Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/3e3483-1845-442d-a59a-dd72550d78ac/1/0CX7t2odLe1-aKNEQm4nhIdzG64.roa
File:                     0CX7t2odLe1-aKNEQm4nhIdzG64.roa (raw, json)
Hash identifier:          uGt7n5BK6nTit2QXoLjymR88j/L4jwCXMbpw123vP/Q=
Subject key identifier:   D0:25:FB:B7:6A:1D:2D:ED:7E:68:A3:44:42:6E:27:84:87:73:1B:AE
Certificate issuer:       /CN=cd01cda0302b813eb145579ad81f5ed7d29c0209
Certificate serial:       0194258F632DACF371EE9FD5409508D05089
Authority key identifier: CD:01:CD:A0:30:2B:81:3E:B1:45:57:9A:D8:1F:5E:D7:D2:9C:02:09
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zQHNoDArgT6xRVea2B9e19KcAgk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/3e3483-1845-442d-a59a-dd72550d78ac/1/0CX7t2odLe1-aKNEQm4nhIdzG64.roa
Signing time:             Thu 02 Jan 2025 05:49:01 +0000
ROA not before:           Thu 02 Jan 2025 05:49:01 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     57124
IP address blocks:        141.105.144.0/21 maxlen: 21
                          185.117.76.0/22 maxlen: 22
                          2a01:8980::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/3e3483-1845-442d-a59a-dd72550d78ac/1/zQHNoDArgT6xRVea2B9e19KcAgk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/3e3483-1845-442d-a59a-dd72550d78ac/1/zQHNoDArgT6xRVea2B9e19KcAgk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zQHNoDArgT6xRVea2B9e19KcAgk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 10 Mar 2025 14:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:63:2d:ac:f3:71:ee:9f:d5:40:95:08:d0:50:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cd01cda0302b813eb145579ad81f5ed7d29c0209
        Validity
            Not Before: Jan  2 05:49:01 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d025fbb76a1d2ded7e68a344426e278487731bae
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:1e:c6:d9:32:1b:85:36:96:c7:52:d4:54:a9:
                    7c:5d:49:08:36:bf:83:5d:af:95:24:92:71:fa:52:
                    06:fd:81:52:d5:bd:30:c6:91:b0:7e:f3:55:c7:a0:
                    c9:70:41:3b:f0:1a:e1:2d:f6:f4:34:75:a8:ad:ce:
                    d2:ae:9a:9b:5a:3d:ed:2d:a9:af:bd:b0:84:3d:46:
                    56:2b:65:7c:0c:e3:9c:b0:ab:4e:e5:95:0d:af:2f:
                    4a:07:09:ad:f5:ac:e0:37:2d:d7:07:80:61:84:b5:
                    62:24:49:45:d1:86:40:20:ab:16:24:a8:6a:3a:d2:
                    e4:b1:fc:a5:3a:4e:54:ee:07:3e:bd:0e:f9:ef:37:
                    82:42:fa:07:77:32:df:94:cf:04:d2:58:20:40:85:
                    6b:71:0a:d7:d4:22:bf:89:91:61:c6:1c:bb:17:2c:
                    1f:e7:51:62:7d:82:3a:99:91:ab:29:2f:7d:84:03:
                    b1:cc:54:ec:14:32:bd:32:ce:b7:63:8c:1c:9b:21:
                    34:f1:43:56:06:60:7b:41:dd:7e:22:71:1a:4d:d7:
                    a3:d6:7a:dc:18:c5:d8:65:fa:aa:60:15:61:f8:72:
                    9a:54:5a:8b:3a:1e:c4:c4:6d:02:75:22:e7:02:d4:
                    b6:7d:da:9c:b2:f5:b8:d9:b6:51:cc:c6:70:cd:81:
                    b6:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:25:FB:B7:6A:1D:2D:ED:7E:68:A3:44:42:6E:27:84:87:73:1B:AE
            X509v3 Authority Key Identifier:
                keyid:CD:01:CD:A0:30:2B:81:3E:B1:45:57:9A:D8:1F:5E:D7:D2:9C:02:09

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zQHNoDArgT6xRVea2B9e19KcAgk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/3e3483-1845-442d-a59a-dd72550d78ac/1/0CX7t2odLe1-aKNEQm4nhIdzG64.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/3e3483-1845-442d-a59a-dd72550d78ac/1/zQHNoDArgT6xRVea2B9e19KcAgk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.105.144.0/21
                  185.117.76.0/22
                IPv6:
                  2a01:8980::/32

    Signature Algorithm: sha256WithRSAEncryption
         43:e8:b4:90:1e:1b:39:e0:ef:69:19:61:d1:4f:7c:db:e8:61:
         75:a9:5a:82:44:6d:52:11:34:39:ab:69:ed:e0:6a:35:b3:76:
         e9:e7:bb:78:52:bb:ce:3e:63:b6:6c:94:75:28:8c:50:96:ce:
         c8:7d:fe:ca:12:cf:69:a7:d2:57:bd:c5:97:db:fc:82:a7:a0:
         a8:22:c3:8d:0e:0d:05:15:b0:ff:5f:f3:1a:23:67:1b:fa:40:
         de:c5:6f:af:0c:e6:25:1d:e5:8c:c3:a4:18:8c:91:74:0a:3d:
         ed:71:e8:98:1c:08:7b:33:80:bb:09:2b:3c:8b:27:75:67:71:
         e9:00:0e:f8:b1:37:d0:44:cc:e8:ff:4c:d8:33:b0:0b:46:90:
         8e:47:cd:0f:69:ab:69:50:fe:41:f5:9f:27:6f:65:3b:b7:18:
         1f:7f:c8:8f:c4:5c:aa:63:56:7d:f4:d1:96:c1:1b:49:a6:98:
         5e:14:eb:d9:4b:3f:3b:9c:70:ba:ed:fd:d6:07:5d:2a:25:e2:
         31:ab:58:ff:e1:af:7a:62:d1:be:42:27:a3:77:7b:c6:f3:80:
         86:98:b6:e6:a7:95:1d:0e:df:86:2a:60:19:f1:38:4e:d5:2a:
         53:cb:c8:80:31:fc:40:81:de:86:de:89:57:cc:dc:6f:2b:37:
         ab:5a:c7:81
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZQlj2MtrPNx7p/VQJUI0FCJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkMDFjZGEwMzAyYjgxM2ViMTQ1NTc5YWQ4MWY1ZWQ3ZDI5
YzAyMDkwHhcNMjUwMTAyMDU0OTAxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMDI1ZmJiNzZhMWQyZGVkN2U2OGEzNDQ0MjZlMjc4NDg3NzMxYmFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzR7G2TIbhTaWx1LUVKl8XUkINr+D
Xa+VJJJx+lIG/YFS1b0wxpGwfvNVx6DJcEE78BrhLfb0NHWorc7SrpqbWj3tLamv
vbCEPUZWK2V8DOOcsKtO5ZUNry9KBwmt9azgNy3XB4BhhLViJElF0YZAIKsWJKhq
OtLksfylOk5U7gc+vQ757zeCQvoHdzLflM8E0lggQIVrcQrX1CK/iZFhxhy7Fywf
51FifYI6mZGrKS99hAOxzFTsFDK9Ms63Y4wcmyE08UNWBmB7Qd1+InEaTdej1nrc
GMXYZfqqYBVh+HKaVFqLOh7ExG0CdSLnAtS2fdqcsvW42bZRzMZwzYG2swIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFNAl+7dqHS3tfmijREJuJ4SHcxuuMB8GA1UdIwQY
MBaAFM0BzaAwK4E+sUVXmtgfXtfSnAIJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvelFITm9EQXJnVDZ4UlZlYTJCOWUxOUtjQWdrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy8zZTM0ODMtMTg0NS00NDJkLWE1OWEt
ZGQ3MjU1MGQ3OGFjLzEvMENYN3Qyb2RMZTEtYUtORVFtNG5oSWR6RzY0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy8zZTM0ODMtMTg0NS00NDJkLWE1OWEtZGQ3MjU1MGQ3OGFj
LzEvelFITm9EQXJnVDZ4UlZlYTJCOWUxOUtjQWdrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQDjWmQAwQC
uXVMMA0EAgACMAcDBQAqAYmAMA0GCSqGSIb3DQEBCwUAA4IBAQBD6LSQHhs54O9p
GWHRT3zb6GF1qVqCRG1SETQ5q2nt4Go1s3bp57t4UrvOPmO2bJR1KIxQls7Iff7K
Es9pp9JXvcWX2/yCp6CoIsONDg0FFbD/X/MaI2cb+kDexW+vDOYlHeWMw6QYjJF0
Cj3tceiYHAh7M4C7CSs8iyd1Z3HpAA74sTfQRMzo/0zYM7ALRpCOR80PaatpUP5B
9Z8nb2U7txgff8iPxFyqY1Z99NGWwRtJppheFOvZSz87nHC67f3WB10qJeIxq1j/
4a96YtG+Qiejd3vG84CGmLbmp5UdDt+GKmAZ8ThO1SpTy8iAMfxAgd6G3olXzNxv
KzerWseB
-----END CERTIFICATE-----