Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/hSWUv1huf0ZgdEoupOzoYiR-xRY.roa
File:                     hSWUv1huf0ZgdEoupOzoYiR-xRY.roa (raw, json)
Hash identifier:          fUUm9WVh4RT1Bif3s0lLxfArOXO1kV1fWL5woYLGALo=
Subject key identifier:   85:25:94:BF:58:6E:7F:46:60:74:4A:2E:A4:EC:E8:62:24:7E:C5:16
Certificate issuer:       /CN=5da3941c27cfe5c234c4bf221ecb2a579b2deaab
Certificate serial:       0194258F10F0AFE62EF3E9273D36F9DD04BA
Authority key identifier: 5D:A3:94:1C:27:CF:E5:C2:34:C4:BF:22:1E:CB:2A:57:9B:2D:EA:AB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XaOUHCfP5cI0xL8iHssqV5st6qs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/hSWUv1huf0ZgdEoupOzoYiR-xRY.roa
Signing time:             Thu 02 Jan 2025 05:48:40 +0000
ROA not before:           Thu 02 Jan 2025 05:48:40 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     52041
IP address blocks:        2a0e:4bc1::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/XaOUHCfP5cI0xL8iHssqV5st6qs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/XaOUHCfP5cI0xL8iHssqV5st6qs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XaOUHCfP5cI0xL8iHssqV5st6qs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 10 Apr 2025 14:01:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:10:f0:af:e6:2e:f3:e9:27:3d:36:f9:dd:04:ba
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5da3941c27cfe5c234c4bf221ecb2a579b2deaab
        Validity
            Not Before: Jan  2 05:48:40 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=852594bf586e7f4660744a2ea4ece862247ec516
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:b5:d2:aa:7b:49:0a:19:b7:1c:27:29:59:1c:
                    18:a7:c1:d6:8d:ee:20:93:ca:21:b1:45:0e:2c:8f:
                    78:1c:5b:bc:e1:c8:68:7f:a8:be:9d:5f:bf:3b:9d:
                    f5:b7:27:a9:1f:4d:81:7b:23:ed:08:97:28:d4:4a:
                    84:1c:a7:c1:eb:d1:1f:8a:90:69:c0:7e:55:53:07:
                    50:12:7e:21:b1:5b:6d:ae:91:1b:5d:3a:86:a0:e4:
                    a2:4d:b4:31:8a:4e:df:80:d6:79:62:1f:9a:84:f5:
                    0b:87:cd:0d:e6:72:91:24:9a:55:3e:eb:a0:da:2b:
                    f1:02:31:15:c0:31:cc:67:a8:6e:bf:e6:5a:c2:77:
                    92:13:37:ce:77:9f:2a:65:aa:33:b3:fc:84:6d:dc:
                    3d:ab:03:40:e8:83:e8:99:1f:22:ba:36:08:ea:41:
                    48:e0:66:72:02:9a:cf:11:11:fb:2e:81:6a:24:22:
                    aa:74:f7:ef:28:dc:b6:d7:b1:bc:c7:6e:a9:1d:2e:
                    f3:68:56:09:2c:60:b2:53:60:10:ef:7c:f9:d3:32:
                    cc:b7:41:fe:43:88:57:5e:07:d3:65:d0:b3:b1:83:
                    42:83:d9:64:56:6d:48:4d:86:35:60:37:ed:3e:66:
                    5d:b5:4d:6b:c6:97:35:ca:bc:06:c2:6d:48:49:db:
                    cb:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:25:94:BF:58:6E:7F:46:60:74:4A:2E:A4:EC:E8:62:24:7E:C5:16
            X509v3 Authority Key Identifier:
                keyid:5D:A3:94:1C:27:CF:E5:C2:34:C4:BF:22:1E:CB:2A:57:9B:2D:EA:AB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XaOUHCfP5cI0xL8iHssqV5st6qs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/hSWUv1huf0ZgdEoupOzoYiR-xRY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/XaOUHCfP5cI0xL8iHssqV5st6qs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:4bc1::/32

    Signature Algorithm: sha256WithRSAEncryption
         4d:6c:93:40:eb:f1:4d:68:b8:aa:c6:5b:13:14:55:42:c8:65:
         b7:3f:08:c8:ba:4d:88:d3:cb:f7:8a:54:c0:49:d0:78:9d:dc:
         e6:c7:16:ef:ae:38:8c:f8:d5:1d:0b:21:07:d2:9d:67:c2:0f:
         37:ad:43:f7:fc:01:93:eb:41:dc:84:27:1d:91:03:58:6f:3b:
         ea:f3:fa:dc:97:cd:23:9c:0e:e9:b6:c5:21:66:ba:fd:5e:57:
         71:8f:6a:32:55:1b:94:07:e0:33:c2:48:8e:b8:8c:9a:e3:92:
         05:bd:44:ef:72:35:af:69:b5:ca:a7:d2:72:d8:f3:1f:c0:90:
         61:35:e5:53:ca:8c:24:63:5d:58:f2:35:e5:c4:7b:d3:91:7e:
         be:83:13:d0:65:9f:81:5c:c1:06:52:18:cf:41:ea:46:91:1c:
         81:33:f7:cc:2c:31:c3:8d:8f:ca:6f:79:b2:e8:03:16:b7:1b:
         fb:eb:7a:4b:ee:10:50:ee:5b:b4:cd:f1:4f:80:98:15:62:4f:
         47:29:4c:9e:cf:d7:b4:41:61:6f:dc:43:f0:ab:a7:7e:90:5d:
         cd:56:e9:1a:c2:95:25:80:4a:67:26:a2:fc:47:db:2b:d6:67:
         ed:39:d5:d8:01:34:f4:d6:af:49:3f:99:e5:c4:d8:5b:4c:a1:
         12:11:7d:ae
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQljxDwr+Yu8+knPTb53QS6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVkYTM5NDFjMjdjZmU1YzIzNGM0YmYyMjFlY2IyYTU3OWIy
ZGVhYWIwHhcNMjUwMTAyMDU0ODQwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NTI1OTRiZjU4NmU3ZjQ2NjA3NDRhMmVhNGVjZTg2MjI0N2VjNTE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqrXSqntJChm3HCcpWRwYp8HWje4g
k8ohsUUOLI94HFu84chof6i+nV+/O531tyepH02BeyPtCJco1EqEHKfB69EfipBp
wH5VUwdQEn4hsVttrpEbXTqGoOSiTbQxik7fgNZ5Yh+ahPULh80N5nKRJJpVPuug
2ivxAjEVwDHMZ6huv+ZawneSEzfOd58qZaozs/yEbdw9qwNA6IPomR8iujYI6kFI
4GZyAprPERH7LoFqJCKqdPfvKNy217G8x26pHS7zaFYJLGCyU2AQ73z50zLMt0H+
Q4hXXgfTZdCzsYNCg9lkVm1ITYY1YDftPmZdtU1rxpc1yrwGwm1ISdvLrQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFIUllL9Ybn9GYHRKLqTs6GIkfsUWMB8GA1UdIwQY
MBaAFF2jlBwnz+XCNMS/Ih7LKlebLeqrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWGFPVUhDZlA1Y0kweEw4aUhzc3FWNXN0NnFzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC8zMGVkM2UtYzRjNC00ZGU4LWI0ZjEt
ZjExYTM5ZjI2YzNiLzEvaFNXVXYxaHVmMFpnZEVvdXBPem9ZaVIteFJZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC8zMGVkM2UtYzRjNC00ZGU4LWI0ZjEtZjExYTM5ZjI2YzNi
LzEvWGFPVUhDZlA1Y0kweEw4aUhzc3FWNXN0NnFzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKg5LwTAN
BgkqhkiG9w0BAQsFAAOCAQEATWyTQOvxTWi4qsZbExRVQshltz8IyLpNiNPL94pU
wEnQeJ3c5scW7644jPjVHQshB9KdZ8IPN61D9/wBk+tB3IQnHZEDWG876vP63JfN
I5wO6bbFIWa6/V5XcY9qMlUblAfgM8JIjriMmuOSBb1E73I1r2m1yqfSctjzH8CQ
YTXlU8qMJGNdWPI15cR705F+voMT0GWfgVzBBlIYz0HqRpEcgTP3zCwxw42Pym95
sugDFrcb++t6S+4QUO5btM3xT4CYFWJPRylMns/XtEFhb9xD8KunfpBdzVbpGsKV
JYBKZyai/EfbK9Zn7TnV2AE09NavST+Z5cTYW0yhEhF9rg==
-----END CERTIFICATE-----