Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/685b5a-fa27-41ec-adf9-9df2f79bef10/1/omiVo8lJOxBO3d2eFDOX09spiwY.roa
File:                     omiVo8lJOxBO3d2eFDOX09spiwY.roa (raw, json)
Hash identifier:          3VKQ20p2zglj9J79jWC9kZRYgl/DejI2kMckcoXVkGA=
Subject key identifier:   A2:68:95:A3:C9:49:3B:10:4E:DD:DD:9E:14:33:97:D3:DB:29:8B:06
Certificate issuer:       /CN=b249ae69b3a72ec2e6e9adb99090d812a1d29951
Certificate serial:       019423D6E9C8FFF44A861760BFF16FF73BAA
Authority key identifier: B2:49:AE:69:B3:A7:2E:C2:E6:E9:AD:B9:90:90:D8:12:A1:D2:99:51
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/skmuabOnLsLm6a25kJDYEqHSmVE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fd/685b5a-fa27-41ec-adf9-9df2f79bef10/1/omiVo8lJOxBO3d2eFDOX09spiwY.roa
Signing time:             Wed 01 Jan 2025 21:47:54 +0000
ROA not before:           Wed 01 Jan 2025 21:47:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     51531
IP address blocks:        2001:67c:4::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fd/685b5a-fa27-41ec-adf9-9df2f79bef10/1/skmuabOnLsLm6a25kJDYEqHSmVE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fd/685b5a-fa27-41ec-adf9-9df2f79bef10/1/skmuabOnLsLm6a25kJDYEqHSmVE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/skmuabOnLsLm6a25kJDYEqHSmVE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 19 Apr 2025 00:01:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d6:e9:c8:ff:f4:4a:86:17:60:bf:f1:6f:f7:3b:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b249ae69b3a72ec2e6e9adb99090d812a1d29951
        Validity
            Not Before: Jan  1 21:47:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a26895a3c9493b104edddd9e143397d3db298b06
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:79:e1:e1:94:69:dc:e4:19:50:09:8f:a8:98:
                    9f:38:62:2a:1a:1d:9f:ed:a2:0e:57:f7:dd:b3:40:
                    0d:50:c4:fc:cf:db:8a:48:26:a1:ca:85:14:d9:1b:
                    71:90:af:5c:98:14:50:0d:49:de:b2:06:d7:3b:e1:
                    df:e1:43:76:c5:d8:64:62:ef:a6:fc:4e:c9:80:b5:
                    99:43:a2:3b:49:75:e3:29:c0:0b:18:97:fd:f2:b0:
                    0e:f8:00:23:86:c9:4d:c6:a2:96:28:a9:ad:b2:18:
                    7d:e0:61:db:4d:0e:1f:6f:0c:20:ad:39:6d:c7:cd:
                    27:77:dc:56:16:db:b4:75:f7:1d:52:7c:45:20:22:
                    5a:d1:81:18:f2:68:33:73:0d:f5:65:d2:fe:c0:2f:
                    64:a4:a4:34:08:5c:67:49:04:03:e1:67:cf:50:e8:
                    1e:ec:c5:f4:29:71:06:a1:a7:58:2a:83:70:7a:7a:
                    82:dc:37:a7:79:b2:8a:5e:ec:07:ab:fd:c2:a5:ee:
                    00:45:4f:5b:e4:18:23:8c:15:29:dd:cc:04:5c:3d:
                    d2:17:45:f5:d6:e5:ec:11:dd:46:0e:2f:1b:c7:32:
                    a2:d2:33:1a:fb:52:f3:08:8e:fa:b2:12:1a:7c:78:
                    80:97:21:7d:7d:aa:8b:ea:63:f1:7c:91:56:cd:e4:
                    2f:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:68:95:A3:C9:49:3B:10:4E:DD:DD:9E:14:33:97:D3:DB:29:8B:06
            X509v3 Authority Key Identifier:
                keyid:B2:49:AE:69:B3:A7:2E:C2:E6:E9:AD:B9:90:90:D8:12:A1:D2:99:51

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/skmuabOnLsLm6a25kJDYEqHSmVE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/685b5a-fa27-41ec-adf9-9df2f79bef10/1/omiVo8lJOxBO3d2eFDOX09spiwY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/685b5a-fa27-41ec-adf9-9df2f79bef10/1/skmuabOnLsLm6a25kJDYEqHSmVE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:4::/48

    Signature Algorithm: sha256WithRSAEncryption
         8d:3a:11:5a:21:ed:0b:18:61:b9:ff:b7:ff:41:ce:7f:89:86:
         3b:12:4e:13:00:34:bc:f1:63:2c:9f:9f:a9:6b:14:2d:ab:70:
         a8:97:55:6b:33:bd:66:b3:99:0b:e2:04:f6:a9:e4:c3:29:a9:
         3c:ca:ea:41:66:8a:95:c3:07:5d:b5:8f:0f:6f:25:da:53:db:
         39:0d:e1:30:ef:35:de:99:51:fb:dc:3b:e2:a6:f1:9a:ef:a0:
         6c:d6:76:9a:a0:94:75:bf:ff:78:4f:d4:74:45:2d:3d:58:48:
         ef:3a:57:d5:33:bc:96:36:17:02:7d:c8:ef:07:6b:59:2d:9c:
         1b:50:4f:dd:96:1a:c7:57:db:11:f6:b5:72:4d:cd:5f:7f:cc:
         c9:72:91:15:5a:50:ea:ee:d9:47:25:90:ed:74:44:d3:7d:e8:
         27:c8:28:eb:e4:a5:af:f7:78:19:4e:07:5b:a0:0e:d3:8b:01:
         10:35:21:7d:ee:90:50:b1:b2:e7:3c:3a:23:a0:f1:ab:40:ca:
         6d:dd:b2:c2:de:72:3a:63:41:cf:69:03:3d:e6:4d:44:3b:d4:
         0d:6d:4a:58:23:74:ad:f1:70:a3:63:f8:b6:e8:0e:0c:3f:79:
         70:9c:66:d9:a5:6a:f3:11:58:49:bf:a0:50:9d:cd:91:f1:e5:
         10:22:2e:df
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQj1unI//RKhhdgv/Fv9zuqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIyNDlhZTY5YjNhNzJlYzJlNmU5YWRiOTkwOTBkODEyYTFk
Mjk5NTEwHhcNMjUwMTAxMjE0NzU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMjY4OTVhM2M5NDkzYjEwNGVkZGRkOWUxNDMzOTdkM2RiMjk4YjA2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj3nh4ZRp3OQZUAmPqJifOGIqGh2f
7aIOV/fds0ANUMT8z9uKSCahyoUU2RtxkK9cmBRQDUnesgbXO+Hf4UN2xdhkYu+m
/E7JgLWZQ6I7SXXjKcALGJf98rAO+AAjhslNxqKWKKmtshh94GHbTQ4fbwwgrTlt
x80nd9xWFtu0dfcdUnxFICJa0YEY8mgzcw31ZdL+wC9kpKQ0CFxnSQQD4WfPUOge
7MX0KXEGoadYKoNwenqC3DenebKKXuwHq/3Cpe4ARU9b5BgjjBUp3cwEXD3SF0X1
1uXsEd1GDi8bxzKi0jMa+1LzCI76shIafHiAlyF9faqL6mPxfJFWzeQv5wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFKJolaPJSTsQTt3dnhQzl9PbKYsGMB8GA1UdIwQY
MBaAFLJJrmmzpy7C5umtuZCQ2BKh0plRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc2ttdWFiT25Mc0xtNmEyNWtKRFlFcUhTbVZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC82ODViNWEtZmEyNy00MWVjLWFkZjkt
OWRmMmY3OWJlZjEwLzEvb21pVm84bEpPeEJPM2QyZUZET1gwOXNwaXdZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC82ODViNWEtZmEyNy00MWVjLWFkZjktOWRmMmY3OWJlZjEw
LzEvc2ttdWFiT25Mc0xtNmEyNWtKRFlFcUhTbVZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfAAE
MA0GCSqGSIb3DQEBCwUAA4IBAQCNOhFaIe0LGGG5/7f/Qc5/iYY7Ek4TADS88WMs
n5+paxQtq3Col1VrM71ms5kL4gT2qeTDKak8yupBZoqVwwddtY8PbyXaU9s5DeEw
7zXemVH73DvipvGa76Bs1naaoJR1v/94T9R0RS09WEjvOlfVM7yWNhcCfcjvB2tZ
LZwbUE/dlhrHV9sR9rVyTc1ff8zJcpEVWlDq7tlHJZDtdETTfegnyCjr5KWv93gZ
TgdboA7TiwEQNSF97pBQsbLnPDojoPGrQMpt3bLC3nI6Y0HPaQM95k1EO9QNbUpY
I3St8XCjY/i26A4MP3lwnGbZpWrzEVhJv6BQnc2R8eUQIi7f
-----END CERTIFICATE-----