Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/c0383a-f271-4c1e-b5ca-decb22062c70/1/oidwYZW8G2o74OS_a_nCcJCpjCg.roa
File:                     oidwYZW8G2o74OS_a_nCcJCpjCg.roa (raw, json)
Hash identifier:          ogxgsB9YER6I/w+iNtW/Wqu1gf3XIhY2x4sxgGoaIJA=
Subject key identifier:   A2:27:70:61:95:BC:1B:6A:3B:E0:E4:BF:6B:F9:C2:70:90:A9:8C:28
Certificate issuer:       /CN=84684cdaf25de40befc1e8e42285a8d5ec389047
Certificate serial:       019422200B81AE6F0B02B145C892B6C6E2FF
Authority key identifier: 84:68:4C:DA:F2:5D:E4:0B:EF:C1:E8:E4:22:85:A8:D5:EC:38:90:47
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hGhM2vJd5AvvwejkIoWo1ew4kEc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/c0383a-f271-4c1e-b5ca-decb22062c70/1/oidwYZW8G2o74OS_a_nCcJCpjCg.roa
Signing time:             Wed 01 Jan 2025 13:48:32 +0000
ROA not before:           Wed 01 Jan 2025 13:48:32 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215261
IP address blocks:        2001:67c:fac::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/c0383a-f271-4c1e-b5ca-decb22062c70/1/hGhM2vJd5AvvwejkIoWo1ew4kEc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/c0383a-f271-4c1e-b5ca-decb22062c70/1/hGhM2vJd5AvvwejkIoWo1ew4kEc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hGhM2vJd5AvvwejkIoWo1ew4kEc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 22 Feb 2025 02:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:20:0b:81:ae:6f:0b:02:b1:45:c8:92:b6:c6:e2:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=84684cdaf25de40befc1e8e42285a8d5ec389047
        Validity
            Not Before: Jan  1 13:48:32 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a227706195bc1b6a3be0e4bf6bf9c27090a98c28
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:44:d8:19:f2:b1:63:09:1a:30:e1:93:d8:5e:
                    84:05:9c:a1:dd:11:c0:87:48:9e:ab:dd:98:19:a7:
                    19:61:d8:c0:73:ef:2b:50:e0:cc:6f:ad:ca:44:e8:
                    c2:0d:a0:ed:df:d2:44:5d:21:5c:b3:a4:8a:09:ff:
                    2a:72:af:2f:18:07:93:5c:70:e6:bd:71:56:f0:e8:
                    2f:35:7e:ee:08:1f:4e:94:b6:70:f2:69:3a:ff:8c:
                    e8:75:e4:f5:cf:14:38:20:05:0e:de:b4:6a:43:5c:
                    7a:c1:e0:a2:7e:a2:24:61:d9:fe:aa:4d:c0:9c:64:
                    c0:69:c8:75:60:d6:44:97:87:8b:89:14:e4:b8:0a:
                    c3:da:25:0a:4d:b0:a5:e5:e0:cc:38:7e:a1:2c:2c:
                    45:02:c2:1f:14:f8:8a:fa:2c:f7:b7:b6:b9:b5:3e:
                    a9:ab:15:94:fd:9a:f0:8f:24:0f:2d:60:11:ed:e0:
                    6f:3f:d1:10:b7:3b:b5:2d:90:9a:a3:53:eb:9e:40:
                    42:a8:52:d4:7f:a2:23:e9:a6:49:73:5a:04:da:26:
                    d6:5c:b5:d3:9b:49:e0:f8:ec:e1:46:c8:ee:48:76:
                    24:8e:c4:55:1a:25:09:77:af:88:76:0b:2f:55:36:
                    db:1b:68:e6:54:e3:b5:0c:1a:3a:ec:08:3c:3f:02:
                    d6:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:27:70:61:95:BC:1B:6A:3B:E0:E4:BF:6B:F9:C2:70:90:A9:8C:28
            X509v3 Authority Key Identifier:
                keyid:84:68:4C:DA:F2:5D:E4:0B:EF:C1:E8:E4:22:85:A8:D5:EC:38:90:47

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hGhM2vJd5AvvwejkIoWo1ew4kEc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/c0383a-f271-4c1e-b5ca-decb22062c70/1/oidwYZW8G2o74OS_a_nCcJCpjCg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/c0383a-f271-4c1e-b5ca-decb22062c70/1/hGhM2vJd5AvvwejkIoWo1ew4kEc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:fac::/48

    Signature Algorithm: sha256WithRSAEncryption
         5c:f7:ef:18:7b:4f:7c:9d:a0:0d:de:69:c5:45:44:5d:6d:8a:
         e4:5a:b3:36:36:31:3d:11:04:9e:fe:8a:80:81:0b:46:3c:4c:
         2f:c6:b1:1d:b2:58:2d:bb:ba:c4:14:93:bc:1a:68:c6:58:7d:
         e4:c3:2a:2f:ee:d1:92:b8:0e:07:51:a4:41:18:98:66:f9:7c:
         38:bf:1e:a8:78:74:f9:b4:51:e0:95:6d:01:f5:ba:08:2a:2e:
         1d:8d:95:38:9f:e7:04:40:e4:dc:83:5c:a0:4e:d2:3d:8e:24:
         e8:e5:75:06:ba:db:9c:c7:18:b9:de:fb:ed:43:e2:13:ec:92:
         8f:03:f2:0f:f7:39:d7:01:54:1c:13:1f:5d:14:55:e3:d7:f6:
         7d:64:9a:26:a1:de:a6:e0:ed:83:51:37:59:5e:64:1d:34:e7:
         0c:4e:84:bc:57:1e:67:2b:7f:6b:34:7c:d2:f8:90:d0:fd:5b:
         38:21:fa:e1:37:78:83:93:e6:26:3b:ca:02:33:1e:fc:5e:94:
         04:82:1d:07:2b:c9:a1:1c:d6:31:ef:11:a2:80:6a:59:96:d7:
         d5:e0:73:96:d7:30:e5:e8:1d:c7:c1:ac:df:f0:b2:f3:34:89:
         c8:9b:15:86:0e:98:c1:a8:63:d4:53:02:24:f6:a0:36:67:26:
         3a:a1:2f:af
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQiIAuBrm8LArFFyJK2xuL/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0Njg0Y2RhZjI1ZGU0MGJlZmMxZThlNDIyODVhOGQ1ZWMz
ODkwNDcwHhcNMjUwMTAxMTM0ODMyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMjI3NzA2MTk1YmMxYjZhM2JlMGU0YmY2YmY5YzI3MDkwYTk4YzI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApkTYGfKxYwkaMOGT2F6EBZyh3RHA
h0ieq92YGacZYdjAc+8rUODMb63KROjCDaDt39JEXSFcs6SKCf8qcq8vGAeTXHDm
vXFW8OgvNX7uCB9OlLZw8mk6/4zodeT1zxQ4IAUO3rRqQ1x6weCifqIkYdn+qk3A
nGTAach1YNZEl4eLiRTkuArD2iUKTbCl5eDMOH6hLCxFAsIfFPiK+iz3t7a5tT6p
qxWU/ZrwjyQPLWAR7eBvP9EQtzu1LZCao1PrnkBCqFLUf6Ij6aZJc1oE2ibWXLXT
m0ng+OzhRsjuSHYkjsRVGiUJd6+IdgsvVTbbG2jmVOO1DBo67Ag8PwLWHQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFKIncGGVvBtqO+Dkv2v5wnCQqYwoMB8GA1UdIwQY
MBaAFIRoTNryXeQL78Ho5CKFqNXsOJBHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaEdoTTJ2SmQ1QXZ2d2Vqa0lvV28xZXc0a0VjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS9jMDM4M2EtZjI3MS00YzFlLWI1Y2Et
ZGVjYjIyMDYyYzcwLzEvb2lkd1laVzhHMm83NE9TX2FfbkNjSkNwakNnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS9jMDM4M2EtZjI3MS00YzFlLWI1Y2EtZGVjYjIyMDYyYzcw
LzEvaEdoTTJ2SmQ1QXZ2d2Vqa0lvV28xZXc0a0VjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfA+s
MA0GCSqGSIb3DQEBCwUAA4IBAQBc9+8Ye098naAN3mnFRURdbYrkWrM2NjE9EQSe
/oqAgQtGPEwvxrEdslgtu7rEFJO8GmjGWH3kwyov7tGSuA4HUaRBGJhm+Xw4vx6o
eHT5tFHglW0B9boIKi4djZU4n+cEQOTcg1ygTtI9jiTo5XUGutucxxi53vvtQ+IT
7JKPA/IP9znXAVQcEx9dFFXj1/Z9ZJomod6m4O2DUTdZXmQdNOcMToS8Vx5nK39r
NHzS+JDQ/Vs4IfrhN3iDk+YmO8oCMx78XpQEgh0HK8mhHNYx7xGigGpZltfV4HOW
1zDl6B3Hwazf8LLzNInImxWGDpjBqGPUUwIk9qA2ZyY6oS+v
-----END CERTIFICATE-----