Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d2/cee55d-985a-4e36-8e39-82bc8a3180c6/1/7-uxb2sVoc0kcAT2m9SP5qVnZ8E.roa
File:                     7-uxb2sVoc0kcAT2m9SP5qVnZ8E.roa (raw, json)
Hash identifier:          acdZUKxa+ye22RHZ+hlpmz4eeOUGVIjJiD1cAB8HEbo=
Subject key identifier:   EF:EB:B1:6F:6B:15:A1:CD:24:70:04:F6:9B:D4:8F:E6:A5:67:67:C1
Certificate issuer:       /CN=607656b8f7e81b5149b4860f8127b1d4e3b487dc
Certificate serial:       019427B63F77753F4008C643572479351373
Authority key identifier: 60:76:56:B8:F7:E8:1B:51:49:B4:86:0F:81:27:B1:D4:E3:B4:87:DC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YHZWuPfoG1FJtIYPgSex1OO0h9w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d2/cee55d-985a-4e36-8e39-82bc8a3180c6/1/7-uxb2sVoc0kcAT2m9SP5qVnZ8E.roa
Signing time:             Thu 02 Jan 2025 15:50:42 +0000
ROA not before:           Thu 02 Jan 2025 15:50:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     204571
IP address blocks:        2001:67c:a1c::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d2/cee55d-985a-4e36-8e39-82bc8a3180c6/1/YHZWuPfoG1FJtIYPgSex1OO0h9w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d2/cee55d-985a-4e36-8e39-82bc8a3180c6/1/YHZWuPfoG1FJtIYPgSex1OO0h9w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YHZWuPfoG1FJtIYPgSex1OO0h9w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b6:3f:77:75:3f:40:08:c6:43:57:24:79:35:13:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=607656b8f7e81b5149b4860f8127b1d4e3b487dc
        Validity
            Not Before: Jan  2 15:50:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=efebb16f6b15a1cd247004f69bd48fe6a56767c1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f4:c5:f4:d3:96:d1:1a:f0:a9:03:37:a7:9a:65:
                    48:1a:7d:c0:ca:fd:ea:36:98:9b:41:33:07:04:50:
                    97:5b:5a:ef:d6:f0:f3:f3:c5:07:d4:a0:03:be:df:
                    8d:ed:4b:2c:46:27:98:4c:0b:c3:82:19:4b:b8:ee:
                    0b:f7:1d:66:21:64:76:b2:26:af:da:44:89:44:39:
                    46:13:0c:ba:b7:d9:14:9b:51:2b:b8:6e:f4:2c:c6:
                    25:aa:8e:14:05:3f:9b:45:c3:23:15:b3:ef:fd:44:
                    a2:6a:c8:4f:14:75:c6:28:ff:7d:c9:36:26:15:9d:
                    8c:89:81:34:74:cd:fb:c9:4e:8c:a0:da:7e:c0:a9:
                    1f:46:12:f6:45:50:e9:31:24:e3:f9:71:04:19:aa:
                    6c:ef:36:5a:d9:a2:84:70:28:50:d4:63:63:8f:b6:
                    3b:e0:b5:09:e7:83:3c:e0:9f:36:73:9a:e2:54:82:
                    46:db:c7:03:1c:9e:3a:e4:3a:e3:88:1e:40:40:a8:
                    bd:da:02:41:7b:d1:02:ef:f4:1b:b1:b6:7f:00:4e:
                    62:9e:c9:21:80:1a:e1:cb:a1:26:9b:eb:73:fd:6c:
                    a8:57:52:16:29:82:d5:1f:bb:fa:78:77:b0:2b:5a:
                    76:81:17:55:a5:64:b6:89:5d:20:87:f2:bb:d4:9c:
                    6b:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EF:EB:B1:6F:6B:15:A1:CD:24:70:04:F6:9B:D4:8F:E6:A5:67:67:C1
            X509v3 Authority Key Identifier:
