Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/84/962fb1-3df0-4ec2-b50a-b36a24d39427/1/Dtu0FUQBTwq7nMetgTpNdxrJrUc.roa
File:                     Dtu0FUQBTwq7nMetgTpNdxrJrUc.roa (raw, json)
Hash identifier:          2+O0fEd5VicZaDp5QDSOVxRQGaFMgRpvuxLyoCSaMdM=
Subject key identifier:   0E:DB:B4:15:44:01:4F:0A:BB:9C:C7:AD:81:3A:4D:77:1A:C9:AD:47
Certificate issuer:       /CN=835bc9bb547e27788d221bc8bbd5fb02e024480f
Certificate serial:       0194244543DC1A6A9113DA033229519D5BDF
Authority key identifier: 83:5B:C9:BB:54:7E:27:78:8D:22:1B:C8:BB:D5:FB:02:E0:24:48:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/g1vJu1R-J3iNIhvIu9X7AuAkSA8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/84/962fb1-3df0-4ec2-b50a-b36a24d39427/1/Dtu0FUQBTwq7nMetgTpNdxrJrUc.roa
Signing time:             Wed 01 Jan 2025 23:48:26 +0000
ROA not before:           Wed 01 Jan 2025 23:48:26 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205909
IP address blocks:        2a0b:6b86:600::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/84/962fb1-3df0-4ec2-b50a-b36a24d39427/1/g1vJu1R-J3iNIhvIu9X7AuAkSA8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/84/962fb1-3df0-4ec2-b50a-b36a24d39427/1/g1vJu1R-J3iNIhvIu9X7AuAkSA8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/g1vJu1R-J3iNIhvIu9X7AuAkSA8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 13:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:45:43:dc:1a:6a:91:13:da:03:32:29:51:9d:5b:df
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=835bc9bb547e27788d221bc8bbd5fb02e024480f
        Validity
            Not Before: Jan  1 23:48:26 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0edbb41544014f0abb9cc7ad813a4d771ac9ad47
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:30:21:9f:15:1a:6f:8a:4a:c9:c0:2b:d2:be:
                    5f:17:27:cb:19:5b:d1:c1:69:75:42:d3:f1:75:ca:
                    15:6a:78:bd:96:1a:c8:f3:22:f9:4c:76:36:5b:d1:
                    c4:b7:4c:47:c4:4e:8c:dd:c9:e2:54:e5:0b:ac:2b:
                    36:b0:15:7e:db:60:e3:03:f2:ea:61:10:bb:3d:2e:
                    d8:ea:87:e0:be:a8:4d:6d:f6:a2:6d:00:84:57:a6:
                    76:1e:4e:10:24:40:1d:c4:bc:52:ee:d8:06:09:6c:
                    a4:ed:33:b2:55:ef:b0:86:fb:83:ed:70:51:e9:a0:
                    30:c8:99:a5:8c:ba:d3:7d:a8:a2:74:45:6c:15:dd:
                    8f:a5:75:44:b1:48:3e:cf:5e:9a:12:a0:d6:e7:f4:
                    3c:63:ec:2f:64:f0:74:bf:8b:fd:6d:bb:37:b1:1c:
                    c9:3a:60:2b:6f:cc:68:58:a9:99:00:58:f6:dc:1d:
                    5c:d5:ce:e5:e0:ab:35:f2:e9:0b:95:52:11:41:2e:
                    2b:7c:c4:e3:23:d7:74:46:03:65:d3:ef:d9:8a:3b:
                    d3:87:20:95:a1:e8:f6:f9:e7:91:b4:8c:65:0c:b7:
                    ed:68:ba:e9:f6:db:10:41:9f:15:1e:5a:81:69:f1:
                    72:06:2f:94:00:26:d1:40:2d:fa:28:51:7d:9e:a2:
                    df:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:DB:B4:15:44:01:4F:0A:BB:9C:C7:AD:81:3A:4D:77:1A:C9:AD:47
            X509v3 Authority Key Identifier:
