Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b6/63760c-e21b-4baf-a9a4-76b33e4ce821/1/RpJEdMSkLG4QBobqqHL1nJkC1MY.roa
File:                     RpJEdMSkLG4QBobqqHL1nJkC1MY.roa (raw, json)
Hash identifier:          Q+HvYQTOIS5u8UvuYMNirVCecblcOPhOd1H1jNc8YFU=
Subject key identifier:   46:92:44:74:C4:A4:2C:6E:10:06:86:EA:A8:72:F5:9C:99:02:D4:C6
Certificate issuer:       /CN=00775d9471b85d963fef6d283590e2d942dd5c21
Certificate serial:       01941FFA4EBBC9319E105EDEE15270248453
Authority key identifier: 00:77:5D:94:71:B8:5D:96:3F:EF:6D:28:35:90:E2:D9:42:DD:5C:21
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AHddlHG4XZY_720oNZDi2ULdXCE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b6/63760c-e21b-4baf-a9a4-76b33e4ce821/1/RpJEdMSkLG4QBobqqHL1nJkC1MY.roa
Signing time:             Wed 01 Jan 2025 03:48:05 +0000
ROA not before:           Wed 01 Jan 2025 03:48:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     48944
IP address blocks:        81.12.126.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b6/63760c-e21b-4baf-a9a4-76b33e4ce821/1/AHddlHG4XZY_720oNZDi2ULdXCE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b6/63760c-e21b-4baf-a9a4-76b33e4ce821/1/AHddlHG4XZY_720oNZDi2ULdXCE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/AHddlHG4XZY_720oNZDi2ULdXCE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 11:00:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:4e:bb:c9:31:9e:10:5e:de:e1:52:70:24:84:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=00775d9471b85d963fef6d283590e2d942dd5c21
        Validity
            Not Before: Jan  1 03:48:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=46924474c4a42c6e100686eaa872f59c9902d4c6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:60:0f:fb:8b:6a:16:a8:51:8e:a7:c0:b6:fa:
                    81:f4:3e:81:5e:f1:f0:97:07:4a:2e:cd:c6:6f:b9:
                    3e:65:a8:75:65:ac:89:c2:7c:c8:27:dd:6e:e0:bc:
                    e3:fd:e0:84:a6:5d:d5:99:01:b3:9c:82:ea:80:c9:
                    c4:d4:e1:ad:a3:90:20:63:ab:b5:0d:2d:01:86:c3:
                    46:b3:89:29:18:3b:21:c0:26:e7:65:38:23:e9:50:
                    5c:33:0b:43:aa:b3:56:af:36:87:cf:29:59:44:e7:
                    67:25:42:5c:54:78:60:6c:96:d3:94:44:6e:0d:08:
                    59:58:e3:e0:df:cf:61:86:ea:77:f2:f8:84:46:c4:
                    17:c4:2e:b8:bc:88:75:b6:90:b2:49:e0:1f:83:b6:
                    4e:cb:d5:51:1a:bc:16:75:74:be:9d:0b:2f:5b:10:
                    88:fa:76:84:a8:d1:f6:e4:02:13:9c:9e:ec:61:57:
                    29:c3:f8:8c:92:3d:4a:0b:de:47:30:8d:e3:5b:af:
                    07:26:51:40:09:23:2f:a8:b2:06:29:de:67:d8:d3:
                    dc:13:74:a0:56:ff:f4:37:e3:07:df:f9:fa:9c:97:
                    8f:26:39:73:5c:ce:9a:11:4a:7c:35:3a:dd:02:2a:
                    5d:db:ca:3f:47:ef:2b:0f:bd:97:fb:c1:9a:59:e0:
                    8b:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:92:44:74:C4:A4:2C:6E:10:06:86:EA:A8:72:F5:9C:99:02:D4:C6
            X509v3 Authority Key Identifier:
