Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/19/09ccb4-2483-4ba7-9634-d6a5950cadf2/1/mYnhwnu7xK6th8xjixqpd0tj3F8.roa
File:                     mYnhwnu7xK6th8xjixqpd0tj3F8.roa (raw, json)
Hash identifier:          sG+spce3EPIId/QZOF+TJDOdXx28q2wnT9Bt9/T0FwE=
Subject key identifier:   99:89:E1:C2:7B:BB:C4:AE:AD:87:CC:63:8B:1A:A9:77:4B:63:DC:5F
Certificate issuer:       /CN=6ca977f854c63dc9f97a18be7b13002121a5d384
Certificate serial:       019427480CD05A7038708576F2862A8DF9B5
Authority key identifier: 6C:A9:77:F8:54:C6:3D:C9:F9:7A:18:BE:7B:13:00:21:21:A5:D3:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bKl3-FTGPcn5ehi-exMAISGl04Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/19/09ccb4-2483-4ba7-9634-d6a5950cadf2/1/mYnhwnu7xK6th8xjixqpd0tj3F8.roa
Signing time:             Thu 02 Jan 2025 13:50:20 +0000
ROA not before:           Thu 02 Jan 2025 13:50:20 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     7721
IP address blocks:        2a13:b487:1200::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/19/09ccb4-2483-4ba7-9634-d6a5950cadf2/1/bKl3-FTGPcn5ehi-exMAISGl04Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/19/09ccb4-2483-4ba7-9634-d6a5950cadf2/1/bKl3-FTGPcn5ehi-exMAISGl04Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bKl3-FTGPcn5ehi-exMAISGl04Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 12 Apr 2025 11:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:48:0c:d0:5a:70:38:70:85:76:f2:86:2a:8d:f9:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ca977f854c63dc9f97a18be7b13002121a5d384
        Validity
            Not Before: Jan  2 13:50:20 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9989e1c27bbbc4aead87cc638b1aa9774b63dc5f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:b7:75:ec:04:0b:11:3a:3f:3e:46:98:9e:67:
                    04:04:4a:65:11:93:55:04:41:c9:f8:9b:94:9e:21:
                    f8:6a:10:2b:d9:09:62:28:50:74:9d:0a:81:bf:9a:
                    65:f2:6d:c1:4e:ff:4b:9d:7b:3e:3f:6c:8c:aa:f3:
                    90:25:28:c6:18:fd:aa:ca:01:d7:6b:49:82:a3:fd:
                    62:b6:43:d7:cf:57:41:d8:12:50:be:b4:a5:f2:56:
                    05:ac:81:2c:fe:33:54:8e:da:79:d8:2f:74:00:54:
                    5d:87:ab:6d:03:cb:6c:30:b4:c1:34:cc:dc:13:68:
                    7e:75:f4:a7:9c:16:d6:a7:f4:7e:6a:0a:8e:9b:84:
                    25:14:d9:ff:f4:10:4d:38:20:f5:23:6c:8a:c4:f3:
                    82:8a:82:32:32:2a:0c:f5:e3:cc:50:f2:5d:bb:db:
                    59:22:01:bd:21:cc:3d:22:30:da:e2:92:cf:9a:5c:
                    21:f1:f2:f1:b5:f7:54:c0:75:2a:50:24:80:ac:a8:
                    97:6c:32:b7:0d:24:cf:02:f6:e7:a3:f0:71:55:01:
                    e9:41:b4:da:15:3e:ad:b9:3f:78:c0:bc:18:c2:d5:
                    0c:5a:7c:af:85:40:f3:b1:9f:91:6b:cf:5e:2a:c5:
                    f5:89:f9:73:0b:07:c6:f1:93:de:94:4c:b9:98:2c:
                    69:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:89:E1:C2:7B:BB:C4:AE:AD:87:CC:63:8B:1A:A9:77:4B:63:DC:5F
            X509v3 Authority Key Identifier:
