Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/97dOxJs8CQ2BjHMYna2KnLiPrKY.roa
File:                     97dOxJs8CQ2BjHMYna2KnLiPrKY.roa (raw, json)
Hash identifier:          /zel1HM355qpaySlctImhTlc0YWNiHvphWaNS11U9Vc=
Subject key identifier:   F7:B7:4E:C4:9B:3C:09:0D:81:8C:73:18:9D:AD:8A:9C:B8:8F:AC:A6
Certificate issuer:       /CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Certificate serial:       018DDA3B2F45A251E71A456F0BBEE62C0B83
Authority key identifier: 7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/97dOxJs8CQ2BjHMYna2KnLiPrKY.roa
Signing time:             Sat 24 Feb 2024 08:28:48 +0000
ROA not before:           Sat 24 Feb 2024 08:28:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     63023
IP address blocks:        2a13:1480::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 08 May 2024 14:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:da:3b:2f:45:a2:51:e7:1a:45:6f:0b:be:e6:2c:0b:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
        Validity
            Not Before: Feb 24 08:28:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f7b74ec49b3c090d818c73189dad8a9cb88faca6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:a0:54:12:3a:01:fd:92:5d:73:9b:82:c0:79:
                    74:b1:51:7e:53:d7:4a:37:a9:f6:c2:18:53:78:2a:
                    70:f1:7e:5a:ba:16:35:78:18:87:3c:94:f4:fc:85:
                    96:5c:b2:ff:e4:c7:3b:56:ea:af:04:16:16:74:4f:
                    9e:fc:18:8f:df:35:d9:ba:28:4c:dc:54:92:85:a9:
                    9f:9d:12:db:56:6e:fa:47:cd:82:87:e4:49:53:10:
                    ac:0f:b3:d6:36:c4:9f:bc:35:d0:d5:d5:3f:46:a5:
                    23:15:01:b5:80:a3:21:b4:9f:89:42:8b:f3:7b:67:
                    87:79:11:15:24:c5:16:f0:7f:82:d8:5b:6d:29:c8:
                    e2:7b:62:6c:d2:5e:79:aa:80:d5:c3:47:f6:49:d5:
                    71:73:0a:45:19:4f:71:d9:98:e6:41:bd:50:e9:88:
                    99:ca:46:9e:9f:42:aa:71:73:34:b6:7c:25:86:c1:
                    cb:70:12:46:c0:0a:9d:85:a9:a9:35:e8:32:b4:7e:
                    b9:a6:ad:06:92:78:2b:fa:f2:e6:6a:ef:3f:13:71:
                    7c:d1:eb:35:8d:d1:6e:1d:62:37:79:17:d1:1d:c0:
                    a4:dc:58:f3:bf:ff:da:5d:8f:9d:26:f6:ed:bb:2a:
                    f5:d2:ea:95:31:ab:d3:89:25:5d:b6:cf:37:36:c2:
                    3e:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:B7:4E:C4:9B:3C:09:0D:81:8C:73:18:9D:AD:8A:9C:B8:8F:AC:A6
            X509v3 Authority Key Identifier:
                keyid:7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/97dOxJs8CQ2BjHMYna2KnLiPrKY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:1480::/29

    Signature Algorithm: sha256WithRSAEncryption
         8c:e7:30:48:5e:b5:5e:6f:81:2c:6e:3e:4b:7b:9b:0b:db:74:
         4a:19:06:49:53:51:1f:b0:14:63:5c:14:c1:9c:50:9b:94:e1:
         a2:22:a3:44:1f:a6:55:39:fc:13:b1:51:18:2c:0d:a7:8b:a8:
         68:5d:07:68:87:9f:31:97:c7:de:12:33:7f:a7:92:a3:81:2d:
         60:56:f8:8f:10:a5:35:f0:aa:62:a1:b0:d1:29:f4:cc:0e:9e:
         0b:54:1d:01:98:31:88:24:aa:de:08:f4:cf:90:73:61:bf:ee:
         ab:75:7e:73:1a:c7:3c:4a:80:0d:38:ce:47:57:20:ae:b6:54:
         fd:a0:db:69:7c:cf:87:35:7c:1b:7c:74:96:bb:35:43:e7:df:
         cf:83:8d:83:70:01:8c:c8:3f:ee:28:13:e0:75:86:b0:09:90:
         cb:a6:56:9c:0c:02:3d:58:9e:5b:5d:72:28:a5:9c:28:7b:44:
         6d:df:72:57:da:05:9c:7d:12:f0:5c:42:53:43:50:dd:c6:12:
         78:14:9d:2c:e2:03:8d:dd:e4:0c:6a:17:35:29:2c:d7:64:aa:
         f8:01:58:9a:b5:b4:90:9a:f6:cd:45:b8:e1:d1:2a:e8:16:bf:
         94:11:2a:7a:98:f7:97:3f:52:2b:6e:a5:9b:a0:5f:b6:79:d5:
         af:cc:69:41
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAY3aOy9FolHnGkVvC77mLAuDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTU5YWFmYmZjMDkzMTI0MmUxZDYzNzI5OGNmMWRkMjIz
ZTRjMjYwHhcNMjQwMjI0MDgyODQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmN2I3NGVjNDliM2MwOTBkODE4YzczMTg5ZGFkOGE5Y2I4OGZhY2E2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlqBUEjoB/ZJdc5uCwHl0sVF+U9dK
N6n2whhTeCpw8X5auhY1eBiHPJT0/IWWXLL/5Mc7VuqvBBYWdE+e/BiP3zXZuihM
3FSShamfnRLbVm76R82Ch+RJUxCsD7PWNsSfvDXQ1dU/RqUjFQG1gKMhtJ+JQovz
e2eHeREVJMUW8H+C2FttKcjie2Js0l55qoDVw0f2SdVxcwpFGU9x2ZjmQb1Q6YiZ
ykaen0KqcXM0tnwlhsHLcBJGwAqdhampNegytH65pq0Gkngr+vLmau8/E3F80es1
jdFuHWI3eRfRHcCk3Fjzv//aXY+dJvbtuyr10uqVMavTiSVdts83NsI+8wIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPe3TsSbPAkNgYxzGJ2tipy4j6ymMB8GA1UdIwQY
MBaAFH1Vmq+/wJMSQuHWNymM8d0iPkwmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTkt
OGM1MDA3YzJhNGI2LzEvOTdkT3hKczhDUTJCakhNWW5hMktuTGlQcktZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTktOGM1MDA3YzJhNGI2
LzEvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhMUgDAN
BgkqhkiG9w0BAQsFAAOCAQEAjOcwSF61Xm+BLG4+S3ubC9t0ShkGSVNRH7AUY1wU
wZxQm5ThoiKjRB+mVTn8E7FRGCwNp4uoaF0HaIefMZfH3hIzf6eSo4EtYFb4jxCl
NfCqYqGw0Sn0zA6eC1QdAZgxiCSq3gj0z5BzYb/uq3V+cxrHPEqADTjOR1cgrrZU
/aDbaXzPhzV8G3x0lrs1Q+ffz4ONg3ABjMg/7igT4HWGsAmQy6ZWnAwCPVieW11y
KKWcKHtEbd9yV9oFnH0S8FxCU0NQ3cYSeBSdLOIDjd3kDGoXNSks12Sq+AFYmrW0
kJr2zUW44dEq6Ba/lBEqepj3lz9SK26lm6BftnnVr8xpQQ==
-----END CERTIFICATE-----