Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/482101-ac94-4f0b-9309-3e18ee6b4a5a/1/iRr-8TgVPWkMigQLYX1kpHoXN9U.roa
File:                     iRr-8TgVPWkMigQLYX1kpHoXN9U.roa (raw, json)
Hash identifier:          QRzCbqIVDuEWdEOu5CYWZEYslxHeLKQy6zrAu21WkvM=
Subject key identifier:   89:1A:FE:F1:38:15:3D:69:0C:8A:04:0B:61:7D:64:A4:7A:17:37:D5
Certificate issuer:       /CN=92f7d213fa13708e3200184ff1bc391577cc252f
Certificate serial:       018CC5DC8E13F0C9184AF4193322B522B3E8
Authority key identifier: 92:F7:D2:13:FA:13:70:8E:32:00:18:4F:F1:BC:39:15:77:CC:25:2F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kvfSE_oTcI4yABhP8bw5FXfMJS8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/482101-ac94-4f0b-9309-3e18ee6b4a5a/1/iRr-8TgVPWkMigQLYX1kpHoXN9U.roa
Signing time:             Mon 01 Jan 2024 16:30:15 +0000
ROA not before:           Mon 01 Jan 2024 16:30:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     134450
IP address blocks:        2a13:c44::/30 maxlen: 30

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bf/482101-ac94-4f0b-9309-3e18ee6b4a5a/1/kvfSE_oTcI4yABhP8bw5FXfMJS8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bf/482101-ac94-4f0b-9309-3e18ee6b4a5a/1/kvfSE_oTcI4yABhP8bw5FXfMJS8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kvfSE_oTcI4yABhP8bw5FXfMJS8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:8e:13:f0:c9:18:4a:f4:19:33:22:b5:22:b3:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=92f7d213fa13708e3200184ff1bc391577cc252f
        Validity
            Not Before: Jan  1 16:30:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=891afef138153d690c8a040b617d64a47a1737d5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:a8:ac:0b:dc:8b:cd:88:fe:9e:04:e0:a9:33:
                    0d:86:5d:6b:e5:6a:5d:42:32:52:01:57:24:52:5f:
                    60:48:7a:e6:8e:e5:e0:68:25:92:a9:75:77:17:8b:
                    5a:e8:f1:00:34:6d:5f:4e:c3:87:4c:02:2f:50:cb:
                    ba:56:76:7d:da:46:45:f5:06:a0:ee:58:02:34:68:
                    4c:2a:0b:24:1d:9b:c9:8a:31:b0:fd:a6:3e:bd:42:
                    f9:1d:94:8f:e1:77:59:fa:db:59:b9:7d:52:b8:5b:
                    fd:f0:9a:5c:d4:04:5c:dd:ea:06:ad:e6:91:c7:1f:
                    a3:0e:b5:f8:db:76:c3:c9:53:0d:42:11:21:34:ce:
                    f4:63:6f:a6:9e:c2:d7:a7:6a:a5:68:81:0c:a7:4b:
                    33:52:6b:5d:82:4c:52:1b:db:08:5f:09:8a:16:bd:
                    c8:93:1e:14:36:89:c7:a4:8c:f6:f0:d9:a2:8e:f2:
                    3a:c9:0f:15:84:6b:ed:f7:d9:7c:fc:7c:5d:3a:93:
                    09:68:69:c9:62:c2:7e:97:4f:c1:06:08:68:d6:8d:
                    1c:1d:51:17:28:c8:8b:86:ac:d8:30:fc:bb:a4:b0:
                    98:8a:bd:20:fc:47:1c:96:4a:9d:f1:58:a6:49:55:
                    76:b2:e3:0b:af:12:04:ae:d5:f8:81:b3:38:71:e9:
                    a9:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:1A:FE:F1:38:15:3D:69:0C:8A:04:0B:61:7D:64:A4:7A:17:37:D5
            X509v3 Authority Key Identifier:
                keyid:92:F7:D2:13:FA:13:70:8E:32:00:18:4F:F1:BC:39:15:77:CC:25:2F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kvfSE_oTcI4yABhP8bw5FXfMJS8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/482101-ac94-4f0b-9309-3e18ee6b4a5a/1/iRr-8TgVPWkMigQLYX1kpHoXN9U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/482101-ac94-4f0b-9309-3e18ee6b4a5a/1/kvfSE_oTcI4yABhP8bw5FXfMJS8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:c44::/30

    Signature Algorithm: sha256WithRSAEncryption
         4f:fc:22:e7:53:00:89:f6:aa:bc:4e:48:63:0f:eb:2a:ab:a5:
         2c:9d:07:1f:69:20:ef:6f:24:29:d0:b6:e5:ae:de:c1:8c:48:
         5b:30:c8:8c:15:7a:fe:37:e0:e3:57:ec:f3:a2:11:63:02:82:
         37:e4:27:19:05:5e:32:4f:fd:0c:48:74:8f:59:76:36:d3:69:
         24:be:33:a6:f6:f2:1a:2a:2c:55:b3:99:75:7e:9d:e3:2b:24:
         67:a4:84:1b:77:d1:91:84:54:68:72:e0:a8:bd:96:7a:07:bf:
         dc:cd:66:27:29:3b:67:0d:6d:72:08:3b:9e:00:a7:03:3d:f3:
         5a:4a:ce:d5:a2:72:da:c9:59:0f:27:75:dc:34:ad:a8:d0:09:
         82:2c:31:55:09:3e:1c:ab:d7:a0:6d:24:1d:8e:43:b6:3f:d7:
         b2:42:bf:1f:56:a0:5e:92:ce:9f:a0:28:e0:88:60:92:db:75:
         68:54:c3:f4:46:57:09:b7:d2:8a:41:ae:7f:ea:49:d0:39:3c:
         48:00:d5:11:5e:97:ae:92:16:59:15:92:29:66:d8:f6:04:78:
         42:4b:2e:2d:80:78:20:76:e5:e0:3d:67:69:5d:1c:23:4a:61:
         29:bb:dd:42:95:7d:ed:d3:58:c6:1e:b3:d7:b8:01:5f:62:0f:
         1d:72:9d:1d
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzF3I4T8MkYSvQZMyK1IrPoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkyZjdkMjEzZmExMzcwOGUzMjAwMTg0ZmYxYmMzOTE1Nzdj
YzI1MmYwHhcNMjQwMTAxMTYzMDE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OTFhZmVmMTM4MTUzZDY5MGM4YTA0MGI2MTdkNjRhNDdhMTczN2Q1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiqisC9yLzYj+ngTgqTMNhl1r5Wpd
QjJSAVckUl9gSHrmjuXgaCWSqXV3F4ta6PEANG1fTsOHTAIvUMu6VnZ92kZF9Qag
7lgCNGhMKgskHZvJijGw/aY+vUL5HZSP4XdZ+ttZuX1SuFv98Jpc1ARc3eoGreaR
xx+jDrX423bDyVMNQhEhNM70Y2+mnsLXp2qlaIEMp0szUmtdgkxSG9sIXwmKFr3I
kx4UNonHpIz28NmijvI6yQ8VhGvt99l8/HxdOpMJaGnJYsJ+l0/BBgho1o0cHVEX
KMiLhqzYMPy7pLCYir0g/Ecclkqd8VimSVV2suMLrxIErtX4gbM4cempVQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFIka/vE4FT1pDIoEC2F9ZKR6FzfVMB8GA1UdIwQY
MBaAFJL30hP6E3COMgAYT/G8ORV3zCUvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva3ZmU0Vfb1RjSTR5QUJoUDhidzVGWGZNSlM4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi80ODIxMDEtYWM5NC00ZjBiLTkzMDkt
M2UxOGVlNmI0YTVhLzEvaVJyLThUZ1ZQV2tNaWdRTFlYMWtwSG9YTjlVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi80ODIxMDEtYWM5NC00ZjBiLTkzMDktM2UxOGVlNmI0YTVh
LzEva3ZmU0Vfb1RjSTR5QUJoUDhidzVGWGZNSlM4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUCKhMMRDAN
BgkqhkiG9w0BAQsFAAOCAQEAT/wi51MAifaqvE5IYw/rKqulLJ0HH2kg728kKdC2
5a7ewYxIWzDIjBV6/jfg41fs86IRYwKCN+QnGQVeMk/9DEh0j1l2NtNpJL4zpvby
GiosVbOZdX6d4yskZ6SEG3fRkYRUaHLgqL2Wege/3M1mJyk7Zw1tcgg7ngCnAz3z
WkrO1aJy2slZDyd13DStqNAJgiwxVQk+HKvXoG0kHY5Dtj/XskK/H1agXpLOn6Ao
4Ihgktt1aFTD9EZXCbfSikGuf+pJ0Dk8SADVEV6XrpIWWRWSKWbY9gR4QksuLYB4
IHbl4D1naV0cI0phKbvdQpV97dNYxh6z17gBX2IPHXKdHQ==
-----END CERTIFICATE-----