                keyid:00:77:5D:94:71:B8:5D:96:3F:EF:6D:28:35:90:E2:D9:42:DD:5C:21

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AHddlHG4XZY_720oNZDi2ULdXCE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/63760c-e21b-4baf-a9a4-76b33e4ce821/1/RpJEdMSkLG4QBobqqHL1nJkC1MY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/63760c-e21b-4baf-a9a4-76b33e4ce821/1/AHddlHG4XZY_720oNZDi2ULdXCE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.12.126.0/23

    Signature Algorithm: sha256WithRSAEncryption
         a6:98:2b:dc:64:26:0b:ec:f4:9b:77:ec:0a:d3:f6:ec:ea:a2:
         f9:63:be:63:6e:ab:e1:65:ab:a7:db:28:e2:83:bd:25:ee:61:
         0b:5c:9e:81:87:a0:63:28:87:e6:31:85:cf:61:d4:6c:8f:fd:
         ac:05:82:e4:ac:fb:2f:08:b3:96:f3:d6:4d:6d:40:d7:45:d3:
         85:70:72:78:e7:5c:c2:fb:a3:f9:9a:ea:5f:fc:aa:36:0f:bc:
         a1:6d:1e:c3:be:94:13:e4:cc:15:ce:ab:30:dc:c8:d2:ab:7c:
         02:e9:7d:ec:d9:ca:b7:70:3b:ad:64:19:27:f2:a4:d9:63:92:
         b3:55:33:ee:26:e0:76:c0:86:88:37:9a:cf:57:f9:de:4f:c9:
         1f:58:0d:d6:38:dc:45:cb:a4:1a:c3:06:c8:9a:0a:b4:fb:d4:
         cd:38:2c:d5:0b:a7:51:39:bb:17:e1:36:a1:65:70:61:d7:4d:
         1f:4a:d3:73:b5:37:c0:c5:2a:0d:01:72:60:6a:cd:4a:21:b1:
         21:d0:f6:99:5c:92:d0:8e:2f:8e:1f:9f:d2:00:24:6f:64:69:
         4d:8b:1f:41:4e:62:40:8e:97:5b:49:ad:33:89:b1:65:4e:47:
         08:af:a1:8e:fd:e7:b3:62:7d:dd:09:c6:a5:b8:c9:97:e3:5e:
         b6:57:70:2c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQf+k67yTGeEF7e4VJwJIRTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAwNzc1ZDk0NzFiODVkOTYzZmVmNmQyODM1OTBlMmQ5NDJk
ZDVjMjEwHhcNMjUwMTAxMDM0ODA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NjkyNDQ3NGM0YTQyYzZlMTAwNjg2ZWFhODcyZjU5Yzk5MDJkNGM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiWAP+4tqFqhRjqfAtvqB9D6BXvHw
lwdKLs3Gb7k+Zah1ZayJwnzIJ91u4Lzj/eCEpl3VmQGznILqgMnE1OGto5AgY6u1
DS0BhsNGs4kpGDshwCbnZTgj6VBcMwtDqrNWrzaHzylZROdnJUJcVHhgbJbTlERu
DQhZWOPg389hhup38viERsQXxC64vIh1tpCySeAfg7ZOy9VRGrwWdXS+nQsvWxCI
+naEqNH25AITnJ7sYVcpw/iMkj1KC95HMI3jW68HJlFACSMvqLIGKd5n2NPcE3Sg
Vv/0N+MH3/n6nJePJjlzXM6aEUp8NTrdAipd28o/R+8rD72X+8GaWeCLdwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEaSRHTEpCxuEAaG6qhy9ZyZAtTGMB8GA1UdIwQY
MBaAFAB3XZRxuF2WP+9tKDWQ4tlC3VwhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQUhkZGxIRzRYWllfNzIwb05aRGkyVUxkWENFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNi82Mzc2MGMtZTIxYi00YmFmLWE5YTQt
NzZiMzNlNGNlODIxLzEvUnBKRWRNU2tMRzRRQm9icXFITDFuSmtDMU1ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNi82Mzc2MGMtZTIxYi00YmFmLWE5YTQtNzZiMzNlNGNlODIx
LzEvQUhkZGxIRzRYWllfNzIwb05aRGkyVUxkWENFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBUQx+MA0G
CSqGSIb3DQEBCwUAA4IBAQCmmCvcZCYL7PSbd+wK0/bs6qL5Y75jbqvhZaun2yji
g70l7mELXJ6Bh6BjKIfmMYXPYdRsj/2sBYLkrPsvCLOW89ZNbUDXRdOFcHJ451zC
+6P5mupf/Ko2D7yhbR7DvpQT5MwVzqsw3MjSq3wC6X3s2cq3cDutZBkn8qTZY5Kz
VTPuJuB2wIaIN5rPV/neT8kfWA3WONxFy6QawwbImgq0+9TNOCzVC6dRObsX4Tah
ZXBh100fStNztTfAxSoNAXJgas1KIbEh0PaZXJLQji+OH5/SACRvZGlNix9BTmJA
jpdbSa0zibFlTkcIr6GO/eezYn3dCcaluMmX4162V3As
-----END CERTIFICATE-----