Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7e/2d067c-df72-4040-bc43-19397fc76fec/1/VzuF2DppIrspDzJ85GPpog256VM.roa
File:                     VzuF2DppIrspDzJ85GPpog256VM.roa (raw, json)
Hash identifier:          NVhHykKnaNaKUFenioMV2s+C+yHI/RstE5ooTmdayhs=
Subject key identifier:   57:3B:85:D8:3A:69:22:BB:29:0F:32:7C:E4:63:E9:A2:0D:B9:E9:53
Certificate issuer:       /CN=4d3c5f0aa141011ce2dbf18ccceaac8d23a80253
Certificate serial:       019425FD59C29479B54EDF897273B991F947
Authority key identifier: 4D:3C:5F:0A:A1:41:01:1C:E2:DB:F1:8C:CC:EA:AC:8D:23:A8:02:53
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TTxfCqFBARzi2_GMzOqsjSOoAlM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7e/2d067c-df72-4040-bc43-19397fc76fec/1/VzuF2DppIrspDzJ85GPpog256VM.roa
Signing time:             Thu 02 Jan 2025 07:49:08 +0000
ROA not before:           Thu 02 Jan 2025 07:49:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8821
IP address blocks:        2a03:62a0:4101::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7e/2d067c-df72-4040-bc43-19397fc76fec/1/TTxfCqFBARzi2_GMzOqsjSOoAlM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7e/2d067c-df72-4040-bc43-19397fc76fec/1/TTxfCqFBARzi2_GMzOqsjSOoAlM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TTxfCqFBARzi2_GMzOqsjSOoAlM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 18:34:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fd:59:c2:94:79:b5:4e:df:89:72:73:b9:91:f9:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4d3c5f0aa141011ce2dbf18ccceaac8d23a80253
        Validity
            Not Before: Jan  2 07:49:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=573b85d83a6922bb290f327ce463e9a20db9e953
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:db:69:08:83:57:d5:3f:80:68:c7:a0:b4:1f:
                    6e:c5:70:47:8d:2f:22:c6:c4:7d:58:c5:0b:ff:91:
                    3d:b5:1c:96:88:65:f4:42:56:4d:ca:33:97:95:9e:
                    59:9e:31:78:c7:bc:f8:2f:2c:bf:4b:e1:f6:0f:1e:
                    bb:f8:e4:f5:ef:c6:1f:f3:2a:7b:45:25:9c:d1:d5:
                    2f:0f:07:28:38:5d:93:f3:2a:13:8f:a4:ac:2e:44:
                    24:48:6b:80:ce:2f:88:09:41:52:7b:70:cb:e4:6e:
                    49:55:7b:bc:8a:d3:29:76:ea:37:eb:10:a7:6b:8f:
                    23:28:ba:b5:29:9a:8f:d1:60:27:48:63:3a:c9:a6:
                    3d:9d:de:38:2a:2e:43:4a:bf:3d:6f:98:7a:e8:ae:
                    4d:a1:0d:7d:25:da:a6:b2:5a:9e:bd:41:51:ed:56:
                    7f:b4:cc:25:74:ed:b4:21:24:57:15:87:10:a5:51:
                    c6:fa:47:c0:e7:f4:db:67:04:46:26:40:d9:cd:c6:
                    d4:f6:a3:71:ef:6f:66:de:f9:6f:92:81:94:85:a4:
                    17:4b:9a:2b:4a:9b:fa:63:11:37:30:95:47:1a:e5:
                    f7:d2:09:b9:2c:c0:de:21:af:dd:65:5e:6e:67:26:
                    73:d5:b7:71:5d:e4:ed:69:08:f6:d5:d0:49:f8:c2:
                    95:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:3B:85:D8:3A:69:22:BB:29:0F:32:7C:E4:63:E9:A2:0D:B9:E9:53
            X509v3 Authority Key Identifier:
                keyid:4D:3C:5F:0A:A1:41:01:1C:E2:DB:F1:8C:CC:EA:AC:8D:23:A8:02:53

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TTxfCqFBARzi2_GMzOqsjSOoAlM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/2d067c-df72-4040-bc43-19397fc76fec/1/VzuF2DppIrspDzJ85GPpog256VM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/2d067c-df72-4040-bc43-19397fc76fec/1/TTxfCqFBARzi2_GMzOqsjSOoAlM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a03:62a0:4101::/48

    Signature Algorithm: sha256WithRSAEncryption
         26:40:f1:4b:f2:d4:8a:dd:6f:5d:b3:74:25:c6:3e:ac:76:bd:
         0d:a9:24:52:2a:78:4d:b3:8e:2c:9e:5c:fd:ad:99:98:4c:bd:
         8e:0e:c1:12:19:bd:8b:41:30:3e:4d:39:40:59:be:7b:25:9b:
         12:6c:ce:f4:7d:38:fa:1f:bc:c5:bb:5e:3c:2f:51:0d:a9:19:
         d2:65:c2:93:5e:7b:34:c2:6c:c7:97:e3:5a:db:b9:74:e3:4b:
         0e:66:3e:da:9d:ee:7a:a7:94:92:c4:6b:70:a3:0f:9d:b0:d9:
         c8:bf:76:5b:dc:75:9d:a2:03:5e:57:7e:14:4c:68:00:45:75:
         38:39:cf:33:54:4d:23:c9:db:c3:96:21:56:04:cf:71:c6:ac:
         c8:63:e6:02:85:81:cd:97:ce:32:6b:e1:3a:d9:da:ff:fc:eb:
         7f:cb:e6:7c:c5:b1:1e:91:5d:89:40:16:74:70:b4:ec:22:7e:
         11:84:9e:be:1f:4d:ac:c4:85:4a:e9:31:a1:99:38:a6:9a:48:
         91:c5:e4:30:50:5e:a2:df:35:fb:6d:e9:dd:80:01:64:33:89:
         ac:96:ba:fe:64:13:dd:0c:1a:9a:b4:1b:01:24:6e:18:e9:bc:
         e6:8c:05:76:46:35:3c:ff:11:75:49:56:57:6c:20:08:75:0c:
         c2:61:3d:a6
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQl/VnClHm1Tt+JcnO5kflHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRkM2M1ZjBhYTE0MTAxMWNlMmRiZjE4Y2NjZWFhYzhkMjNh
ODAyNTMwHhcNMjUwMTAyMDc0OTA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NzNiODVkODNhNjkyMmJiMjkwZjMyN2NlNDYzZTlhMjBkYjllOTUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxdtpCINX1T+AaMegtB9uxXBHjS8i
xsR9WMUL/5E9tRyWiGX0QlZNyjOXlZ5ZnjF4x7z4Lyy/S+H2Dx67+OT178Yf8yp7
RSWc0dUvDwcoOF2T8yoTj6SsLkQkSGuAzi+ICUFSe3DL5G5JVXu8itMpduo36xCn
a48jKLq1KZqP0WAnSGM6yaY9nd44Ki5DSr89b5h66K5NoQ19JdqmslqevUFR7VZ/
tMwldO20ISRXFYcQpVHG+kfA5/TbZwRGJkDZzcbU9qNx729m3vlvkoGUhaQXS5or
Spv6YxE3MJVHGuX30gm5LMDeIa/dZV5uZyZz1bdxXeTtaQj21dBJ+MKVxwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFFc7hdg6aSK7KQ8yfORj6aINuelTMB8GA1UdIwQY
MBaAFE08XwqhQQEc4tvxjMzqrI0jqAJTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVFR4ZkNxRkJBUnppMl9HTXpPcXNqU09vQWxNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZS8yZDA2N2MtZGY3Mi00MDQwLWJjNDMt
MTkzOTdmYzc2ZmVjLzEvVnp1RjJEcHBJcnNwRHpKODVHUHBvZzI1NlZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZS8yZDA2N2MtZGY3Mi00MDQwLWJjNDMtMTkzOTdmYzc2ZmVj
LzEvVFR4ZkNxRkJBUnppMl9HTXpPcXNqU09vQWxNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgNioEEB
MA0GCSqGSIb3DQEBCwUAA4IBAQAmQPFL8tSK3W9ds3Qlxj6sdr0NqSRSKnhNs44s
nlz9rZmYTL2ODsESGb2LQTA+TTlAWb57JZsSbM70fTj6H7zFu148L1ENqRnSZcKT
Xns0wmzHl+Na27l040sOZj7ane56p5SSxGtwow+dsNnIv3Zb3HWdogNeV34UTGgA
RXU4Oc8zVE0jydvDliFWBM9xxqzIY+YChYHNl84ya+E62dr//Ot/y+Z8xbEekV2J
QBZ0cLTsIn4RhJ6+H02sxIVK6TGhmTimmkiRxeQwUF6i3zX7bendgAFkM4mslrr+
ZBPdDBqatBsBJG4Y6bzmjAV2RjU8/xF1SVZXbCAIdQzCYT2m
-----END CERTIFICATE-----