Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/YDFeVGcfCRWwkla5yvVihURp96w.roa
File:                     YDFeVGcfCRWwkla5yvVihURp96w.roa (raw, json)
Hash identifier:          KXYzCuBnwDyE4MCQIyptZv94ewf8cBJZDBMejoQRhWY=
Subject key identifier:   60:31:5E:54:67:1F:09:15:B0:92:56:B9:CA:F5:62:85:44:69:F7:AC
Certificate issuer:       /CN=0b4e3b3b84242258863142ed3a19792d97cbbc74
Certificate serial:       0194B131500B5A586681BBD9D900D333BBC1
Authority key identifier: 0B:4E:3B:3B:84:24:22:58:86:31:42:ED:3A:19:79:2D:97:CB:BC:74
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/C047O4QkIliGMULtOhl5LZfLvHQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/YDFeVGcfCRWwkla5yvVihURp96w.roa
Signing time:             Wed 29 Jan 2025 08:33:06 +0000
ROA not before:           Wed 29 Jan 2025 08:33:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213520
IP address blocks:        2a0d:d940:11::/48 maxlen: 48
                          2a0d:d940:100::/40 maxlen: 40
                          2a0d:d940:9002::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/C047O4QkIliGMULtOhl5LZfLvHQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/C047O4QkIliGMULtOhl5LZfLvHQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/C047O4QkIliGMULtOhl5LZfLvHQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 22 Feb 2025 20:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:b1:31:50:0b:5a:58:66:81:bb:d9:d9:00:d3:33:bb:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0b4e3b3b84242258863142ed3a19792d97cbbc74
        Validity
            Not Before: Jan 29 08:33:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=60315e54671f0915b09256b9caf562854469f7ac
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:2a:b9:98:ce:61:4b:73:0b:8f:6f:a5:18:b5:
                    d1:7d:ec:cf:79:44:1b:64:c4:7f:a4:9a:a8:bf:5e:
                    3f:48:b7:b3:50:44:01:cd:f7:f8:28:16:8a:2b:bc:
                    91:81:80:7d:50:3e:d4:61:f1:f9:a0:be:98:21:5b:
                    9c:d0:b1:67:c9:2f:dd:1e:5a:56:cd:6f:b9:42:36:
                    f5:34:79:2d:9a:35:7a:f4:5f:93:e7:b1:11:27:b9:
                    9a:14:44:bb:6f:26:35:88:96:cb:e6:c8:69:7d:13:
                    aa:89:25:a1:d2:2b:02:e3:87:bd:a2:0c:56:54:65:
                    22:70:18:45:f4:33:6b:ba:c3:20:1e:2f:d6:04:bf:
                    b9:f3:0a:93:62:27:a4:9d:0f:24:10:96:27:26:46:
                    d3:a5:4a:3a:d0:ec:9b:e7:f6:7b:2d:5e:19:d2:ba:
                    6e:4f:fc:7c:c8:84:77:77:42:8e:b5:b8:e6:2b:37:
                    20:82:81:c1:34:f4:02:33:a3:4a:40:e6:44:fb:48:
                    7f:07:a0:50:45:0b:76:c3:aa:35:54:e1:20:84:86:
                    4c:2e:3d:e4:f5:4e:3f:4f:a6:11:6b:a0:d7:e4:50:
                    c9:0a:d0:ce:0d:bc:83:23:e2:af:ae:62:e8:06:ee:
                    92:3a:b3:c7:d9:7d:53:0a:92:09:10:71:20:0a:cf:
                    89:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:31:5E:54:67:1F:09:15:B0:92:56:B9:CA:F5:62:85:44:69:F7:AC
            X509v3 Authority Key Identifier:
                keyid:0B:4E:3B:3B:84:24:22:58:86:31:42:ED:3A:19:79:2D:97:CB:BC:74