                keyid:6C:A9:77:F8:54:C6:3D:C9:F9:7A:18:BE:7B:13:00:21:21:A5:D3:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bKl3-FTGPcn5ehi-exMAISGl04Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/19/09ccb4-2483-4ba7-9634-d6a5950cadf2/1/mYnhwnu7xK6th8xjixqpd0tj3F8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/19/09ccb4-2483-4ba7-9634-d6a5950cadf2/1/bKl3-FTGPcn5ehi-exMAISGl04Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:b487:1200::/40

    Signature Algorithm: sha256WithRSAEncryption
         ae:bc:d5:c8:af:1f:e2:29:eb:fe:18:3f:ce:39:44:65:9f:5d:
         f1:dd:cd:a9:51:a5:bf:bc:56:b9:8d:4b:8e:06:cb:f6:c4:4a:
         61:1f:45:30:54:65:a2:53:57:ec:cb:4c:4f:92:a4:ef:7f:56:
         da:21:ec:18:8b:bf:53:99:13:0f:9b:dc:6a:f1:a5:4f:fe:6f:
         17:39:fa:42:76:dc:f7:c9:a7:c1:fc:b8:7e:84:e2:fd:64:5f:
         40:fe:79:38:9c:2e:07:9c:a2:22:2a:ac:a8:7e:73:73:bb:93:
         c4:a8:57:b6:bd:ac:30:2c:5b:e3:3e:db:48:ce:c9:2d:f2:b4:
         87:b1:ee:eb:d0:21:6e:48:6c:47:43:e4:7b:6a:ca:64:2f:a7:
         2a:08:29:c6:fe:4b:8b:8b:50:a6:ec:98:2f:f2:56:98:c2:f9:
         4a:e1:21:2e:98:48:39:af:fe:d2:67:16:30:b0:f3:db:40:61:
         3c:f9:85:50:09:c1:4c:3e:cf:9c:68:6e:7a:8d:b7:2c:21:b8:
         69:bc:bb:9b:45:ec:64:69:04:34:7e:a4:79:11:f8:5a:71:cf:
         d1:29:29:8d:19:a7:10:96:33:24:4d:31:ec:65:86:2f:7d:85:
         83:1a:76:58:62:64:05:f4:ab:4f:34:4c:55:92:21:19:a3:5f:
         d3:c5:e4:2e
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZQnSAzQWnA4cIV28oYqjfm1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjYTk3N2Y4NTRjNjNkYzlmOTdhMThiZTdiMTMwMDIxMjFh
NWQzODQwHhcNMjUwMTAyMTM1MDIwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OTg5ZTFjMjdiYmJjNGFlYWQ4N2NjNjM4YjFhYTk3NzRiNjNkYzVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyrd17AQLETo/PkaYnmcEBEplEZNV
BEHJ+JuUniH4ahAr2QliKFB0nQqBv5pl8m3BTv9LnXs+P2yMqvOQJSjGGP2qygHX
a0mCo/1itkPXz1dB2BJQvrSl8lYFrIEs/jNUjtp52C90AFRdh6ttA8tsMLTBNMzc
E2h+dfSnnBbWp/R+agqOm4QlFNn/9BBNOCD1I2yKxPOCioIyMioM9ePMUPJdu9tZ
IgG9Icw9IjDa4pLPmlwh8fLxtfdUwHUqUCSArKiXbDK3DSTPAvbno/BxVQHpQbTa
FT6tuT94wLwYwtUMWnyvhUDzsZ+Ra89eKsX1iflzCwfG8ZPelEy5mCxpVQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFJmJ4cJ7u8SurYfMY4saqXdLY9xfMB8GA1UdIwQY
MBaAFGypd/hUxj3J+XoYvnsTACEhpdOEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYktsMy1GVEdQY241ZWhpLWV4TUFJU0dsMDRRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOS8wOWNjYjQtMjQ4My00YmE3LTk2MzQt
ZDZhNTk1MGNhZGYyLzEvbVluaHdudTd4SzZ0aDh4aml4cXBkMHRqM0Y4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOS8wOWNjYjQtMjQ4My00YmE3LTk2MzQtZDZhNTk1MGNhZGYy
LzEvYktsMy1GVEdQY241ZWhpLWV4TUFJU0dsMDRRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKhO0hxIw
DQYJKoZIhvcNAQELBQADggEBAK681civH+Ip6/4YP845RGWfXfHdzalRpb+8VrmN
S44Gy/bESmEfRTBUZaJTV+zLTE+SpO9/Vtoh7BiLv1OZEw+b3GrxpU/+bxc5+kJ2
3PfJp8H8uH6E4v1kX0D+eTicLgecoiIqrKh+c3O7k8SoV7a9rDAsW+M+20jOyS3y
tIex7uvQIW5IbEdD5HtqymQvpyoIKcb+S4uLUKbsmC/yVpjC+UrhIS6YSDmv/tJn
FjCw89tAYTz5hVAJwUw+z5xobnqNtywhuGm8u5tF7GRpBDR+pHkR+Fpxz9EpKY0Z
pxCWMyRNMexlhi99hYMadlhiZAX0q080TFWSIRmjX9PF5C4=
-----END CERTIFICATE-----