Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/6401f3-6df0-4038-b0bc-574713845dbc/1/jdP65vqZd3Yn6U96eT8_mfZkvjA.roa
File:                     jdP65vqZd3Yn6U96eT8_mfZkvjA.roa (raw, json)
Hash identifier:          ne4jP46DKtEJ9p4ZQwpnXhCV9KcXgzPhGgBO66/D1T0=
Subject key identifier:   8D:D3:FA:E6:FA:99:77:76:27:E9:4F:7A:79:3F:3F:99:F6:64:BE:30
Certificate issuer:       /CN=53f47a725c768d4de78fb31bb40fe16eba19f20d
Certificate serial:       01942745CAFC389F238AE601B5D64074B6E2
Authority key identifier: 53:F4:7A:72:5C:76:8D:4D:E7:8F:B3:1B:B4:0F:E1:6E:BA:19:F2:0D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/U_R6clx2jU3nj7MbtA_hbroZ8g0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/6401f3-6df0-4038-b0bc-574713845dbc/1/jdP65vqZd3Yn6U96eT8_mfZkvjA.roa
Signing time:             Thu 02 Jan 2025 13:47:52 +0000
ROA not before:           Thu 02 Jan 2025 13:47:52 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     48605
IP address blocks:        2a06:8181::/32 maxlen: 32
                          2a06:8184::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bf/6401f3-6df0-4038-b0bc-574713845dbc/1/U_R6clx2jU3nj7MbtA_hbroZ8g0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bf/6401f3-6df0-4038-b0bc-574713845dbc/1/U_R6clx2jU3nj7MbtA_hbroZ8g0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/U_R6clx2jU3nj7MbtA_hbroZ8g0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 13 Mar 2025 22:01:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:45:ca:fc:38:9f:23:8a:e6:01:b5:d6:40:74:b6:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=53f47a725c768d4de78fb31bb40fe16eba19f20d
        Validity
            Not Before: Jan  2 13:47:52 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8dd3fae6fa99777627e94f7a793f3f99f664be30
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:b8:af:55:62:e7:15:0f:dd:ca:7f:b4:66:50:
                    9a:af:cb:31:86:0d:b1:75:d4:68:2d:b2:e0:eb:21:
                    2d:ac:b6:da:7a:a1:64:e8:ba:be:34:cf:60:ce:93:
                    6c:f7:e9:94:c5:d5:35:85:7a:c8:96:e6:1b:1f:e9:
                    08:16:38:a1:4d:d7:91:2c:e6:95:7f:4c:de:a4:0b:
                    de:61:fa:70:1f:f6:e3:eb:64:b1:40:a1:14:4a:39:
                    d8:82:9a:00:f1:0e:31:1e:42:5c:77:b0:6c:dd:59:
                    e9:95:34:d6:e9:12:34:e9:b3:34:0a:78:7a:65:55:
                    f6:56:3c:a5:af:99:52:7d:d0:4e:85:4a:d4:92:67:
                    df:05:4b:a2:c2:f4:5c:0b:d5:88:c1:05:6c:e9:5c:
                    ba:26:0c:30:ba:4e:1d:a2:3a:95:01:34:a5:e8:58:
                    4a:9d:76:f7:a7:37:1f:19:55:0f:79:70:f2:c8:cf:
                    97:f9:af:fa:0c:c4:53:f9:b2:e4:29:e1:0f:d2:15:
                    f7:3c:9a:90:4e:19:6d:b5:0a:18:c3:14:19:09:bf:
                    6c:8d:50:ad:3f:8e:36:08:25:31:7c:cd:23:0e:2e:
                    e7:2c:63:b5:b4:85:04:30:44:7b:01:45:28:4b:9f:
                    88:08:3a:c9:ac:c7:0b:e8:66:81:a6:a4:a0:20:82:
                    e3:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:D3:FA:E6:FA:99:77:76:27:E9:4F:7A:79:3F:3F:99:F6:64:BE:30
            X509v3 Authority Key Identifier:
                keyid:53:F4:7A:72:5C:76:8D:4D:E7:8F:B3:1B:B4:0F:E1:6E:BA:19:F2:0D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/U_R6clx2jU3nj7MbtA_hbroZ8g0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/6401f3-6df0-4038-b0bc-574713845dbc/1/jdP65vqZd3Yn6U96eT8_mfZkvjA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/6401f3-6df0-4038-b0bc-574713845dbc/1/U_R6clx2jU3nj7MbtA_hbroZ8g0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:8181::/32
                  2a06:8184::/32

    Signature Algorithm: sha256WithRSAEncryption
         1d:7e:2d:6a:19:81:42:d5:ed:14:84:e6:ec:a8:0e:2b:c7:5b:
         4e:7b:d5:44:80:67:df:fb:16:5d:c7:1b:4c:6d:f0:67:34:af:
         01:11:45:a8:66:0a:f9:01:2b:3d:aa:97:f2:e3:ac:e9:7a:79:
         63:24:42:c0:c8:77:3c:6a:ff:27:f4:8f:b5:23:cc:37:50:fa:
         fb:2f:7d:e7:d9:20:89:0a:e5:4e:74:ef:57:80:ec:e7:32:88:
         47:d2:5e:a2:54:ac:b0:ff:1d:10:ca:e7:3f:b8:da:20:06:63:
         80:79:11:4d:19:86:af:df:c1:dd:d6:69:a6:d8:99:d0:6b:8f:
         1e:3a:00:92:50:ed:fc:b9:9c:9c:47:1b:f0:59:7a:9a:b2:f8:
         00:6d:46:e4:1b:d3:c2:02:bf:df:6c:89:83:cf:c3:b4:b2:7b:
         12:63:40:cd:d8:59:c0:4f:30:1c:cb:e7:79:2e:30:eb:49:bc:
         3e:7c:2c:20:78:a1:41:e6:1e:2a:d8:a2:da:e8:eb:ff:0d:6c:
         98:09:49:2c:77:58:ba:77:87:6f:48:71:b1:15:65:06:5c:9e:
         ba:84:61:4d:1c:1f:37:0b:35:ff:3f:db:8c:18:74:04:67:82:
         e4:ca:7f:32:3f:4c:ef:c7:79:53:0f:d7:aa:3e:ed:d2:b8:31:
         1d:24:e9:8b
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZQnRcr8OJ8jiuYBtdZAdLbiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUzZjQ3YTcyNWM3NjhkNGRlNzhmYjMxYmI0MGZlMTZlYmEx
OWYyMGQwHhcNMjUwMTAyMTM0NzUyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZGQzZmFlNmZhOTk3Nzc2MjdlOTRmN2E3OTNmM2Y5OWY2NjRiZTMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn7ivVWLnFQ/dyn+0ZlCar8sxhg2x
ddRoLbLg6yEtrLbaeqFk6Lq+NM9gzpNs9+mUxdU1hXrIluYbH+kIFjihTdeRLOaV
f0zepAveYfpwH/bj62SxQKEUSjnYgpoA8Q4xHkJcd7Bs3VnplTTW6RI06bM0Cnh6
ZVX2Vjylr5lSfdBOhUrUkmffBUuiwvRcC9WIwQVs6Vy6Jgwwuk4dojqVATSl6FhK
nXb3pzcfGVUPeXDyyM+X+a/6DMRT+bLkKeEP0hX3PJqQThlttQoYwxQZCb9sjVCt
P442CCUxfM0jDi7nLGO1tIUEMER7AUUoS5+ICDrJrMcL6GaBpqSgIILj3wIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFI3T+ub6mXd2J+lPenk/P5n2ZL4wMB8GA1UdIwQY
MBaAFFP0enJcdo1N54+zG7QP4W66GfINMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVV9SNmNseDJqVTNuajdNYnRBX2hicm9aOGcwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi82NDAxZjMtNmRmMC00MDM4LWIwYmMt
NTc0NzEzODQ1ZGJjLzEvamRQNjV2cVpkM1luNlU5NmVUOF9tZlprdmpBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi82NDAxZjMtNmRmMC00MDM4LWIwYmMtNTc0NzEzODQ1ZGJj
LzEvVV9SNmNseDJqVTNuajdNYnRBX2hicm9aOGcwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAAjAOAwUAKgaBgQMF
ACoGgYQwDQYJKoZIhvcNAQELBQADggEBAB1+LWoZgULV7RSE5uyoDivHW0571USA
Z9/7Fl3HG0xt8Gc0rwERRahmCvkBKz2ql/LjrOl6eWMkQsDIdzxq/yf0j7UjzDdQ
+vsvfefZIIkK5U5071eA7OcyiEfSXqJUrLD/HRDK5z+42iAGY4B5EU0Zhq/fwd3W
aabYmdBrjx46AJJQ7fy5nJxHG/BZepqy+ABtRuQb08ICv99siYPPw7SyexJjQM3Y
WcBPMBzL53kuMOtJvD58LCB4oUHmHirYotro6/8NbJgJSSx3WLp3h29IcbEVZQZc
nrqEYU0cHzcLNf8/24wYdARnguTKfzI/TO/HeVMP16o+7dK4MR0k6Ys=
-----END CERTIFICATE-----