Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/81/1bb4dd-e9c4-4d3d-9a3b-1159dbfbed54/1/FMaPqE5TIdnmZNocYxdc5fwMWSY.roa
File:                     FMaPqE5TIdnmZNocYxdc5fwMWSY.roa (raw, json)
Hash identifier:          JA/2EVWKbOQSq1/3vVw4VHdOS4gY4KVxfI8Zlx03fcw=
Subject key identifier:   14:C6:8F:A8:4E:53:21:D9:E6:64:DA:1C:63:17:5C:E5:FC:0C:59:26
Certificate issuer:       /CN=ee31367df6d1861071c92bae726523326f45ba2a
Certificate serial:       019423D7226938DCA1505CF942E66B7E467B
Authority key identifier: EE:31:36:7D:F6:D1:86:10:71:C9:2B:AE:72:65:23:32:6F:45:BA:2A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7jE2ffbRhhBxySuucmUjMm9Fuio.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/81/1bb4dd-e9c4-4d3d-9a3b-1159dbfbed54/1/FMaPqE5TIdnmZNocYxdc5fwMWSY.roa
Signing time:             Wed 01 Jan 2025 21:48:09 +0000
ROA not before:           Wed 01 Jan 2025 21:48:09 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     26073
IP address blocks:        2a0e:1cc0:10::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/81/1bb4dd-e9c4-4d3d-9a3b-1159dbfbed54/1/7jE2ffbRhhBxySuucmUjMm9Fuio.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/81/1bb4dd-e9c4-4d3d-9a3b-1159dbfbed54/1/7jE2ffbRhhBxySuucmUjMm9Fuio.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7jE2ffbRhhBxySuucmUjMm9Fuio.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 19:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d7:22:69:38:dc:a1:50:5c:f9:42:e6:6b:7e:46:7b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ee31367df6d1861071c92bae726523326f45ba2a
        Validity
            Not Before: Jan  1 21:48:09 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=14c68fa84e5321d9e664da1c63175ce5fc0c5926
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:77:52:da:60:f9:99:72:e5:9a:7e:0c:84:ed:
                    da:d0:a1:73:ac:11:af:35:5a:c1:ec:17:57:76:b9:
                    08:0d:58:3c:da:82:2b:5d:2a:8a:e9:f1:92:3a:ce:
                    76:59:24:f5:13:92:01:e8:32:e9:5f:5d:37:bb:87:
                    9c:62:13:90:f0:f3:96:8c:9a:a5:87:04:ee:51:6a:
                    e8:b5:6e:51:d5:72:33:95:3c:c6:ac:a5:9a:8d:16:
                    2d:99:6b:47:68:cc:f9:c3:83:f7:e7:48:96:b6:2e:
                    b5:e9:3f:aa:6f:e6:1d:3e:2a:85:77:d9:65:f6:8a:
                    35:2f:fa:18:26:9f:29:b7:5c:78:ba:4b:9e:9d:bb:
                    68:5a:a4:5c:b3:9f:68:17:63:5d:e6:67:82:56:e3:
                    1d:3b:df:d8:63:5a:e9:80:83:50:32:2b:d0:75:e3:
                    fb:e1:48:56:9a:f3:6a:92:76:8a:6f:af:ec:2e:ab:
                    19:fe:0a:7c:fa:29:0c:09:ef:96:6b:d7:3f:a7:f7:
                    05:e6:4e:0f:c2:9a:f0:ce:24:03:32:02:b4:11:06:
                    c5:d1:aa:35:f1:bc:93:0d:0c:fe:0a:d6:7f:36:5d:
                    04:e8:9a:fa:18:75:4a:9b:7b:a8:28:2e:1a:1a:38:
                    d2:fa:9e:e7:2e:68:9a:26:84:8a:35:1f:e6:2f:ae:
                    ba:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:C6:8F:A8:4E:53:21:D9:E6:64:DA:1C:63:17:5C:E5:FC:0C:59:26
            X509v3 Authority Key Identifier:
                keyid:EE:31:36:7D:F6:D1:86:10:71:C9:2B:AE:72:65:23:32:6F:45:BA:2A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7jE2ffbRhhBxySuucmUjMm9Fuio.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/1bb4dd-e9c4-4d3d-9a3b-1159dbfbed54/1/FMaPqE5TIdnmZNocYxdc5fwMWSY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/81/1bb4dd-e9c4-4d3d-9a3b-1159dbfbed54/1/7jE2ffbRhhBxySuucmUjMm9Fuio.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:1cc0:10::/48

    Signature Algorithm: sha256WithRSAEncryption
         58:bd:c1:02:e7:88:2f:a2:c3:e5:b3:5b:ed:fd:65:5a:ac:f4:
         d7:c1:d1:20:10:e6:2e:79:5e:62:f4:5b:85:9b:15:83:39:57:
         f7:5a:17:65:b1:94:29:0d:17:77:9d:db:8d:1f:37:17:8c:d0:
         22:4a:08:69:f4:a5:7c:e7:5f:84:cc:fb:b1:b1:55:ed:5d:7c:
         a6:14:b7:cb:2e:ed:a5:54:84:7a:2c:12:e9:22:7d:71:d5:cd:
         30:52:4a:7c:33:df:9c:15:84:3c:76:02:92:f3:1c:41:b0:dd:
         91:33:00:7d:a5:c8:ca:6b:f2:c1:0d:4a:72:86:c0:72:1d:b7:
         69:02:8b:3f:17:72:1f:7e:5c:b8:7a:f1:f0:cc:4f:e4:35:4d:
         05:f6:86:28:bc:3f:61:d3:60:a7:13:50:27:bd:6f:89:ee:9b:
         12:93:be:9d:21:f0:d7:82:83:a2:2b:7d:33:01:41:2b:f9:4b:
         85:8f:c2:14:ff:e3:18:48:9b:ec:c2:b1:17:01:ac:a7:d6:a1:
         bf:de:8a:3c:35:ba:02:99:26:8c:43:a4:ee:68:19:d1:cc:5c:
         54:5f:8c:7a:68:bd:67:84:38:09:3a:08:0e:db:ca:31:19:0f:
         dc:9d:97:a9:fe:61:ba:56:ce:09:15:2e:ee:db:97:ce:31:29:
         15:2b:9b:57
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQj1yJpONyhUFz5QuZrfkZ7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlMzEzNjdkZjZkMTg2MTA3MWM5MmJhZTcyNjUyMzMyNmY0
NWJhMmEwHhcNMjUwMTAxMjE0ODA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNGM2OGZhODRlNTMyMWQ5ZTY2NGRhMWM2MzE3NWNlNWZjMGM1OTI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgHdS2mD5mXLlmn4MhO3a0KFzrBGv
NVrB7BdXdrkIDVg82oIrXSqK6fGSOs52WST1E5IB6DLpX103u4ecYhOQ8POWjJql
hwTuUWrotW5R1XIzlTzGrKWajRYtmWtHaMz5w4P350iWti616T+qb+YdPiqFd9ll
9oo1L/oYJp8pt1x4ukuenbtoWqRcs59oF2Nd5meCVuMdO9/YY1rpgINQMivQdeP7
4UhWmvNqknaKb6/sLqsZ/gp8+ikMCe+Wa9c/p/cF5k4PwprwziQDMgK0EQbF0ao1
8byTDQz+CtZ/Nl0E6Jr6GHVKm3uoKC4aGjjS+p7nLmiaJoSKNR/mL6668QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFBTGj6hOUyHZ5mTaHGMXXOX8DFkmMB8GA1UdIwQY
MBaAFO4xNn320YYQcckrrnJlIzJvRboqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN2pFMmZmYlJoaEJ4eVN1dWNtVWpNbTlGdWlvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MS8xYmI0ZGQtZTljNC00ZDNkLTlhM2It
MTE1OWRiZmJlZDU0LzEvRk1hUHFFNVRJZG5tWk5vY1l4ZGM1ZndNV1NZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MS8xYmI0ZGQtZTljNC00ZDNkLTlhM2ItMTE1OWRiZmJlZDU0
LzEvN2pFMmZmYlJoaEJ4eVN1dWNtVWpNbTlGdWlvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg4cwAAQ
MA0GCSqGSIb3DQEBCwUAA4IBAQBYvcEC54gvosPls1vt/WVarPTXwdEgEOYueV5i
9FuFmxWDOVf3WhdlsZQpDRd3nduNHzcXjNAiSghp9KV851+EzPuxsVXtXXymFLfL
Lu2lVIR6LBLpIn1x1c0wUkp8M9+cFYQ8dgKS8xxBsN2RMwB9pcjKa/LBDUpyhsBy
HbdpAos/F3Iffly4evHwzE/kNU0F9oYovD9h02CnE1AnvW+J7psSk76dIfDXgoOi
K30zAUEr+UuFj8IU/+MYSJvswrEXAayn1qG/3oo8NboCmSaMQ6TuaBnRzFxUX4x6
aL1nhDgJOggO28oxGQ/cnZep/mG6Vs4JFS7u25fOMSkVK5tX
-----END CERTIFICATE-----