Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cd/04cb8b-0f54-45fb-9f1e-ac2b74d0c699/1/S7R40cp3GhnKkmjft9RMef_54Y8.roa
File:                     S7R40cp3GhnKkmjft9RMef_54Y8.roa (raw, json)
Hash identifier:          8lQswAz9iKln85edEU2eDSuB3VyL1jNQyiwguuxfyac=
Subject key identifier:   4B:B4:78:D1:CA:77:1A:19:CA:92:68:DF:B7:D4:4C:79:FF:F9:E1:8F
Certificate issuer:       /CN=2ef9269ab7f614c1ecfa2359928eee5def39a09d
Certificate serial:       0195625AE86CDE7075F850EE44C0B21AE11E
Authority key identifier: 2E:F9:26:9A:B7:F6:14:C1:EC:FA:23:59:92:8E:EE:5D:EF:39:A0:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Lvkmmrf2FMHs-iNZko7uXe85oJ0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cd/04cb8b-0f54-45fb-9f1e-ac2b74d0c699/1/S7R40cp3GhnKkmjft9RMef_54Y8.roa
Signing time:             Tue 04 Mar 2025 18:11:19 +0000
ROA not before:           Tue 04 Mar 2025 18:11:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212322
IP address blocks:        2001:678:1048::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cd/04cb8b-0f54-45fb-9f1e-ac2b74d0c699/1/Lvkmmrf2FMHs-iNZko7uXe85oJ0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cd/04cb8b-0f54-45fb-9f1e-ac2b74d0c699/1/Lvkmmrf2FMHs-iNZko7uXe85oJ0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Lvkmmrf2FMHs-iNZko7uXe85oJ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 13:16:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:62:5a:e8:6c:de:70:75:f8:50:ee:44:c0:b2:1a:e1:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2ef9269ab7f614c1ecfa2359928eee5def39a09d
        Validity
            Not Before: Mar  4 18:11:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4bb478d1ca771a19ca9268dfb7d44c79fff9e18f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:02:ab:5a:90:d0:b5:b8:09:b9:67:42:d5:1d:
                    62:e9:87:50:a5:f9:7c:ef:39:e5:e6:ec:f9:e8:ba:
                    68:f2:58:7c:7f:54:20:a6:c1:34:a7:1c:fe:c5:9f:
                    fb:7a:0c:26:1f:7f:d4:6b:27:75:75:4e:ea:9a:37:
                    b8:82:89:8f:51:5d:5e:23:dd:dd:44:64:15:aa:cf:
                    35:fd:f1:c7:8a:32:6d:db:c0:88:e0:2c:e5:ac:5c:
                    66:da:d7:db:5f:02:c4:f5:d6:0a:2b:28:04:88:e0:
                    b9:e6:9f:3a:c8:af:54:65:17:ae:6d:39:ff:21:46:
                    66:c3:fb:51:e7:11:51:a0:4d:8a:23:aa:9d:f1:e0:
                    61:28:66:33:73:aa:40:3e:a4:10:39:29:80:15:bc:
                    0b:e3:fa:74:dc:7a:70:f2:a8:1e:20:00:18:9e:6b:
                    d2:56:49:44:b0:f9:c5:f6:c3:3b:b9:83:c9:ae:41:
                    03:ee:b0:6a:a3:4f:5d:d3:72:71:c4:c6:57:79:4d:
                    f8:8c:78:85:3c:c4:c1:78:50:c7:9f:c6:1a:13:88:
                    8f:81:6b:c3:5a:21:9b:95:95:e9:8b:f1:57:35:c3:
                    d3:0c:1a:e1:34:64:33:ba:f7:c9:c8:aa:e2:a1:24:
                    48:9a:c2:49:a9:35:e2:bd:8d:2d:fc:50:ba:c3:32:
                    31:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:B4:78:D1:CA:77:1A:19:CA:92:68:DF:B7:D4:4C:79:FF:F9:E1:8F
            X509v3 Authority Key Identifier:
