Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c6/03b1e7-3113-48d6-9b78-b2884888ad3f/1/DoCQ0WPbgwcXZ4qLqyGmmLKcBIU.roa
File:                     DoCQ0WPbgwcXZ4qLqyGmmLKcBIU.roa (raw, json)
Hash identifier:          LDl36XNVECsld58k0VIf2xAj0pQ9aqDkf1O/p+KSfsg=
Subject key identifier:   0E:80:90:D1:63:DB:83:07:17:67:8A:8B:AB:21:A6:98:B2:9C:04:85
Certificate issuer:       /CN=eb764111aeffa86bd1ec3ca885b63de7f5650f6e
Certificate serial:       019423690162DBBFC5F5C571782632F10A84
Authority key identifier: EB:76:41:11:AE:FF:A8:6B:D1:EC:3C:A8:85:B6:3D:E7:F5:65:0F:6E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/63ZBEa7_qGvR7DyohbY95_VlD24.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c6/03b1e7-3113-48d6-9b78-b2884888ad3f/1/DoCQ0WPbgwcXZ4qLqyGmmLKcBIU.roa
Signing time:             Wed 01 Jan 2025 19:47:51 +0000
ROA not before:           Wed 01 Jan 2025 19:47:51 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     20473
IP address blocks:        2001:67c:b08::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c6/03b1e7-3113-48d6-9b78-b2884888ad3f/1/63ZBEa7_qGvR7DyohbY95_VlD24.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c6/03b1e7-3113-48d6-9b78-b2884888ad3f/1/63ZBEa7_qGvR7DyohbY95_VlD24.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/63ZBEa7_qGvR7DyohbY95_VlD24.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:69:01:62:db:bf:c5:f5:c5:71:78:26:32:f1:0a:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eb764111aeffa86bd1ec3ca885b63de7f5650f6e
        Validity
            Not Before: Jan  1 19:47:51 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0e8090d163db830717678a8bab21a698b29c0485
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:a3:6a:7d:d6:ed:e3:ca:76:bb:a4:18:f5:b4:
                    15:8b:ba:85:d8:2a:2e:a9:10:8d:ae:25:62:8d:78:
                    80:6a:3e:1f:7e:c1:5d:80:ff:e9:2a:e9:ef:c7:3d:
                    92:1c:af:7b:1c:10:02:83:fc:6d:fa:1d:5b:23:e1:
                    44:d0:72:fc:62:ed:68:ee:85:65:89:e6:7c:87:3b:
                    2a:f5:01:f9:f4:fa:51:81:84:6d:00:cd:06:19:94:
                    9b:1b:52:d8:08:01:12:7d:1b:8f:d8:41:9e:e8:d6:
                    43:6b:41:8f:b4:ea:5a:d8:0f:e0:6b:49:ff:c8:e5:
                    82:da:11:61:54:eb:0f:78:47:0a:4e:26:b9:13:b9:
                    a8:57:d4:80:18:4e:8d:4b:3f:30:5c:61:da:83:02:
                    68:e5:97:31:74:b6:9c:ca:08:d8:69:4a:89:16:5e:
                    d3:79:48:27:cc:51:ab:f3:ce:10:13:aa:ad:d6:ec:
                    50:fb:ef:4d:9b:b2:81:80:fb:3c:43:1f:94:01:1b:
                    d3:07:fc:8b:eb:20:db:49:58:74:79:c9:30:67:d2:
                    f0:47:43:5b:ca:0c:45:82:91:89:20:29:e7:e0:83:
                    c2:cf:ab:09:77:88:ce:80:8a:50:74:0d:c6:b3:c3:
                    81:06:6b:9a:d1:8e:31:32:a5:59:92:18:34:1a:5a:
                    46:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:80:90:D1:63:DB:83:07:17:67:8A:8B:AB:21:A6:98:B2:9C:04:85
            X509v3 Authority Key Identifier:
                keyid:EB:76:41:11:AE:FF:A8:6B:D1:EC:3C:A8:85:B6:3D:E7:F5:65:0F:6E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/63ZBEa7_qGvR7DyohbY95_VlD24.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c6/03b1e7-3113-48d6-9b78-b2884888ad3f/1/DoCQ0WPbgwcXZ4qLqyGmmLKcBIU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c6/03b1e7-3113-48d6-9b78-b2884888ad3f/1/63ZBEa7_qGvR7DyohbY95_VlD24.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:b08::/48

    Signature Algorithm: sha256WithRSAEncryption
         40:8f:bd:90:35:ab:1c:ea:35:47:0e:de:5b:06:71:e7:ee:f8:
         d6:4e:aa:6b:95:7e:d3:37:37:cb:38:4d:11:50:32:b4:0c:74:
         38:a3:4c:ff:32:87:a6:76:43:89:aa:e0:a1:ba:55:b7:7b:c5:
         ce:8c:47:de:c8:16:6b:72:bc:6c:05:da:85:4b:e0:0c:b7:50:
         64:2c:de:6c:7d:1e:11:0c:28:96:7a:be:a9:92:ea:aa:a0:c9:
         1d:c6:97:66:72:99:84:17:cc:e8:5f:96:cc:43:3d:03:ab:0a:
         b3:ef:8d:7f:7b:06:03:f6:8f:3a:b3:5c:c9:22:01:c2:6d:2e:
         ce:9b:cf:f1:c2:f0:1f:82:45:a1:25:38:f6:b3:1f:8f:fc:b4:
         da:55:27:7e:60:ad:15:d6:08:24:35:dd:d2:76:aa:84:75:02:
         c0:18:3c:7f:0a:75:23:5c:70:da:57:93:dc:34:65:89:de:51:
         79:5d:25:a6:9b:d5:3a:e0:21:73:9f:db:1e:89:73:5c:1b:3d:
         31:e4:81:be:cf:9b:cb:c8:b5:d3:29:7e:e7:7b:4d:6b:f7:6b:
         9d:f0:8c:bd:fd:98:c5:df:8e:a2:d8:a8:76:c0:ee:2e:73:63:
         e9:49:9d:c5:bc:ff:17:13:30:ce:68:82:a3:cb:16:2c:b4:83:
         d0:ed:4f:68
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQjaQFi27/F9cVxeCYy8QqEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGViNzY0MTExYWVmZmE4NmJkMWVjM2NhODg1YjYzZGU3ZjU2
NTBmNmUwHhcNMjUwMTAxMTk0NzUxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZTgwOTBkMTYzZGI4MzA3MTc2NzhhOGJhYjIxYTY5OGIyOWMwNDg1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs6Nqfdbt48p2u6QY9bQVi7qF2Cou
qRCNriVijXiAaj4ffsFdgP/pKunvxz2SHK97HBACg/xt+h1bI+FE0HL8Yu1o7oVl
ieZ8hzsq9QH59PpRgYRtAM0GGZSbG1LYCAESfRuP2EGe6NZDa0GPtOpa2A/ga0n/
yOWC2hFhVOsPeEcKTia5E7moV9SAGE6NSz8wXGHagwJo5ZcxdLacygjYaUqJFl7T
eUgnzFGr884QE6qt1uxQ++9Nm7KBgPs8Qx+UARvTB/yL6yDbSVh0eckwZ9LwR0Nb
ygxFgpGJICnn4IPCz6sJd4jOgIpQdA3Gs8OBBmua0Y4xMqVZkhg0GlpGuwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFA6AkNFj24MHF2eKi6shppiynASFMB8GA1UdIwQY
MBaAFOt2QRGu/6hr0ew8qIW2Pef1ZQ9uMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNjNaQkVhN19xR3ZSN0R5b2hiWTk1X1ZsRDI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNi8wM2IxZTctMzExMy00OGQ2LTliNzgt
YjI4ODQ4ODhhZDNmLzEvRG9DUTBXUGJnd2NYWjRxTHF5R21tTEtjQklVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNi8wM2IxZTctMzExMy00OGQ2LTliNzgtYjI4ODQ4ODhhZDNm
LzEvNjNaQkVhN19xR3ZSN0R5b2hiWTk1X1ZsRDI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfAsI
MA0GCSqGSIb3DQEBCwUAA4IBAQBAj72QNasc6jVHDt5bBnHn7vjWTqprlX7TNzfL
OE0RUDK0DHQ4o0z/MoemdkOJquChulW3e8XOjEfeyBZrcrxsBdqFS+AMt1BkLN5s
fR4RDCiWer6pkuqqoMkdxpdmcpmEF8zoX5bMQz0Dqwqz741/ewYD9o86s1zJIgHC
bS7Om8/xwvAfgkWhJTj2sx+P/LTaVSd+YK0V1ggkNd3SdqqEdQLAGDx/CnUjXHDa
V5PcNGWJ3lF5XSWmm9U64CFzn9seiXNcGz0x5IG+z5vLyLXTKX7ne01r92ud8Iy9
/ZjF346i2Kh2wO4uc2PpSZ3FvP8XEzDOaIKjyxYstIPQ7U9o
-----END CERTIFICATE-----