Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ef/6107e4-4393-4cbe-a6c2-27c1a35976de/1/nlwD__Rr_Kz3vDBdg3j2YS8w3UU.roa
File:                     nlwD__Rr_Kz3vDBdg3j2YS8w3UU.roa (raw, json)
Hash identifier:          oYim5zXBclNnekk/jArnYzaiEFQpBbNaF9nzqE+fJWU=
Subject key identifier:   9E:5C:03:FF:F4:6B:FC:AC:F7:BC:30:5D:83:78:F6:61:2F:30:DD:45
Certificate issuer:       /CN=2940b694bba095344e4bdb99f51e1f1023be57ce
Certificate serial:       01941F8C60EA5465F3E2A9F2FE3A313721C7
Authority key identifier: 29:40:B6:94:BB:A0:95:34:4E:4B:DB:99:F5:1E:1F:10:23:BE:57:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KUC2lLuglTROS9uZ9R4fECO-V84.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ef/6107e4-4393-4cbe-a6c2-27c1a35976de/1/nlwD__Rr_Kz3vDBdg3j2YS8w3UU.roa
Signing time:             Wed 01 Jan 2025 01:48:01 +0000
ROA not before:           Wed 01 Jan 2025 01:48:01 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     50716
IP address blocks:        2a00:d8c0:100::/48 maxlen: 128
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ef/6107e4-4393-4cbe-a6c2-27c1a35976de/1/KUC2lLuglTROS9uZ9R4fECO-V84.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ef/6107e4-4393-4cbe-a6c2-27c1a35976de/1/KUC2lLuglTROS9uZ9R4fECO-V84.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KUC2lLuglTROS9uZ9R4fECO-V84.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 13:00:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:60:ea:54:65:f3:e2:a9:f2:fe:3a:31:37:21:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2940b694bba095344e4bdb99f51e1f1023be57ce
        Validity
            Not Before: Jan  1 01:48:01 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9e5c03fff46bfcacf7bc305d8378f6612f30dd45
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:29:30:22:6b:7f:49:a8:bc:00:42:91:af:06:
                    a5:8d:1e:cf:9a:81:ab:a5:0c:5a:cc:6d:37:50:49:
                    c6:d9:34:90:a4:24:22:a5:30:05:b3:a4:f8:bc:af:
                    73:11:00:a8:82:b0:6a:5f:88:be:d8:2a:67:ae:40:
                    0d:de:bf:e9:e3:7b:c9:dd:e4:99:9a:50:8d:13:a9:
                    20:dc:82:80:97:90:dd:a0:62:52:39:ff:b6:84:a2:
                    21:1c:85:c7:ea:18:08:7a:b4:bc:9b:e5:9b:30:89:
                    22:01:7f:86:21:17:75:94:b5:f9:a6:11:b6:5a:78:
                    f2:83:90:2a:5d:83:0f:81:6f:5c:6a:f0:9d:02:a5:
                    53:d7:a8:25:fd:a3:81:38:1d:48:63:99:9b:0c:8d:
                    0f:9c:de:02:d7:d8:ae:1c:7a:c7:22:f9:df:ff:20:
                    58:cf:af:1b:9c:3c:cb:eb:f7:cc:8e:52:ca:70:e9:
                    83:d8:73:07:8a:e7:36:6d:48:e5:2e:1d:64:ae:86:
                    40:4b:d3:9e:47:14:fa:7f:fc:af:37:50:f1:18:7e:
                    e9:3c:14:f2:c6:da:e4:3d:f7:61:f5:b7:c2:8a:a6:
                    51:94:a8:ff:51:4a:c8:86:1d:6d:39:46:a9:8f:5f:
                    79:21:46:49:78:9e:8a:c8:44:45:bc:e2:ee:85:0d:
                    b6:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:5C:03:FF:F4:6B:FC:AC:F7:BC:30:5D:83:78:F6:61:2F:30:DD:45
            X509v3 Authority Key Identifier:
                keyid:29:40:B6:94:BB:A0:95:34:4E:4B:DB:99:F5:1E:1F:10:23:BE:57:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KUC2lLuglTROS9uZ9R4fECO-V84.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/6107e4-4393-4cbe-a6c2-27c1a35976de/1/nlwD__Rr_Kz3vDBdg3j2YS8w3UU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/6107e4-4393-4cbe-a6c2-27c1a35976de/1/KUC2lLuglTROS9uZ9R4fECO-V84.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a00:d8c0:100::/48

    Signature Algorithm: sha256WithRSAEncryption
         0d:12:bb:33:c5:71:14:cf:b5:7d:ef:a6:94:80:f9:33:aa:c3:
         c8:76:92:3a:0c:e4:8d:d5:95:28:b5:fc:61:66:b2:b8:99:64:
         9e:68:d3:7a:d2:dc:a2:02:2c:34:95:15:4b:30:16:c5:ec:d9:
         e9:7d:bd:3c:25:c9:ee:41:d8:3d:d6:b0:aa:3b:7b:2f:1c:b2:
         08:e0:4d:85:e2:c0:62:c6:fd:61:da:ef:55:1e:5c:be:dc:43:
         00:3f:10:ac:54:14:e8:a0:c5:a2:e7:35:ff:ee:52:e9:f5:0a:
         73:31:3f:17:1b:ca:f8:05:f4:c6:4a:9a:3c:81:6c:69:2d:f6:
         19:25:ae:c4:30:8f:56:b7:51:c5:7a:87:13:c3:87:94:50:a7:
         fb:6c:b3:88:1e:2c:a3:d5:37:92:3e:5a:ef:9f:ef:77:88:57:
         a9:79:9d:3c:0a:af:c6:33:e1:60:83:32:92:30:e0:9c:53:b3:
         98:e2:f1:70:e8:1b:ec:59:bd:03:96:21:a5:d4:ec:2e:d1:fb:
         72:e2:c9:58:ea:0c:03:e7:de:a7:68:5e:b4:f7:db:a0:2f:15:
         dc:15:ab:1c:a2:ab:c6:b1:0f:bc:7d:ab:48:4c:5a:a0:3a:34:
         a7:74:b5:c1:60:01:27:cb:1b:49:1f:1c:e8:b0:b3:21:8c:57:
         c9:9f:43:02
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQfjGDqVGXz4qny/joxNyHHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5NDBiNjk0YmJhMDk1MzQ0ZTRiZGI5OWY1MWUxZjEwMjNi
ZTU3Y2UwHhcNMjUwMTAxMDE0ODAxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZTVjMDNmZmY0NmJmY2FjZjdiYzMwNWQ4Mzc4ZjY2MTJmMzBkZDQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnikwImt/Sai8AEKRrwaljR7PmoGr
pQxazG03UEnG2TSQpCQipTAFs6T4vK9zEQCogrBqX4i+2CpnrkAN3r/p43vJ3eSZ
mlCNE6kg3IKAl5DdoGJSOf+2hKIhHIXH6hgIerS8m+WbMIkiAX+GIRd1lLX5phG2
Wnjyg5AqXYMPgW9cavCdAqVT16gl/aOBOB1IY5mbDI0PnN4C19iuHHrHIvnf/yBY
z68bnDzL6/fMjlLKcOmD2HMHiuc2bUjlLh1kroZAS9OeRxT6f/yvN1DxGH7pPBTy
xtrkPfdh9bfCiqZRlKj/UUrIhh1tOUapj195IUZJeJ6KyERFvOLuhQ226wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFJ5cA//0a/ys97wwXYN49mEvMN1FMB8GA1UdIwQY
MBaAFClAtpS7oJU0TkvbmfUeHxAjvlfOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1VDMmxMdWdsVFJPUzl1WjlSNGZFQ08tVjg0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZi82MTA3ZTQtNDM5My00Y2JlLWE2YzIt
MjdjMWEzNTk3NmRlLzEvbmx3RF9fUnJfS3ozdkRCZGczajJZUzh3M1VVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZi82MTA3ZTQtNDM5My00Y2JlLWE2YzItMjdjMWEzNTk3NmRl
LzEvS1VDMmxMdWdsVFJPUzl1WjlSNGZFQ08tVjg0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgDYwAEA
MA0GCSqGSIb3DQEBCwUAA4IBAQANErszxXEUz7V976aUgPkzqsPIdpI6DOSN1ZUo
tfxhZrK4mWSeaNN60tyiAiw0lRVLMBbF7Nnpfb08JcnuQdg91rCqO3svHLII4E2F
4sBixv1h2u9VHly+3EMAPxCsVBTooMWi5zX/7lLp9QpzMT8XG8r4BfTGSpo8gWxp
LfYZJa7EMI9Wt1HFeocTw4eUUKf7bLOIHiyj1TeSPlrvn+93iFepeZ08Cq/GM+Fg
gzKSMOCcU7OY4vFw6BvsWb0DliGl1Owu0fty4slY6gwD596naF6099ugLxXcFasc
oqvGsQ+8fatITFqgOjSndLXBYAEnyxtJHxzosLMhjFfJn0MC
-----END CERTIFICATE-----