Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/49/e3e40f-1505-42e9-96f1-fea74e81051a/1/EiOlPx07xu7VkFJ-Fp9Fuqy8TzU.roa
File:                     EiOlPx07xu7VkFJ-Fp9Fuqy8TzU.roa (raw, json)
Hash identifier:          YTkNQ57L/BsF8+52AnZs1f7V2wA4xa87/fYc1vwFoig=
Subject key identifier:   12:23:A5:3F:1D:3B:C6:EE:D5:90:52:7E:16:9F:45:BA:AC:BC:4F:35
Certificate issuer:       /CN=3fac68f91205c44e730336e600b6334f8c81e8c2
Certificate serial:       01965F380BB9EA8D0E6BF28281080C3DCB3C
Authority key identifier: 3F:AC:68:F9:12:05:C4:4E:73:03:36:E6:00:B6:33:4F:8C:81:E8:C2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P6xo-RIFxE5zAzbmALYzT4yB6MI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/49/e3e40f-1505-42e9-96f1-fea74e81051a/1/EiOlPx07xu7VkFJ-Fp9Fuqy8TzU.roa
Signing time:             Tue 22 Apr 2025 20:37:10 +0000
ROA not before:           Tue 22 Apr 2025 20:37:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     25761
IP address blocks:        170.62.253.0/24 maxlen: 24
                          2001:67c:fec::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/49/e3e40f-1505-42e9-96f1-fea74e81051a/1/P6xo-RIFxE5zAzbmALYzT4yB6MI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/49/e3e40f-1505-42e9-96f1-fea74e81051a/1/P6xo-RIFxE5zAzbmALYzT4yB6MI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P6xo-RIFxE5zAzbmALYzT4yB6MI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 28 Apr 2025 14:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:5f:38:0b:b9:ea:8d:0e:6b:f2:82:81:08:0c:3d:cb:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fac68f91205c44e730336e600b6334f8c81e8c2
        Validity
            Not Before: Apr 22 20:37:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1223a53f1d3bc6eed590527e169f45baacbc4f35
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:58:01:16:40:93:07:e7:00:b0:a4:5e:e1:14:
                    ee:ea:53:fa:eb:92:98:44:40:20:ed:41:2d:df:7e:
                    a8:06:87:65:35:f6:46:bf:40:8c:47:b7:bb:02:f0:
                    35:cf:ed:8d:72:25:d8:a9:b3:05:9b:03:68:d9:1c:
                    04:8e:8e:c5:7a:61:41:1a:ba:90:37:d4:6b:3e:ca:
                    af:4f:01:91:6a:73:48:60:56:0e:4a:8c:6d:90:ca:
                    92:b0:cd:87:b3:9d:d7:c8:62:ed:84:73:d2:67:b2:
                    56:6b:67:6f:0e:18:80:dc:d1:55:d9:d0:3c:82:9f:
                    5b:0b:82:1f:80:e4:84:61:26:b4:55:9a:59:78:bb:
                    a1:a3:d6:27:8f:f9:02:05:37:34:12:39:36:a3:28:
                    22:2e:48:32:ca:1b:99:f6:78:36:ca:e0:5f:05:79:
                    dc:06:9e:1f:43:fe:4a:ba:48:a4:ec:5d:ac:fe:3e:
                    05:78:31:c6:9e:58:72:b6:4b:ce:1e:d0:33:8b:db:
                    9d:42:43:6b:47:65:f8:92:c6:24:4a:2f:3e:73:97:
                    2e:44:08:18:18:a0:a8:b1:ad:bd:57:34:9a:3b:5c:
                    bb:52:71:d9:2c:90:06:2e:7c:8b:04:74:e5:c1:c3:
                    03:0b:24:da:d2:58:fd:f1:21:9b:4d:d1:4c:da:d7:
                    84:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                12:23:A5:3F:1D:3B:C6:EE:D5:90:52:7E:16:9F:45:BA:AC:BC:4F:35
            X509v3 Authority Key Identifier:
