Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d4/63efb8-bf24-48c2-8c50-75d9ce5b8d9c/1/P2NRYwvD64-ChL8WHsL3n2VNc0o.roa
File:                     P2NRYwvD64-ChL8WHsL3n2VNc0o.roa (raw, json)
Hash identifier:          ieevRAfzDccOVGuN3ZGz3jBO2k67pRtiKtsN5CR5hf4=
Subject key identifier:   3F:63:51:63:0B:C3:EB:8F:82:84:BF:16:1E:C2:F7:9F:65:4D:73:4A
Certificate issuer:       /CN=5f0226a704cf620eb2000f27e7a919ce730991be
Certificate serial:       01942143F65212EE1D19A868427A9F3DB03A
Authority key identifier: 5F:02:26:A7:04:CF:62:0E:B2:00:0F:27:E7:A9:19:CE:73:09:91:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XwImpwTPYg6yAA8n56kZznMJkb4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d4/63efb8-bf24-48c2-8c50-75d9ce5b8d9c/1/P2NRYwvD64-ChL8WHsL3n2VNc0o.roa
Signing time:             Wed 01 Jan 2025 09:48:09 +0000
ROA not before:           Wed 01 Jan 2025 09:48:09 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     47447
IP address blocks:        2a0c:b840:1::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d4/63efb8-bf24-48c2-8c50-75d9ce5b8d9c/1/XwImpwTPYg6yAA8n56kZznMJkb4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d4/63efb8-bf24-48c2-8c50-75d9ce5b8d9c/1/XwImpwTPYg6yAA8n56kZznMJkb4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XwImpwTPYg6yAA8n56kZznMJkb4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:43:f6:52:12:ee:1d:19:a8:68:42:7a:9f:3d:b0:3a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5f0226a704cf620eb2000f27e7a919ce730991be
        Validity
            Not Before: Jan  1 09:48:09 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3f6351630bc3eb8f8284bf161ec2f79f654d734a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:03:75:26:c0:51:7a:ae:50:d0:54:d7:16:28:
                    2f:2c:22:3e:8a:db:ad:b3:aa:32:21:61:99:f5:8d:
                    84:3b:07:b9:92:1e:1c:b8:71:55:ce:09:40:10:16:
                    ec:fa:b9:8b:2f:41:1f:60:45:f9:fe:6c:59:26:56:
                    aa:83:44:22:e6:24:74:c2:38:80:b1:13:15:ec:dc:
                    d2:eb:63:39:89:a3:1e:79:4e:24:08:78:be:b2:ac:
                    7a:09:09:53:02:1d:f5:7b:15:fa:99:03:fb:2a:e7:
                    9d:3f:10:74:2b:e4:b3:23:ec:e3:bb:11:9d:9b:1c:
                    13:dd:f3:c2:79:64:e6:6b:0e:5b:11:be:30:e8:ac:
                    78:44:32:bc:4d:ba:4b:50:28:4f:ca:a1:9e:dc:a0:
                    68:cc:2a:a9:4b:ae:85:fa:8e:78:ea:75:39:87:76:
                    14:f6:0d:18:3a:04:5a:2f:33:29:d0:43:88:f3:7a:
                    71:f5:80:de:73:47:f4:56:ce:fa:18:a8:a4:9f:41:
                    12:8e:02:df:66:8e:0b:35:ad:c4:af:1b:df:bc:08:
                    27:71:aa:4a:52:fc:1f:a4:8a:94:c4:3b:9c:71:af:
                    7f:98:85:96:e7:17:32:f0:43:94:b3:67:7e:2f:0c:
                    1e:6b:c5:aa:32:71:e8:66:50:10:a9:21:cd:7e:d2:
                    d7:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:63:51:63:0B:C3:EB:8F:82:84:BF:16:1E:C2:F7:9F:65:4D:73:4A
            X509v3 Authority Key Identifier:
