Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e4/a948f3-67d9-4f35-9e0d-bc6d1b3f86b9/1/WIaOxFihvMngyRoJ51mATU-OelM.roa
File:                     WIaOxFihvMngyRoJ51mATU-OelM.roa (raw, json)
Hash identifier:          yYmLv2domUt4Svy4VBfcVVdHWZ/TicTJ4cMQnZnE8zs=
Subject key identifier:   58:86:8E:C4:58:A1:BC:C9:E0:C9:1A:09:E7:59:80:4D:4F:8E:7A:53
Certificate issuer:       /CN=a3b47fa92b72c49ea0ac5371de353b1e271dc5d0
Certificate serial:       019420D5FE1D3FC8F8AA5DD8BF89BE7016A3
Authority key identifier: A3:B4:7F:A9:2B:72:C4:9E:A0:AC:53:71:DE:35:3B:1E:27:1D:C5:D0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/o7R_qStyxJ6grFNx3jU7HicdxdA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e4/a948f3-67d9-4f35-9e0d-bc6d1b3f86b9/1/WIaOxFihvMngyRoJ51mATU-OelM.roa
Signing time:             Wed 01 Jan 2025 07:48:02 +0000
ROA not before:           Wed 01 Jan 2025 07:48:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     58299
IP address blocks:        2001:678:d00::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e4/a948f3-67d9-4f35-9e0d-bc6d1b3f86b9/1/o7R_qStyxJ6grFNx3jU7HicdxdA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e4/a948f3-67d9-4f35-9e0d-bc6d1b3f86b9/1/o7R_qStyxJ6grFNx3jU7HicdxdA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/o7R_qStyxJ6grFNx3jU7HicdxdA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 11 Apr 2025 07:00:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d5:fe:1d:3f:c8:f8:aa:5d:d8:bf:89:be:70:16:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a3b47fa92b72c49ea0ac5371de353b1e271dc5d0
        Validity
            Not Before: Jan  1 07:48:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=58868ec458a1bcc9e0c91a09e759804d4f8e7a53
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:ce:68:57:fe:fc:bf:f3:ee:97:33:5a:b3:4a:
                    67:a5:74:1e:16:e5:94:37:50:7f:56:4c:5f:3e:34:
                    73:78:52:82:2b:20:ec:7b:df:12:86:a2:3d:6c:47:
                    fb:10:55:13:63:e8:4e:b5:20:28:f9:6b:0d:fe:2a:
                    d8:a2:85:9f:4a:e7:5e:b9:13:d6:21:6e:f0:61:88:
                    18:a3:a7:de:42:39:54:f4:45:75:98:37:bf:65:b9:
                    53:a0:9b:58:bd:57:ea:ab:0a:ef:a3:6f:79:85:ab:
                    1a:79:de:37:37:df:16:65:65:a5:15:6c:09:07:ae:
                    75:31:61:46:23:66:7c:1d:03:1f:51:d6:98:1f:a6:
                    b9:cf:75:fa:d7:6d:da:42:0a:1f:ac:c5:45:5f:e4:
                    7d:10:e4:71:46:b5:55:3a:c7:8c:ed:7f:c3:bb:5c:
                    56:54:0b:04:d8:16:de:2b:50:33:ff:e6:8e:34:c5:
                    dc:79:72:5c:d3:2e:74:c7:07:48:47:fa:65:00:d6:
                    5c:5a:61:e4:3f:66:5d:03:d0:4e:bc:14:44:ad:a5:
                    7f:87:e3:c3:70:1c:75:c3:52:fb:b3:e1:27:80:05:
                    6e:8a:f8:dd:8f:3c:1f:0b:6c:35:01:a9:5d:bf:a6:
                    66:9e:9a:19:cc:38:bb:64:19:17:2b:de:93:77:25:
                    cd:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:86:8E:C4:58:A1:BC:C9:E0:C9:1A:09:E7:59:80:4D:4F:8E:7A:53
            X509v3 Authority Key Identifier:
