:2b:4c:
                    f2:59:51:5f:c4:cd:f0:c1:42:84:9f:20:b5:a5:44:
                    6a:4d:0e:e8:86:da:6a:1f:4f:7d:bb:65:e2:cd:4e:
                    e3:86:e9:28:ca:97:b4:94:4a:08:5a:e5:93:93:0b:
                    1c:9b:dc:32:34:a5:01:7c:bd:d8:d6:78:3d:c4:3d:
                    c0:35:fb:27:e1:24:e0:6c:04:9e:f3:fe:4d:c7:1d:
                    35:77:3b:97:d8:96:2b:16:3f:e8:dd:ec:d2:f9:6f:
                    bb:53:f3:23:d3:6d:33:eb:9e:3a:73:b7:0c:37:32:
                    3b:e7:66:7b:b4:0e:6b:af:f1:42:75:51:92:90:0a:
                    c2:91:d3:5f:ac:e0:77:77:37:6c:7a:bd:bd:6d:f3:
                    8f:a1:b9:04:e8:82:5a:37:77:f9:c4:70:1d:27:c9:
                    eb:da:f4:6c:f6:b6:3a:5e:67:8b:76:61:0c:c8:19:
                    cd:68:08:c1:78:ce:69:c9:b5:5c:b2:d0:cd:ec:b1:
                    ba:d8:85:d6:5e:4a:8f:19:df:15:cf:56:a4:b8:0b:
                    1f:21:2c:47:12:7e:25:4c:85:a4:4f:89:2e:3c:fd:
                    07:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:CE:EA:BC:1C:CE:6D:3E:13:44:F0:35:C5:F1:C3:B3:FF:9C:41:D4
            X509v3 Authority Key Identifier:
                keyid:73:C6:9D:04:58:35:00:C5:EF:81:13:68:31:23:75:93:E0:BB:86:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8adBFg1AMXvgRNoMSN1k-C7hs4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/zM7qvBzObT4TRPA1xfHDs_-cQdQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/c8adBFg1AMXvgRNoMSN1k-C7hs4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0d:2682::/32

    Signature Algorithm: sha256WithRSAEncryption
         aa:d6:cc:52:fd:a7:ea:c2:7f:f1:ff:40:47:f6:22:31:ad:aa:
         9d:b9:6d:cc:d8:86:ae:5c:6d:8c:b0:4d:77:e5:af:bf:dd:00:
         6f:0e:fe:2d:31:46:9e:0a:97:65:93:0d:e1:01:6d:01:5f:e0:
         7b:6a:bf:43:4b:28:bd:d9:36:7c:45:27:b9:94:ee:6d:de:b4:
         ed:31:2a:f5:dc:06:cc:76:d2:b6:ea:6d:70:a9:2d:61:b3:79:
         2e:66:ff:d2:eb:0d:ec:3d:21:ba:37:9a:a5:a2:76:e7:55:70:
         90:49:ea:32:e0:a4:3d:f0:80:72:9a:1b:58:73:ea:8c:3d:1c:
         a0:08:f4:ef:38:1d:81:e3:c1:d9:27:5d:a3:3a:2e:e9:84:77:
         5a:57:04:9d:a8:d9:3b:50:35:fd:4a:dd:45:c0:48:15:20:33:
         45:23:23:f7:3d:da:a0:5d:76:bd:fc:b3:ea:a5:d9:03:62:40:
         29:c6:47:25:3a:c3:a6:24:61:33:f1:65:0d:ea:a2:d0:cc:0f:
         a1:2e:2b:03:b6:cf:dd:09:c3:95:c6:4b:dd:4a:e5:bc:86:e4:
         3b:d5:20:78:23:00:cd:04:0c:42:a2:55:73:ca:15:a9:2a:04:
         ce:f8:79:62:6c:de:55:72:ee:af:d4:04:e2:41:6f:6f:e8:07:
         bb:13:cc:13
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQnRjIR/u4BdKGuBe8L4W5IMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDczYzY5ZDA0NTgzNTAwYzVlZjgxMTM2ODMxMjM3NTkzZTBi
Yjg2Y2UwHhcNMjUwMTAyMTM0ODE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjY2NlZWFiYzFjY2U2ZDNlMTM0NGYwMzVjNWYxYzNiM2ZmOWM0MWQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0kkkUs42mnzC8Ha7XiwBpvf2RwrT
cXL/6izxOyBQivFo5U/u8BhArIT2K0zyWVFfxM3wwUKEnyC1pURqTQ7ohtpqH099
u2XizU7jhukoype0lEoIWuWTkwscm9wyNKUBfL3Y1ng9xD3ANfsn4STgbASe8/5N
xx01dzuX2JYrFj/o3ezS+W+7U/Mj020z6546c7cMNzI752Z7tA5rr/FCdVGSkArC
kdNfrOB3dzdser29bfOPobkE6IJaN3f5xHAdJ8nr2vRs9rY6XmeLdmEMyBnNaAjB
eM5pybVcstDN7LG62IXWXkqPGd8Vz1akuAsfISxHEn4lTIWkT4kuPP0HlQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFMzO6rwczm0+E0TwNcXxw7P/nEHUMB8GA1UdIwQY
MBaAFHPGnQRYNQDF74ETaDEjdZPgu4bOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYzhhZEJGZzFBTVh2Z1JOb01TTjFrLUM3aHM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OC82ZjZjZTItZTZlZS00ZTJhLTkwNWQt
ZjljYjBhN2IyMDZjLzEvek03cXZCek9iVDRUUlBBMXhmSERzXy1jUWRRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OC82ZjZjZTItZTZlZS00ZTJhLTkwNWQtZjljYjBhN2IyMDZj
LzEvYzhhZEJGZzFBTVh2Z1JOb01TTjFrLUM3aHM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKg0mgjAN
BgkqhkiG9w0BAQsFAAOCAQEAqtbMUv2n6sJ/8f9AR/YiMa2qnbltzNiGrlxtjLBN
d+Wvv90Abw7+LTFGngqXZZMN4QFtAV/ge2q/Q0sovdk2fEUnuZTubd607TEq9dwG
zHbStuptcKktYbN5Lmb/0usN7D0hujeapaJ251VwkEnqMuCkPfCAcpobWHPqjD0c
oAj07zgdgePB2Sddozou6YR3WlcEnajZO1A1/UrdRcBIFSAzRSMj9z3aoF12vfyz
6qXZA2JAKcZHJTrDpiRhM/FlDeqi0MwPoS4rA7bP3QnDlcZL3UrlvIbkO9UgeCMA
zQQMQqJVc8oVqSoEzvh5YmzeVXLur9QE4kFvb+gHuxPMEw==
-----END CERTIFICATE-----