Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/1b4105-3471-4592-bf07-73fd3bc19aa7/1/NiD2SDjoMC5kCqhJ0LqUs7rzMnw.roa
File:                     NiD2SDjoMC5kCqhJ0LqUs7rzMnw.roa (raw, json)
Hash identifier:          9+KHXzf6QQ6hX/XBCMhmaRntprEYELpBh7Oa+Qw01T4=
Subject key identifier:   36:20:F6:48:38:E8:30:2E:64:0A:A8:49:D0:BA:94:B3:BA:F3:32:7C
Certificate issuer:       /CN=ff31492473a78c6fe9f539f9fa7d2252560a2b7e
Certificate serial:       019427B5CF1C288989A40C721794562D11A4
Authority key identifier: FF:31:49:24:73:A7:8C:6F:E9:F5:39:F9:FA:7D:22:52:56:0A:2B:7E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_zFJJHOnjG_p9Tn5-n0iUlYKK34.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/1b4105-3471-4592-bf07-73fd3bc19aa7/1/NiD2SDjoMC5kCqhJ0LqUs7rzMnw.roa
Signing time:             Thu 02 Jan 2025 15:50:13 +0000
ROA not before:           Thu 02 Jan 2025 15:50:13 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     3624
IP address blocks:        2001:bf7:540::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/1b4105-3471-4592-bf07-73fd3bc19aa7/1/_zFJJHOnjG_p9Tn5-n0iUlYKK34.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/1b4105-3471-4592-bf07-73fd3bc19aa7/1/_zFJJHOnjG_p9Tn5-n0iUlYKK34.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_zFJJHOnjG_p9Tn5-n0iUlYKK34.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b5:cf:1c:28:89:89:a4:0c:72:17:94:56:2d:11:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ff31492473a78c6fe9f539f9fa7d2252560a2b7e
        Validity
            Not Before: Jan  2 15:50:13 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3620f64838e8302e640aa849d0ba94b3baf3327c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:91:f5:1b:2e:ab:27:8c:cf:57:c6:48:ab:00:
                    29:c1:f9:24:26:13:54:4d:bc:45:c9:62:ab:19:89:
                    92:e3:27:ee:27:ce:ed:3e:0a:fc:24:7a:a0:86:1f:
                    7b:41:b0:4a:a0:8e:d0:6d:c4:5f:80:c2:f9:dc:08:
                    69:96:67:15:c5:0f:82:6f:4a:77:db:35:e5:90:81:
                    95:81:6b:04:69:83:b2:b8:0b:fe:55:35:cb:b5:9f:
                    86:4c:1a:f2:bc:3a:d0:a7:6f:49:40:c8:fd:8d:ff:
                    e0:98:fc:47:98:1a:1e:10:a7:c3:be:86:4d:aa:9b:
                    b2:0a:d3:e6:da:48:ca:97:e0:12:91:24:ad:25:f4:
                    c3:93:e1:c9:8f:43:49:69:63:c7:5f:20:b9:9f:f1:
                    c9:92:03:e7:59:f8:77:8d:ff:0c:6b:4c:3b:0e:73:
                    80:84:82:0f:b6:50:3b:d6:74:52:c1:e9:15:d8:85:
                    a3:6d:8d:68:93:68:31:5e:25:a6:c9:50:a8:a5:fa:
                    9b:0a:34:b0:e3:6b:5e:ee:5a:e6:15:c8:db:0b:fd:
                    56:38:53:b2:ff:d6:d1:7e:d3:22:ed:9f:ee:45:56:
                    0a:2e:0a:c5:4a:ba:f1:46:e1:34:a2:42:ba:3a:5c:
                    0c:93:e5:2a:2e:73:b5:13:bc:72:4a:cf:e5:0e:eb:
                    51:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:20:F6:48:38:E8:30:2E:64:0A:A8:49:D0:BA:94:B3:BA:F3:32:7C
            X509v3 Authority Key Identifier:
                keyid:FF:31:49:24:73:A7:8C:6F:E9:F5:39:F9:FA:7D:22:52:56:0A:2B:7E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_zFJJHOnjG_p9Tn5-n0iUlYKK34.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/1b4105-3471-4592-bf07-73fd3bc19aa7/1/NiD2SDjoMC5kCqhJ0LqUs7rzMnw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/1b4105-3471-4592-bf07-73fd3bc19aa7/1/_zFJJHOnjG_p9Tn5-n0iUlYKK34.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:bf7:540::/48

    Signature Algorithm: sha256WithRSAEncryption
         4c:f1:28:d9:e2:01:78:28:90:8c:fb:0a:d3:2d:22:2f:59:e8:
         cb:7f:ff:0f:e9:1c:6e:47:82:df:43:74:49:f3:87:22:cf:9b:
         89:50:fc:01:d4:9a:5e:39:b5:22:79:e0:9e:18:e7:0c:dc:db:
         47:21:4f:ec:db:48:f2:73:ba:05:f7:3b:a7:38:91:1e:b2:c6:
         95:29:1d:65:1a:48:92:b4:a5:c3:69:dd:4a:e4:e4:74:09:b7:
         d1:f4:5c:13:06:9b:86:fd:71:c2:3f:59:6c:7b:4c:0f:1c:99:
         b3:5c:25:b3:58:56:64:28:15:7a:35:63:24:aa:ad:c4:f2:6c:
         1d:06:7b:d1:88:c2:f8:a4:6d:fe:17:82:1e:e8:97:4a:41:e2:
         cc:09:5b:6d:fa:75:0e:13:11:c3:df:ea:f8:df:62:a9:73:d7:
         4e:72:d8:77:0f:4a:ef:40:1c:f1:bc:09:98:53:7d:87:29:46:
         f3:ee:38:f7:84:81:82:c6:fe:93:74:c2:38:7d:d7:f7:ee:bd:
         62:9d:5d:16:89:fd:bc:1d:78:82:bd:b6:7f:84:46:41:cc:85:
         18:3c:57:26:87:d4:68:6f:7b:f9:a0:36:6b:c9:20:73:63:07:
         70:1b:8e:c5:2c:0e:9a:d6:c2:68:32:61:e2:35:9d:28:e3:59:
         85:7d:95:17
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQntc8cKImJpAxyF5RWLRGkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmMzE0OTI0NzNhNzhjNmZlOWY1MzlmOWZhN2QyMjUyNTYw
YTJiN2UwHhcNMjUwMTAyMTU1MDEzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNjIwZjY0ODM4ZTgzMDJlNjQwYWE4NDlkMGJhOTRiM2JhZjMzMjdjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA45H1Gy6rJ4zPV8ZIqwApwfkkJhNU
TbxFyWKrGYmS4yfuJ87tPgr8JHqghh97QbBKoI7QbcRfgML53AhplmcVxQ+Cb0p3
2zXlkIGVgWsEaYOyuAv+VTXLtZ+GTBryvDrQp29JQMj9jf/gmPxHmBoeEKfDvoZN
qpuyCtPm2kjKl+ASkSStJfTDk+HJj0NJaWPHXyC5n/HJkgPnWfh3jf8Ma0w7DnOA
hIIPtlA71nRSwekV2IWjbY1ok2gxXiWmyVCopfqbCjSw42te7lrmFcjbC/1WOFOy
/9bRftMi7Z/uRVYKLgrFSrrxRuE0okK6OlwMk+UqLnO1E7xySs/lDutRhwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFDYg9kg46DAuZAqoSdC6lLO68zJ8MB8GA1UdIwQY
MBaAFP8xSSRzp4xv6fU5+fp9IlJWCit+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX3pGSkpIT25qR19wOVRuNS1uMGlVbFlLSzM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8xYjQxMDUtMzQ3MS00NTkyLWJmMDct
NzNmZDNiYzE5YWE3LzEvTmlEMlNEam9NQzVrQ3FoSjBMcVVzN3J6TW53LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8xYjQxMDUtMzQ3MS00NTkyLWJmMDctNzNmZDNiYzE5YWE3
LzEvX3pGSkpIT25qR19wOVRuNS1uMGlVbFlLSzM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEL9wVA
MA0GCSqGSIb3DQEBCwUAA4IBAQBM8SjZ4gF4KJCM+wrTLSIvWejLf/8P6RxuR4Lf
Q3RJ84ciz5uJUPwB1JpeObUieeCeGOcM3NtHIU/s20jyc7oF9zunOJEessaVKR1l
GkiStKXDad1K5OR0CbfR9FwTBpuG/XHCP1lse0wPHJmzXCWzWFZkKBV6NWMkqq3E
8mwdBnvRiML4pG3+F4Ie6JdKQeLMCVtt+nUOExHD3+r432Kpc9dOcth3D0rvQBzx
vAmYU32HKUbz7jj3hIGCxv6TdMI4fdf37r1inV0Wif28HXiCvbZ/hEZBzIUYPFcm
h9Rob3v5oDZrySBzYwdwG47FLA6a1sJoMmHiNZ0o41mFfZUX
-----END CERTIFICATE-----