                keyid:A3:B4:7F:A9:2B:72:C4:9E:A0:AC:53:71:DE:35:3B:1E:27:1D:C5:D0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/o7R_qStyxJ6grFNx3jU7HicdxdA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/a948f3-67d9-4f35-9e0d-bc6d1b3f86b9/1/WIaOxFihvMngyRoJ51mATU-OelM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/a948f3-67d9-4f35-9e0d-bc6d1b3f86b9/1/o7R_qStyxJ6grFNx3jU7HicdxdA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:d00::/48

    Signature Algorithm: sha256WithRSAEncryption
         29:77:c5:31:66:d1:1e:39:e6:da:1c:e1:49:7e:21:76:f8:23:
         96:e0:49:82:57:c7:e4:0d:2c:24:fd:de:b7:dc:5e:9f:03:a2:
         7e:15:59:dd:13:d9:17:73:5d:a5:c2:3b:15:b8:a3:75:70:64:
         27:33:d5:e5:b4:48:91:a2:19:96:b5:c5:3b:0c:87:9d:1d:34:
         23:3c:39:b7:7d:85:1c:d6:15:62:50:9b:64:a6:32:9f:4d:79:
         f7:6d:83:a6:0a:f8:fa:e1:ee:c6:6e:8f:62:a9:a5:2a:7b:64:
         ae:50:f8:e3:dc:e3:14:e3:d3:f9:45:c5:60:05:ef:bc:ba:3b:
         42:0e:8d:a3:d4:96:36:dd:ba:52:b3:94:35:dd:43:73:da:b6:
         c1:3b:0b:4d:8d:f4:71:7d:bc:ca:46:51:c3:42:38:57:ad:ac:
         42:c0:4c:59:30:44:6e:e6:5c:be:9e:b1:1b:e3:d0:37:31:93:
         e2:3f:29:c3:44:7e:e3:29:1d:f5:25:6a:02:56:27:b4:90:02:
         7a:ea:24:c6:d8:f0:c3:9f:4c:98:64:f0:76:a0:7c:13:de:7f:
         32:71:cb:46:dd:27:c1:13:3b:5b:e5:13:68:35:da:d7:96:28:
         65:07:25:c1:3b:c4:30:54:3c:84:8a:c5:a3:00:1a:5e:c0:f8:
         f7:b1:e9:a1
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQg1f4dP8j4ql3Yv4m+cBajMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEzYjQ3ZmE5MmI3MmM0OWVhMGFjNTM3MWRlMzUzYjFlMjcx
ZGM1ZDAwHhcNMjUwMTAxMDc0ODAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ODg2OGVjNDU4YTFiY2M5ZTBjOTFhMDllNzU5ODA0ZDRmOGU3YTUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoc5oV/78v/PulzNas0pnpXQeFuWU
N1B/VkxfPjRzeFKCKyDse98ShqI9bEf7EFUTY+hOtSAo+WsN/irYooWfSudeuRPW
IW7wYYgYo6feQjlU9EV1mDe/ZblToJtYvVfqqwrvo295hasaed43N98WZWWlFWwJ
B651MWFGI2Z8HQMfUdaYH6a5z3X6123aQgofrMVFX+R9EORxRrVVOseM7X/Du1xW
VAsE2BbeK1Az/+aONMXceXJc0y50xwdIR/plANZcWmHkP2ZdA9BOvBREraV/h+PD
cBx1w1L7s+EngAVuivjdjzwfC2w1Aaldv6ZmnpoZzDi7ZBkXK96TdyXNZQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFFiGjsRYobzJ4MkaCedZgE1PjnpTMB8GA1UdIwQY
MBaAFKO0f6krcsSeoKxTcd41Ox4nHcXQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbzdSX3FTdHl4SjZnckZOeDNqVTdIaWNkeGRBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNC9hOTQ4ZjMtNjdkOS00ZjM1LTllMGQt
YmM2ZDFiM2Y4NmI5LzEvV0lhT3hGaWh2TW5neVJvSjUxbUFUVS1PZWxNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNC9hOTQ4ZjMtNjdkOS00ZjM1LTllMGQtYmM2ZDFiM2Y4NmI5
LzEvbzdSX3FTdHl4SjZnckZOeDNqVTdIaWNkeGRBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeA0A
MA0GCSqGSIb3DQEBCwUAA4IBAQApd8UxZtEeOebaHOFJfiF2+COW4EmCV8fkDSwk
/d633F6fA6J+FVndE9kXc12lwjsVuKN1cGQnM9XltEiRohmWtcU7DIedHTQjPDm3
fYUc1hViUJtkpjKfTXn3bYOmCvj64e7Gbo9iqaUqe2SuUPjj3OMU49P5RcVgBe+8
ujtCDo2j1JY23bpSs5Q13UNz2rbBOwtNjfRxfbzKRlHDQjhXraxCwExZMERu5ly+
nrEb49A3MZPiPynDRH7jKR31JWoCVie0kAJ66iTG2PDDn0yYZPB2oHwT3n8ycctG
3SfBEztb5RNoNdrXlihlByXBO8QwVDyEisWjABpewPj3semh
-----END CERTIFICATE-----