Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/annF-tYuzdXS1ALv0qyj5X5E7jY.roa
File:                     annF-tYuzdXS1ALv0qyj5X5E7jY.roa (raw, json)
Hash identifier:          +ABYTVUrAak8XwcnVULCGoDqh2JX0sMrrBCuyRBlGCU=
Subject key identifier:   6A:79:C5:FA:D6:2E:CD:D5:D2:D4:02:EF:D2:AC:A3:E5:7E:44:EE:36
Certificate issuer:       /CN=c66d9d50b3b89d51c8aa2493e7ef4701d6251dad
Certificate serial:       019420D62EE3C028D7BF436F13EBF30DC720
Authority key identifier: C6:6D:9D:50:B3:B8:9D:51:C8:AA:24:93:E7:EF:47:01:D6:25:1D:AD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xm2dULO4nVHIqiST5-9HAdYlHa0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/annF-tYuzdXS1ALv0qyj5X5E7jY.roa
Signing time:             Wed 01 Jan 2025 07:48:15 +0000
ROA not before:           Wed 01 Jan 2025 07:48:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210281
IP address blocks:        2a0d:f407:1033::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/xm2dULO4nVHIqiST5-9HAdYlHa0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/xm2dULO4nVHIqiST5-9HAdYlHa0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xm2dULO4nVHIqiST5-9HAdYlHa0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 12:01:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d6:2e:e3:c0:28:d7:bf:43:6f:13:eb:f3:0d:c7:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66d9d50b3b89d51c8aa2493e7ef4701d6251dad
        Validity
            Not Before: Jan  1 07:48:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6a79c5fad62ecdd5d2d402efd2aca3e57e44ee36
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:c8:e8:49:29:65:18:bc:a8:b0:1f:4f:9d:0b:
                    5e:55:df:7f:71:6f:1e:14:3c:71:ea:ce:ad:cc:42:
                    38:35:29:ad:d0:a3:e6:ba:0f:ef:62:1c:14:a7:49:
                    e9:61:f5:5d:c2:a2:da:86:22:e1:49:64:a0:7a:55:
                    91:15:22:45:21:bc:a8:b6:5e:8d:68:16:65:c1:45:
                    b7:92:d5:52:9b:6b:4a:76:de:c4:59:04:f7:2d:27:
                    ac:db:aa:9e:4c:2d:e0:6c:61:2c:d5:96:ef:4f:7e:
                    b5:a4:63:b6:e2:4c:ec:28:c5:cd:47:4d:32:bc:c2:
                    78:6f:89:d4:9b:0d:6a:e0:de:bb:cb:1f:07:23:7b:
                    ce:b7:67:7d:c0:4c:ff:bd:d5:8b:40:ab:dc:d3:97:
                    75:06:cb:ee:88:09:ec:f0:c4:85:39:55:5f:4c:ce:
                    60:ae:78:f6:1c:e7:9d:4e:95:24:39:a6:81:d4:cc:
                    b5:08:68:d0:8d:3b:48:32:17:13:36:75:54:14:ca:
                    90:e4:2c:5a:fe:8a:82:41:71:71:c4:34:ec:11:4e:
                    1a:5a:d1:06:75:fd:8c:02:1b:9e:16:7a:e0:24:d7:
                    76:fd:ee:de:62:34:5c:06:60:c4:01:29:aa:0e:7e:
                    42:0f:83:f7:cf:46:71:34:ee:4c:c7:0d:93:77:6c:
                    35:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:79:C5:FA:D6:2E:CD:D5:D2:D4:02:EF:D2:AC:A3:E5:7E:44:EE:36
            X509v3 Authority Key Identifier:
