Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bd/1fd0a6-4517-4a0b-b3c9-12ec22c9c5a2/1/FzyJ-A4chBzu8lQqhpLh4dfVe9s.roa
File:                     FzyJ-A4chBzu8lQqhpLh4dfVe9s.roa (raw, json)
Hash identifier:          kikBFtCVFZZA5yK1FlsJJ2Y15ol/mIm/K3+f2pwmt3Q=
Subject key identifier:   17:3C:89:F8:0E:1C:84:1C:EE:F2:54:2A:86:92:E1:E1:D7:D5:7B:DB
Certificate issuer:       /CN=32474ac7ca85e09c2d48b33e7bf66f8ed764de0f
Certificate serial:       01942748743745DA6B267360B72258737F7D
Authority key identifier: 32:47:4A:C7:CA:85:E0:9C:2D:48:B3:3E:7B:F6:6F:8E:D7:64:DE:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MkdKx8qF4JwtSLM-e_Zvjtdk3g8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bd/1fd0a6-4517-4a0b-b3c9-12ec22c9c5a2/1/FzyJ-A4chBzu8lQqhpLh4dfVe9s.roa
Signing time:             Thu 02 Jan 2025 13:50:47 +0000
ROA not before:           Thu 02 Jan 2025 13:50:47 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212520
IP address blocks:        2a05:4741:25::/48 maxlen: 48
                          2a05:4741:26::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bd/1fd0a6-4517-4a0b-b3c9-12ec22c9c5a2/1/MkdKx8qF4JwtSLM-e_Zvjtdk3g8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bd/1fd0a6-4517-4a0b-b3c9-12ec22c9c5a2/1/MkdKx8qF4JwtSLM-e_Zvjtdk3g8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MkdKx8qF4JwtSLM-e_Zvjtdk3g8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 07:01:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:48:74:37:45:da:6b:26:73:60:b7:22:58:73:7f:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=32474ac7ca85e09c2d48b33e7bf66f8ed764de0f
        Validity
            Not Before: Jan  2 13:50:47 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=173c89f80e1c841ceef2542a8692e1e1d7d57bdb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:f7:de:ff:0c:b2:3c:84:6c:24:93:f6:ea:55:
                    1f:57:31:63:bc:f1:d8:b4:08:1f:3d:be:6f:c4:7f:
                    6a:96:88:cc:50:72:4a:ca:97:06:3d:d2:93:87:04:
                    40:0f:b7:7c:0a:86:b6:8f:c7:6c:b6:f3:d1:5b:3b:
                    05:06:ed:0e:3a:e1:2e:15:91:f8:3f:c5:8d:65:c3:
                    7c:a3:10:e0:93:c5:91:63:dc:1d:9c:5e:45:e0:fb:
                    9b:b3:4c:6b:1f:5a:e0:4a:77:f4:13:5c:5e:8a:0b:
                    2a:11:00:ec:10:15:c8:38:0e:1a:1e:c9:53:2c:a2:
                    32:4a:6a:e5:0a:22:15:6d:13:22:90:9c:10:5e:7a:
                    09:0e:f3:59:4e:55:1e:28:9d:89:38:85:e1:98:94:
                    60:fd:f2:dc:e0:99:b4:da:72:70:0a:53:c2:ed:49:
                    96:18:01:a0:f6:3a:5d:36:d7:22:1b:c3:3b:67:09:
                    98:b9:48:34:1c:eb:2e:15:d7:bd:f6:47:7d:a5:e9:
                    9f:46:04:f6:a8:c5:8f:5b:30:df:82:47:7f:2b:71:
                    f1:6c:3a:a0:db:92:79:e3:17:12:ea:3a:c7:80:b4:
                    fc:09:30:57:8a:18:60:cc:78:14:5a:35:57:10:26:
                    e7:c2:0a:47:66:fe:7b:82:e0:3d:7f:45:66:ee:ab:
                    6e:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:3C:89:F8:0E:1C:84:1C:EE:F2:54:2A:86:92:E1:E1:D7:D5:7B:DB
            X509v3 Authority Key Identifier:
                keyid:32:47:4A:C7:CA:85:E0:9C:2D:48:B3:3E:7B:F6:6F:8E:D7:64:DE:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MkdKx8qF4JwtSLM-e_Zvjtdk3g8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/1fd0a6-4517-4a0b-b3c9-12ec22c9c5a2/1/FzyJ-A4chBzu8lQqhpLh4dfVe9s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/1fd0a6-4517-4a0b-b3c9-12ec22c9c5a2/1/MkdKx8qF4JwtSLM-e_Zvjtdk3g8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:4741:25::-2a05:4741:26:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         04:13:2e:7d:22:94:d2:9f:de:8e:31:23:eb:e7:e6:45:fd:75:
         24:e5:fe:31:1c:35:bb:c1:9a:59:3e:0a:6a:f4:a9:97:e6:c1:
         ba:db:e1:77:30:34:6f:4e:d2:4b:9e:d5:02:06:6b:23:3d:69:
         47:05:23:e4:a0:17:b8:74:72:cd:4d:45:b2:4b:61:02:fb:ad:
         1e:af:58:24:b1:cb:c9:6d:70:b8:07:1b:cc:ce:58:2a:dd:d5:
         e6:3d:c8:e6:85:ed:0f:d1:2c:77:84:81:8e:fa:78:a1:15:06:
         0d:aa:36:da:83:10:f6:6f:6a:88:26:58:16:b1:07:5b:ef:3f:
         d1:7e:9d:f3:90:16:66:75:2b:c1:a7:6f:1e:67:96:c9:cc:60:
         fa:81:73:77:dd:81:24:85:2a:37:c5:4e:66:f4:10:1b:c0:f5:
         e2:03:a9:2a:fb:4f:d9:81:6f:46:36:d6:26:7b:a8:bb:e0:43:
         57:af:a5:fd:24:76:6f:a2:c2:74:ae:ca:ae:bd:c9:06:7f:37:
         e7:26:aa:16:e4:94:18:0c:a5:e5:4d:3f:04:00:c9:b8:2e:bf:
         37:02:4f:37:49:93:dd:9b:92:15:d9:d6:58:6a:f4:72:36:86:
         67:cf:9a:e2:ad:c3:24:14:f8:8f:e8:b4:d1:82:de:a3:be:86:
         5d:ae:01:b3
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZQnSHQ3RdprJnNgtyJYc399MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMyNDc0YWM3Y2E4NWUwOWMyZDQ4YjMzZTdiZjY2ZjhlZDc2
NGRlMGYwHhcNMjUwMTAyMTM1MDQ3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNzNjODlmODBlMWM4NDFjZWVmMjU0MmE4NjkyZTFlMWQ3ZDU3YmRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2Pfe/wyyPIRsJJP26lUfVzFjvPHY
tAgfPb5vxH9qlojMUHJKypcGPdKThwRAD7d8Coa2j8dstvPRWzsFBu0OOuEuFZH4
P8WNZcN8oxDgk8WRY9wdnF5F4Pubs0xrH1rgSnf0E1xeigsqEQDsEBXIOA4aHslT
LKIySmrlCiIVbRMikJwQXnoJDvNZTlUeKJ2JOIXhmJRg/fLc4Jm02nJwClPC7UmW
GAGg9jpdNtciG8M7ZwmYuUg0HOsuFde99kd9pemfRgT2qMWPWzDfgkd/K3HxbDqg
25J54xcS6jrHgLT8CTBXihhgzHgUWjVXECbnwgpHZv57guA9f0Vm7qtuZQIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFBc8ifgOHIQc7vJUKoaS4eHX1XvbMB8GA1UdIwQY
MBaAFDJHSsfKheCcLUizPnv2b47XZN4PMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTWtkS3g4cUY0Snd0U0xNLWVfWnZqdGRrM2c4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZC8xZmQwYTYtNDUxNy00YTBiLWIzYzkt
MTJlYzIyYzljNWEyLzEvRnp5Si1BNGNoQnp1OGxRcWhwTGg0ZGZWZTlzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZC8xZmQwYTYtNDUxNy00YTBiLWIzYzktMTJlYzIyYzljNWEy
LzEvTWtkS3g4cUY0Snd0U0xNLWVfWnZqdGRrM2c4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAAjAUMBIDBwAqBUdB
ACUDBwAqBUdBACYwDQYJKoZIhvcNAQELBQADggEBAAQTLn0ilNKf3o4xI+vn5kX9
dSTl/jEcNbvBmlk+Cmr0qZfmwbrb4XcwNG9O0kue1QIGayM9aUcFI+SgF7h0cs1N
RbJLYQL7rR6vWCSxy8ltcLgHG8zOWCrd1eY9yOaF7Q/RLHeEgY76eKEVBg2qNtqD
EPZvaogmWBaxB1vvP9F+nfOQFmZ1K8Gnbx5nlsnMYPqBc3fdgSSFKjfFTmb0EBvA
9eIDqSr7T9mBb0Y21iZ7qLvgQ1evpf0kdm+iwnSuyq69yQZ/N+cmqhbklBgMpeVN
PwQAybguvzcCTzdJk92bkhXZ1lhq9HI2hmfPmuKtwyQU+I/otNGC3qO+hl2uAbM=
-----END CERTIFICATE-----