Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/LA69d9TEhm92Pxy9y6zVvgGneG8.roa
File:                     LA69d9TEhm92Pxy9y6zVvgGneG8.roa (raw, json)
Hash identifier:          BPLmY7z23TKJbTD4sri4pqUqW7bJJP5DZZKSIfnvJiE=
Subject key identifier:   2C:0E:BD:77:D4:C4:86:6F:76:3F:1C:BD:CB:AC:D5:BE:01:A7:78:6F
Certificate issuer:       /CN=cfcead390625edba1408108df57cea47160d70e5
Certificate serial:       01942369F76222E481732FD1AAEE9BC40230
Authority key identifier: CF:CE:AD:39:06:25:ED:BA:14:08:10:8D:F5:7C:EA:47:16:0D:70:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/z86tOQYl7boUCBCN9XzqRxYNcOU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/LA69d9TEhm92Pxy9y6zVvgGneG8.roa
Signing time:             Wed 01 Jan 2025 19:48:54 +0000
ROA not before:           Wed 01 Jan 2025 19:48:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215269
IP address blocks:        2a0f:7803:fae0::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/z86tOQYl7boUCBCN9XzqRxYNcOU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/z86tOQYl7boUCBCN9XzqRxYNcOU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/z86tOQYl7boUCBCN9XzqRxYNcOU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:69:f7:62:22:e4:81:73:2f:d1:aa:ee:9b:c4:02:30
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cfcead390625edba1408108df57cea47160d70e5
        Validity
            Not Before: Jan  1 19:48:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2c0ebd77d4c4866f763f1cbdcbacd5be01a7786f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:ad:6a:6c:a2:0e:a8:e3:07:f3:84:d1:31:68:
                    f2:e3:23:7c:3a:46:53:0c:96:54:f0:96:3b:8f:c9:
                    d2:74:f2:65:0b:14:9a:57:aa:a0:32:d1:3b:3b:fd:
                    ea:64:dc:7f:66:e1:8a:c3:62:16:cf:31:94:de:47:
                    74:a5:ac:7c:32:f9:5e:4f:95:7d:b7:fc:83:4f:f9:
                    35:b9:bd:9e:cd:a7:35:2a:fa:d2:49:11:e3:bd:08:
                    0a:42:4c:8f:b2:7b:fa:a9:3b:d8:c9:a1:1c:3c:52:
                    73:07:a3:6d:d5:89:ac:80:46:38:86:b0:c8:d6:86:
                    1c:ee:f2:b9:56:e7:20:05:21:cf:c5:a0:51:b6:8d:
                    1c:e9:2c:e2:95:4b:99:a9:4f:a1:d9:d6:e2:39:27:
                    2a:6d:c5:a3:f8:2e:e1:3d:fc:6a:d2:11:98:b6:b4:
                    c3:ad:a4:19:65:9f:ee:a9:73:ff:a0:44:e2:49:b9:
                    89:17:59:7c:15:d4:98:ea:03:03:66:f7:c2:4a:f7:
                    57:a1:4c:be:f4:d3:8e:69:0d:76:bb:dd:04:65:72:
                    ce:07:83:5b:0b:b8:39:4f:09:26:94:fa:c5:36:dd:
                    9f:ae:d5:10:9c:45:f3:7a:01:bb:7a:d0:89:95:61:
                    5f:3d:dc:a6:de:89:41:88:79:b7:ef:32:dc:8e:b5:
                    ab:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2C:0E:BD:77:D4:C4:86:6F:76:3F:1C:BD:CB:AC:D5:BE:01:A7:78:6F
            X509v3 Authority Key Identifier:
                keyid:CF:CE:AD:39:06:25:ED:BA:14:08:10:8D:F5:7C:EA:47:16:0D:70:E5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/z86tOQYl7boUCBCN9XzqRxYNcOU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/LA69d9TEhm92Pxy9y6zVvgGneG8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/z86tOQYl7boUCBCN9XzqRxYNcOU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:7803:fae0::/44

    Signature Algorithm: sha256WithRSAEncryption
         09:0b:44:78:6d:60:15:ab:8d:07:76:40:fc:55:b9:ad:61:8e:
         b8:2b:e9:52:c2:09:97:e4:d5:be:97:12:2c:a2:88:4c:66:91:
         3e:b1:49:0f:38:c8:55:72:b9:2d:b7:06:3b:31:8f:4b:53:af:
         d1:59:68:81:09:29:7d:ac:20:04:6c:d2:bc:78:e2:50:ec:af:
         6a:7b:99:2f:10:fd:b8:7f:dd:1d:00:94:3a:13:b2:50:f1:c8:
         dd:28:84:64:77:fa:e9:ba:c4:d1:29:5f:df:86:24:8c:75:9d:
         6e:4d:a5:cb:b0:00:8b:a2:bd:fe:70:44:16:3e:88:f3:82:33:
         50:11:c1:48:b8:ec:a5:0a:19:2f:53:28:3f:55:e3:56:56:51:
         9e:8e:21:6d:45:b6:05:ab:70:93:82:a5:2e:1a:45:5d:56:e7:
         f4:9c:c0:b4:4a:08:24:7f:be:68:fc:79:7c:37:98:09:c4:f6:
         2e:4f:96:36:6d:f4:d3:9f:c3:70:95:e0:78:bd:d2:a9:8a:6e:
         f9:6a:90:7f:7e:93:eb:31:bc:19:12:bc:45:0c:d3:cf:f2:58:
         cb:6a:c0:d7:62:e5:32:12:66:22:a5:aa:77:e3:05:f2:7e:de:
         42:27:93:0d:e4:8d:c3:4e:35:46:e1:12:bd:54:a4:47:31:04:
         74:53:54:e4
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQjafdiIuSBcy/Rqu6bxAIwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmY2VhZDM5MDYyNWVkYmExNDA4MTA4ZGY1N2NlYTQ3MTYw
ZDcwZTUwHhcNMjUwMTAxMTk0ODU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYzBlYmQ3N2Q0YzQ4NjZmNzYzZjFjYmRjYmFjZDViZTAxYTc3ODZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwa1qbKIOqOMH84TRMWjy4yN8OkZT
DJZU8JY7j8nSdPJlCxSaV6qgMtE7O/3qZNx/ZuGKw2IWzzGU3kd0pax8MvleT5V9
t/yDT/k1ub2ezac1KvrSSRHjvQgKQkyPsnv6qTvYyaEcPFJzB6Nt1YmsgEY4hrDI
1oYc7vK5VucgBSHPxaBRto0c6SzilUuZqU+h2dbiOScqbcWj+C7hPfxq0hGYtrTD
raQZZZ/uqXP/oETiSbmJF1l8FdSY6gMDZvfCSvdXoUy+9NOOaQ12u90EZXLOB4Nb
C7g5TwkmlPrFNt2frtUQnEXzegG7etCJlWFfPdym3olBiHm37zLcjrWroQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFCwOvXfUxIZvdj8cvcus1b4Bp3hvMB8GA1UdIwQY
MBaAFM/OrTkGJe26FAgQjfV86kcWDXDlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvejg2dE9RWWw3Ym9VQ0JDTjlYenFSeFlOY09VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNS9jNDY0N2EtNjA0Mi00ZmU4LWEyNzYt
ZjViNmE3MThmNGI1LzEvTEE2OWQ5VEVobTkyUHh5OXk2elZ2Z0duZUc4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNS9jNDY0N2EtNjA0Mi00ZmU4LWEyNzYtZjViNmE3MThmNGI1
LzEvejg2dE9RWWw3Ym9VQ0JDTjlYenFSeFlOY09VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg94A/rg
MA0GCSqGSIb3DQEBCwUAA4IBAQAJC0R4bWAVq40HdkD8VbmtYY64K+lSwgmX5NW+
lxIsoohMZpE+sUkPOMhVcrkttwY7MY9LU6/RWWiBCSl9rCAEbNK8eOJQ7K9qe5kv
EP24f90dAJQ6E7JQ8cjdKIRkd/rpusTRKV/fhiSMdZ1uTaXLsACLor3+cEQWPojz
gjNQEcFIuOylChkvUyg/VeNWVlGejiFtRbYFq3CTgqUuGkVdVuf0nMC0Sggkf75o
/Hl8N5gJxPYuT5Y2bfTTn8NwleB4vdKpim75apB/fpPrMbwZErxFDNPP8ljLasDX
YuUyEmYipap34wXyft5CJ5MN5I3DTjVG4RK9VKRHMQR0U1Tk
-----END CERTIFICATE-----