                keyid:2E:F9:26:9A:B7:F6:14:C1:EC:FA:23:59:92:8E:EE:5D:EF:39:A0:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Lvkmmrf2FMHs-iNZko7uXe85oJ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/04cb8b-0f54-45fb-9f1e-ac2b74d0c699/1/S7R40cp3GhnKkmjft9RMef_54Y8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/04cb8b-0f54-45fb-9f1e-ac2b74d0c699/1/Lvkmmrf2FMHs-iNZko7uXe85oJ0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:1048::/48

    Signature Algorithm: sha256WithRSAEncryption
         0b:f2:9a:41:95:9c:48:e3:a0:a5:03:9b:21:ae:a3:36:f1:da:
         7e:da:ee:5a:4d:b3:97:77:8a:1f:4f:03:6a:86:19:bd:36:7d:
         14:a4:6b:25:5b:4a:f2:ea:01:22:e1:a3:73:d8:a6:18:d3:67:
         22:f7:fb:95:a6:9f:5e:8e:d8:b3:45:37:6b:45:cd:41:5f:6a:
         14:3f:06:b6:e9:63:e7:f0:d4:ea:d4:04:a9:41:b8:27:b2:02:
         a9:7e:16:b1:96:c3:90:b0:94:65:e4:f5:73:e8:33:22:a5:50:
         40:ee:cb:be:84:20:00:c1:35:27:2f:f6:7b:59:8a:b9:28:d2:
         f2:ab:01:15:69:3b:90:40:24:55:21:30:d2:89:c0:df:7b:16:
         5b:08:bc:ff:d0:62:a5:d4:3c:48:bd:24:5b:19:e9:a8:cc:d6:
         b0:a8:de:a6:36:25:e6:f6:eb:44:4a:21:74:5d:fd:7c:4d:b1:
         1f:20:c3:2f:fb:a8:c3:30:47:c4:9f:60:5b:1b:0e:fa:55:74:
         de:8a:6a:66:bd:30:b7:80:8b:f2:c1:8f:2f:51:3f:43:f6:e8:
         83:c6:b7:92:2f:ca:7f:0c:e9:e6:86:36:31:b6:4a:e1:77:ca:
         35:87:c1:b4:7f:67:61:31:80:f6:e2:7e:33:2e:e4:2d:68:4b:
         63:a2:ff:04
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZViWuhs3nB1+FDuRMCyGuEeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlZjkyNjlhYjdmNjE0YzFlY2ZhMjM1OTkyOGVlZTVkZWYz
OWEwOWQwHhcNMjUwMzA0MTgxMTE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YmI0NzhkMWNhNzcxYTE5Y2E5MjY4ZGZiN2Q0NGM3OWZmZjllMThmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0gKrWpDQtbgJuWdC1R1i6YdQpfl8
7znl5uz56Lpo8lh8f1QgpsE0pxz+xZ/7egwmH3/Uayd1dU7qmje4gomPUV1eI93d
RGQVqs81/fHHijJt28CI4CzlrFxm2tfbXwLE9dYKKygEiOC55p86yK9UZReubTn/
IUZmw/tR5xFRoE2KI6qd8eBhKGYzc6pAPqQQOSmAFbwL4/p03Hpw8qgeIAAYnmvS
VklEsPnF9sM7uYPJrkED7rBqo09d03JxxMZXeU34jHiFPMTBeFDHn8YaE4iPgWvD
WiGblZXpi/FXNcPTDBrhNGQzuvfJyKrioSRImsJJqTXivY0t/FC6wzIxkwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFEu0eNHKdxoZypJo37fUTHn/+eGPMB8GA1UdIwQY
MBaAFC75Jpq39hTB7PojWZKO7l3vOaCdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTHZrbW1yZjJGTUhzLWlOWmtvN3VYZTg1b0owLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZC8wNGNiOGItMGY1NC00NWZiLTlmMWUt
YWMyYjc0ZDBjNjk5LzEvUzdSNDBjcDNHaG5La21qZnQ5Uk1lZl81NFk4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZC8wNGNiOGItMGY1NC00NWZiLTlmMWUtYWMyYjc0ZDBjNjk5
LzEvTHZrbW1yZjJGTUhzLWlOWmtvN3VYZTg1b0owLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeBBI
MA0GCSqGSIb3DQEBCwUAA4IBAQAL8ppBlZxI46ClA5shrqM28dp+2u5aTbOXd4of
TwNqhhm9Nn0UpGslW0ry6gEi4aNz2KYY02ci9/uVpp9ejtizRTdrRc1BX2oUPwa2
6WPn8NTq1ASpQbgnsgKpfhaxlsOQsJRl5PVz6DMipVBA7su+hCAAwTUnL/Z7WYq5
KNLyqwEVaTuQQCRVITDSicDfexZbCLz/0GKl1DxIvSRbGemozNawqN6mNiXm9utE
SiF0Xf18TbEfIMMv+6jDMEfEn2BbGw76VXTeimpmvTC3gIvywY8vUT9D9uiDxreS
L8p/DOnmhjYxtkrhd8o1h8G0f2dhMYD24n4zLuQtaEtjov8E
-----END CERTIFICATE-----