Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c4/11e5b3-43aa-4279-9441-7e8c6d4d9bef/1/OsAkT1Bjc6Bx57ink5LVscASSVM.roa
File:                     OsAkT1Bjc6Bx57ink5LVscASSVM.roa (raw, json)
Hash identifier:          Me3jYRS4jKNnlOdyWwLlCaXNsCc57NzdmZ5lT79t3Rw=
Subject key identifier:   3A:C0:24:4F:50:63:73:A0:71:E7:B8:A7:93:92:D5:B1:C0:12:49:53
Certificate issuer:       /CN=ffdec4a46a6e6e4f9a92d0ba2e0b3ab5658be1bd
Certificate serial:       019423D75C8014CDB1ACEF3E0A75F7FB40ED
Authority key identifier: FF:DE:C4:A4:6A:6E:6E:4F:9A:92:D0:BA:2E:0B:3A:B5:65:8B:E1:BD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_97EpGpubk-aktC6Lgs6tWWL4b0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c4/11e5b3-43aa-4279-9441-7e8c6d4d9bef/1/OsAkT1Bjc6Bx57ink5LVscASSVM.roa
Signing time:             Wed 01 Jan 2025 21:48:23 +0000
ROA not before:           Wed 01 Jan 2025 21:48:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     9053
IP address blocks:        2a0a:54c1:28::/48 maxlen: 48
                          2a0a:54c1:29::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c4/11e5b3-43aa-4279-9441-7e8c6d4d9bef/1/_97EpGpubk-aktC6Lgs6tWWL4b0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c4/11e5b3-43aa-4279-9441-7e8c6d4d9bef/1/_97EpGpubk-aktC6Lgs6tWWL4b0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_97EpGpubk-aktC6Lgs6tWWL4b0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 10:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d7:5c:80:14:cd:b1:ac:ef:3e:0a:75:f7:fb:40:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ffdec4a46a6e6e4f9a92d0ba2e0b3ab5658be1bd
        Validity
            Not Before: Jan  1 21:48:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3ac0244f506373a071e7b8a79392d5b1c0124953
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:ef:44:69:f4:45:fd:b6:c8:c1:86:68:11:db:
                    a4:ac:ca:a2:e3:92:90:36:6c:a7:bb:64:5f:02:26:
                    da:1b:1c:fb:b5:a9:50:3c:cc:b1:6f:23:7a:1a:36:
                    21:69:b4:04:05:47:b3:a8:e6:9d:72:c5:7d:0d:fe:
                    c3:0d:93:63:b1:ed:8f:5b:92:7a:83:47:36:32:a1:
                    68:9d:27:ea:69:3b:c6:79:7b:91:14:f5:18:27:00:
                    12:51:d7:1c:eb:76:31:44:6e:81:68:3c:c9:7b:1c:
                    6d:9b:58:6f:93:b8:20:c2:f1:2c:16:be:9b:a9:3d:
                    e2:4e:31:67:e4:48:12:61:cc:22:8a:81:db:e7:32:
                    db:44:17:78:f6:0b:97:99:97:2a:fc:c2:14:bd:94:
                    d6:e1:0c:4f:72:47:15:24:56:44:89:58:30:24:fb:
                    7b:6a:5f:6c:86:8e:54:59:94:6c:5a:79:f9:4c:18:
                    65:30:4e:2c:9d:ee:af:b0:7d:e6:b9:64:cb:7e:dc:
                    c5:98:b7:91:c3:3d:6b:c2:c0:20:e7:38:5c:b9:14:
                    cf:99:74:9f:84:f3:6b:7c:0c:d7:27:a7:c9:ad:4a:
                    6c:db:94:05:3f:68:51:4f:2c:47:39:02:cb:74:f1:
                    28:54:1e:1a:b7:e3:a7:ed:a8:13:fe:28:93:bd:43:
                    23:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:C0:24:4F:50:63:73:A0:71:E7:B8:A7:93:92:D5:B1:C0:12:49:53
            X509v3 Authority Key Identifier:
                keyid:FF:DE:C4:A4:6A:6E:6E:4F:9A:92:D0:BA:2E:0B:3A:B5:65:8B:E1:BD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_97EpGpubk-aktC6Lgs6tWWL4b0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/11e5b3-43aa-4279-9441-7e8c6d4d9bef/1/OsAkT1Bjc6Bx57ink5LVscASSVM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/11e5b3-43aa-4279-9441-7e8c6d4d9bef/1/_97EpGpubk-aktC6Lgs6tWWL4b0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0a:54c1:28::/47

    Signature Algorithm: sha256WithRSAEncryption
         6f:94:7b:04:6a:59:27:07:8b:c8:3b:92:7f:e4:33:ca:98:7a:
         b2:1c:6c:2b:3e:45:a3:12:d7:f0:d5:ee:5b:b5:c9:a6:6a:e8:
         28:47:d8:d0:3e:4d:c1:cb:7b:a3:7b:83:70:9e:e3:60:24:5f:
         8d:e1:ac:68:bf:23:f4:75:76:25:2c:2f:a8:d2:30:9f:b7:4f:
         c6:82:4c:48:48:15:76:56:9f:5a:e8:89:2e:26:78:78:9c:33:
         bf:1e:3b:a7:e9:89:4d:b8:11:3d:3a:f8:63:32:96:dd:9b:ac:
         fe:70:f8:33:f9:cf:b8:d9:38:12:41:3a:6c:62:98:a9:99:7f:
         df:9e:e5:61:ca:78:14:43:91:68:92:de:17:04:db:a8:82:28:
         76:43:34:54:52:7f:34:da:78:eb:83:07:19:ce:ef:93:40:d0:
         d3:0f:f1:db:85:b3:6a:bc:4f:0e:86:c9:63:a4:21:96:ee:25:
         ed:22:0d:25:ba:1a:47:4c:ba:0a:b4:c8:1c:94:00:5e:09:66:
         43:6b:87:a5:44:bd:e6:22:50:c1:d5:3a:ae:96:c2:87:da:44:
         b5:69:8b:fc:76:00:94:5d:91:90:26:91:22:da:a6:1b:a6:2f:
         21:be:da:5a:92:0b:58:f8:ce:bb:0b:83:71:7b:4b:95:4c:17:
         36:62:1a:f3
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQj11yAFM2xrO8+CnX3+0DtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmZGVjNGE0NmE2ZTZlNGY5YTkyZDBiYTJlMGIzYWI1NjU4
YmUxYmQwHhcNMjUwMTAxMjE0ODIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYWMwMjQ0ZjUwNjM3M2EwNzFlN2I4YTc5MzkyZDViMWMwMTI0OTUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0e9EafRF/bbIwYZoEdukrMqi45KQ
Nmynu2RfAibaGxz7talQPMyxbyN6GjYhabQEBUezqOadcsV9Df7DDZNjse2PW5J6
g0c2MqFonSfqaTvGeXuRFPUYJwASUdcc63YxRG6BaDzJexxtm1hvk7ggwvEsFr6b
qT3iTjFn5EgSYcwiioHb5zLbRBd49guXmZcq/MIUvZTW4QxPckcVJFZEiVgwJPt7
al9sho5UWZRsWnn5TBhlME4sne6vsH3muWTLftzFmLeRwz1rwsAg5zhcuRTPmXSf
hPNrfAzXJ6fJrUps25QFP2hRTyxHOQLLdPEoVB4at+On7agT/iiTvUMj3QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFDrAJE9QY3Ogcee4p5OS1bHAEklTMB8GA1UdIwQY
MBaAFP/exKRqbm5PmpLQui4LOrVli+G9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzk3RXBHcHViay1ha3RDNkxnczZ0V1dMNGIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNC8xMWU1YjMtNDNhYS00Mjc5LTk0NDEt
N2U4YzZkNGQ5YmVmLzEvT3NBa1QxQmpjNkJ4NTdpbms1TFZzY0FTU1ZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNC8xMWU1YjMtNDNhYS00Mjc5LTk0NDEtN2U4YzZkNGQ5YmVm
LzEvXzk3RXBHcHViay1ha3RDNkxnczZ0V1dMNGIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcBKgpUwQAo
MA0GCSqGSIb3DQEBCwUAA4IBAQBvlHsEalknB4vIO5J/5DPKmHqyHGwrPkWjEtfw
1e5btcmmaugoR9jQPk3By3uje4NwnuNgJF+N4axovyP0dXYlLC+o0jCft0/GgkxI
SBV2Vp9a6IkuJnh4nDO/Hjun6YlNuBE9OvhjMpbdm6z+cPgz+c+42TgSQTpsYpip
mX/fnuVhyngUQ5Fokt4XBNuogih2QzRUUn802njrgwcZzu+TQNDTD/HbhbNqvE8O
hsljpCGW7iXtIg0luhpHTLoKtMgclABeCWZDa4elRL3mIlDB1TqulsKH2kS1aYv8
dgCUXZGQJpEi2qYbpi8hvtpakgtY+M67C4Nxe0uVTBc2Yhrz
-----END CERTIFICATE-----