Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/de/c8aa4e-dd01-4a1a-8cc0-edf409fedfca/1/8fof93hByfwq17Ckt-3keL0U8qE.roa
File:                     8fof93hByfwq17Ckt-3keL0U8qE.roa (raw, json)
Hash identifier:          fPV8OZM9BBwYkvL7Bz4KdU4owCtM7tBBVj0Rie52yyQ=
Subject key identifier:   F1:FA:1F:F7:78:41:C9:FC:2A:D7:B0:A4:B7:ED:E4:78:BD:14:F2:A1
Certificate issuer:       /CN=554834da8600c96c5fde91278f520e6c0d26fff3
Certificate serial:       01941F8C4E886A090AF53DF654AA99BD7432
Authority key identifier: 55:48:34:DA:86:00:C9:6C:5F:DE:91:27:8F:52:0E:6C:0D:26:FF:F3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VUg02oYAyWxf3pEnj1IObA0m__M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/de/c8aa4e-dd01-4a1a-8cc0-edf409fedfca/1/8fof93hByfwq17Ckt-3keL0U8qE.roa
Signing time:             Wed 01 Jan 2025 01:47:56 +0000
ROA not before:           Wed 01 Jan 2025 01:47:56 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213713
IP address blocks:        2a0b:6981:111::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/de/c8aa4e-dd01-4a1a-8cc0-edf409fedfca/1/VUg02oYAyWxf3pEnj1IObA0m__M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/de/c8aa4e-dd01-4a1a-8cc0-edf409fedfca/1/VUg02oYAyWxf3pEnj1IObA0m__M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VUg02oYAyWxf3pEnj1IObA0m__M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 07:01:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:4e:88:6a:09:0a:f5:3d:f6:54:aa:99:bd:74:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=554834da8600c96c5fde91278f520e6c0d26fff3
        Validity
            Not Before: Jan  1 01:47:56 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f1fa1ff77841c9fc2ad7b0a4b7ede478bd14f2a1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:c6:2b:be:5a:1f:fa:0e:aa:9b:ee:76:e7:f0:
                    8a:3c:ed:66:05:53:a3:2a:cf:3a:79:5f:85:e1:f2:
                    49:0e:9c:44:d8:b6:1a:70:dc:7e:1a:e5:22:e5:6b:
                    de:3e:71:f1:51:28:33:2a:bd:17:c4:c9:81:6b:52:
                    40:db:e6:6c:1e:5b:cb:f6:21:2b:64:9c:dd:fc:f1:
                    94:c4:7a:8a:b8:48:f9:ed:d2:43:e6:0e:12:a8:10:
                    54:d2:0d:06:65:fe:5d:92:48:f8:a6:14:a0:e2:3d:
                    06:22:c0:19:9d:85:c8:9c:1a:48:62:c8:1d:01:79:
                    d7:fd:4b:83:96:d7:bb:4d:be:49:95:c5:8a:5a:b2:
                    47:d3:a9:c0:3d:74:a9:bd:2a:dc:25:9c:40:29:26:
                    c0:68:bf:2b:62:e5:b5:df:0a:4b:7c:76:be:a4:9c:
                    d4:bf:82:3a:76:a4:ff:70:3e:7c:3e:bf:7d:40:4e:
                    1c:52:09:c9:13:51:6e:3a:e2:9b:62:f5:5a:4f:86:
                    a1:dc:07:35:05:6c:d1:37:41:78:1a:3c:bf:f3:85:
                    5f:06:5d:8d:63:ab:24:8c:38:a5:c8:20:9c:03:1c:
                    6c:ee:8a:18:d5:a5:8f:cc:2d:7b:9a:7a:a3:1a:f2:
                    83:36:49:bd:22:8a:bd:c0:31:98:c6:c6:4a:7c:3a:
                    88:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:FA:1F:F7:78:41:C9:FC:2A:D7:B0:A4:B7:ED:E4:78:BD:14:F2:A1
            X509v3 Authority Key Identifier:
