Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7d/388fd8-c81f-4e71-af52-c0b1ad435b95/1/x0T3yvJpLXpG0yBkBOlH0qchh3U.roa
File:                     x0T3yvJpLXpG0yBkBOlH0qchh3U.roa (raw, json)
Hash identifier:          Lt2tpn0tH6x5Kf9HXc8LFADRTohAK1wE2pgpgUDlEXY=
Subject key identifier:   C7:44:F7:CA:F2:69:2D:7A:46:D3:20:64:04:E9:47:D2:A7:21:87:75
Certificate issuer:       /CN=a7fd3f89335dcf828666b28fad8ae993bd448878
Certificate serial:       019427B63412982FBD70D1D66ECB5253930E
Authority key identifier: A7:FD:3F:89:33:5D:CF:82:86:66:B2:8F:AD:8A:E9:93:BD:44:88:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/p_0_iTNdz4KGZrKPrYrpk71EiHg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7d/388fd8-c81f-4e71-af52-c0b1ad435b95/1/x0T3yvJpLXpG0yBkBOlH0qchh3U.roa
Signing time:             Thu 02 Jan 2025 15:50:39 +0000
ROA not before:           Thu 02 Jan 2025 15:50:39 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     35543
IP address blocks:        2a12:a4c1::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7d/388fd8-c81f-4e71-af52-c0b1ad435b95/1/p_0_iTNdz4KGZrKPrYrpk71EiHg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7d/388fd8-c81f-4e71-af52-c0b1ad435b95/1/p_0_iTNdz4KGZrKPrYrpk71EiHg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/p_0_iTNdz4KGZrKPrYrpk71EiHg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b6:34:12:98:2f:bd:70:d1:d6:6e:cb:52:53:93:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a7fd3f89335dcf828666b28fad8ae993bd448878
        Validity
            Not Before: Jan  2 15:50:39 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c744f7caf2692d7a46d3206404e947d2a7218775
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:f4:9d:ce:70:83:ce:35:7f:cc:77:0a:63:fe:
                    da:f9:d5:8e:11:52:30:6a:70:92:73:b5:1c:75:f2:
                    57:0a:3b:8d:95:eb:0f:69:98:e8:ed:68:85:ee:91:
                    82:04:e5:87:03:41:79:0c:29:e9:85:27:2b:07:41:
                    68:98:2f:76:50:a5:11:e8:bb:ab:3f:cc:16:28:e0:
                    7c:d0:3e:8b:fe:5f:61:65:e2:0a:b8:84:73:1e:ae:
                    94:69:a8:b2:f2:fe:5c:fa:97:c1:05:5c:61:e7:d7:
                    c7:76:f9:ac:88:0b:5c:58:f4:38:db:df:00:a5:31:
                    41:75:a2:3a:df:51:c3:cd:16:59:b0:ad:e6:d7:c9:
                    b8:96:4d:bc:af:8e:d8:26:bc:1c:28:07:5b:da:1b:
                    7a:22:04:b0:59:d5:6f:83:df:c9:1e:21:e0:53:43:
                    be:68:13:12:ef:08:89:06:48:fd:2e:7f:87:3c:db:
                    6f:ed:e4:14:25:4e:f6:3f:9c:3d:fe:33:7a:2c:16:
                    a0:ec:ab:68:1e:12:a4:27:56:39:9c:6b:94:95:c2:
                    e9:5b:bb:b3:b9:60:1c:68:9d:b5:3a:45:03:e4:1a:
                    cf:96:30:50:1c:f4:a2:02:fd:8a:c2:21:ee:99:a0:
                    76:1b:88:3b:4b:91:51:d0:e1:64:11:ef:f6:84:58:
                    4f:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:44:F7:CA:F2:69:2D:7A:46:D3:20:64:04:E9:47:D2:A7:21:87:75
            X509v3 Authority Key Identifier:
                keyid:A7:FD:3F:89:33:5D:CF:82:86:66:B2:8F:AD:8A:E9:93:BD:44:88:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/p_0_iTNdz4KGZrKPrYrpk71EiHg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/388fd8-c81f-4e71-af52-c0b1ad435b95/1/x0T3yvJpLXpG0yBkBOlH0qchh3U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/388fd8-c81f-4e71-af52-c0b1ad435b95/1/p_0_iTNdz4KGZrKPrYrpk71EiHg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:a4c1::/32

    Signature Algorithm: sha256WithRSAEncryption
         85:e7:5e:5f:c8:4c:6c:dc:2d:8a:ca:47:67:a9:d2:9d:df:20:
         2d:6c:cb:ed:71:97:40:fa:f1:4a:a2:1b:ac:53:e4:fe:62:5c:
         8e:42:ca:b0:a4:8a:fc:fa:85:8f:5e:2b:73:25:c4:8b:95:d4:
         7c:39:fb:92:ad:24:ef:a4:ce:2b:b9:58:57:c7:54:22:80:02:
         d8:b7:58:11:63:a5:96:82:57:91:f3:ed:37:ca:f8:83:9e:91:
         59:d6:54:32:22:6e:13:d4:e5:fa:fc:cd:8d:d2:63:e9:0e:b2:
         2a:18:8d:18:99:4f:aa:bf:3b:9b:f2:f5:e3:44:30:29:b9:96:
         40:9f:bd:49:7e:7a:57:86:8a:f0:7c:de:55:40:2e:84:5d:a3:
         4d:86:61:d9:b9:1b:40:c5:7b:6e:8d:87:1f:a3:66:ff:ef:01:
         ba:fd:ab:fd:8a:85:85:d0:92:41:b6:a6:53:03:ff:7f:6b:43:
         d0:df:83:1a:84:a0:e7:d6:ad:3e:24:3b:4e:be:d2:ff:bb:2e:
         cb:b5:4b:3b:9b:fc:68:e1:56:f3:32:8a:35:49:26:57:3a:4e:
         f2:1a:44:30:9b:b6:73:78:e9:34:3e:fe:6a:6b:0a:60:32:4d:
         36:c5:4c:c5:1a:12:1f:b6:2f:a9:6b:87:37:4a:6f:75:5a:56:
         42:ee:f0:2b
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQntjQSmC+9cNHWbstSU5MOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE3ZmQzZjg5MzM1ZGNmODI4NjY2YjI4ZmFkOGFlOTkzYmQ0
NDg4NzgwHhcNMjUwMTAyMTU1MDM5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNzQ0ZjdjYWYyNjkyZDdhNDZkMzIwNjQwNGU5NDdkMmE3MjE4Nzc1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3fSdznCDzjV/zHcKY/7a+dWOEVIw
anCSc7UcdfJXCjuNlesPaZjo7WiF7pGCBOWHA0F5DCnphScrB0FomC92UKUR6Lur
P8wWKOB80D6L/l9hZeIKuIRzHq6Uaaiy8v5c+pfBBVxh59fHdvmsiAtcWPQ4298A
pTFBdaI631HDzRZZsK3m18m4lk28r47YJrwcKAdb2ht6IgSwWdVvg9/JHiHgU0O+
aBMS7wiJBkj9Ln+HPNtv7eQUJU72P5w9/jN6LBag7KtoHhKkJ1Y5nGuUlcLpW7uz
uWAcaJ21OkUD5BrPljBQHPSiAv2KwiHumaB2G4g7S5FR0OFkEe/2hFhPawIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFMdE98ryaS16RtMgZATpR9KnIYd1MB8GA1UdIwQY
MBaAFKf9P4kzXc+Chmayj62K6ZO9RIh4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcF8wX2lUTmR6NEtHWnJLUHJZcnBrNzFFaUhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZC8zODhmZDgtYzgxZi00ZTcxLWFmNTIt
YzBiMWFkNDM1Yjk1LzEveDBUM3l2SnBMWHBHMHlCa0JPbEgwcWNoaDNVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZC8zODhmZDgtYzgxZi00ZTcxLWFmNTItYzBiMWFkNDM1Yjk1
LzEvcF8wX2lUTmR6NEtHWnJLUHJZcnBrNzFFaUhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhKkwTAN
BgkqhkiG9w0BAQsFAAOCAQEAhedeX8hMbNwtispHZ6nSnd8gLWzL7XGXQPrxSqIb
rFPk/mJcjkLKsKSK/PqFj14rcyXEi5XUfDn7kq0k76TOK7lYV8dUIoAC2LdYEWOl
loJXkfPtN8r4g56RWdZUMiJuE9Tl+vzNjdJj6Q6yKhiNGJlPqr87m/L140QwKbmW
QJ+9SX56V4aK8HzeVUAuhF2jTYZh2bkbQMV7bo2HH6Nm/+8Buv2r/YqFhdCSQbam
UwP/f2tD0N+DGoSg59atPiQ7Tr7S/7suy7VLO5v8aOFW8zKKNUkmVzpO8hpEMJu2
c3jpND7+amsKYDJNNsVMxRoSH7YvqWuHN0pvdVpWQu7wKw==
-----END CERTIFICATE-----