Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/99/ba66f2-de3e-4de8-bd65-22f23fe29287/1/7y3mGX9ZUocL1OILQHSxmA8VkvM.roa
File:                     7y3mGX9ZUocL1OILQHSxmA8VkvM.roa (raw, json)
Hash identifier:          7a9Oiy3txQlGgm+QjKoKXHZkPBhpeO84dBEOXh2SIfc=
Subject key identifier:   EF:2D:E6:19:7F:59:52:87:0B:D4:E2:0B:40:74:B1:98:0F:15:92:F3
Certificate issuer:       /CN=480e3cf0d122574c7e7b3bf034d0d3d013eebc15
Certificate serial:       019424B37958270C2A794D5FB398D4321492
Authority key identifier: 48:0E:3C:F0:D1:22:57:4C:7E:7B:3B:F0:34:D0:D3:D0:13:EE:BC:15
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SA488NEiV0x-ezvwNNDT0BPuvBU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/99/ba66f2-de3e-4de8-bd65-22f23fe29287/1/7y3mGX9ZUocL1OILQHSxmA8VkvM.roa
Signing time:             Thu 02 Jan 2025 01:48:49 +0000
ROA not before:           Thu 02 Jan 2025 01:48:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202647
IP address blocks:        2001:67c:ac0::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/99/ba66f2-de3e-4de8-bd65-22f23fe29287/1/SA488NEiV0x-ezvwNNDT0BPuvBU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/99/ba66f2-de3e-4de8-bd65-22f23fe29287/1/SA488NEiV0x-ezvwNNDT0BPuvBU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SA488NEiV0x-ezvwNNDT0BPuvBU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 10 Apr 2025 04:01:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:79:58:27:0c:2a:79:4d:5f:b3:98:d4:32:14:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=480e3cf0d122574c7e7b3bf034d0d3d013eebc15
        Validity
            Not Before: Jan  2 01:48:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ef2de6197f5952870bd4e20b4074b1980f1592f3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:52:69:24:75:35:27:31:64:c0:d3:5d:cb:93:
                    d1:75:d3:b6:cb:27:38:d4:54:17:40:6c:c2:1f:8a:
                    70:5d:14:03:ac:63:3d:0f:b2:f0:77:4d:f3:08:a8:
                    1a:41:32:70:de:d8:6e:9b:b8:9d:cd:6b:86:79:71:
                    97:84:72:c8:51:62:0d:86:3f:44:52:5e:6a:a1:65:
                    b6:e6:52:00:22:e4:4c:2a:4b:6f:fd:97:40:79:31:
                    25:97:8a:c0:14:e1:dc:cb:b7:3e:b8:4d:4a:14:d5:
                    3e:63:df:a9:a1:08:aa:ea:77:da:a5:f9:d5:31:30:
                    67:05:53:bc:e8:9d:68:b3:a7:7c:96:f7:c4:f5:5b:
                    13:73:1b:a0:ed:f3:26:52:45:43:9c:19:b6:3f:58:
                    88:48:ae:00:5c:bd:12:07:04:40:76:a6:1c:37:a0:
                    dd:e7:ac:de:9d:01:2a:e6:25:7f:14:cf:f9:73:c5:
                    89:ac:17:04:a8:4a:61:70:62:0f:b5:f6:ce:b1:f2:
                    fc:53:a0:b9:92:8a:cc:74:c2:4b:dc:82:86:5e:14:
                    9f:b0:67:f8:f2:2b:6e:13:0c:ad:86:5d:92:59:fc:
                    82:be:75:b6:87:7c:dc:15:85:08:dc:68:1c:d3:40:
                    ad:80:4b:05:5d:5e:19:52:53:53:2b:1f:2a:20:b9:
                    81:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EF:2D:E6:19:7F:59:52:87:0B:D4:E2:0B:40:74:B1:98:0F:15:92:F3
            X509v3 Authority Key Identifier:
