Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/n4b2VeoRhb6r6iX1hi24jiQQCtQ.roa
File:                     n4b2VeoRhb6r6iX1hi24jiQQCtQ.roa (raw, json)
Hash identifier:          xBg1+78umT3r9aQIPXnHzqL6DpABdBTwOGG8N57Rsro=
Subject key identifier:   9F:86:F6:55:EA:11:85:BE:AB:EA:25:F5:86:2D:B8:8E:24:10:0A:D4
Certificate issuer:       /CN=cfcead390625edba1408108df57cea47160d70e5
Certificate serial:       01942369F071262E8285A3B51A3338487CAB
Authority key identifier: CF:CE:AD:39:06:25:ED:BA:14:08:10:8D:F5:7C:EA:47:16:0D:70:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/z86tOQYl7boUCBCN9XzqRxYNcOU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/n4b2VeoRhb6r6iX1hi24jiQQCtQ.roa
Signing time:             Wed 01 Jan 2025 19:48:52 +0000
ROA not before:           Wed 01 Jan 2025 19:48:52 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214040
IP address blocks:        2a0f:7804:f650::/44 maxlen: 48
                          2a0f:7804:f9f0::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/z86tOQYl7boUCBCN9XzqRxYNcOU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/z86tOQYl7boUCBCN9XzqRxYNcOU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/z86tOQYl7boUCBCN9XzqRxYNcOU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:69:f0:71:26:2e:82:85:a3:b5:1a:33:38:48:7c:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cfcead390625edba1408108df57cea47160d70e5
        Validity
            Not Before: Jan  1 19:48:52 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9f86f655ea1185beabea25f5862db88e24100ad4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:3f:45:d7:be:15:bb:4c:43:ad:b0:8e:e8:80:
                    91:5c:4c:99:88:75:2a:70:36:ed:bb:53:46:98:de:
                    43:f4:80:0f:22:ce:e6:a2:dc:f7:4b:67:ab:b7:46:
                    56:72:99:e6:6b:18:49:d6:c7:a6:70:40:d0:2b:95:
                    2d:a9:a1:dc:c3:4b:87:a6:3e:d9:75:cd:cd:c9:80:
                    9b:16:c0:57:3a:cb:ca:3a:42:b6:c6:15:81:7e:23:
                    78:9d:31:23:a0:b6:b7:98:3e:d0:94:24:ab:2e:d0:
                    c2:34:36:9a:8e:2d:7b:02:58:a4:35:3c:61:6f:09:
                    59:ac:75:11:82:96:ec:90:2a:83:ed:6c:c6:08:64:
                    a4:6e:54:02:fe:80:e4:f7:60:33:35:20:2d:1e:00:
                    3d:05:1c:4d:bd:8f:21:f2:99:6a:bc:4e:69:44:da:
                    bd:bc:7b:86:9e:83:fe:c6:48:73:c4:b4:83:88:b1:
                    62:1d:0e:0d:60:e9:7f:be:d7:1d:1a:51:75:05:4d:
                    f5:41:27:88:7c:cb:68:1e:52:bf:63:5d:8c:d6:e3:
                    7b:fe:9d:29:51:a9:42:1a:09:ae:92:40:7c:ef:53:
                    37:15:91:50:54:36:a4:23:6d:16:65:50:2c:b8:24:
                    e1:d3:b8:d5:73:74:7f:16:c9:7d:a3:da:a4:13:9b:
                    41:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:86:F6:55:EA:11:85:BE:AB:EA:25:F5:86:2D:B8:8E:24:10:0A:D4
            X509v3 Authority Key Identifier:
                keyid:CF:CE:AD:39:06:25:ED:BA:14:08:10:8D:F5:7C:EA:47:16:0D:70:E5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/z86tOQYl7boUCBCN9XzqRxYNcOU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/n4b2VeoRhb6r6iX1hi24jiQQCtQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/z86tOQYl7boUCBCN9XzqRxYNcOU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:7804:f650::/44
                  2a0f:7804:f9f0::/44

    Signature Algorithm: sha256WithRSAEncryption
         a6:b1:a4:cb:87:2e:f7:44:3f:ac:fe:aa:f2:e2:21:c9:22:bc:
         4d:a3:58:40:cf:ba:ca:1b:8f:96:3f:45:c1:06:8b:df:6d:f5:
         1b:8d:b0:d3:c0:ac:a2:c8:a6:f2:5a:e1:90:3b:87:21:41:c6:
         af:56:78:15:a3:d2:16:d8:c5:7b:fc:7f:08:31:21:90:f3:19:
         1b:34:53:dd:95:61:e4:3c:c0:30:c9:71:f5:eb:67:b7:12:76:
         9c:60:35:3a:39:ac:dc:f9:f0:a0:2e:9b:35:55:cf:33:5d:e4:
         77:f0:cc:6f:92:fb:c9:80:07:d5:c4:f6:0b:60:7c:ec:bf:23:
         3b:de:de:54:65:28:cc:44:8c:30:88:77:4c:23:15:94:38:ff:
         ff:6b:f5:f9:c2:c8:e8:8b:18:21:e1:87:ff:df:36:cf:af:88:
         51:f3:cb:27:2e:94:9a:da:c6:0f:d8:cd:af:36:36:6a:8f:37:
         35:2a:e5:d8:27:56:68:35:4c:e9:54:1f:e8:f0:27:57:43:f1:
         48:91:a0:11:43:28:13:5c:ce:ba:fd:00:ce:58:9a:35:09:07:
         48:ec:f0:66:57:0c:9b:03:96:b6:04:7b:c4:34:b3:7b:2d:9c:
         46:2f:03:32:d6:ea:96:50:70:75:13:83:94:70:5a:47:6f:f7:
         81:36:b4:5b
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZQjafBxJi6ChaO1GjM4SHyrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmY2VhZDM5MDYyNWVkYmExNDA4MTA4ZGY1N2NlYTQ3MTYw
ZDcwZTUwHhcNMjUwMTAxMTk0ODUyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5Zjg2ZjY1NWVhMTE4NWJlYWJlYTI1ZjU4NjJkYjg4ZTI0MTAwYWQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2T9F174Vu0xDrbCO6ICRXEyZiHUq
cDbtu1NGmN5D9IAPIs7motz3S2ert0ZWcpnmaxhJ1semcEDQK5UtqaHcw0uHpj7Z
dc3NyYCbFsBXOsvKOkK2xhWBfiN4nTEjoLa3mD7QlCSrLtDCNDaaji17AlikNTxh
bwlZrHURgpbskCqD7WzGCGSkblQC/oDk92AzNSAtHgA9BRxNvY8h8plqvE5pRNq9
vHuGnoP+xkhzxLSDiLFiHQ4NYOl/vtcdGlF1BU31QSeIfMtoHlK/Y12M1uN7/p0p
UalCGgmukkB871M3FZFQVDakI20WZVAsuCTh07jVc3R/Fsl9o9qkE5tBwQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFJ+G9lXqEYW+q+ol9YYtuI4kEArUMB8GA1UdIwQY
MBaAFM/OrTkGJe26FAgQjfV86kcWDXDlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvejg2dE9RWWw3Ym9VQ0JDTjlYenFSeFlOY09VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNS9jNDY0N2EtNjA0Mi00ZmU4LWEyNzYt
ZjViNmE3MThmNGI1LzEvbjRiMlZlb1JoYjZyNmlYMWhpMjRqaVFRQ3RRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNS9jNDY0N2EtNjA0Mi00ZmU4LWEyNzYtZjViNmE3MThmNGI1
LzEvejg2dE9RWWw3Ym9VQ0JDTjlYenFSeFlOY09VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcEKg94BPZQ
AwcEKg94BPnwMA0GCSqGSIb3DQEBCwUAA4IBAQCmsaTLhy73RD+s/qry4iHJIrxN
o1hAz7rKG4+WP0XBBovfbfUbjbDTwKyiyKbyWuGQO4chQcavVngVo9IW2MV7/H8I
MSGQ8xkbNFPdlWHkPMAwyXH162e3EnacYDU6Oazc+fCgLps1Vc8zXeR38MxvkvvJ
gAfVxPYLYHzsvyM73t5UZSjMRIwwiHdMIxWUOP//a/X5wsjoixgh4Yf/3zbPr4hR
88snLpSa2sYP2M2vNjZqjzc1KuXYJ1ZoNUzpVB/o8CdXQ/FIkaARQygTXM66/QDO
WJo1CQdI7PBmVwybA5a2BHvENLN7LZxGLwMy1uqWUHB1E4OUcFpHb/eBNrRb
-----END CERTIFICATE-----