                keyid:C6:6D:9D:50:B3:B8:9D:51:C8:AA:24:93:E7:EF:47:01:D6:25:1D:AD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xm2dULO4nVHIqiST5-9HAdYlHa0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/annF-tYuzdXS1ALv0qyj5X5E7jY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/xm2dULO4nVHIqiST5-9HAdYlHa0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0d:f407:1033::/48

    Signature Algorithm: sha256WithRSAEncryption
         72:2d:9b:74:b3:60:33:80:c1:e5:e4:9b:f3:68:2d:ca:8b:0e:
         75:ec:db:31:f1:ad:76:d7:c3:7e:49:5e:eb:72:b5:0d:ef:d1:
         6d:6b:42:84:7d:3b:8f:79:6e:2f:8a:9d:e7:df:34:71:c7:e2:
         b4:bf:61:95:64:ff:31:18:5b:98:51:83:7c:b5:82:7e:d9:e9:
         62:30:87:b0:19:4a:ad:f9:cd:20:af:57:28:ba:da:a3:d6:cd:
         4b:60:70:2f:10:ed:47:f1:9b:a1:b1:c7:39:b6:11:1c:7f:00:
         f0:3a:77:f5:35:9c:73:35:2c:1c:2f:bb:03:e2:2a:de:fb:49:
         77:72:09:f1:bd:08:e0:9a:6c:1e:ec:6d:16:20:8a:42:d9:cd:
         83:9a:e7:47:25:4c:2a:0d:57:e5:01:13:34:bb:8b:46:6f:85:
         2d:45:ae:99:d4:40:90:75:39:eb:75:f9:28:e2:08:c7:cb:cb:
         52:93:c1:93:ad:60:4d:09:f3:78:b6:44:71:31:25:55:7f:2e:
         d0:e3:48:5d:19:88:f6:e6:d2:90:f8:5e:27:8c:9e:3d:9b:bd:
         2e:34:0d:37:63:25:c4:a8:2b:c0:51:b2:78:da:45:10:d9:cf:
         20:2c:81:66:1c:05:09:be:9e:0b:da:c7:e1:bc:43:f2:4e:39:
         c1:30:dc:6e
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQg1i7jwCjXv0NvE+vzDccgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NmQ5ZDUwYjNiODlkNTFjOGFhMjQ5M2U3ZWY0NzAxZDYy
NTFkYWQwHhcNMjUwMTAxMDc0ODE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YTc5YzVmYWQ2MmVjZGQ1ZDJkNDAyZWZkMmFjYTNlNTdlNDRlZTM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAisjoSSllGLyosB9PnQteVd9/cW8e
FDxx6s6tzEI4NSmt0KPmug/vYhwUp0npYfVdwqLahiLhSWSgelWRFSJFIbyotl6N
aBZlwUW3ktVSm2tKdt7EWQT3LSes26qeTC3gbGEs1ZbvT361pGO24kzsKMXNR00y
vMJ4b4nUmw1q4N67yx8HI3vOt2d9wEz/vdWLQKvc05d1BsvuiAns8MSFOVVfTM5g
rnj2HOedTpUkOaaB1My1CGjQjTtIMhcTNnVUFMqQ5Cxa/oqCQXFxxDTsEU4aWtEG
df2MAhueFnrgJNd2/e7eYjRcBmDEASmqDn5CD4P3z0ZxNO5Mxw2Td2w17wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFGp5xfrWLs3V0tQC79Kso+V+RO42MB8GA1UdIwQY
MBaAFMZtnVCzuJ1RyKokk+fvRwHWJR2tMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG0yZFVMTzRuVkhJcWlTVDUtOUhBZFlsSGEwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNS80YmI3NGItOGQ2ZC00NTE0LWEzOWMt
YjdjNTc4Yjc0ZTM1LzEvYW5uRi10WXV6ZFhTMUFMdjBxeWo1WDVFN2pZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNS80YmI3NGItOGQ2ZC00NTE0LWEzOWMtYjdjNTc4Yjc0ZTM1
LzEveG0yZFVMTzRuVkhJcWlTVDUtOUhBZFlsSGEwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg30BxAz
MA0GCSqGSIb3DQEBCwUAA4IBAQByLZt0s2AzgMHl5JvzaC3Kiw517Nsx8a1218N+
SV7rcrUN79Fta0KEfTuPeW4vip3n3zRxx+K0v2GVZP8xGFuYUYN8tYJ+2eliMIew
GUqt+c0gr1coutqj1s1LYHAvEO1H8Zuhscc5thEcfwDwOnf1NZxzNSwcL7sD4ire
+0l3cgnxvQjgmmwe7G0WIIpC2c2DmudHJUwqDVflARM0u4tGb4UtRa6Z1ECQdTnr
dfko4gjHy8tSk8GTrWBNCfN4tkRxMSVVfy7Q40hdGYj25tKQ+F4njJ49m70uNA03
YyXEqCvAUbJ42kUQ2c8gLIFmHAUJvp4L2sfhvEPyTjnBMNxu
-----END CERTIFICATE-----