Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/dDJN0I-9g4eaOayV-D2asHocLds.roa
File:                     dDJN0I-9g4eaOayV-D2asHocLds.roa (raw, json)
Hash identifier:          OsVUxzOWHIIvs3G+yIJ8EZTTKtiy3cB0zrqdRNa7zHY=
Subject key identifier:   74:32:4D:D0:8F:BD:83:87:9A:39:AC:95:F8:3D:9A:B0:7A:1C:2D:DB
Certificate issuer:       /CN=b4253c4f233ce9847699ae68ecbf5d7514b0fadb
Certificate serial:       019423D76C0C1F20481BC0FAA706EB7CF30F
Authority key identifier: B4:25:3C:4F:23:3C:E9:84:76:99:AE:68:EC:BF:5D:75:14:B0:FA:DB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tCU8TyM86YR2ma5o7L9ddRSw-ts.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/dDJN0I-9g4eaOayV-D2asHocLds.roa
Signing time:             Wed 01 Jan 2025 21:48:27 +0000
ROA not before:           Wed 01 Jan 2025 21:48:27 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     203125
IP address blocks:        2a01:367:3953::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/tCU8TyM86YR2ma5o7L9ddRSw-ts.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/tCU8TyM86YR2ma5o7L9ddRSw-ts.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tCU8TyM86YR2ma5o7L9ddRSw-ts.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 13:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d7:6c:0c:1f:20:48:1b:c0:fa:a7:06:eb:7c:f3:0f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4253c4f233ce9847699ae68ecbf5d7514b0fadb
        Validity
            Not Before: Jan  1 21:48:27 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=74324dd08fbd83879a39ac95f83d9ab07a1c2ddb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:bc:cf:8f:a7:7a:ac:67:49:2e:76:5e:57:25:
                    29:e7:f5:eb:e0:6a:17:3f:2d:6a:95:c8:23:d9:1c:
                    96:0e:e2:7a:bd:59:e6:2f:f3:c7:da:ca:1c:f9:1c:
                    a2:66:3e:da:b4:42:15:87:34:39:73:cd:57:4b:a7:
                    42:96:79:82:b7:ab:c7:e7:d5:be:26:d4:90:83:28:
                    aa:1c:34:ae:04:69:9c:28:6d:78:8b:20:31:c2:44:
                    6d:fb:8b:f1:e9:67:36:e2:49:1b:4c:18:f8:9c:2b:
                    b1:f5:27:ec:2a:6d:c9:06:35:e3:57:e8:2e:7b:b3:
                    f1:c1:a9:ab:c7:54:75:01:2d:33:63:4b:57:ff:4e:
                    80:01:40:3f:35:cd:c9:e5:38:8f:7d:1d:02:e6:e9:
                    12:e9:e5:f4:99:8e:ba:56:73:8d:0a:05:72:e4:3f:
                    fa:23:c9:af:d9:b0:15:ea:35:ec:f7:9c:a6:a3:c9:
                    1d:a3:5f:f9:5f:03:92:0a:a3:c1:c8:4c:47:78:a1:
                    30:7e:06:1b:e1:24:e2:34:6b:94:de:ed:b9:68:9c:
                    f6:69:5d:ef:5f:ed:93:32:96:e8:05:17:eb:13:47:
                    98:4d:15:13:11:51:0b:da:5b:59:0a:a8:6c:ff:df:
                    0d:99:79:78:46:3f:01:d9:85:a7:5d:7d:ce:85:bf:
                    6a:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:32:4D:D0:8F:BD:83:87:9A:39:AC:95:F8:3D:9A:B0:7A:1C:2D:DB
            X509v3 Authority Key Identifier:
                keyid:B4:25:3C:4F:23:3C:E9:84:76:99:AE:68:EC:BF:5D:75:14:B0:FA:DB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tCU8TyM86YR2ma5o7L9ddRSw-ts.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/dDJN0I-9g4eaOayV-D2asHocLds.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/tCU8TyM86YR2ma5o7L9ddRSw-ts.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:367:3953::/48

    Signature Algorithm: sha256WithRSAEncryption
         a2:f0:8b:4c:00:bc:da:0a:7a:ea:61:a3:e6:80:bf:e0:29:5c:
         ee:4f:a7:f0:84:20:66:25:c7:cb:b7:1a:6f:a7:de:26:26:43:
         dc:ed:ce:01:9d:9b:23:7a:1e:db:f7:c4:7a:c1:cc:97:38:63:
         8e:42:7a:f2:71:fe:9d:b7:27:5e:01:83:d7:fb:c0:a0:04:df:
         f1:1d:7c:60:a7:85:44:3a:a6:b7:31:66:5f:47:2f:08:89:be:
         31:a4:d4:4a:4f:b4:8b:08:a7:6b:9b:c2:49:79:b1:44:06:77:
         60:e8:2d:59:d6:39:34:5a:d7:04:bf:99:e9:31:71:a8:36:e6:
         0b:f4:80:01:27:88:b1:40:f3:ba:e5:90:6f:5f:51:62:e3:72:
         cf:5c:05:ed:be:f6:2f:77:84:50:d0:e4:50:2f:54:43:af:04:
         a0:ab:db:06:e2:94:4a:75:24:8f:b8:21:e2:63:3b:8a:d4:5c:
         ff:e3:7d:ef:bc:40:07:48:10:4c:82:a3:e2:1c:09:8b:92:ca:
         9c:c4:e5:be:f0:42:eb:31:b9:ff:e7:5a:65:21:21:c1:75:7f:
         16:bc:eb:c8:05:87:96:a1:a2:90:5b:4b:60:e0:5f:5c:b5:f8:
         45:4a:93:f4:a5:97:c1:02:90:4b:2c:a0:05:4c:95:12:3b:73:
         c0:b5:22:3d
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQj12wMHyBIG8D6pwbrfPMPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0MjUzYzRmMjMzY2U5ODQ3Njk5YWU2OGVjYmY1ZDc1MTRi
MGZhZGIwHhcNMjUwMTAxMjE0ODI3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NDMyNGRkMDhmYmQ4Mzg3OWEzOWFjOTVmODNkOWFiMDdhMWMyZGRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvLzPj6d6rGdJLnZeVyUp5/Xr4GoX
Py1qlcgj2RyWDuJ6vVnmL/PH2soc+RyiZj7atEIVhzQ5c81XS6dClnmCt6vH59W+
JtSQgyiqHDSuBGmcKG14iyAxwkRt+4vx6Wc24kkbTBj4nCux9SfsKm3JBjXjV+gu
e7Pxwamrx1R1AS0zY0tX/06AAUA/Nc3J5TiPfR0C5ukS6eX0mY66VnONCgVy5D/6
I8mv2bAV6jXs95ymo8kdo1/5XwOSCqPByExHeKEwfgYb4STiNGuU3u25aJz2aV3v
X+2TMpboBRfrE0eYTRUTEVEL2ltZCqhs/98NmXl4Rj8B2YWnXX3Ohb9qCQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFHQyTdCPvYOHmjmslfg9mrB6HC3bMB8GA1UdIwQY
MBaAFLQlPE8jPOmEdpmuaOy/XXUUsPrbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdENVOFR5TTg2WVIybWE1bzdMOWRkUlN3LXRzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC80MWQ2ZTEtNWNhZC00MGRiLTk3NzMt
NThiMzhmNWFjODBiLzEvZERKTjBJLTlnNGVhT2F5Vi1EMmFzSG9jTGRzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC80MWQ2ZTEtNWNhZC00MGRiLTk3NzMtNThiMzhmNWFjODBi
LzEvdENVOFR5TTg2WVIybWE1bzdMOWRkUlN3LXRzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgEDZzlT
MA0GCSqGSIb3DQEBCwUAA4IBAQCi8ItMALzaCnrqYaPmgL/gKVzuT6fwhCBmJcfL
txpvp94mJkPc7c4BnZsjeh7b98R6wcyXOGOOQnrycf6dtydeAYPX+8CgBN/xHXxg
p4VEOqa3MWZfRy8Iib4xpNRKT7SLCKdrm8JJebFEBndg6C1Z1jk0WtcEv5npMXGo
NuYL9IABJ4ixQPO65ZBvX1Fi43LPXAXtvvYvd4RQ0ORQL1RDrwSgq9sG4pRKdSSP
uCHiYzuK1Fz/433vvEAHSBBMgqPiHAmLksqcxOW+8ELrMbn/51plISHBdX8WvOvI
BYeWoaKQW0tg4F9ctfhFSpP0pZfBApBLLKAFTJUSO3PAtSI9
-----END CERTIFICATE-----