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/C047O4QkIliGMULtOhl5LZfLvHQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/YDFeVGcfCRWwkla5yvVihURp96w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/C047O4QkIliGMULtOhl5LZfLvHQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0d:d940:11::/48
                  2a0d:d940:100::/40
                  2a0d:d940:9002::/48

    Signature Algorithm: sha256WithRSAEncryption
         6b:78:85:4c:66:0b:e3:65:10:7d:ff:e3:f8:9e:da:06:89:dc:
         77:3a:e4:91:23:8c:b7:2f:ef:4b:84:2b:e6:78:32:aa:58:58:
         9c:98:51:8a:27:01:a7:76:30:20:b0:e5:97:35:00:f7:79:9d:
         31:a4:3a:25:11:a4:a4:d2:8e:2d:63:26:09:46:87:e7:90:57:
         27:c8:03:41:37:6a:9b:4b:92:ad:f4:bb:b7:61:44:f8:3c:a6:
         47:2c:95:f5:95:1e:96:d9:00:b1:dd:27:4b:1d:33:f7:8d:0c:
         9d:e2:79:30:f2:fc:77:bb:f9:89:c9:e0:12:3b:46:86:cb:53:
         34:4f:55:de:e9:04:4f:2e:3e:74:2a:b1:71:42:33:9e:2d:32:
         3d:b4:60:30:68:7f:72:3b:91:99:82:df:d6:32:05:60:69:70:
         4b:ce:0b:79:c7:b0:76:4b:12:d8:d7:fc:7f:88:a0:26:a4:0e:
         f2:b8:34:8c:fc:74:26:d3:8a:d5:6f:68:4f:d2:a7:05:41:17:
         e4:ac:65:cb:b3:fe:e8:86:4b:0a:ae:11:60:3c:5c:3a:3f:2e:
         ad:c8:50:da:47:d0:6f:88:d5:2f:1a:62:0a:71:4a:90:73:d8:
         28:54:71:cd:15:1c:68:1e:58:89:7c:e2:19:5e:4d:de:be:0d:
         be:eb:54:e3
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgISAZSxMVALWlhmgbvZ2QDTM7vBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBiNGUzYjNiODQyNDIyNTg4NjMxNDJlZDNhMTk3OTJkOTdj
YmJjNzQwHhcNMjUwMTI5MDgzMzA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MDMxNWU1NDY3MWYwOTE1YjA5MjU2YjljYWY1NjI4NTQ0NjlmN2FjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtiq5mM5hS3MLj2+lGLXRfezPeUQb
ZMR/pJqov14/SLezUEQBzff4KBaKK7yRgYB9UD7UYfH5oL6YIVuc0LFnyS/dHlpW
zW+5Qjb1NHktmjV69F+T57ERJ7maFES7byY1iJbL5shpfROqiSWh0isC44e9ogxW
VGUicBhF9DNrusMgHi/WBL+58wqTYieknQ8kEJYnJkbTpUo60Oyb5/Z7LV4Z0rpu
T/x8yIR3d0KOtbjmKzcggoHBNPQCM6NKQOZE+0h/B6BQRQt2w6o1VOEghIZMLj3k
9U4/T6YRa6DX5FDJCtDODbyDI+KvrmLoBu6SOrPH2X1TCpIJEHEgCs+J3QIDAQAB
o4ICHTCCAhkwHQYDVR0OBBYEFGAxXlRnHwkVsJJWucr1YoVEafesMB8GA1UdIwQY
MBaAFAtOOzuEJCJYhjFC7ToZeS2Xy7x0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQzA0N080UWtJbGlHTVVMdE9obDVMWmZMdkhRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS83YmExYjEtNTU2Mi00YTMyLTlmNWQt
MTRkMjM4NTI3ODM1LzEvWURGZVZHY2ZDUld3a2xhNXl2VmloVVJwOTZ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS83YmExYjEtNTU2Mi00YTMyLTlmNWQtMTRkMjM4NTI3ODM1
LzEvQzA0N080UWtJbGlHTVVMdE9obDVMWmZMdkhRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDMGCCsGAQUFBwEHAQH/BCQwIjAgBAIAAjAaAwcAKg3ZQAAR
AwYAKg3ZQAEDBwAqDdlAkAIwDQYJKoZIhvcNAQELBQADggEBAGt4hUxmC+NlEH3/
4/ie2gaJ3Hc65JEjjLcv70uEK+Z4MqpYWJyYUYonAad2MCCw5Zc1APd5nTGkOiUR
pKTSji1jJglGh+eQVyfIA0E3aptLkq30u7dhRPg8pkcslfWVHpbZALHdJ0sdM/eN
DJ3ieTDy/He7+YnJ4BI7RobLUzRPVd7pBE8uPnQqsXFCM54tMj20YDBof3I7kZmC
39YyBWBpcEvOC3nHsHZLEtjX/H+IoCakDvK4NIz8dCbTitVvaE/SpwVBF+SsZcuz
/uiGSwquEWA8XDo/Lq3IUNpH0G+I1S8aYgpxSpBz2ChUcc0VHGgeWIl84hleTd6+
Db7rVOM=
-----END CERTIFICATE-----