Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/6c78da-bded-41a9-b508-302ce1bc99c0/1/1FW1XbyYUs66xbKImXHkiZU-xAA.roa
File:                     1FW1XbyYUs66xbKImXHkiZU-xAA.roa (raw, json)
Hash identifier:          DA26l55wpmFxpEPwr1TEVKDAhIdZwBFIGz/j/ljF/kM=
Subject key identifier:   D4:55:B5:5D:BC:98:52:CE:BA:C5:B2:88:99:71:E4:89:95:3E:C4:00
Certificate issuer:       /CN=c1c20fbc48fa59a7d8dea57908f350a1b97459df
Certificate serial:       01975E1B9E5D3E09055CA3161ABF88BA78B2
Authority key identifier: C1:C2:0F:BC:48:FA:59:A7:D8:DE:A5:79:08:F3:50:A1:B9:74:59:DF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wcIPvEj6WafY3qV5CPNQobl0Wd8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/eb/6c78da-bded-41a9-b508-302ce1bc99c0/1/1FW1XbyYUs66xbKImXHkiZU-xAA.roa
Signing time:             Wed 11 Jun 2025 08:29:17 +0000
ROA not before:           Wed 11 Jun 2025 08:29:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     0
IP address blocks:        2a02:668:f000::/36 maxlen: 36
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/eb/6c78da-bded-41a9-b508-302ce1bc99c0/1/wcIPvEj6WafY3qV5CPNQobl0Wd8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/eb/6c78da-bded-41a9-b508-302ce1bc99c0/1/wcIPvEj6WafY3qV5CPNQobl0Wd8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wcIPvEj6WafY3qV5CPNQobl0Wd8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 17 Jun 2025 14:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:5e:1b:9e:5d:3e:09:05:5c:a3:16:1a:bf:88:ba:78:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c1c20fbc48fa59a7d8dea57908f350a1b97459df
        Validity
            Not Before: Jun 11 08:29:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d455b55dbc9852cebac5b2889971e489953ec400
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:00:7d:3e:90:1f:e4:c0:ab:d2:74:27:f8:c2:
                    2c:a3:87:78:2a:f6:77:73:d1:67:51:67:90:7f:44:
                    ee:e8:af:62:e1:1e:15:e0:50:e5:22:60:9d:e6:71:
                    76:e9:5c:55:3f:ef:a2:66:eb:de:be:4a:06:d0:ad:
                    f7:9a:35:e2:d1:73:e6:94:d4:f2:a0:23:1c:b4:f8:
                    0e:29:58:93:29:43:25:6c:9e:fd:43:ee:28:f2:95:
                    87:1a:a6:ed:04:9d:38:e9:87:ea:fa:13:26:84:e4:
                    71:6c:85:93:3f:7d:01:37:4b:c1:97:f6:76:64:8f:
                    27:6a:92:2e:eb:1c:42:f5:da:e5:a3:34:d0:ff:a2:
                    f5:5f:1a:c8:57:be:d9:4d:74:16:0d:11:72:78:45:
                    10:f6:ad:8b:a4:6c:93:8c:fc:68:0b:6a:3f:7e:51:
                    47:4b:1a:81:6a:a8:c7:d9:24:ef:6c:36:cc:46:2f:
                    0a:51:ee:28:f5:34:4d:65:0b:c6:7b:fa:b4:cd:63:
                    15:51:67:a0:76:86:e6:56:1a:f8:d3:e9:b2:57:7c:
                    6e:6e:85:cd:2f:0e:8c:60:fa:0a:41:db:63:14:59:
                    10:75:b2:37:bd:51:ec:ae:59:22:a3:10:0d:18:22:
                    cb:06:c9:e8:3e:fe:a6:02:43:59:1c:d3:5d:4b:ac:
                    91:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:55:B5:5D:BC:98:52:CE:BA:C5:B2:88:99:71:E4:89:95:3E:C4:00
            X509v3 Authority Key Identifier:
                keyid:C1:C2:0F:BC:48:FA:59:A7:D8:DE:A5:79:08:F3:50:A1:B9:74:59:DF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wcIPvEj6WafY3qV5CPNQobl0Wd8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/6c78da-bded-41a9-b508-302ce1bc99c0/1/1FW1XbyYUs66xbKImXHkiZU-xAA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/6c78da-bded-41a9-b508-302ce1bc99c0/1/wcIPvEj6WafY3qV5CPNQobl0Wd8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a02:668:f000::/36

    Signature Algorithm: sha256WithRSAEncryption
         15:09:d6:d0:e8:97:f8:37:ac:1c:eb:09:f1:fc:96:24:63:bd:
         f6:ae:21:ec:e8:6e:54:f1:57:4b:22:73:ad:66:5f:ed:9f:c1:
         da:89:49:ca:6b:13:3d:2e:15:38:8d:77:21:01:4c:28:76:75:
         fe:57:45:31:d0:eb:c9:4b:dc:4e:82:7d:64:e6:6d:90:f4:d8:
         ba:14:04:a9:f6:89:5e:4b:9a:4e:c7:5c:be:ea:23:2a:3f:7f:
         4c:f1:5d:0b:09:8f:56:63:87:4d:0c:13:44:7e:37:27:7e:78:
         0a:d0:9e:45:5b:32:12:24:79:75:11:43:b8:79:55:23:35:b9:
         63:4e:af:67:46:18:a6:fb:d1:69:94:e1:ff:e6:96:f4:98:e5:
         00:a9:88:06:ac:b5:be:da:ab:bf:24:7f:d6:69:cc:d8:cf:c6:
         a5:6d:fc:3a:66:2e:b8:3b:36:9d:08:ae:5a:d2:2e:e5:75:db:
         89:a6:4f:6f:a1:74:43:08:35:aa:f2:4e:80:a9:59:d1:7e:7d:
         3b:2d:cb:36:40:59:0c:b8:3e:77:de:bc:6d:a3:8f:eb:f2:7d:
         49:07:6f:2d:32:ba:02:a5:0f:24:d4:a4:f7:be:6d:92:26:68:
         07:17:96:fe:c1:f2:e0:c3:74:c9:02:89:f9:75:78:ff:3c:25:
         15:6f:c7:09
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZdeG55dPgkFXKMWGr+IuniyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMxYzIwZmJjNDhmYTU5YTdkOGRlYTU3OTA4ZjM1MGExYjk3
NDU5ZGYwHhcNMjUwNjExMDgyOTE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNDU1YjU1ZGJjOTg1MmNlYmFjNWIyODg5OTcxZTQ4OTk1M2VjNDAwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwwB9PpAf5MCr0nQn+MIso4d4KvZ3
c9FnUWeQf0Tu6K9i4R4V4FDlImCd5nF26VxVP++iZuvevkoG0K33mjXi0XPmlNTy
oCMctPgOKViTKUMlbJ79Q+4o8pWHGqbtBJ046Yfq+hMmhORxbIWTP30BN0vBl/Z2
ZI8napIu6xxC9drlozTQ/6L1XxrIV77ZTXQWDRFyeEUQ9q2LpGyTjPxoC2o/flFH
SxqBaqjH2STvbDbMRi8KUe4o9TRNZQvGe/q0zWMVUWegdobmVhr40+myV3xuboXN
Lw6MYPoKQdtjFFkQdbI3vVHsrlkioxANGCLLBsnoPv6mAkNZHNNdS6yRTwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFNRVtV28mFLOusWyiJlx5ImVPsQAMB8GA1UdIwQY
MBaAFMHCD7xI+lmn2N6leQjzUKG5dFnfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd2NJUHZFajZXYWZZM3FWNUNQTlFvYmwwV2Q4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi82Yzc4ZGEtYmRlZC00MWE5LWI1MDgt
MzAyY2UxYmM5OWMwLzEvMUZXMVhieVlVczY2eGJLSW1YSGtpWlUteEFBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi82Yzc4ZGEtYmRlZC00MWE5LWI1MDgtMzAyY2UxYmM5OWMw
LzEvd2NJUHZFajZXYWZZM3FWNUNQTlFvYmwwV2Q4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYEKgIGaPAw
DQYJKoZIhvcNAQELBQADggEBABUJ1tDol/g3rBzrCfH8liRjvfauIezoblTxV0si
c61mX+2fwdqJScprEz0uFTiNdyEBTCh2df5XRTHQ68lL3E6CfWTmbZD02LoUBKn2
iV5Lmk7HXL7qIyo/f0zxXQsJj1Zjh00ME0R+Nyd+eArQnkVbMhIkeXURQ7h5VSM1
uWNOr2dGGKb70WmU4f/mlvSY5QCpiAastb7aq78kf9ZpzNjPxqVt/DpmLrg7Np0I
rlrSLuV124mmT2+hdEMINaryToCpWdF+fTstyzZAWQy4PnfevG2jj+vyfUkHby0y
ugKlDyTUpPe+bZImaAcXlv7B8uDDdMkCifl1eP88JRVvxwk=
-----END CERTIFICATE-----