Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a9/554c35-a83c-4329-a08d-2d46d30dacbf/1/cRrQhRl21akyISJAcESzBw3cqNc.roa
File:                     cRrQhRl21akyISJAcESzBw3cqNc.roa (raw, json)
Hash identifier:          ZVnhoZeTO3PrLcaDJF9qovHR+RzyE1BQFr1o16SkPy8=
Subject key identifier:   71:1A:D0:85:19:76:D5:A9:32:21:22:40:70:44:B3:07:0D:DC:A8:D7
Certificate issuer:       /CN=a5a56ebf01e00349f673019180560c9a31aea871
Certificate serial:       019420686FFFFAB84817680606C44704A67A
Authority key identifier: A5:A5:6E:BF:01:E0:03:49:F6:73:01:91:80:56:0C:9A:31:AE:A8:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/paVuvwHgA0n2cwGRgFYMmjGuqHE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a9/554c35-a83c-4329-a08d-2d46d30dacbf/1/cRrQhRl21akyISJAcESzBw3cqNc.roa
Signing time:             Wed 01 Jan 2025 05:48:22 +0000
ROA not before:           Wed 01 Jan 2025 05:48:22 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     44445
IP address blocks:        2a12:c6c7:3000::/36 maxlen: 48
                          2a12:c6c7:4000::/36 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a9/554c35-a83c-4329-a08d-2d46d30dacbf/1/paVuvwHgA0n2cwGRgFYMmjGuqHE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a9/554c35-a83c-4329-a08d-2d46d30dacbf/1/paVuvwHgA0n2cwGRgFYMmjGuqHE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/paVuvwHgA0n2cwGRgFYMmjGuqHE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 19:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:68:6f:ff:fa:b8:48:17:68:06:06:c4:47:04:a6:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a5a56ebf01e00349f673019180560c9a31aea871
        Validity
            Not Before: Jan  1 05:48:22 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=711ad0851976d5a9322122407044b3070ddca8d7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:1b:60:e6:65:c1:2b:8d:31:27:ee:06:40:7d:
                    b9:2a:b3:0d:93:94:c3:4f:e4:e3:6f:43:68:b2:1a:
                    85:7b:b2:29:0a:7b:52:fc:15:08:77:66:00:c8:94:
                    2e:25:28:81:a5:16:37:dc:cc:e0:28:15:04:ee:ff:
                    ab:e3:aa:88:ac:0f:8a:ad:bd:45:8b:ed:01:72:6c:
                    76:f4:2c:35:c1:40:e2:ad:64:f3:b8:5c:df:93:8e:
                    3f:9b:e1:d6:13:8f:5c:55:81:f1:64:74:b1:08:77:
                    77:13:49:51:18:2e:b7:eb:47:f0:54:96:16:ff:63:
                    c1:9c:c1:10:de:8c:c3:eb:bb:a9:71:91:76:d9:9b:
                    d8:78:77:55:19:d1:2a:c6:d2:04:94:60:cf:98:f5:
                    1a:0e:40:3a:20:11:f8:4d:37:9a:39:f0:af:3b:18:
                    16:51:a8:24:b8:39:96:08:85:bc:1e:87:95:74:9e:
                    d3:06:b6:b4:c2:0e:40:12:2d:6b:1c:c9:28:0b:3e:
                    a7:9f:0e:4f:67:d7:0e:7a:ed:91:d7:ee:12:e6:2c:
                    34:67:a4:79:9d:b7:f2:cb:a0:29:63:82:27:8c:d9:
                    d0:62:97:f5:dc:a1:d5:64:15:78:f1:33:f3:b1:42:
                    4c:a6:aa:a6:7a:fe:c8:74:d2:c4:c0:57:58:6e:fc:
                    ed:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:1A:D0:85:19:76:D5:A9:32:21:22:40:70:44:B3:07:0D:DC:A8:D7
            X509v3 Authority Key Identifier:
                keyid:A5:A5:6E:BF:01:E0:03:49:F6:73:01:91:80:56:0C:9A:31:AE:A8:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/paVuvwHgA0n2cwGRgFYMmjGuqHE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/554c35-a83c-4329-a08d-2d46d30dacbf/1/cRrQhRl21akyISJAcESzBw3cqNc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/554c35-a83c-4329-a08d-2d46d30dacbf/1/paVuvwHgA0n2cwGRgFYMmjGuqHE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:c6c7:3000::-2a12:c6c7:4fff:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         8b:31:7c:5c:32:bd:b8:69:f1:69:ff:3d:43:34:87:3f:5d:c8:
         9c:ec:80:d4:9b:ca:58:bf:51:90:0e:41:7c:a3:9c:61:7b:4a:
         24:d4:3c:01:89:0d:25:08:10:9b:51:14:f1:86:25:6b:77:38:
         19:31:9b:11:dc:44:5c:99:cc:25:16:87:92:48:fe:cd:c8:26:
         16:ca:04:ed:69:2f:35:e6:fe:6d:4e:fb:a0:8a:55:e9:42:be:
         be:ce:67:58:cc:ad:9e:f6:6e:91:2e:a6:eb:0b:1a:f4:02:f7:
         9c:6d:a0:e2:4c:c8:cb:30:0c:b5:88:59:cd:d5:fb:d0:4c:41:
         c8:32:98:27:7a:16:6b:49:ba:a3:57:3c:cf:2d:81:ac:88:d9:
         b3:61:a1:8c:f0:65:45:80:ea:10:6d:2b:47:87:48:cc:2d:1f:
         d8:f2:89:90:16:06:6c:7f:f5:5d:6c:a6:0d:b7:76:1e:a3:9f:
         25:d3:6f:0b:7f:12:67:0a:0f:9a:cd:1b:69:21:61:c4:d9:50:
         81:61:57:d9:86:35:65:b7:4d:8e:20:6a:ee:74:22:dd:9f:5a:
         da:b6:37:58:c9:6d:4a:b3:67:a6:cf:ba:43:9a:80:09:fc:ac:
         e1:22:b9:7e:66:db:5d:31:2a:e1:1c:71:d6:25:a1:57:d8:d0:
         f8:c6:52:f5
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZQgaG//+rhIF2gGBsRHBKZ6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE1YTU2ZWJmMDFlMDAzNDlmNjczMDE5MTgwNTYwYzlhMzFh
ZWE4NzEwHhcNMjUwMTAxMDU0ODIyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MTFhZDA4NTE5NzZkNWE5MzIyMTIyNDA3MDQ0YjMwNzBkZGNhOGQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvRtg5mXBK40xJ+4GQH25KrMNk5TD
T+Tjb0NoshqFe7IpCntS/BUId2YAyJQuJSiBpRY33MzgKBUE7v+r46qIrA+Krb1F
i+0Bcmx29Cw1wUDirWTzuFzfk44/m+HWE49cVYHxZHSxCHd3E0lRGC6360fwVJYW
/2PBnMEQ3ozD67upcZF22ZvYeHdVGdEqxtIElGDPmPUaDkA6IBH4TTeaOfCvOxgW
UagkuDmWCIW8HoeVdJ7TBra0wg5AEi1rHMkoCz6nnw5PZ9cOeu2R1+4S5iw0Z6R5
nbfyy6ApY4InjNnQYpf13KHVZBV48TPzsUJMpqqmev7IdNLEwFdYbvzt0wIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFHEa0IUZdtWpMiEiQHBEswcN3KjXMB8GA1UdIwQY
MBaAFKWlbr8B4ANJ9nMBkYBWDJoxrqhxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcGFWdXZ3SGdBMG4yY3dHUmdGWU1takd1cUhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOS81NTRjMzUtYTgzYy00MzI5LWEwOGQt
MmQ0NmQzMGRhY2JmLzEvY1JyUWhSbDIxYWt5SVNKQWNFU3pCdzNjcU5jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOS81NTRjMzUtYTgzYy00MzI5LWEwOGQtMmQ0NmQzMGRhY2Jm
LzEvcGFWdXZ3SGdBMG4yY3dHUmdGWU1takd1cUhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASMBADBgQqEsbH
MAMGBCoSxsdAMA0GCSqGSIb3DQEBCwUAA4IBAQCLMXxcMr24afFp/z1DNIc/Xcic
7IDUm8pYv1GQDkF8o5xhe0ok1DwBiQ0lCBCbURTxhiVrdzgZMZsR3ERcmcwlFoeS
SP7NyCYWygTtaS815v5tTvugilXpQr6+zmdYzK2e9m6RLqbrCxr0AvecbaDiTMjL
MAy1iFnN1fvQTEHIMpgnehZrSbqjVzzPLYGsiNmzYaGM8GVFgOoQbStHh0jMLR/Y
8omQFgZsf/VdbKYNt3Yeo58l028LfxJnCg+azRtpIWHE2VCBYVfZhjVlt02OIGru
dCLdn1ratjdYyW1Ks2emz7pDmoAJ/KzhIrl+ZttdMSrhHHHWJaFX2ND4xlL1
-----END CERTIFICATE-----