Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/01809b-42dd-4136-96b1-1fd10d8e075f/1/LhVPheiP2Wbqe7xFjCy9IQ_CSc0.roa
File:                     LhVPheiP2Wbqe7xFjCy9IQ_CSc0.roa (raw, json)
Hash identifier:          Jd5k/N8+tstl7PIZFFMbIYM8R6nDjGK5pnVrR8G85AA=
Subject key identifier:   2E:15:4F:85:E8:8F:D9:66:EA:7B:BC:45:8C:2C:BD:21:0F:C2:49:CD
Certificate issuer:       /CN=43c77b47363681378face466141d54cc88399cf5
Certificate serial:       01942369F77DCD2049CF1B893D9A773CCFD3
Authority key identifier: 43:C7:7B:47:36:36:81:37:8F:AC:E4:66:14:1D:54:CC:88:39:9C:F5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Q8d7RzY2gTePrORmFB1UzIg5nPU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fa/01809b-42dd-4136-96b1-1fd10d8e075f/1/LhVPheiP2Wbqe7xFjCy9IQ_CSc0.roa
Signing time:             Wed 01 Jan 2025 19:48:54 +0000
ROA not before:           Wed 01 Jan 2025 19:48:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     200924
IP address blocks:        2001:678:a7c::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fa/01809b-42dd-4136-96b1-1fd10d8e075f/1/Q8d7RzY2gTePrORmFB1UzIg5nPU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fa/01809b-42dd-4136-96b1-1fd10d8e075f/1/Q8d7RzY2gTePrORmFB1UzIg5nPU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Q8d7RzY2gTePrORmFB1UzIg5nPU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 14 Apr 2025 17:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:69:f7:7d:cd:20:49:cf:1b:89:3d:9a:77:3c:cf:d3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=43c77b47363681378face466141d54cc88399cf5
        Validity
            Not Before: Jan  1 19:48:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2e154f85e88fd966ea7bbc458c2cbd210fc249cd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:30:ee:40:90:44:bc:09:8d:be:58:79:e5:7e:
                    c3:83:66:3e:3e:03:2f:48:35:8d:83:0d:00:17:00:
                    61:d5:b6:00:9d:ec:e6:98:a5:8a:a5:f3:7e:20:f2:
                    19:92:be:89:eb:4a:64:de:82:d8:1c:1c:d6:2b:f1:
                    3e:b2:d0:5c:9c:b4:8d:68:03:b3:82:f2:c0:72:75:
                    30:b0:44:86:c1:a7:e5:2b:cd:8d:e9:76:20:fa:90:
                    64:e0:83:db:50:50:47:27:ae:cd:34:c2:59:09:3e:
                    5e:9b:0b:c8:cf:4b:4e:62:af:b1:bb:dd:47:8e:13:
                    f2:3a:3d:5d:a9:05:06:80:71:8c:37:1a:9d:52:3f:
                    6c:ea:d7:19:c7:97:66:4b:f8:f2:07:91:a1:a9:17:
                    a9:1b:6a:e9:22:4d:ab:10:da:be:51:3f:a3:c0:7d:
                    eb:bf:23:fa:fe:fc:8a:38:40:9e:9b:a8:ea:84:cf:
                    ea:0b:a4:8d:dc:b6:74:93:b8:ca:46:40:f3:47:84:
                    d7:fb:09:5b:4d:9a:ea:a1:f9:0b:71:fe:fa:6b:9a:
                    6c:f2:49:4c:b1:d5:b3:47:38:73:38:bb:93:2e:49:
                    60:c7:c2:3e:a3:0e:9b:b4:43:c7:de:0f:0a:30:08:
                    39:fd:9d:69:15:29:71:62:65:60:85:61:cf:78:70:
                    a5:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:15:4F:85:E8:8F:D9:66:EA:7B:BC:45:8C:2C:BD:21:0F:C2:49:CD
            X509v3 Authority Key Identifier:
                keyid:43:C7:7B:47:36:36:81:37:8F:AC:E4:66:14:1D:54:CC:88:39:9C:F5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Q8d7RzY2gTePrORmFB1UzIg5nPU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/01809b-42dd-4136-96b1-1fd10d8e075f/1/LhVPheiP2Wbqe7xFjCy9IQ_CSc0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/01809b-42dd-4136-96b1-1fd10d8e075f/1/Q8d7RzY2gTePrORmFB1UzIg5nPU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:a7c::/48

    Signature Algorithm: sha256WithRSAEncryption
         70:32:b5:8c:b6:99:3c:71:a8:bb:a3:9e:c5:19:48:14:c2:a2:
         67:61:7b:3d:26:52:78:72:16:f5:87:b9:ae:08:4b:63:17:ac:
         cb:81:77:c0:4b:8a:3d:b9:0d:be:80:9b:ee:12:3e:6d:f1:8a:
         19:75:3d:71:6f:a6:6f:a8:a3:f0:1f:00:2b:e0:89:e6:e4:e8:
         9b:35:7e:ad:4d:86:45:ad:c4:6c:85:a5:c3:4e:01:3e:75:9c:
         35:d8:8d:e1:98:f3:7b:35:3a:70:ae:cf:09:54:9e:ed:2f:2e:
         a5:c3:2b:52:b9:f9:ac:d1:59:42:c6:0c:f6:bb:f5:26:85:9c:
         d1:e0:b9:b2:80:ec:73:16:05:55:b1:d7:1a:61:95:e4:95:e5:
         2d:6a:08:3c:a4:c2:c1:6d:fc:af:67:1d:09:f2:c9:05:99:48:
         41:91:ca:46:17:ba:2d:3d:a2:58:13:d6:37:16:81:3d:b9:a2:
         58:cc:6a:91:24:64:6d:b3:82:31:54:d4:7e:67:4b:f3:1c:e2:
         f1:01:e4:b5:25:7f:b1:8f:e2:88:3d:e2:47:4e:1c:a0:95:63:
         9c:7d:bc:6e:71:10:c5:73:24:f9:fd:02:a1:9b:49:b7:43:50:
         e3:be:e3:85:b4:2b:f4:5c:77:4d:dd:00:58:b1:98:20:9c:dc:
         f6:52:95:e0
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQjafd9zSBJzxuJPZp3PM/TMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQzYzc3YjQ3MzYzNjgxMzc4ZmFjZTQ2NjE0MWQ1NGNjODgz
OTljZjUwHhcNMjUwMTAxMTk0ODU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZTE1NGY4NWU4OGZkOTY2ZWE3YmJjNDU4YzJjYmQyMTBmYzI0OWNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAszDuQJBEvAmNvlh55X7Dg2Y+PgMv
SDWNgw0AFwBh1bYAnezmmKWKpfN+IPIZkr6J60pk3oLYHBzWK/E+stBcnLSNaAOz
gvLAcnUwsESGwaflK82N6XYg+pBk4IPbUFBHJ67NNMJZCT5emwvIz0tOYq+xu91H
jhPyOj1dqQUGgHGMNxqdUj9s6tcZx5dmS/jyB5GhqRepG2rpIk2rENq+UT+jwH3r
vyP6/vyKOECem6jqhM/qC6SN3LZ0k7jKRkDzR4TX+wlbTZrqofkLcf76a5ps8klM
sdWzRzhzOLuTLklgx8I+ow6btEPH3g8KMAg5/Z1pFSlxYmVghWHPeHClWQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFC4VT4Xoj9lm6nu8RYwsvSEPwknNMB8GA1UdIwQY
MBaAFEPHe0c2NoE3j6zkZhQdVMyIOZz1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUThkN1J6WTJnVGVQck9SbUZCMVV6SWc1blBVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS8wMTgwOWItNDJkZC00MTM2LTk2YjEt
MWZkMTBkOGUwNzVmLzEvTGhWUGhlaVAyV2JxZTd4RmpDeTlJUV9DU2MwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS8wMTgwOWItNDJkZC00MTM2LTk2YjEtMWZkMTBkOGUwNzVm
LzEvUThkN1J6WTJnVGVQck9SbUZCMVV6SWc1blBVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeAp8
MA0GCSqGSIb3DQEBCwUAA4IBAQBwMrWMtpk8cai7o57FGUgUwqJnYXs9JlJ4chb1
h7muCEtjF6zLgXfAS4o9uQ2+gJvuEj5t8YoZdT1xb6ZvqKPwHwAr4Inm5OibNX6t
TYZFrcRshaXDTgE+dZw12I3hmPN7NTpwrs8JVJ7tLy6lwytSufms0VlCxgz2u/Um
hZzR4LmygOxzFgVVsdcaYZXkleUtagg8pMLBbfyvZx0J8skFmUhBkcpGF7otPaJY
E9Y3FoE9uaJYzGqRJGRts4IxVNR+Z0vzHOLxAeS1JX+xj+KIPeJHThyglWOcfbxu
cRDFcyT5/QKhm0m3Q1DjvuOFtCv0XHdN3QBYsZggnNz2UpXg
-----END CERTIFICATE-----