                keyid:83:5B:C9:BB:54:7E:27:78:8D:22:1B:C8:BB:D5:FB:02:E0:24:48:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/g1vJu1R-J3iNIhvIu9X7AuAkSA8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/84/962fb1-3df0-4ec2-b50a-b36a24d39427/1/Dtu0FUQBTwq7nMetgTpNdxrJrUc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/84/962fb1-3df0-4ec2-b50a-b36a24d39427/1/g1vJu1R-J3iNIhvIu9X7AuAkSA8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:6b86:600::/40

    Signature Algorithm: sha256WithRSAEncryption
         c2:eb:7f:e3:94:76:d1:48:9f:28:91:10:73:11:c1:0f:b0:63:
         a3:07:86:0a:4f:a6:c0:c2:b5:ca:24:d7:1d:21:34:fc:e2:06:
         44:1b:e3:89:b1:3b:6e:9c:0f:21:d4:b4:f4:6f:20:06:08:00:
         37:83:6d:8e:16:8d:ec:68:6c:61:a3:a7:d8:bf:55:f8:18:6b:
         7e:ea:c0:86:2c:03:7e:0a:49:07:ce:e2:1e:bc:1c:33:b6:bf:
         94:7f:7a:5f:53:79:9d:22:89:e8:cc:f5:c6:75:f1:92:71:b8:
         85:a3:95:78:0c:75:0c:ee:3a:a2:c2:0a:9d:7a:2e:15:9d:7c:
         b4:6a:d5:8f:40:e1:f0:b1:5f:f3:05:0b:7a:dd:68:a5:af:69:
         93:bd:11:71:39:7d:c6:a2:a4:fd:86:61:f1:f8:c3:fd:2c:03:
         88:3e:8d:e0:a7:9b:1b:b2:f2:a4:85:06:2e:5c:8e:29:e8:bf:
         f0:9f:8c:39:8d:e6:5e:03:6a:3c:e2:e7:5c:9c:70:ef:d7:0a:
         db:e6:60:83:98:e5:86:b7:05:63:7f:5e:66:b9:d4:27:6c:40:
         d4:17:fa:f5:2d:ca:ef:b5:76:5c:1f:ba:98:03:71:5a:9a:6c:
         53:17:10:a6:f9:e2:f5:65:2e:e8:ea:6a:d5:03:13:3e:3f:2b:
         26:34:61:2e
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZQkRUPcGmqRE9oDMilRnVvfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzNWJjOWJiNTQ3ZTI3Nzg4ZDIyMWJjOGJiZDVmYjAyZTAy
NDQ4MGYwHhcNMjUwMTAxMjM0ODI2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZWRiYjQxNTQ0MDE0ZjBhYmI5Y2M3YWQ4MTNhNGQ3NzFhYzlhZDQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkDAhnxUab4pKycAr0r5fFyfLGVvR
wWl1QtPxdcoVani9lhrI8yL5THY2W9HEt0xHxE6M3cniVOULrCs2sBV+22DjA/Lq
YRC7PS7Y6ofgvqhNbfaibQCEV6Z2Hk4QJEAdxLxS7tgGCWyk7TOyVe+whvuD7XBR
6aAwyJmljLrTfaiidEVsFd2PpXVEsUg+z16aEqDW5/Q8Y+wvZPB0v4v9bbs3sRzJ
OmArb8xoWKmZAFj23B1c1c7l4Ks18ukLlVIRQS4rfMTjI9d0RgNl0+/ZijvThyCV
oej2+eeRtIxlDLftaLrp9tsQQZ8VHlqBafFyBi+UACbRQC36KFF9nqLfVQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFA7btBVEAU8Ku5zHrYE6TXcaya1HMB8GA1UdIwQY
MBaAFINbybtUfid4jSIbyLvV+wLgJEgPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZzF2SnUxUi1KM2lOSWh2SXU5WDdBdUFrU0E4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NC85NjJmYjEtM2RmMC00ZWMyLWI1MGEt
YjM2YTI0ZDM5NDI3LzEvRHR1MEZVUUJUd3E3bk1ldGdUcE5keHJKclVjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NC85NjJmYjEtM2RmMC00ZWMyLWI1MGEtYjM2YTI0ZDM5NDI3
LzEvZzF2SnUxUi1KM2lOSWh2SXU5WDdBdUFrU0E4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKgtrhgYw
DQYJKoZIhvcNAQELBQADggEBAMLrf+OUdtFInyiREHMRwQ+wY6MHhgpPpsDCtcok
1x0hNPziBkQb44mxO26cDyHUtPRvIAYIADeDbY4WjexobGGjp9i/VfgYa37qwIYs
A34KSQfO4h68HDO2v5R/el9TeZ0iiejM9cZ18ZJxuIWjlXgMdQzuOqLCCp16LhWd
fLRq1Y9A4fCxX/MFC3rdaKWvaZO9EXE5fcaipP2GYfH4w/0sA4g+jeCnmxuy8qSF
Bi5cjinov/CfjDmN5l4Dajzi51yccO/XCtvmYIOY5Ya3BWN/Xma51CdsQNQX+vUt
yu+1dlwfupgDcVqabFMXEKb54vVlLujqatUDEz4/KyY0YS4=
-----END CERTIFICATE-----