Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/hHEywYaHfKUQcTI03bmayi9T--k.roa
File:                     hHEywYaHfKUQcTI03bmayi9T--k.roa (raw, json)
Hash identifier:          sEX9+yxVaxANjIjg4Yfob4JVenU5rVWXr9jDyhUO5P4=
Subject key identifier:   84:71:32:C1:86:87:7C:A5:10:71:32:34:DD:B9:9A:CA:2F:53:FB:E9
Certificate issuer:       /CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
Certificate serial:       019423D723DFDF21A1A21F46CE0779A5F605
Authority key identifier: B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/hHEywYaHfKUQcTI03bmayi9T--k.roa
Signing time:             Wed 01 Jan 2025 21:48:09 +0000
ROA not before:           Wed 01 Jan 2025 21:48:09 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207415
IP address blocks:        2a09:5301:7220::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 10:07:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d7:23:df:df:21:a1:a2:1f:46:ce:07:79:a5:f6:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
        Validity
            Not Before: Jan  1 21:48:09 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=847132c186877ca510713234ddb99aca2f53fbe9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:a9:0d:aa:5f:42:d9:09:d0:a8:49:84:97:9a:
                    b7:83:a4:7b:cb:e3:23:18:29:51:5c:fa:0d:ac:c2:
                    46:69:4f:97:a7:bc:cf:c4:eb:8c:4c:f2:d3:79:98:
                    04:a4:94:0a:8d:81:e7:94:9e:a8:1a:72:db:5c:63:
                    e9:0e:5f:57:88:24:a8:89:09:13:a2:52:23:09:4b:
                    c7:e8:e1:00:57:e9:f9:79:d8:9a:ee:a0:b3:c2:1d:
                    16:a8:6f:f9:c1:b6:ec:d2:0a:93:67:65:c3:ba:6b:
                    5a:91:19:29:83:fe:51:ef:90:51:22:1b:52:00:bd:
                    56:a0:47:61:fb:dd:f5:01:2c:ae:1f:64:f2:11:10:
                    de:22:d4:4c:9b:ab:e7:5d:4c:e2:6a:42:37:97:77:
                    dd:ce:83:e4:a4:17:51:b5:be:3f:8b:43:62:5c:f9:
                    f8:b9:36:e2:4f:df:24:85:36:73:7c:3b:cd:e5:73:
                    37:ff:51:4b:ac:62:1e:b4:3e:1a:30:91:8b:15:8b:
                    f9:bc:34:91:de:fe:ae:ab:a9:f7:02:6d:c8:3f:4a:
                    37:aa:f7:9e:9b:d1:6a:3f:69:32:43:89:5d:64:7d:
                    b4:d8:5e:9d:af:a7:61:18:c1:4c:d2:c1:94:e8:4d:
                    de:5d:2a:07:51:6c:0e:0c:d2:cb:95:c7:95:4b:7e:
                    71:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:71:32:C1:86:87:7C:A5:10:71:32:34:DD:B9:9A:CA:2F:53:FB:E9
            X509v3 Authority Key Identifier:
                keyid:B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/hHEywYaHfKUQcTI03bmayi9T--k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a09:5301:7220::/48

    Signature Algorithm: sha256WithRSAEncryption
         a5:d3:72:d1:7b:6d:84:03:42:0f:f0:9c:77:b2:e5:d9:9b:b9:
         73:ac:92:73:63:f6:2a:a6:c3:83:cf:bc:b2:0b:d9:55:55:a0:
         31:78:02:4a:c5:da:68:48:7f:b1:84:51:88:41:53:85:2b:81:
         b6:b3:9e:31:b1:cb:36:55:86:df:6b:40:99:64:1f:d0:d9:90:
         0b:14:18:5d:92:48:d9:9a:0b:f2:63:5d:9e:39:a1:96:31:3c:
         d1:77:74:3a:0f:0d:d7:50:2d:36:29:95:bb:7c:46:ea:da:d3:
         b4:52:e3:7e:60:6b:c5:63:f2:4c:66:7f:d2:88:1e:8f:37:12:
         f6:2d:11:91:b6:53:4a:68:76:44:a6:ee:89:85:43:e9:87:4a:
         b2:54:6c:b6:dc:11:5d:10:05:b3:34:e1:2f:4f:ad:1b:fa:37:
         6c:79:76:92:09:3d:fe:96:6f:18:72:d1:0a:c9:b8:25:c3:00:
         29:d5:de:fe:e0:30:f0:f4:26:ee:b7:52:d3:fe:86:82:62:c7:
         9b:b1:2a:09:41:9c:97:22:c5:c9:4f:3c:b9:90:fb:f9:64:d3:
         ec:1c:26:76:51:d7:ee:44:b0:59:cf:d2:63:39:19:bc:5b:80:
         f9:02:33:b1:83:af:e1:b0:b0:8d:00:c6:03:e9:d3:bd:be:47:
         29:bd:1b:c5
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQj1yPf3yGhoh9Gzgd5pfYFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0Zjk2MzQ1ZDNmMjJlZGIzOTVkMjQ3ZjdiODZkMmQ3M2U0
YTAwOTEwHhcNMjUwMTAxMjE0ODA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NDcxMzJjMTg2ODc3Y2E1MTA3MTMyMzRkZGI5OWFjYTJmNTNmYmU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyKkNql9C2QnQqEmEl5q3g6R7y+Mj
GClRXPoNrMJGaU+Xp7zPxOuMTPLTeZgEpJQKjYHnlJ6oGnLbXGPpDl9XiCSoiQkT
olIjCUvH6OEAV+n5edia7qCzwh0WqG/5wbbs0gqTZ2XDumtakRkpg/5R75BRIhtS
AL1WoEdh+931ASyuH2TyERDeItRMm6vnXUziakI3l3fdzoPkpBdRtb4/i0NiXPn4
uTbiT98khTZzfDvN5XM3/1FLrGIetD4aMJGLFYv5vDSR3v6uq6n3Am3IP0o3qvee
m9FqP2kyQ4ldZH202F6dr6dhGMFM0sGU6E3eXSoHUWwODNLLlceVS35xuQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFIRxMsGGh3ylEHEyNN25msovU/vpMB8GA1UdIwQY
MBaAFLT5Y0XT8i7bOV0kf3uG0tc+SgCRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQt
NmZjMzQzZDc3Y2QyLzEvaEhFeXdZYUhmS1VRY1RJMDNibWF5aTlULS1rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQtNmZjMzQzZDc3Y2Qy
LzEvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKglTAXIg
MA0GCSqGSIb3DQEBCwUAA4IBAQCl03LRe22EA0IP8Jx3suXZm7lzrJJzY/YqpsOD
z7yyC9lVVaAxeAJKxdpoSH+xhFGIQVOFK4G2s54xscs2VYbfa0CZZB/Q2ZALFBhd
kkjZmgvyY12eOaGWMTzRd3Q6Dw3XUC02KZW7fEbq2tO0UuN+YGvFY/JMZn/SiB6P
NxL2LRGRtlNKaHZEpu6JhUPph0qyVGy23BFdEAWzNOEvT60b+jdseXaSCT3+lm8Y
ctEKybglwwAp1d7+4DDw9Cbut1LT/oaCYsebsSoJQZyXIsXJTzy5kPv5ZNPsHCZ2
UdfuRLBZz9JjORm8W4D5AjOxg6/hsLCNAMYD6dO9vkcpvRvF
-----END CERTIFICATE-----