Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ec/e6812e-96a4-48b4-ab61-121ff46018f3/1/yFVTSR_CTrclIRPPye7JgJhB-BE.roa
File:                     yFVTSR_CTrclIRPPye7JgJhB-BE.roa (raw, json)
Hash identifier:          02rS4vnA9A+lQ0jM0xxD7zUGWNZmGUrpLvyYuEGWcEw=
Subject key identifier:   C8:55:53:49:1F:C2:4E:B7:25:21:13:CF:C9:EE:C9:80:98:41:F8:11
Certificate issuer:       /CN=667d377dd4c830c246cb48a934699699e4b37741
Certificate serial:       01941F8C1999E637C5FCB354943259D712C0
Authority key identifier: 66:7D:37:7D:D4:C8:30:C2:46:CB:48:A9:34:69:96:99:E4:B3:77:41
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Zn03fdTIMMJGy0ipNGmWmeSzd0E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ec/e6812e-96a4-48b4-ab61-121ff46018f3/1/yFVTSR_CTrclIRPPye7JgJhB-BE.roa
Signing time:             Wed 01 Jan 2025 01:47:42 +0000
ROA not before:           Wed 01 Jan 2025 01:47:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     1712
IP address blocks:        2a09:6847::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ec/e6812e-96a4-48b4-ab61-121ff46018f3/1/Zn03fdTIMMJGy0ipNGmWmeSzd0E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ec/e6812e-96a4-48b4-ab61-121ff46018f3/1/Zn03fdTIMMJGy0ipNGmWmeSzd0E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Zn03fdTIMMJGy0ipNGmWmeSzd0E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 22:00:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:19:99:e6:37:c5:fc:b3:54:94:32:59:d7:12:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=667d377dd4c830c246cb48a934699699e4b37741
        Validity
            Not Before: Jan  1 01:47:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c85553491fc24eb7252113cfc9eec9809841f811
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:1e:ce:ea:82:60:1b:18:5b:81:a7:44:1e:8c:
                    07:7e:a2:fc:32:74:f7:ff:5f:51:32:b5:c0:1d:66:
                    7e:b3:2b:50:52:7d:44:e4:b1:06:01:8d:8d:4e:0f:
                    91:de:2c:e4:41:e0:83:77:a9:61:ae:e5:7f:ec:cd:
                    69:e9:6b:e4:a4:ce:4f:35:87:88:4d:60:77:f7:83:
                    a5:1f:ea:ce:e3:82:62:c1:8d:65:6c:45:c6:2e:93:
                    e1:69:e6:12:cc:d4:26:01:69:f1:78:ff:0c:bd:0f:
                    c5:f4:93:86:80:d4:e9:64:4b:b1:5e:dc:0c:0d:55:
                    04:33:6c:da:37:5e:81:37:94:24:1b:86:27:6a:9e:
                    f4:05:6c:af:ea:b1:9d:fb:70:91:55:dd:38:ff:b6:
                    76:53:d1:25:34:9f:9c:1a:52:6f:ab:67:98:0e:39:
                    bd:ef:70:a0:71:45:4d:3c:b7:a5:42:39:37:ad:3c:
                    d4:c1:05:5d:6e:67:4e:bd:64:f8:ed:8a:1b:fe:48:
                    97:54:b4:45:a7:c4:75:97:c3:32:36:06:ec:00:71:
                    d1:8d:2e:00:4e:31:14:35:42:41:18:50:64:eb:9e:
                    d4:22:9a:7c:d9:dc:7d:21:d0:e6:33:30:e0:7a:d9:
                    97:b4:c9:61:58:ff:dc:e1:c5:35:e7:e5:ea:c0:00:
                    5a:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:55:53:49:1F:C2:4E:B7:25:21:13:CF:C9:EE:C9:80:98:41:F8:11
            X509v3 Authority Key Identifier:
                keyid:66:7D:37:7D:D4:C8:30:C2:46:CB:48:A9:34:69:96:99:E4:B3:77:41

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Zn03fdTIMMJGy0ipNGmWmeSzd0E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/e6812e-96a4-48b4-ab61-121ff46018f3/1/yFVTSR_CTrclIRPPye7JgJhB-BE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/e6812e-96a4-48b4-ab61-121ff46018f3/1/Zn03fdTIMMJGy0ipNGmWmeSzd0E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a09:6847::/32

    Signature Algorithm: sha256WithRSAEncryption
         5e:a9:48:e2:fd:1c:f3:79:bc:b7:ad:88:30:4e:99:a7:c1:a9:
         bb:ed:54:6b:13:a3:42:05:0a:97:10:38:db:5b:e7:53:f1:23:
         78:97:17:8a:c9:ba:83:0d:82:b2:3f:bf:4d:36:5a:ab:70:92:
         f0:2a:a9:ed:9c:5e:ec:b0:77:f6:c7:e7:b8:ef:4b:1c:01:72:
         3f:03:11:85:3f:11:bb:56:1b:2e:b6:79:3b:4e:fb:a7:c4:5e:
         05:7c:cc:11:d5:35:01:b0:16:09:fb:9f:27:c0:f1:5e:7b:61:
         93:30:2f:f3:79:bd:e2:65:bb:28:dd:29:03:1d:c8:41:b7:73:
         5b:03:74:77:f3:2e:f2:99:42:2b:70:64:3f:fa:f9:fc:0c:f4:
         2a:f9:de:cc:41:41:20:f0:20:9f:ef:45:a9:36:4b:67:0e:3c:
         ae:47:b2:e8:90:fc:6f:b2:7d:cb:8e:cd:9c:7d:ea:a8:33:31:
         da:3b:e9:e9:ea:5f:e8:77:e9:60:bd:1f:ab:48:b5:45:dc:06:
         f3:a5:89:3d:a2:95:21:f4:ff:21:eb:d5:a8:3e:a2:63:e9:46:
         79:ff:23:4c:32:5c:b7:49:3a:14:ad:15:02:10:cc:34:bf:67:
         91:09:53:62:ff:4b:cb:6b:7d:1e:a8:58:b2:a7:7a:bf:d9:65:
         36:57:58:8d
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQfjBmZ5jfF/LNUlDJZ1xLAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY2N2QzNzdkZDRjODMwYzI0NmNiNDhhOTM0Njk5Njk5ZTRi
Mzc3NDEwHhcNMjUwMTAxMDE0NzQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjODU1NTM0OTFmYzI0ZWI3MjUyMTEzY2ZjOWVlYzk4MDk4NDFmODExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwR7O6oJgGxhbgadEHowHfqL8MnT3
/19RMrXAHWZ+sytQUn1E5LEGAY2NTg+R3izkQeCDd6lhruV/7M1p6WvkpM5PNYeI
TWB394OlH+rO44JiwY1lbEXGLpPhaeYSzNQmAWnxeP8MvQ/F9JOGgNTpZEuxXtwM
DVUEM2zaN16BN5QkG4Ynap70BWyv6rGd+3CRVd04/7Z2U9ElNJ+cGlJvq2eYDjm9
73CgcUVNPLelQjk3rTzUwQVdbmdOvWT47Yob/kiXVLRFp8R1l8MyNgbsAHHRjS4A
TjEUNUJBGFBk657UIpp82dx9IdDmMzDgetmXtMlhWP/c4cU15+XqwABaQQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFMhVU0kfwk63JSETz8nuyYCYQfgRMB8GA1UdIwQY
MBaAFGZ9N33UyDDCRstIqTRplpnks3dBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWm4wM2ZkVElNTUpHeTBpcE5HbVdtZVN6ZDBFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYy9lNjgxMmUtOTZhNC00OGI0LWFiNjEt
MTIxZmY0NjAxOGYzLzEveUZWVFNSX0NUcmNsSVJQUHllN0pnSmhCLUJFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYy9lNjgxMmUtOTZhNC00OGI0LWFiNjEtMTIxZmY0NjAxOGYz
LzEvWm4wM2ZkVElNTUpHeTBpcE5HbVdtZVN6ZDBFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgloRzAN
BgkqhkiG9w0BAQsFAAOCAQEAXqlI4v0c83m8t62IME6Zp8Gpu+1UaxOjQgUKlxA4
21vnU/EjeJcXism6gw2Csj+/TTZaq3CS8Cqp7Zxe7LB39sfnuO9LHAFyPwMRhT8R
u1YbLrZ5O077p8ReBXzMEdU1AbAWCfufJ8DxXnthkzAv83m94mW7KN0pAx3IQbdz
WwN0d/Mu8plCK3BkP/r5/Az0KvnezEFBIPAgn+9FqTZLZw48rkey6JD8b7J9y47N
nH3qqDMx2jvp6epf6HfpYL0fq0i1RdwG86WJPaKVIfT/IevVqD6iY+lGef8jTDJc
t0k6FK0VAhDMNL9nkQlTYv9Ly2t9HqhYsqd6v9llNldYjQ==
-----END CERTIFICATE-----