                keyid:48:0E:3C:F0:D1:22:57:4C:7E:7B:3B:F0:34:D0:D3:D0:13:EE:BC:15

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SA488NEiV0x-ezvwNNDT0BPuvBU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/99/ba66f2-de3e-4de8-bd65-22f23fe29287/1/7y3mGX9ZUocL1OILQHSxmA8VkvM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/99/ba66f2-de3e-4de8-bd65-22f23fe29287/1/SA488NEiV0x-ezvwNNDT0BPuvBU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:ac0::/48

    Signature Algorithm: sha256WithRSAEncryption
         2f:4b:9f:36:91:d0:84:52:de:fe:2e:64:29:2c:c7:43:e2:42:
         df:04:52:88:b4:22:f2:b7:89:d4:2c:39:4b:3a:a6:04:58:84:
         52:ed:4d:3b:09:50:82:e2:fc:51:db:86:aa:e6:01:14:9b:a4:
         9c:24:2f:4a:8f:b0:e1:73:db:93:d3:6b:00:1e:54:92:ee:ef:
         39:10:11:2a:e0:21:f7:92:fd:0e:6e:28:1c:08:8a:40:45:a8:
         8e:8f:dc:10:44:c6:3f:fc:f9:81:68:c8:a3:10:6a:90:37:0e:
         82:2d:fd:2a:b3:7c:eb:99:a9:e5:3c:bd:bf:0e:52:78:07:68:
         22:ef:47:d1:ad:ae:0f:f9:7c:9b:68:dd:22:56:7d:dd:b0:95:
         03:c9:c8:af:ae:47:7a:58:19:18:11:9e:72:54:a6:c3:f4:85:
         b9:79:30:ca:6c:f6:79:29:0c:e6:e8:78:1c:94:a7:9a:c2:d9:
         01:54:5c:40:a2:6a:b6:e3:2e:46:e5:fe:d6:49:79:31:56:4c:
         58:02:61:4d:80:8f:a8:32:be:d0:27:d6:d7:4a:ed:84:db:c7:
         de:aa:c1:de:5e:3b:83:92:5a:b8:cf:e9:97:66:e8:ae:47:97:
         8a:54:3e:25:dd:c7:d4:f1:1b:bf:f2:79:53:1d:23:ca:3e:f0:
         af:a2:60:6d
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQks3lYJwwqeU1fs5jUMhSSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ4MGUzY2YwZDEyMjU3NGM3ZTdiM2JmMDM0ZDBkM2QwMTNl
ZWJjMTUwHhcNMjUwMTAyMDE0ODQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZjJkZTYxOTdmNTk1Mjg3MGJkNGUyMGI0MDc0YjE5ODBmMTU5MmYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApFJpJHU1JzFkwNNdy5PRddO2yyc4
1FQXQGzCH4pwXRQDrGM9D7Lwd03zCKgaQTJw3thum7idzWuGeXGXhHLIUWINhj9E
Ul5qoWW25lIAIuRMKktv/ZdAeTEll4rAFOHcy7c+uE1KFNU+Y9+poQiq6nfapfnV
MTBnBVO86J1os6d8lvfE9VsTcxug7fMmUkVDnBm2P1iISK4AXL0SBwRAdqYcN6Dd
56zenQEq5iV/FM/5c8WJrBcEqEphcGIPtfbOsfL8U6C5korMdMJL3IKGXhSfsGf4
8ituEwythl2SWfyCvnW2h3zcFYUI3Ggc00CtgEsFXV4ZUlNTKx8qILmBcwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFO8t5hl/WVKHC9TiC0B0sZgPFZLzMB8GA1UdIwQY
MBaAFEgOPPDRIldMfns78DTQ09AT7rwVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU0E0ODhORWlWMHgtZXp2d05ORFQwQlB1dkJVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OS9iYTY2ZjItZGUzZS00ZGU4LWJkNjUt
MjJmMjNmZTI5Mjg3LzEvN3kzbUdYOVpVb2NMMU9JTFFIU3htQThWa3ZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OS9iYTY2ZjItZGUzZS00ZGU4LWJkNjUtMjJmMjNmZTI5Mjg3
LzEvU0E0ODhORWlWMHgtZXp2d05ORFQwQlB1dkJVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfArA
MA0GCSqGSIb3DQEBCwUAA4IBAQAvS582kdCEUt7+LmQpLMdD4kLfBFKItCLyt4nU
LDlLOqYEWIRS7U07CVCC4vxR24aq5gEUm6ScJC9Kj7Dhc9uT02sAHlSS7u85EBEq
4CH3kv0ObigcCIpARaiOj9wQRMY//PmBaMijEGqQNw6CLf0qs3zrmanlPL2/DlJ4
B2gi70fRra4P+XybaN0iVn3dsJUDycivrkd6WBkYEZ5yVKbD9IW5eTDKbPZ5KQzm
6HgclKeawtkBVFxAomq24y5G5f7WSXkxVkxYAmFNgI+oMr7QJ9bXSu2E28feqsHe
XjuDklq4z+mXZuiuR5eKVD4l3cfU8Ru/8nlTHSPKPvCvomBt
-----END CERTIFICATE-----