Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/aa/8cf962-074f-41ac-ae2a-816203d21d12/1/La2c1GzhO3LCYjtEuOjFcoNgj6s.roa
File:                     La2c1GzhO3LCYjtEuOjFcoNgj6s.roa (raw, json)
Hash identifier:          hdTkzvggjd5erT4guotzR+j9YHEwpmHcJ+YP7gw1WZs=
Subject key identifier:   2D:AD:9C:D4:6C:E1:3B:72:C2:62:3B:44:B8:E8:C5:72:83:60:8F:AB
Certificate issuer:       /CN=6353829c061a8af26de946fc9e81885c74c174c7
Certificate serial:       0194258FBA19CE37B12AB5FAD9F513DB8EF7
Authority key identifier: 63:53:82:9C:06:1A:8A:F2:6D:E9:46:FC:9E:81:88:5C:74:C1:74:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y1OCnAYaivJt6Ub8noGIXHTBdMc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/aa/8cf962-074f-41ac-ae2a-816203d21d12/1/La2c1GzhO3LCYjtEuOjFcoNgj6s.roa
Signing time:             Thu 02 Jan 2025 05:49:23 +0000
ROA not before:           Thu 02 Jan 2025 05:49:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60294
IP address blocks:        82.198.64.0/19 maxlen: 19
                          185.65.192.0/22 maxlen: 22
                          2a03:1d60::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/aa/8cf962-074f-41ac-ae2a-816203d21d12/1/Y1OCnAYaivJt6Ub8noGIXHTBdMc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/aa/8cf962-074f-41ac-ae2a-816203d21d12/1/Y1OCnAYaivJt6Ub8noGIXHTBdMc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y1OCnAYaivJt6Ub8noGIXHTBdMc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 11:00:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:ba:19:ce:37:b1:2a:b5:fa:d9:f5:13:db:8e:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6353829c061a8af26de946fc9e81885c74c174c7
        Validity
            Not Before: Jan  2 05:49:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2dad9cd46ce13b72c2623b44b8e8c57283608fab
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:26:71:02:4d:a8:5b:a3:46:bb:97:f2:d3:c1:
                    fc:08:6c:c3:c3:7f:65:ab:08:f2:7b:5b:93:fa:b5:
                    76:38:63:6e:16:55:cf:a1:df:70:fa:b6:60:25:43:
                    64:b7:53:79:2a:a0:cf:8d:76:b5:d6:5e:59:4a:21:
                    78:35:2d:4e:0a:7d:80:4f:aa:b5:f0:57:bb:52:00:
                    32:8d:a0:c1:da:3e:1d:dd:55:d8:d5:5d:73:03:c6:
                    a2:b8:2b:d2:98:35:cf:af:19:51:54:2b:17:6d:ca:
                    99:9d:6d:39:48:ea:fc:ba:c7:c0:51:40:99:fc:f3:
                    41:e6:a9:94:0c:55:9f:89:b7:2b:81:82:5c:73:d5:
                    26:3b:88:65:36:70:2b:0b:89:52:7c:e5:1d:c9:3b:
                    13:f8:52:9a:c2:86:a0:51:69:d1:79:b3:4f:83:3a:
                    55:54:47:f1:b9:39:e8:c8:9c:cf:c8:e9:0e:18:12:
                    3a:76:cf:3c:12:95:4b:b8:c5:3c:e3:3d:79:d7:da:
                    d2:d7:9c:86:a1:3b:34:2f:45:bf:29:b6:d1:bf:86:
                    38:e7:23:c7:e4:18:b8:c3:e9:26:d4:a5:44:c8:ca:
                    e9:b0:47:b1:6e:91:8f:51:5c:5d:5e:d5:69:fa:b1:
                    66:f4:d1:fe:1f:f5:d3:ae:59:99:ed:d0:e5:c0:7f:
                    00:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:AD:9C:D4:6C:E1:3B:72:C2:62:3B:44:B8:E8:C5:72:83:60:8F:AB
            X509v3 Authority Key Identifier:
                keyid:63:53:82:9C:06:1A:8A:F2:6D:E9:46:FC:9E:81:88:5C:74:C1:74:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y1OCnAYaivJt6Ub8noGIXHTBdMc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/8cf962-074f-41ac-ae2a-816203d21d12/1/La2c1GzhO3LCYjtEuOjFcoNgj6s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/8cf962-074f-41ac-ae2a-816203d21d12/1/Y1OCnAYaivJt6Ub8noGIXHTBdMc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.198.64.0/19
                  185.65.192.0/22
                IPv6:
                  2a03:1d60::/32

    Signature Algorithm: sha256WithRSAEncryption
         7e:40:9e:3f:32:92:b4:8d:14:ff:3d:3f:5a:2e:9c:7a:f8:53:
         80:28:bb:61:30:f5:97:fd:e5:f3:22:bf:5f:a5:49:a2:41:3a:
         92:36:5d:8e:06:a3:10:7d:b9:8a:7a:82:b3:94:6f:9d:6a:0b:
         5f:c7:2e:b6:16:39:79:42:5c:14:6a:eb:b9:69:de:48:cb:46:
         b1:fa:d3:f8:65:15:24:bd:f4:e9:00:16:60:46:ed:05:76:e9:
         7a:a6:0f:40:2c:bc:1d:c5:91:9c:6d:7e:d3:67:ce:97:da:bc:
         de:8b:c9:01:ba:0d:a9:f3:1b:f9:8a:85:8e:c6:d8:e3:c4:9e:
         0c:bb:87:86:42:b1:db:11:27:77:98:41:fd:43:80:99:07:70:
         54:8a:44:1c:61:a8:88:6a:b9:7e:08:ff:cc:23:10:c2:d7:18:
         30:3e:4a:2f:ff:aa:2f:dc:f4:e6:97:5d:b0:09:7f:31:c0:ff:
         fe:d6:1f:e6:f4:8e:b7:f8:87:9d:ff:5e:9d:a3:20:9c:6b:ca:
         64:3a:78:9b:c9:a6:5b:d9:76:f4:a7:e5:87:d0:71:58:96:ab:
         fd:e9:0f:4d:d5:17:02:5a:21:a6:5a:e4:63:da:f3:92:61:d4:
         8f:45:8a:66:37:87:47:e0:00:99:13:f3:b5:d1:1d:ae:04:ec:
         2f:24:ac:87
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZQlj7oZzjexKrX62fUT2473MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzNTM4MjljMDYxYThhZjI2ZGU5NDZmYzllODE4ODVjNzRj
MTc0YzcwHhcNMjUwMTAyMDU0OTIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZGFkOWNkNDZjZTEzYjcyYzI2MjNiNDRiOGU4YzU3MjgzNjA4ZmFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwiZxAk2oW6NGu5fy08H8CGzDw39l
qwjye1uT+rV2OGNuFlXPod9w+rZgJUNkt1N5KqDPjXa11l5ZSiF4NS1OCn2AT6q1
8Fe7UgAyjaDB2j4d3VXY1V1zA8aiuCvSmDXPrxlRVCsXbcqZnW05SOr8usfAUUCZ
/PNB5qmUDFWfibcrgYJcc9UmO4hlNnArC4lSfOUdyTsT+FKawoagUWnRebNPgzpV
VEfxuTnoyJzPyOkOGBI6ds88EpVLuMU84z1519rS15yGoTs0L0W/KbbRv4Y45yPH
5Bi4w+km1KVEyMrpsEexbpGPUVxdXtVp+rFm9NH+H/XTrlmZ7dDlwH8AiwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFC2tnNRs4TtywmI7RLjoxXKDYI+rMB8GA1UdIwQY
MBaAFGNTgpwGGorybelG/J6BiFx0wXTHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWTFPQ25BWWFpdkp0NlViOG5vR0lYSFRCZE1jLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYS84Y2Y5NjItMDc0Zi00MWFjLWFlMmEt
ODE2MjAzZDIxZDEyLzEvTGEyYzFHemhPM0xDWWp0RXVPakZjb05najZzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYS84Y2Y5NjItMDc0Zi00MWFjLWFlMmEtODE2MjAzZDIxZDEy
LzEvWTFPQ25BWWFpdkp0NlViOG5vR0lYSFRCZE1jLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQFUsZAAwQC
uUHAMA0EAgACMAcDBQAqAx1gMA0GCSqGSIb3DQEBCwUAA4IBAQB+QJ4/MpK0jRT/
PT9aLpx6+FOAKLthMPWX/eXzIr9fpUmiQTqSNl2OBqMQfbmKeoKzlG+dagtfxy62
Fjl5QlwUauu5ad5Iy0ax+tP4ZRUkvfTpABZgRu0Fdul6pg9ALLwdxZGcbX7TZ86X
2rzei8kBug2p8xv5ioWOxtjjxJ4Mu4eGQrHbESd3mEH9Q4CZB3BUikQcYaiIarl+
CP/MIxDC1xgwPkov/6ov3PTml12wCX8xwP/+1h/m9I63+Ied/16doyCca8pkOnib
yaZb2Xb0p+WH0HFYlqv96Q9N1RcCWiGmWuRj2vOSYdSPRYpmN4dH4ACZE/O10R2u
BOwvJKyH
-----END CERTIFICATE-----