                keyid:60:76:56:B8:F7:E8:1B:51:49:B4:86:0F:81:27:B1:D4:E3:B4:87:DC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YHZWuPfoG1FJtIYPgSex1OO0h9w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/cee55d-985a-4e36-8e39-82bc8a3180c6/1/7-uxb2sVoc0kcAT2m9SP5qVnZ8E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/cee55d-985a-4e36-8e39-82bc8a3180c6/1/YHZWuPfoG1FJtIYPgSex1OO0h9w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:a1c::/48

    Signature Algorithm: sha256WithRSAEncryption
         0c:86:bd:4e:12:b4:63:f2:df:a9:ae:85:d5:64:79:05:7a:10:
         3b:84:5a:5a:ff:7f:a5:66:88:96:08:be:c1:ad:21:6a:67:84:
         35:bd:67:b7:a9:43:06:ae:86:65:10:c2:20:04:26:7c:28:e1:
         57:da:e3:99:46:ab:8f:e9:71:90:37:52:77:f4:bc:cd:76:1f:
         28:f3:2f:37:0c:20:0f:de:50:4d:d6:f2:2f:b7:72:5f:06:35:
         88:11:db:1a:ac:86:9b:f1:e7:38:4d:85:02:ad:dc:b7:e7:bc:
         83:b5:bd:3f:05:02:b5:35:ab:37:8f:a2:9c:86:07:cc:9f:87:
         20:aa:7a:b5:c5:77:65:18:ef:b3:75:73:8d:66:82:ec:43:37:
         89:87:64:d1:d8:e2:47:bf:76:dc:55:81:d4:ca:23:9f:a7:9b:
         dc:1e:31:0c:6b:3e:a1:b4:b4:d2:0d:29:d9:9d:93:cb:f5:98:
         9a:41:6e:04:e0:c5:68:f9:cc:2c:d4:c3:8c:ba:fe:74:7c:4c:
         f2:e2:00:ac:48:49:0d:6a:f4:05:a9:d2:9e:2a:16:8e:9d:f3:
         a9:68:57:ab:0f:83:8e:af:24:1f:98:99:16:24:99:a4:b1:72:
         ca:45:04:3c:af:13:9e:cf:67:d9:30:35:73:f9:79:46:ff:4b:
         3c:a9:b5:51
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQntj93dT9ACMZDVyR5NRNzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNzY1NmI4ZjdlODFiNTE0OWI0ODYwZjgxMjdiMWQ0ZTNi
NDg3ZGMwHhcNMjUwMTAyMTU1MDQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZmViYjE2ZjZiMTVhMWNkMjQ3MDA0ZjY5YmQ0OGZlNmE1Njc2N2MxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9MX005bRGvCpAzenmmVIGn3Ayv3q
NpibQTMHBFCXW1rv1vDz88UH1KADvt+N7UssRieYTAvDghlLuO4L9x1mIWR2siav
2kSJRDlGEwy6t9kUm1EruG70LMYlqo4UBT+bRcMjFbPv/USiashPFHXGKP99yTYm
FZ2MiYE0dM37yU6MoNp+wKkfRhL2RVDpMSTj+XEEGaps7zZa2aKEcChQ1GNjj7Y7
4LUJ54M84J82c5riVIJG28cDHJ465DrjiB5AQKi92gJBe9EC7/QbsbZ/AE5inskh
gBrhy6Emm+tz/WyoV1IWKYLVH7v6eHewK1p2gRdVpWS2iV0gh/K71JxrWwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFO/rsW9rFaHNJHAE9pvUj+alZ2fBMB8GA1UdIwQY
MBaAFGB2Vrj36BtRSbSGD4EnsdTjtIfcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUhaV3VQZm9HMUZKdElZUGdTZXgxT08waDl3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMi9jZWU1NWQtOTg1YS00ZTM2LThlMzkt
ODJiYzhhMzE4MGM2LzEvNy11eGIyc1ZvYzBrY0FUMm05U1A1cVZuWjhFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMi9jZWU1NWQtOTg1YS00ZTM2LThlMzktODJiYzhhMzE4MGM2
LzEvWUhaV3VQZm9HMUZKdElZUGdTZXgxT08waDl3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfAoc
MA0GCSqGSIb3DQEBCwUAA4IBAQAMhr1OErRj8t+proXVZHkFehA7hFpa/3+lZoiW
CL7BrSFqZ4Q1vWe3qUMGroZlEMIgBCZ8KOFX2uOZRquP6XGQN1J39LzNdh8o8y83
DCAP3lBN1vIvt3JfBjWIEdsarIab8ec4TYUCrdy357yDtb0/BQK1Nas3j6KchgfM
n4cgqnq1xXdlGO+zdXONZoLsQzeJh2TR2OJHv3bcVYHUyiOfp5vcHjEMaz6htLTS
DSnZnZPL9ZiaQW4E4MVo+cws1MOMuv50fEzy4gCsSEkNavQFqdKeKhaOnfOpaFer
D4OOryQfmJkWJJmksXLKRQQ8rxOez2fZMDVz+XlG/0s8qbVR
-----END CERTIFICATE-----