Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f7/97c353-0c36-4066-a56b-139a496cd59c/1/0i_jhQqN2iNg5AEP50J1N6ocU14.roa
File:                     0i_jhQqN2iNg5AEP50J1N6ocU14.roa (raw, json)
Hash identifier:          dte6GhHBF0dhj/nHMGGQvO/MzVf6vGP1TT8x/x47jYs=
Subject key identifier:   D2:2F:E3:85:0A:8D:DA:23:60:E4:01:0F:E7:42:75:37:AA:1C:53:5E
Certificate issuer:       /CN=d24322b2d0a794fd076b85e8dc578abb0d03ec40
Certificate serial:       019426D9D02DF292BBA7B494523125A2F473
Authority key identifier: D2:43:22:B2:D0:A7:94:FD:07:6B:85:E8:DC:57:8A:BB:0D:03:EC:40
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0kMistCnlP0Ha4Xo3FeKuw0D7EA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f7/97c353-0c36-4066-a56b-139a496cd59c/1/0i_jhQqN2iNg5AEP50J1N6ocU14.roa
Signing time:             Thu 02 Jan 2025 11:49:56 +0000
ROA not before:           Thu 02 Jan 2025 11:49:56 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8434
IP address blocks:        2001:67c:21e4::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f7/97c353-0c36-4066-a56b-139a496cd59c/1/0kMistCnlP0Ha4Xo3FeKuw0D7EA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f7/97c353-0c36-4066-a56b-139a496cd59c/1/0kMistCnlP0Ha4Xo3FeKuw0D7EA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0kMistCnlP0Ha4Xo3FeKuw0D7EA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 14 Apr 2025 05:01:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:d0:2d:f2:92:bb:a7:b4:94:52:31:25:a2:f4:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d24322b2d0a794fd076b85e8dc578abb0d03ec40
        Validity
            Not Before: Jan  2 11:49:56 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d22fe3850a8dda2360e4010fe7427537aa1c535e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:5d:0f:f1:e9:1c:82:01:07:a1:44:8f:33:f8:
                    e9:69:3f:eb:23:d0:68:a2:9f:94:58:0d:41:3a:b9:
                    33:c3:dd:14:0f:e7:35:f1:f8:b8:42:39:f0:d1:d6:
                    30:71:f8:04:7e:ed:7e:51:c6:15:07:76:78:6d:b2:
                    c0:e8:ad:c0:88:31:05:5d:7b:dd:30:27:22:7c:e9:
                    18:d6:6a:08:b7:65:8b:da:36:3b:fd:eb:29:0b:4a:
                    4c:02:0f:a9:d5:9d:36:17:33:f9:14:19:2b:d1:d0:
                    cb:d2:19:7b:7f:c8:49:16:72:06:79:ae:2f:8d:c0:
                    17:48:45:b3:20:47:26:bb:9b:92:30:84:d5:09:83:
                    cf:8b:f7:bf:e9:5f:9c:c1:07:a1:e4:82:54:20:6a:
                    3c:63:50:9c:0d:c1:23:ce:30:9a:e3:38:18:b1:dd:
                    6b:43:8b:07:20:6e:c3:3a:b1:db:b6:69:63:6e:03:
                    6e:72:d7:1a:9c:dc:96:80:1b:ec:8a:f5:c5:19:be:
                    fa:8b:dc:49:40:6e:0d:ef:46:ab:25:0e:b4:d6:bc:
                    58:85:75:f9:ba:a4:ad:15:0c:7a:f1:ac:29:6a:a4:
                    f6:de:0b:17:28:55:fa:be:58:28:e1:95:f6:32:b8:
                    c2:26:b7:05:8d:04:5b:c5:c8:17:61:20:2e:44:e5:
                    ca:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:2F:E3:85:0A:8D:DA:23:60:E4:01:0F:E7:42:75:37:AA:1C:53:5E
            X509v3 Authority Key Identifier:
                keyid:D2:43:22:B2:D0:A7:94:FD:07:6B:85:E8:DC:57:8A:BB:0D:03:EC:40

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0kMistCnlP0Ha4Xo3FeKuw0D7EA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/97c353-0c36-4066-a56b-139a496cd59c/1/0i_jhQqN2iNg5AEP50J1N6ocU14.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/97c353-0c36-4066-a56b-139a496cd59c/1/0kMistCnlP0Ha4Xo3FeKuw0D7EA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:21e4::/48

    Signature Algorithm: sha256WithRSAEncryption
         3a:f1:f1:7d:0d:6b:6c:36:47:c9:e7:e4:66:dc:0d:94:6c:0a:
         c6:c9:ab:e4:f9:b1:3f:32:63:aa:ca:a4:c5:c1:17:be:1c:f7:
         f9:38:1e:84:af:fa:2d:83:bc:84:28:6f:43:e7:ec:b8:81:bb:
         76:e9:81:f3:4b:4a:70:6b:5e:e6:f5:8e:b9:35:23:b3:55:5b:
         84:0a:04:0e:e8:0c:71:65:ad:ca:de:34:37:93:c6:90:6f:90:
         d9:77:89:c0:65:5c:ce:c7:d9:31:e2:d4:b6:6c:83:a6:a9:ca:
         f4:aa:22:10:0e:f3:64:0a:93:c3:ef:7f:e6:ed:d0:7d:a2:8b:
         c2:79:ed:36:04:8b:f3:8c:06:df:2a:61:48:50:7d:5b:dd:fc:
         97:d1:c2:2e:95:ae:17:7c:c8:c4:37:93:25:d7:cc:67:1b:d4:
         32:a2:06:58:66:cb:09:ac:24:3e:77:07:ab:a9:76:9b:9a:e7:
         92:25:93:eb:69:11:21:d2:7f:63:57:28:a5:4b:4c:d9:55:ce:
         cf:13:0a:5c:25:44:79:6a:15:2d:cd:ed:6a:4f:6e:fa:cb:cc:
         c5:ac:df:32:73:e9:a9:f4:65:55:65:ea:d6:36:15:b9:ec:51:
         93:37:aa:62:27:59:93:88:a2:65:84:93:3f:2c:8f:8c:00:aa:
         59:bd:69:37
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQm2dAt8pK7p7SUUjElovRzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQyNDMyMmIyZDBhNzk0ZmQwNzZiODVlOGRjNTc4YWJiMGQw
M2VjNDAwHhcNMjUwMTAyMTE0OTU2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMjJmZTM4NTBhOGRkYTIzNjBlNDAxMGZlNzQyNzUzN2FhMWM1MzVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAul0P8ekcggEHoUSPM/jpaT/rI9Bo
op+UWA1BOrkzw90UD+c18fi4Qjnw0dYwcfgEfu1+UcYVB3Z4bbLA6K3AiDEFXXvd
MCcifOkY1moIt2WL2jY7/espC0pMAg+p1Z02FzP5FBkr0dDL0hl7f8hJFnIGea4v
jcAXSEWzIEcmu5uSMITVCYPPi/e/6V+cwQeh5IJUIGo8Y1CcDcEjzjCa4zgYsd1r
Q4sHIG7DOrHbtmljbgNuctcanNyWgBvsivXFGb76i9xJQG4N70arJQ601rxYhXX5
uqStFQx68awpaqT23gsXKFX6vlgo4ZX2MrjCJrcFjQRbxcgXYSAuROXKNwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFNIv44UKjdojYOQBD+dCdTeqHFNeMB8GA1UdIwQY
MBaAFNJDIrLQp5T9B2uF6NxXirsNA+xAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMGtNaXN0Q25sUDBIYTRYbzNGZUt1dzBEN0VBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNy85N2MzNTMtMGMzNi00MDY2LWE1NmIt
MTM5YTQ5NmNkNTljLzEvMGlfamhRcU4yaU5nNUFFUDUwSjFONm9jVTE0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNy85N2MzNTMtMGMzNi00MDY2LWE1NmItMTM5YTQ5NmNkNTlj
LzEvMGtNaXN0Q25sUDBIYTRYbzNGZUt1dzBEN0VBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfCHk
MA0GCSqGSIb3DQEBCwUAA4IBAQA68fF9DWtsNkfJ5+Rm3A2UbArGyavk+bE/MmOq
yqTFwRe+HPf5OB6Er/otg7yEKG9D5+y4gbt26YHzS0pwa17m9Y65NSOzVVuECgQO
6AxxZa3K3jQ3k8aQb5DZd4nAZVzOx9kx4tS2bIOmqcr0qiIQDvNkCpPD73/m7dB9
oovCee02BIvzjAbfKmFIUH1b3fyX0cIula4XfMjEN5Ml18xnG9QyogZYZssJrCQ+
dwerqXabmueSJZPraREh0n9jVyilS0zZVc7PEwpcJUR5ahUtze1qT276y8zFrN8y
c+mp9GVVZerWNhW57FGTN6piJ1mTiKJlhJM/LI+MAKpZvWk3
-----END CERTIFICATE-----