Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c4/1c7917-8aa6-4c43-92dd-7476f42f2d9c/1/uo2GXB4VHSmg2Ip5LPqoztARweE.roa
File:                     uo2GXB4VHSmg2Ip5LPqoztARweE.roa (raw, json)
Hash identifier:          B+nheQmzK7tIfpNsYNuajCXoKRHWvlQECSBdwwc2A0o=
Subject key identifier:   BA:8D:86:5C:1E:15:1D:29:A0:D8:8A:79:2C:FA:A8:CE:D0:11:C1:E1
Certificate issuer:       /CN=ce5bf5201f18b402b8e628bc77f2252f769e70f2
Certificate serial:       01944B47B9EF283C9B757984867E015893A9
Authority key identifier: CE:5B:F5:20:1F:18:B4:02:B8:E6:28:BC:77:F2:25:2F:76:9E:70:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zlv1IB8YtAK45ii8d_IlL3aecPI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c4/1c7917-8aa6-4c43-92dd-7476f42f2d9c/1/uo2GXB4VHSmg2Ip5LPqoztARweE.roa
Signing time:             Thu 09 Jan 2025 13:36:19 +0000
ROA not before:           Thu 09 Jan 2025 13:36:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8075
IP address blocks:        2a02:d21::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c4/1c7917-8aa6-4c43-92dd-7476f42f2d9c/1/zlv1IB8YtAK45ii8d_IlL3aecPI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c4/1c7917-8aa6-4c43-92dd-7476f42f2d9c/1/zlv1IB8YtAK45ii8d_IlL3aecPI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zlv1IB8YtAK45ii8d_IlL3aecPI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:4b:47:b9:ef:28:3c:9b:75:79:84:86:7e:01:58:93:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ce5bf5201f18b402b8e628bc77f2252f769e70f2
        Validity
            Not Before: Jan  9 13:36:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ba8d865c1e151d29a0d88a792cfaa8ced011c1e1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:01:d9:4c:e6:49:48:01:f8:27:3b:f5:b2:e2:
                    1b:73:4f:f8:68:b8:d9:1c:11:bb:d1:a1:4b:57:45:
                    92:2d:28:4a:a8:3d:0a:3f:28:00:44:05:f1:be:ce:
                    25:e5:6e:85:49:cd:21:66:6d:0d:6a:63:25:77:68:
                    00:bc:e7:8a:3f:1b:3f:0b:31:8f:5f:80:19:81:d0:
                    72:37:81:59:2e:14:e3:fe:30:18:df:ec:9b:5c:da:
                    e0:cb:bd:bd:17:37:ce:25:d2:0d:63:38:21:88:05:
                    01:37:b7:76:ab:51:4e:1e:ab:16:86:e6:08:28:01:
                    4d:5c:52:b6:ba:d8:39:71:8a:30:ca:0f:3b:4c:2e:
                    c2:d8:f2:23:71:ba:61:6f:74:7b:61:d8:cf:89:e1:
                    8d:b8:a2:42:ee:a4:e1:96:dc:de:81:9d:45:9f:73:
                    b5:a6:d9:f6:fb:3a:ec:59:7b:d8:17:f3:d1:20:e0:
                    9f:51:d0:b9:8d:42:45:7c:3c:2a:32:34:5b:15:88:
                    c2:e7:6f:a2:80:7b:50:3c:72:68:7a:57:21:bd:b5:
                    30:10:69:b2:70:14:09:48:cd:66:28:0b:6a:c9:1b:
                    16:2f:13:95:9f:59:56:61:eb:d4:b6:6e:19:51:17:
                    8e:fd:d0:89:e3:d9:31:7a:78:6d:a5:3d:fe:90:1e:
                    a9:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:8D:86:5C:1E:15:1D:29:A0:D8:8A:79:2C:FA:A8:CE:D0:11:C1:E1
            X509v3 Authority Key Identifier:
                keyid:CE:5B:F5:20:1F:18:B4:02:B8:E6:28:BC:77:F2:25:2F:76:9E:70:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zlv1IB8YtAK45ii8d_IlL3aecPI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/1c7917-8aa6-4c43-92dd-7476f42f2d9c/1/uo2GXB4VHSmg2Ip5LPqoztARweE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/1c7917-8aa6-4c43-92dd-7476f42f2d9c/1/zlv1IB8YtAK45ii8d_IlL3aecPI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a02:d21::/48

    Signature Algorithm: sha256WithRSAEncryption
         c3:12:20:70:09:17:0f:48:7f:5e:30:b7:f1:f0:9b:db:2f:c0:
         01:c8:50:eb:56:60:38:bd:5d:bc:19:c0:28:a3:dd:10:1b:4d:
         9c:cc:68:58:24:02:36:7d:46:da:10:f5:0e:4c:88:44:f9:b6:
         f4:09:cc:a4:85:b0:f9:0d:59:46:bc:4b:44:f8:d7:cd:67:7b:
         1f:9e:af:c7:e1:c2:ec:17:f4:fd:e4:62:e6:4d:62:74:ac:f2:
         f4:8e:1d:37:37:45:99:27:06:06:0d:51:ae:e1:1a:4b:2d:a0:
         c3:55:47:d0:ed:6e:2b:2a:4f:96:25:e7:41:37:df:9b:7e:4f:
         26:2c:d0:88:3f:99:14:73:a1:b4:74:7e:e3:ca:08:8b:c1:b2:
         76:77:88:3a:4b:18:7e:57:33:a5:20:11:a6:95:be:1a:8b:2a:
         e1:1d:fa:7d:0e:a8:d0:8b:85:72:18:ad:54:12:3d:f4:c5:22:
         f3:93:4d:e0:b9:03:0b:11:09:33:47:d7:6f:36:86:8d:9c:ce:
         fb:0d:d1:0b:37:de:19:da:7f:d0:96:49:30:a3:9e:49:f7:ad:
         01:57:2b:dc:65:33:27:d8:4c:cf:1b:fd:55:d0:6f:99:5b:9f:
         86:1f:dd:c1:6f:d6:06:62:bd:06:27:ff:ce:40:13:44:93:ad:
         72:cf:61:9b
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZRLR7nvKDybdXmEhn4BWJOpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNlNWJmNTIwMWYxOGI0MDJiOGU2MjhiYzc3ZjIyNTJmNzY5
ZTcwZjIwHhcNMjUwMTA5MTMzNjE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYThkODY1YzFlMTUxZDI5YTBkODhhNzkyY2ZhYThjZWQwMTFjMWUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmgHZTOZJSAH4Jzv1suIbc0/4aLjZ
HBG70aFLV0WSLShKqD0KPygARAXxvs4l5W6FSc0hZm0NamMld2gAvOeKPxs/CzGP
X4AZgdByN4FZLhTj/jAY3+ybXNrgy729FzfOJdINYzghiAUBN7d2q1FOHqsWhuYI
KAFNXFK2utg5cYowyg87TC7C2PIjcbphb3R7YdjPieGNuKJC7qThltzegZ1Fn3O1
ptn2+zrsWXvYF/PRIOCfUdC5jUJFfDwqMjRbFYjC52+igHtQPHJoelchvbUwEGmy
cBQJSM1mKAtqyRsWLxOVn1lWYevUtm4ZUReO/dCJ49kxenhtpT3+kB6p9QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFLqNhlweFR0poNiKeSz6qM7QEcHhMB8GA1UdIwQY
MBaAFM5b9SAfGLQCuOYovHfyJS92nnDyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemx2MUlCOFl0QUs0NWlpOGRfSWxMM2FlY1BJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNC8xYzc5MTctOGFhNi00YzQzLTkyZGQt
NzQ3NmY0MmYyZDljLzEvdW8yR1hCNFZIU21nMklwNUxQcW96dEFSd2VFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNC8xYzc5MTctOGFhNi00YzQzLTkyZGQtNzQ3NmY0MmYyZDlj
LzEvemx2MUlCOFl0QUs0NWlpOGRfSWxMM2FlY1BJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgINIQAA
MA0GCSqGSIb3DQEBCwUAA4IBAQDDEiBwCRcPSH9eMLfx8JvbL8AByFDrVmA4vV28
GcAoo90QG02czGhYJAI2fUbaEPUOTIhE+bb0CcykhbD5DVlGvEtE+NfNZ3sfnq/H
4cLsF/T95GLmTWJ0rPL0jh03N0WZJwYGDVGu4RpLLaDDVUfQ7W4rKk+WJedBN9+b
fk8mLNCIP5kUc6G0dH7jygiLwbJ2d4g6Sxh+VzOlIBGmlb4aiyrhHfp9DqjQi4Vy
GK1UEj30xSLzk03guQMLEQkzR9dvNoaNnM77DdELN94Z2n/Qlkkwo55J960BVyvc
ZTMn2EzPG/1V0G+ZW5+GH93Bb9YGYr0GJ//OQBNEk61yz2Gb
-----END CERTIFICATE-----