Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/08/9514ed-276e-4aba-897e-a4410e10b6f5/1/krl0Jsk9HNKc5F6_HL3kifkmfzc.roa
File:                     krl0Jsk9HNKc5F6_HL3kifkmfzc.roa (raw, json)
Hash identifier:          n/2n8jQslZYUzDM2c1IG4Vfrpp7KiJ9q2Z28mgmfZhs=
Subject key identifier:   92:B9:74:26:C9:3D:1C:D2:9C:E4:5E:BF:1C:BD:E4:89:F9:26:7F:37
Certificate issuer:       /CN=f75d8b52815f3f2613e948992ec9fe660f6949b4
Certificate serial:       0195247687EB086741D867C2E509768CB3CB
Authority key identifier: F7:5D:8B:52:81:5F:3F:26:13:E9:48:99:2E:C9:FE:66:0F:69:49:B4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/912LUoFfPyYT6UiZLsn-Zg9pSbQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/08/9514ed-276e-4aba-897e-a4410e10b6f5/1/krl0Jsk9HNKc5F6_HL3kifkmfzc.roa
Signing time:             Thu 20 Feb 2025 17:45:02 +0000
ROA not before:           Thu 20 Feb 2025 17:45:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42375
IP address blocks:        2a0e:dfc1::/32 maxlen: 32
                          2a12:24c0::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/08/9514ed-276e-4aba-897e-a4410e10b6f5/1/912LUoFfPyYT6UiZLsn-Zg9pSbQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/08/9514ed-276e-4aba-897e-a4410e10b6f5/1/912LUoFfPyYT6UiZLsn-Zg9pSbQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/912LUoFfPyYT6UiZLsn-Zg9pSbQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 23:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:24:76:87:eb:08:67:41:d8:67:c2:e5:09:76:8c:b3:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f75d8b52815f3f2613e948992ec9fe660f6949b4
        Validity
            Not Before: Feb 20 17:45:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=92b97426c93d1cd29ce45ebf1cbde489f9267f37
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:53:76:51:6b:f6:d5:2c:fb:a5:85:c9:d5:6a:
                    e7:49:cf:59:52:cc:41:c2:61:9c:f1:30:34:53:c1:
                    80:18:90:d6:b0:c6:d3:9e:d0:72:8e:74:99:66:ff:
                    b4:1d:a8:2d:b9:a7:67:c3:4f:17:e2:d1:31:fe:a2:
                    5a:2e:02:e6:a7:f7:0c:6a:e7:2e:e6:91:00:a6:fd:
                    da:1a:b1:b7:62:7c:84:44:8c:69:70:eb:ff:91:3c:
                    42:e8:a7:6b:26:29:22:10:61:aa:f9:f2:8c:fc:f7:
                    c7:e5:78:be:6c:7e:55:11:e0:d5:c3:05:ee:13:bd:
                    52:9e:78:90:83:73:95:d2:84:65:35:59:03:f0:f3:
                    90:6c:86:b3:2d:65:39:e4:73:1a:01:39:69:46:e2:
                    86:65:81:b6:47:45:6d:66:9e:e2:f2:75:5b:c6:48:
                    73:94:d9:b1:83:7a:44:c1:b5:c2:43:45:1a:c2:20:
                    48:94:f7:e9:c1:ae:f5:a3:6b:e6:1b:38:b5:89:78:
                    28:a3:7f:c0:46:41:23:5a:8f:99:53:27:4e:c3:82:
                    a9:a1:90:d9:be:0c:03:b7:ed:bf:bf:49:67:19:20:
                    39:86:39:29:05:7d:c8:c4:00:5a:b7:a2:f1:07:03:
                    d7:7a:64:b2:c7:06:01:69:65:39:db:c3:50:43:e0:
                    8a:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:B9:74:26:C9:3D:1C:D2:9C:E4:5E:BF:1C:BD:E4:89:F9:26:7F:37
            X509v3 Authority Key Identifier:
                keyid:F7:5D:8B:52:81:5F:3F:26:13:E9:48:99:2E:C9:FE:66:0F:69:49:B4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/912LUoFfPyYT6UiZLsn-Zg9pSbQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/08/9514ed-276e-4aba-897e-a4410e10b6f5/1/krl0Jsk9HNKc5F6_HL3kifkmfzc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/08/9514ed-276e-4aba-897e-a4410e10b6f5/1/912LUoFfPyYT6UiZLsn-Zg9pSbQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:dfc1::/32
                  2a12:24c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         69:e2:56:26:ad:af:eb:36:19:4d:8e:2a:c0:12:65:e9:7e:09:
         d3:c6:32:5e:ae:ab:ba:bb:76:4e:80:f0:9e:66:14:67:83:0c:
         4a:9d:7c:6a:21:81:16:bf:d3:d2:ba:53:45:f4:da:f4:47:16:
         74:2c:e4:ee:55:af:09:03:ab:de:fa:bb:0e:b7:97:fd:4f:96:
         f9:0d:2f:cb:42:1c:99:56:f1:7d:a6:d3:80:5d:25:6f:57:b7:
         8f:2b:89:da:25:b5:52:1f:58:4f:5d:c9:db:60:0d:b2:47:ec:
         af:65:2c:19:85:51:8b:66:ec:c7:9f:84:b4:d5:ba:bf:56:ca:
         d6:8f:82:24:f7:e4:b5:9d:dd:0d:8e:d7:35:f8:31:97:3e:bf:
         be:85:8c:ca:f4:11:24:69:dc:a3:53:9d:82:26:b7:0f:46:1b:
         8a:09:f1:91:29:c6:92:da:64:3c:b0:73:92:e4:5a:8f:d2:d0:
         18:61:09:a4:a1:62:1c:55:35:a1:45:c7:12:77:b1:74:ee:82:
         8a:45:0d:ec:36:55:fd:dd:20:85:5e:63:76:5a:98:5d:49:6a:
         50:3e:2d:2b:3a:db:cb:7b:66:29:42:d1:cf:8d:29:b1:71:66:
         0a:28:bf:9c:76:89:43:24:bc:79:8d:1f:ba:20:b5:3f:d6:98:
         83:b1:73:18
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZUkdofrCGdB2GfC5Ql2jLPLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY3NWQ4YjUyODE1ZjNmMjYxM2U5NDg5OTJlYzlmZTY2MGY2
OTQ5YjQwHhcNMjUwMjIwMTc0NTAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MmI5NzQyNmM5M2QxY2QyOWNlNDVlYmYxY2JkZTQ4OWY5MjY3ZjM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA01N2UWv21Sz7pYXJ1WrnSc9ZUsxB
wmGc8TA0U8GAGJDWsMbTntByjnSZZv+0Hagtuadnw08X4tEx/qJaLgLmp/cMaucu
5pEApv3aGrG3YnyERIxpcOv/kTxC6KdrJikiEGGq+fKM/PfH5Xi+bH5VEeDVwwXu
E71SnniQg3OV0oRlNVkD8POQbIazLWU55HMaATlpRuKGZYG2R0VtZp7i8nVbxkhz
lNmxg3pEwbXCQ0UawiBIlPfpwa71o2vmGzi1iXgoo3/ARkEjWo+ZUydOw4KpoZDZ
vgwDt+2/v0lnGSA5hjkpBX3IxABat6LxBwPXemSyxwYBaWU528NQQ+CKhwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFJK5dCbJPRzSnORevxy95In5Jn83MB8GA1UdIwQY
MBaAFPddi1KBXz8mE+lImS7J/mYPaUm0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOTEyTFVvRmZQeVlUNlVpWkxzbi1aZzlwU2JRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOC85NTE0ZWQtMjc2ZS00YWJhLTg5N2Ut
YTQ0MTBlMTBiNmY1LzEva3JsMEpzazlITktjNUY2X0hMM2tpZmttZnpjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOC85NTE0ZWQtMjc2ZS00YWJhLTg5N2UtYTQ0MTBlMTBiNmY1
LzEvOTEyTFVvRmZQeVlUNlVpWkxzbi1aZzlwU2JRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAAjAOAwUAKg7fwQMF
AyoSJMAwDQYJKoZIhvcNAQELBQADggEBAGniViatr+s2GU2OKsASZel+CdPGMl6u
q7q7dk6A8J5mFGeDDEqdfGohgRa/09K6U0X02vRHFnQs5O5VrwkDq976uw63l/1P
lvkNL8tCHJlW8X2m04BdJW9Xt48ridoltVIfWE9dydtgDbJH7K9lLBmFUYtm7Mef
hLTVur9WytaPgiT35LWd3Q2O1zX4MZc+v76FjMr0ESRp3KNTnYImtw9GG4oJ8ZEp
xpLaZDywc5LkWo/S0BhhCaShYhxVNaFFxxJ3sXTugopFDew2Vf3dIIVeY3ZamF1J
alA+LSs628t7ZilC0c+NKbFxZgoov5x2iUMkvHmNH7ogtT/WmIOxcxg=
-----END CERTIFICATE-----