                keyid:5F:02:26:A7:04:CF:62:0E:B2:00:0F:27:E7:A9:19:CE:73:09:91:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XwImpwTPYg6yAA8n56kZznMJkb4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/63efb8-bf24-48c2-8c50-75d9ce5b8d9c/1/P2NRYwvD64-ChL8WHsL3n2VNc0o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/63efb8-bf24-48c2-8c50-75d9ce5b8d9c/1/XwImpwTPYg6yAA8n56kZznMJkb4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b840:1::/48

    Signature Algorithm: sha256WithRSAEncryption
         a1:59:e5:f9:a5:c2:fe:64:6a:34:42:26:89:0f:e9:48:30:e6:
         14:93:47:0a:91:6d:79:3a:c6:4f:8b:35:dc:c0:f7:10:43:b4:
         90:b3:2d:f4:0f:5d:d0:69:2d:18:8d:a6:b8:d7:67:59:16:fe:
         ae:12:da:de:10:52:92:d1:04:88:64:14:99:0e:4a:97:a4:f1:
         01:17:31:3a:0d:ed:ba:5c:63:09:33:aa:43:a9:43:a1:d7:ee:
         1e:46:25:04:08:c1:34:e1:28:ff:12:08:38:c9:92:41:98:48:
         42:c3:c9:7e:83:cd:11:3b:33:4c:a8:e6:79:d7:75:b9:26:4d:
         88:f1:3f:38:a8:54:49:f3:89:c4:1b:67:59:63:98:07:14:e3:
         25:08:99:d0:ae:9d:8c:fc:71:fa:80:51:e5:d2:c2:d2:df:b7:
         20:6f:14:7d:52:e3:b4:91:f7:a8:29:18:37:28:3b:1c:52:43:
         41:65:ab:21:6e:48:57:bd:84:d7:f7:77:37:2c:18:24:cf:44:
         17:00:1a:ce:cf:c6:2a:31:1b:80:4b:22:c1:fa:cd:c7:ba:d9:
         ca:f0:3b:52:3f:5b:8c:c3:60:b9:2b:47:70:83:4c:40:e6:d1:
         42:03:bc:03:8d:0e:99:24:83:9b:73:6b:89:cd:ce:4c:be:62:
         d8:75:1a:d1
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQhQ/ZSEu4dGahoQnqfPbA6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVmMDIyNmE3MDRjZjYyMGViMjAwMGYyN2U3YTkxOWNlNzMw
OTkxYmUwHhcNMjUwMTAxMDk0ODA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZjYzNTE2MzBiYzNlYjhmODI4NGJmMTYxZWMyZjc5ZjY1NGQ3MzRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoAN1JsBReq5Q0FTXFigvLCI+itut
s6oyIWGZ9Y2EOwe5kh4cuHFVzglAEBbs+rmLL0EfYEX5/mxZJlaqg0Qi5iR0wjiA
sRMV7NzS62M5iaMeeU4kCHi+sqx6CQlTAh31exX6mQP7KuedPxB0K+SzI+zjuxGd
mxwT3fPCeWTmaw5bEb4w6Kx4RDK8TbpLUChPyqGe3KBozCqpS66F+o546nU5h3YU
9g0YOgRaLzMp0EOI83px9YDec0f0Vs76GKikn0ESjgLfZo4LNa3ErxvfvAgncapK
UvwfpIqUxDucca9/mIWW5xcy8EOUs2d+Lwwea8WqMnHoZlAQqSHNftLXbQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFD9jUWMLw+uPgoS/Fh7C959lTXNKMB8GA1UdIwQY
MBaAFF8CJqcEz2IOsgAPJ+epGc5zCZG+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWHdJbXB3VFBZZzZ5QUE4bjU2a1p6bk1Ka2I0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNC82M2VmYjgtYmYyNC00OGMyLThjNTAt
NzVkOWNlNWI4ZDljLzEvUDJOUll3dkQ2NC1DaEw4V0hzTDNuMlZOYzBvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNC82M2VmYjgtYmYyNC00OGMyLThjNTAtNzVkOWNlNWI4ZDlj
LzEvWHdJbXB3VFBZZzZ5QUE4bjU2a1p6bk1Ka2I0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgy4QAAB
MA0GCSqGSIb3DQEBCwUAA4IBAQChWeX5pcL+ZGo0QiaJD+lIMOYUk0cKkW15OsZP
izXcwPcQQ7SQsy30D13QaS0Yjaa412dZFv6uEtreEFKS0QSIZBSZDkqXpPEBFzE6
De26XGMJM6pDqUOh1+4eRiUECME04Sj/Egg4yZJBmEhCw8l+g80ROzNMqOZ513W5
Jk2I8T84qFRJ84nEG2dZY5gHFOMlCJnQrp2M/HH6gFHl0sLS37cgbxR9UuO0kfeo
KRg3KDscUkNBZashbkhXvYTX93c3LBgkz0QXABrOz8YqMRuASyLB+s3HutnK8DtS
P1uMw2C5K0dwg0xA5tFCA7wDjQ6ZJIObc2uJzc5MvmLYdRrR
-----END CERTIFICATE-----