Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b3/cd0b2c-29e2-4737-9eb7-8cd55b03d22d/1/vA4rANUmY77ajy3yEyLDZ1K3vnA.roa
File:                     vA4rANUmY77ajy3yEyLDZ1K3vnA.roa (raw, json)
Hash identifier:          v5PKNuGl4AALPFrvuOw4WSf5gwfiM8g/rIh066tDvuI=
Subject key identifier:   BC:0E:2B:00:D5:26:63:BE:DA:8F:2D:F2:13:22:C3:67:52:B7:BE:70
Certificate issuer:       /CN=cfc7ef2b766594892d78928cbe781779fdce67d0
Certificate serial:       019424B3DD7D4628720283625097CAE36830
Authority key identifier: CF:C7:EF:2B:76:65:94:89:2D:78:92:8C:BE:78:17:79:FD:CE:67:D0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/z8fvK3ZllIkteJKMvngXef3OZ9A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b3/cd0b2c-29e2-4737-9eb7-8cd55b03d22d/1/vA4rANUmY77ajy3yEyLDZ1K3vnA.roa
Signing time:             Thu 02 Jan 2025 01:49:14 +0000
ROA not before:           Thu 02 Jan 2025 01:49:14 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     3096
IP address blocks:        2a02:6a0:8ffe::/48 maxlen: 48
                          2a02:6a0:8fff::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b3/cd0b2c-29e2-4737-9eb7-8cd55b03d22d/1/z8fvK3ZllIkteJKMvngXef3OZ9A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b3/cd0b2c-29e2-4737-9eb7-8cd55b03d22d/1/z8fvK3ZllIkteJKMvngXef3OZ9A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/z8fvK3ZllIkteJKMvngXef3OZ9A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 19:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:dd:7d:46:28:72:02:83:62:50:97:ca:e3:68:30
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cfc7ef2b766594892d78928cbe781779fdce67d0
        Validity
            Not Before: Jan  2 01:49:14 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=bc0e2b00d52663beda8f2df21322c36752b7be70
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:43:ab:08:34:96:51:62:56:b0:d7:c9:3c:f8:
                    8c:eb:55:22:c4:7e:57:67:c6:13:b3:3b:a4:e0:50:
                    a2:10:e6:bd:c1:6c:f0:3f:16:0b:1f:ea:9b:99:1f:
                    bc:e7:05:50:06:d6:03:2b:ed:29:ce:21:70:49:8f:
                    74:99:ce:fb:67:b5:be:4b:4e:e8:90:0c:64:06:15:
                    6f:9d:6c:e2:6a:c5:4c:88:6d:54:eb:9b:48:84:90:
                    14:35:63:c6:f5:d7:48:f7:a5:c2:76:71:eb:53:aa:
                    b3:0a:59:24:44:3f:b9:f9:ce:a7:17:f1:c4:78:6e:
                    fb:85:14:9d:4e:01:ed:e8:e4:58:73:64:74:8e:93:
                    03:b6:4d:83:42:6a:c5:3c:e9:5c:d0:b8:b1:38:24:
                    e4:c2:55:1b:e2:ee:10:4e:28:bf:f2:6b:cc:3d:b0:
                    ab:5a:a0:f3:70:24:1e:d4:de:51:a9:4b:55:fc:23:
                    c6:81:b0:07:61:de:60:f6:09:23:08:e2:c1:01:03:
                    54:1c:a7:f7:90:8e:b3:3b:5a:cd:7c:12:8e:94:37:
                    a5:8b:ee:b2:4e:66:91:e2:e0:62:85:a5:9b:11:92:
                    5a:22:6a:4d:45:fa:71:8a:fe:b7:63:b0:49:91:5d:
                    f2:04:44:0b:66:80:53:ae:35:16:cd:d5:24:49:63:
                    69:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:0E:2B:00:D5:26:63:BE:DA:8F:2D:F2:13:22:C3:67:52:B7:BE:70
            X509v3 Authority Key Identifier:
                keyid:CF:C7:EF:2B:76:65:94:89:2D:78:92:8C:BE:78:17:79:FD:CE:67:D0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/z8fvK3ZllIkteJKMvngXef3OZ9A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/cd0b2c-29e2-4737-9eb7-8cd55b03d22d/1/vA4rANUmY77ajy3yEyLDZ1K3vnA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/cd0b2c-29e2-4737-9eb7-8cd55b03d22d/1/z8fvK3ZllIkteJKMvngXef3OZ9A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a02:6a0:8ffe::/47

    Signature Algorithm: sha256WithRSAEncryption
         4d:dc:4b:e3:d5:51:4d:5b:96:3a:0b:e0:ae:67:6c:74:a5:e9:
         e5:af:f1:17:5e:a8:bb:4a:18:17:04:b6:77:e3:d1:b5:e2:09:
         2f:bd:c3:d7:ac:9b:e3:e0:e0:da:2d:05:05:60:71:29:a8:5d:
         2b:de:ae:da:8b:ca:30:6e:69:72:0f:8c:06:93:e3:80:97:a7:
         6a:7d:30:4a:6b:e4:98:7e:d9:6e:57:6c:46:7f:13:cf:6c:16:
         84:1e:03:1a:4c:72:2a:1f:0e:74:47:85:c1:cc:e0:36:12:8b:
         fd:f0:0c:19:b7:26:42:23:26:0d:74:17:32:a5:72:03:5c:4e:
         c7:a4:e7:36:8a:56:ea:8c:aa:5e:49:86:08:f6:89:1b:66:cb:
         75:56:1f:27:18:f1:2c:94:44:4e:e8:d6:f3:cf:92:01:e1:85:
         22:a6:85:36:9a:d1:7c:d8:2c:5e:3d:2d:c1:c9:2f:25:ed:54:
         7f:bc:dd:08:e6:4a:b9:50:f4:60:31:be:2f:9e:11:c7:09:2a:
         64:0d:5e:94:70:6a:13:11:ca:61:eb:4e:cb:59:82:0d:76:96:
         71:62:4a:de:85:92:00:4d:7c:cf:59:81:f8:4d:9d:69:54:c9:
         8a:b7:80:2d:f5:43:3e:8a:3e:4b:e0:51:d6:71:c9:8f:ed:94:
         72:14:e3:cd
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQks919RihyAoNiUJfK42gwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmYzdlZjJiNzY2NTk0ODkyZDc4OTI4Y2JlNzgxNzc5ZmRj
ZTY3ZDAwHhcNMjUwMTAyMDE0OTE0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYzBlMmIwMGQ1MjY2M2JlZGE4ZjJkZjIxMzIyYzM2NzUyYjdiZTcwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA10OrCDSWUWJWsNfJPPiM61UixH5X
Z8YTszuk4FCiEOa9wWzwPxYLH+qbmR+85wVQBtYDK+0pziFwSY90mc77Z7W+S07o
kAxkBhVvnWziasVMiG1U65tIhJAUNWPG9ddI96XCdnHrU6qzClkkRD+5+c6nF/HE
eG77hRSdTgHt6ORYc2R0jpMDtk2DQmrFPOlc0LixOCTkwlUb4u4QTii/8mvMPbCr
WqDzcCQe1N5RqUtV/CPGgbAHYd5g9gkjCOLBAQNUHKf3kI6zO1rNfBKOlDeli+6y
TmaR4uBihaWbEZJaImpNRfpxiv63Y7BJkV3yBEQLZoBTrjUWzdUkSWNpcwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFLwOKwDVJmO+2o8t8hMiw2dSt75wMB8GA1UdIwQY
MBaAFM/H7yt2ZZSJLXiSjL54F3n9zmfQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvejhmdkszWmxsSWt0ZUpLTXZuZ1hlZjNPWjlBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMy9jZDBiMmMtMjllMi00NzM3LTllYjct
OGNkNTViMDNkMjJkLzEvdkE0ckFOVW1ZNzdhankzeUV5TERaMUszdm5BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMy9jZDBiMmMtMjllMi00NzM3LTllYjctOGNkNTViMDNkMjJk
LzEvejhmdkszWmxsSWt0ZUpLTXZuZ1hlZjNPWjlBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcBKgIGoI/+
MA0GCSqGSIb3DQEBCwUAA4IBAQBN3Evj1VFNW5Y6C+CuZ2x0penlr/EXXqi7ShgX
BLZ349G14gkvvcPXrJvj4ODaLQUFYHEpqF0r3q7ai8owbmlyD4wGk+OAl6dqfTBK
a+SYftluV2xGfxPPbBaEHgMaTHIqHw50R4XBzOA2Eov98AwZtyZCIyYNdBcypXID
XE7HpOc2ilbqjKpeSYYI9okbZst1Vh8nGPEslERO6Nbzz5IB4YUipoU2mtF82Cxe
PS3ByS8l7VR/vN0I5kq5UPRgMb4vnhHHCSpkDV6UcGoTEcph607LWYINdpZxYkre
hZIATXzPWYH4TZ1pVMmKt4At9UM+ij5L4FHWccmP7ZRyFOPN
-----END CERTIFICATE-----