Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f4/d0c38d-9f02-418b-96b2-fb3111dbd1ca/1/uJrupPlV0TuAxsM7Yezc0lvFtvQ.roa
File:                     uJrupPlV0TuAxsM7Yezc0lvFtvQ.roa (raw, json)
Hash identifier:          zjqfplB2jtSi/5nKhDu31J1mMkLaG/4MZV1txaGrR6E=
Subject key identifier:   B8:9A:EE:A4:F9:55:D1:3B:80:C6:C3:3B:61:EC:DC:D2:5B:C5:B6:F4
Certificate issuer:       /CN=8b6f4880038d55ab98d7cb66dfcfa897b7ba11e8
Certificate serial:       019420D627B9049FB030CA444F5B6D4064DE
Authority key identifier: 8B:6F:48:80:03:8D:55:AB:98:D7:CB:66:DF:CF:A8:97:B7:BA:11:E8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i29IgAONVauY18tm38-ol7e6Eeg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f4/d0c38d-9f02-418b-96b2-fb3111dbd1ca/1/uJrupPlV0TuAxsM7Yezc0lvFtvQ.roa
Signing time:             Wed 01 Jan 2025 07:48:13 +0000
ROA not before:           Wed 01 Jan 2025 07:48:13 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     203045
IP address blocks:        2001:678:140::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f4/d0c38d-9f02-418b-96b2-fb3111dbd1ca/1/i29IgAONVauY18tm38-ol7e6Eeg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f4/d0c38d-9f02-418b-96b2-fb3111dbd1ca/1/i29IgAONVauY18tm38-ol7e6Eeg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i29IgAONVauY18tm38-ol7e6Eeg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d6:27:b9:04:9f:b0:30:ca:44:4f:5b:6d:40:64:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6f4880038d55ab98d7cb66dfcfa897b7ba11e8
        Validity
            Not Before: Jan  1 07:48:13 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b89aeea4f955d13b80c6c33b61ecdcd25bc5b6f4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:5c:eb:7a:4e:64:56:33:10:6b:ab:46:fd:3e:
                    22:26:e3:45:ef:28:b1:a0:fc:60:d0:0c:d7:3e:4c:
                    b1:fb:8a:79:13:ab:66:a9:c0:c1:d9:b6:1a:6f:2c:
                    eb:dc:cb:4b:cf:ad:e7:68:0e:aa:43:bb:19:05:fc:
                    4b:42:c3:ab:96:4a:c6:1a:16:05:d7:bd:0d:45:72:
                    cf:4e:66:fb:fd:14:83:05:a3:2b:45:12:50:d1:b4:
                    d3:69:8d:46:0c:23:80:37:d1:28:d3:e9:29:9f:8e:
                    a9:40:68:f9:77:c7:4a:9c:10:23:0a:7e:c7:e6:1f:
                    45:3f:cf:ad:85:96:61:ac:66:e5:7c:7e:cb:45:db:
                    61:64:13:34:a7:f7:ff:38:29:e0:27:28:31:3a:d6:
                    48:84:35:b9:3d:ba:fa:99:0f:da:d6:87:b0:83:7a:
                    9c:98:08:1e:70:3d:73:00:cd:03:67:a8:f1:a7:d6:
                    72:a7:0d:d9:68:97:d4:dd:15:14:b9:d2:48:60:ca:
                    f3:8f:97:a8:90:57:10:77:ba:7d:0f:0c:2d:6c:5e:
                    35:de:74:4f:a9:c4:c3:b9:eb:4d:09:1f:60:e5:90:
                    34:1d:3a:33:d8:d6:6b:6a:e7:42:fe:63:c2:be:c2:
                    08:9f:90:29:bf:7e:44:14:f9:58:8e:96:33:ba:c6:
                    2c:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:9A:EE:A4:F9:55:D1:3B:80:C6:C3:3B:61:EC:DC:D2:5B:C5:B6:F4
            X509v3 Authority Key Identifier:
                keyid:8B:6F:48:80:03:8D:55:AB:98:D7:CB:66:DF:CF:A8:97:B7:BA:11:E8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i29IgAONVauY18tm38-ol7e6Eeg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f4/d0c38d-9f02-418b-96b2-fb3111dbd1ca/1/uJrupPlV0TuAxsM7Yezc0lvFtvQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f4/d0c38d-9f02-418b-96b2-fb3111dbd1ca/1/i29IgAONVauY18tm38-ol7e6Eeg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:140::/48

    Signature Algorithm: sha256WithRSAEncryption
         af:40:e4:5d:3d:8f:0d:e4:ac:80:71:22:0f:45:f2:46:df:b7:
         05:5d:b9:40:50:c3:7e:e1:5f:e5:9f:d9:7f:1d:9a:77:20:cd:
         0a:57:e3:01:92:96:ab:d6:ef:d1:92:04:41:df:db:e0:e7:f6:
         c6:5e:37:ec:5f:f8:eb:11:9a:cc:cc:41:82:10:96:45:7b:fd:
         8c:42:10:17:e6:54:32:c8:3c:5e:23:c2:ea:b6:5b:10:e9:c7:
         1a:67:ba:67:68:2d:cd:a7:05:66:f3:be:71:ce:2b:42:c9:e3:
         9b:9a:8f:bd:de:b2:2f:4c:69:1c:68:28:64:bd:e3:b5:41:02:
         34:15:4b:59:bb:26:8f:7d:8e:68:8f:0a:eb:aa:cd:80:7f:ca:
         eb:cd:a9:e7:13:bb:de:97:f4:e0:d8:a2:ca:2d:17:16:48:58:
         e8:39:89:51:0f:48:9e:b6:68:38:d2:63:b2:e9:d4:33:75:e6:
         2e:2d:07:20:ec:66:5c:82:3c:b3:34:14:9c:1f:6c:5a:8b:a5:
         34:2f:52:16:93:c9:89:dd:c1:67:ee:7d:1b:1f:12:78:d8:ab:
         7b:9c:56:37:c3:90:2d:b1:25:e0:88:e8:3f:32:fa:14:7e:f5:
         5d:22:09:bb:be:59:23:c8:b6:38:4b:a9:b0:1f:7f:16:3b:8a:
         78:ce:50:fb
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQg1ie5BJ+wMMpET1ttQGTeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiNmY0ODgwMDM4ZDU1YWI5OGQ3Y2I2NmRmY2ZhODk3Yjdi
YTExZTgwHhcNMjUwMTAxMDc0ODEzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiODlhZWVhNGY5NTVkMTNiODBjNmMzM2I2MWVjZGNkMjViYzViNmY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqlzrek5kVjMQa6tG/T4iJuNF7yix
oPxg0AzXPkyx+4p5E6tmqcDB2bYabyzr3MtLz63naA6qQ7sZBfxLQsOrlkrGGhYF
170NRXLPTmb7/RSDBaMrRRJQ0bTTaY1GDCOAN9Eo0+kpn46pQGj5d8dKnBAjCn7H
5h9FP8+thZZhrGblfH7LRdthZBM0p/f/OCngJygxOtZIhDW5Pbr6mQ/a1oewg3qc
mAgecD1zAM0DZ6jxp9Zypw3ZaJfU3RUUudJIYMrzj5eokFcQd7p9DwwtbF413nRP
qcTDuetNCR9g5ZA0HToz2NZraudC/mPCvsIIn5Apv35EFPlYjpYzusYsUQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFLia7qT5VdE7gMbDO2Hs3NJbxbb0MB8GA1UdIwQY
MBaAFItvSIADjVWrmNfLZt/PqJe3uhHoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTI5SWdBT05WYXVZMTh0bTM4LW9sN2U2RWVnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNC9kMGMzOGQtOWYwMi00MThiLTk2YjIt
ZmIzMTExZGJkMWNhLzEvdUpydXBQbFYwVHVBeHNNN1llemMwbHZGdHZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNC9kMGMzOGQtOWYwMi00MThiLTk2YjItZmIzMTExZGJkMWNh
LzEvaTI5SWdBT05WYXVZMTh0bTM4LW9sN2U2RWVnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeAFA
MA0GCSqGSIb3DQEBCwUAA4IBAQCvQORdPY8N5KyAcSIPRfJG37cFXblAUMN+4V/l
n9l/HZp3IM0KV+MBkpar1u/RkgRB39vg5/bGXjfsX/jrEZrMzEGCEJZFe/2MQhAX
5lQyyDxeI8LqtlsQ6ccaZ7pnaC3NpwVm875xzitCyeObmo+93rIvTGkcaChkveO1
QQI0FUtZuyaPfY5ojwrrqs2Af8rrzannE7vel/Tg2KLKLRcWSFjoOYlRD0ietmg4
0mOy6dQzdeYuLQcg7GZcgjyzNBScH2xai6U0L1IWk8mJ3cFn7n0bHxJ42Kt7nFY3
w5AtsSXgiOg/MvoUfvVdIgm7vlkjyLY4S6mwH38WO4p4zlD7
-----END CERTIFICATE-----