                keyid:3F:AC:68:F9:12:05:C4:4E:73:03:36:E6:00:B6:33:4F:8C:81:E8:C2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P6xo-RIFxE5zAzbmALYzT4yB6MI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/49/e3e40f-1505-42e9-96f1-fea74e81051a/1/EiOlPx07xu7VkFJ-Fp9Fuqy8TzU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/49/e3e40f-1505-42e9-96f1-fea74e81051a/1/P6xo-RIFxE5zAzbmALYzT4yB6MI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  170.62.253.0/24
                IPv6:
                  2001:67c:fec::/48

    Signature Algorithm: sha256WithRSAEncryption
         99:89:52:55:fa:98:f3:a4:8b:56:17:14:18:49:ed:88:76:9f:
         f8:3e:87:2a:08:9b:bf:c9:b9:69:5b:64:b6:cc:1f:9d:af:e8:
         26:1c:a4:5b:b5:06:f2:f8:07:18:bf:a9:35:42:ef:92:80:d0:
         60:ac:48:47:7c:cf:56:68:32:dc:86:1f:1a:d4:f8:6b:24:e0:
         5e:62:d6:01:5b:4f:f3:e2:46:62:03:43:89:81:65:b3:f2:1a:
         1e:79:37:4f:4f:ab:ea:2a:af:2f:72:aa:b8:63:d0:ae:f4:51:
         15:0e:d3:6a:73:c6:39:19:72:f0:03:38:c8:bc:6c:94:d4:62:
         25:c2:a0:71:98:23:71:40:5d:ee:ac:72:a1:ec:5e:1a:4f:cc:
         6c:f4:a5:81:a3:dc:91:56:a0:b6:7f:29:b6:6d:54:24:6e:56:
         76:e3:06:3a:3b:3e:0a:cf:6f:82:db:ad:70:5c:4a:74:67:3e:
         50:46:c2:50:99:10:af:a1:c2:90:61:03:97:ad:3c:00:99:20:
         05:9f:2c:c2:70:77:68:e4:d4:6f:0e:23:3c:8a:c5:3a:02:94:
         d0:9e:2b:4f:ab:4b:1c:94:2e:0c:e4:ad:eb:b1:5d:c2:6d:9d:
         5d:4f:3c:94:79:eb:09:f4:f5:e4:62:6e:14:9d:58:87:79:e1:
         35:99:c7:4c
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZZfOAu56o0Oa/KCgQgMPcs8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmYWM2OGY5MTIwNWM0NGU3MzAzMzZlNjAwYjYzMzRmOGM4
MWU4YzIwHhcNMjUwNDIyMjAzNzEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMjIzYTUzZjFkM2JjNmVlZDU5MDUyN2UxNjlmNDViYWFjYmM0ZjM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoVgBFkCTB+cAsKRe4RTu6lP665KY
REAg7UEt336oBodlNfZGv0CMR7e7AvA1z+2NciXYqbMFmwNo2RwEjo7FemFBGrqQ
N9RrPsqvTwGRanNIYFYOSoxtkMqSsM2Hs53XyGLthHPSZ7JWa2dvDhiA3NFV2dA8
gp9bC4IfgOSEYSa0VZpZeLuho9Ynj/kCBTc0Ejk2oygiLkgyyhuZ9ng2yuBfBXnc
Bp4fQ/5Kukik7F2s/j4FeDHGnlhytkvOHtAzi9udQkNrR2X4ksYkSi8+c5cuRAgY
GKCosa29VzSaO1y7UnHZLJAGLnyLBHTlwcMDCyTa0lj98SGbTdFM2teEjQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFBIjpT8dO8bu1ZBSfhafRbqsvE81MB8GA1UdIwQY
MBaAFD+saPkSBcROcwM25gC2M0+MgejCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDZ4by1SSUZ4RTV6QXpibUFMWXpUNHlCNk1JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OS9lM2U0MGYtMTUwNS00MmU5LTk2ZjEt
ZmVhNzRlODEwNTFhLzEvRWlPbFB4MDd4dTdWa0ZKLUZwOUZ1cXk4VHpVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OS9lM2U0MGYtMTUwNS00MmU5LTk2ZjEtZmVhNzRlODEwNTFh
LzEvUDZ4by1SSUZ4RTV6QXpibUFMWXpUNHlCNk1JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAqj79MA8E
AgACMAkDBwAgAQZ8D+wwDQYJKoZIhvcNAQELBQADggEBAJmJUlX6mPOki1YXFBhJ
7Yh2n/g+hyoIm7/JuWlbZLbMH52v6CYcpFu1BvL4Bxi/qTVC75KA0GCsSEd8z1Zo
MtyGHxrU+Gsk4F5i1gFbT/PiRmIDQ4mBZbPyGh55N09Pq+oqry9yqrhj0K70URUO
02pzxjkZcvADOMi8bJTUYiXCoHGYI3FAXe6scqHsXhpPzGz0pYGj3JFWoLZ/KbZt
VCRuVnbjBjo7PgrPb4LbrXBcSnRnPlBGwlCZEK+hwpBhA5etPACZIAWfLMJwd2jk
1G8OIzyKxToClNCeK0+rSxyULgzkreuxXcJtnV1PPJR56wn09eRibhSdWId54TWZ
x0w=
-----END CERTIFICATE-----