                keyid:55:48:34:DA:86:00:C9:6C:5F:DE:91:27:8F:52:0E:6C:0D:26:FF:F3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VUg02oYAyWxf3pEnj1IObA0m__M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/de/c8aa4e-dd01-4a1a-8cc0-edf409fedfca/1/8fof93hByfwq17Ckt-3keL0U8qE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/de/c8aa4e-dd01-4a1a-8cc0-edf409fedfca/1/VUg02oYAyWxf3pEnj1IObA0m__M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:6981:111::/48

    Signature Algorithm: sha256WithRSAEncryption
         4e:a4:ff:fa:d9:d9:07:ab:91:47:0d:9f:d7:2f:9e:a5:a3:89:
         26:77:be:25:9b:18:57:c2:49:78:d1:70:9d:ee:5b:d6:c2:7e:
         3b:42:5a:2d:a6:a1:28:24:bd:08:22:1b:21:02:2e:bc:be:c8:
         ad:7e:2d:f5:34:48:6c:c9:f5:02:79:da:e3:1a:50:67:14:7e:
         f6:81:61:3d:b6:49:0f:d1:71:db:b6:1f:5b:1e:cf:6f:40:bb:
         ac:ce:a6:09:dc:05:61:de:19:1f:ce:e6:0b:cf:7c:d5:6f:92:
         4c:18:d4:6d:c7:37:b1:ed:b3:1d:42:14:1f:ff:20:28:d3:ed:
         80:59:82:97:62:7a:74:ab:fd:56:60:03:11:55:4a:50:95:05:
         8f:9d:42:1a:42:75:e7:72:cb:fd:bb:55:02:c5:7d:ea:88:a3:
         51:bc:0e:1f:a1:74:4a:e6:77:a9:04:18:9b:81:09:0a:0d:98:
         58:39:2e:3e:49:79:c6:84:43:c9:4c:16:8e:9a:ac:fd:4a:93:
         ad:e3:f8:ab:4a:6a:39:fe:68:a4:65:19:05:64:fb:ee:00:fd:
         63:d4:82:22:57:d8:d3:ae:40:86:c2:0e:84:d5:f1:55:19:eb:
         e7:c9:74:81:66:ce:55:f1:be:c6:4a:8a:3e:33:32:4b:8c:9e:
         07:a9:f8:03
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQfjE6IagkK9T32VKqZvXQyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU1NDgzNGRhODYwMGM5NmM1ZmRlOTEyNzhmNTIwZTZjMGQy
NmZmZjMwHhcNMjUwMTAxMDE0NzU2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMWZhMWZmNzc4NDFjOWZjMmFkN2IwYTRiN2VkZTQ3OGJkMTRmMmExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1MYrvlof+g6qm+525/CKPO1mBVOj
Ks86eV+F4fJJDpxE2LYacNx+GuUi5WvePnHxUSgzKr0XxMmBa1JA2+ZsHlvL9iEr
ZJzd/PGUxHqKuEj57dJD5g4SqBBU0g0GZf5dkkj4phSg4j0GIsAZnYXInBpIYsgd
AXnX/UuDlte7Tb5JlcWKWrJH06nAPXSpvSrcJZxAKSbAaL8rYuW13wpLfHa+pJzU
v4I6dqT/cD58Pr99QE4cUgnJE1FuOuKbYvVaT4ah3Ac1BWzRN0F4Gjy/84VfBl2N
Y6skjDilyCCcAxxs7ooY1aWPzC17mnqjGvKDNkm9Ioq9wDGYxsZKfDqIUwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFPH6H/d4Qcn8KtewpLft5Hi9FPKhMB8GA1UdIwQY
MBaAFFVINNqGAMlsX96RJ49SDmwNJv/zMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVlVnMDJvWUF5V3hmM3BFbmoxSU9iQTBtX19NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZS9jOGFhNGUtZGQwMS00YTFhLThjYzAt
ZWRmNDA5ZmVkZmNhLzEvOGZvZjkzaEJ5ZndxMTdDa3QtM2tlTDBVOHFFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZS9jOGFhNGUtZGQwMS00YTFhLThjYzAtZWRmNDA5ZmVkZmNh
LzEvVlVnMDJvWUF5V3hmM3BFbmoxSU9iQTBtX19NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgtpgQER
MA0GCSqGSIb3DQEBCwUAA4IBAQBOpP/62dkHq5FHDZ/XL56lo4kmd74lmxhXwkl4
0XCd7lvWwn47QlotpqEoJL0IIhshAi68vsitfi31NEhsyfUCedrjGlBnFH72gWE9
tkkP0XHbth9bHs9vQLuszqYJ3AVh3hkfzuYLz3zVb5JMGNRtxzex7bMdQhQf/yAo
0+2AWYKXYnp0q/1WYAMRVUpQlQWPnUIaQnXncsv9u1UCxX3qiKNRvA4foXRK5nep
BBibgQkKDZhYOS4+SXnGhEPJTBaOmqz9SpOt4/irSmo5/mikZRkFZPvuAP1j1IIi
V9jTrkCGwg6E1fFVGevnyXSBZs5V8b7GSoo+MzJLjJ4HqfgD
-----END CERTIFICATE-----