Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/dd6e1d-abc9-473b-a91a-d8721375644a/1/r7rVHuE3UaJGbJverYYh-IUwl6c.roa
File:                     r7rVHuE3UaJGbJverYYh-IUwl6c.roa (raw, json)
Hash identifier:          ospIKQ5B13jvlFHaTlWrQirRBG4t/tBRNOktp/TQrZk=
Subject key identifier:   AF:BA:D5:1E:E1:37:51:A2:46:6C:9B:DE:AD:86:21:F8:85:30:97:A7
Certificate issuer:       /CN=5e0ff8aaf7453114147028d54ae1c693a8a147bc
Certificate serial:       01931853BD82BC9D14F48CC93F4D6A746ABF
Authority key identifier: 5E:0F:F8:AA:F7:45:31:14:14:70:28:D5:4A:E1:C6:93:A8:A1:47:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Xg_4qvdFMRQUcCjVSuHGk6ihR7w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/dd6e1d-abc9-473b-a91a-d8721375644a/1/r7rVHuE3UaJGbJverYYh-IUwl6c.roa
Signing time:             Sun 10 Nov 2024 23:06:01 +0000
ROA not before:           Sun 10 Nov 2024 23:06:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213887
IP address blocks:        2a0b:4141::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/dd6e1d-abc9-473b-a91a-d8721375644a/1/Xg_4qvdFMRQUcCjVSuHGk6ihR7w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/dd6e1d-abc9-473b-a91a-d8721375644a/1/Xg_4qvdFMRQUcCjVSuHGk6ihR7w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Xg_4qvdFMRQUcCjVSuHGk6ihR7w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:18:53:bd:82:bc:9d:14:f4:8c:c9:3f:4d:6a:74:6a:bf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5e0ff8aaf7453114147028d54ae1c693a8a147bc
        Validity
            Not Before: Nov 10 23:06:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=afbad51ee13751a2466c9bdead8621f8853097a7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:bd:dd:f5:b3:30:92:4f:30:e9:69:d3:33:ef:
                    fd:ee:93:1d:6f:e3:c6:f9:c6:c0:cb:32:cc:52:c3:
                    aa:bb:85:35:eb:86:46:40:47:1b:2c:de:fb:c4:b3:
                    9f:84:b2:bf:75:c7:f0:fa:1c:d6:7a:69:18:31:00:
                    e9:9b:bc:88:50:15:27:48:46:bd:56:f2:6a:73:05:
                    6e:a7:72:f4:77:ec:1c:73:fb:aa:f4:77:41:80:30:
                    8e:49:1b:6e:02:91:6f:42:d6:2d:45:2e:0d:3c:72:
                    d8:a2:46:db:8f:3a:7d:19:cc:ca:a1:d0:13:aa:bd:
                    9d:58:bf:51:42:1a:10:bb:61:83:e3:4f:1a:15:b5:
                    67:3b:45:b7:3d:44:9c:ba:f9:35:bd:26:68:f5:71:
                    d4:86:66:05:06:75:03:ac:a2:19:dc:99:91:f2:28:
                    2b:ee:db:a2:8f:04:ce:6d:19:15:27:bb:52:00:2c:
                    e7:ed:50:ae:14:be:a9:6e:47:92:42:e5:3e:9d:cb:
                    50:c9:6b:b9:23:3b:3d:c9:eb:6c:93:60:d9:4f:36:
                    dd:26:f1:56:df:7d:9b:96:45:d7:fc:d1:46:3c:1b:
                    4a:0d:05:17:8d:48:85:e8:9f:6f:8e:cd:2f:df:a0:
                    07:d0:09:44:79:b5:e3:80:68:5a:7d:ff:e4:57:a6:
                    5f:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:BA:D5:1E:E1:37:51:A2:46:6C:9B:DE:AD:86:21:F8:85:30:97:A7
            X509v3 Authority Key Identifier:
                keyid:5E:0F:F8:AA:F7:45:31:14:14:70:28:D5:4A:E1:C6:93:A8:A1:47:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Xg_4qvdFMRQUcCjVSuHGk6ihR7w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/dd6e1d-abc9-473b-a91a-d8721375644a/1/r7rVHuE3UaJGbJverYYh-IUwl6c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/dd6e1d-abc9-473b-a91a-d8721375644a/1/Xg_4qvdFMRQUcCjVSuHGk6ihR7w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:4141::/32

    Signature Algorithm: sha256WithRSAEncryption
         76:3a:0a:51:c0:76:b3:4b:a3:9c:6b:28:a3:3e:62:b5:95:27:
         84:2a:86:4d:e5:45:60:54:74:67:01:77:15:ec:09:a8:86:c7:
         b1:a6:d9:38:44:92:a8:26:1e:fc:fa:49:d8:6a:a8:f2:5b:6e:
         59:90:08:63:ca:a4:22:bf:8e:03:73:41:17:14:04:9f:c6:42:
         ca:cd:8d:2f:eb:28:f9:ce:7c:92:c6:88:f3:59:7d:30:a6:e0:
         18:11:ff:14:b1:d2:38:7e:9f:3a:00:37:26:70:0d:1c:3c:77:
         34:b9:72:7c:31:81:0c:85:98:b4:ad:3f:f5:8e:db:e1:bb:14:
         10:3b:8e:6e:cd:0d:3c:0c:ef:eb:ee:13:f3:0b:cc:2f:36:65:
         26:6b:5a:46:01:5d:1e:c8:19:49:e9:55:91:f3:c4:66:5c:34:
         66:a9:5b:53:48:67:ef:a0:b3:82:b4:54:0e:0a:5f:1f:0b:83:
         3a:49:e9:44:80:e5:b4:9a:e0:91:15:c3:3f:10:02:33:c1:ab:
         52:14:1d:c1:5e:16:51:dc:3f:1d:8e:d9:90:e3:2b:d1:50:60:
         92:8e:44:37:50:57:d5:16:a4:ec:44:ed:8f:3e:3b:02:7a:ee:
         e8:9b:85:e4:3a:25:89:89:99:51:48:15:d5:78:28:a4:53:59:
         01:e7:79:8a
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZMYU72CvJ0U9IzJP01qdGq/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVlMGZmOGFhZjc0NTMxMTQxNDcwMjhkNTRhZTFjNjkzYThh
MTQ3YmMwHhcNMjQxMTEwMjMwNjAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZmJhZDUxZWUxMzc1MWEyNDY2YzliZGVhZDg2MjFmODg1MzA5N2E3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b3d9bMwkk8w6WnTM+/97pMdb+PG
+cbAyzLMUsOqu4U164ZGQEcbLN77xLOfhLK/dcfw+hzWemkYMQDpm7yIUBUnSEa9
VvJqcwVup3L0d+wcc/uq9HdBgDCOSRtuApFvQtYtRS4NPHLYokbbjzp9GczKodAT
qr2dWL9RQhoQu2GD408aFbVnO0W3PUScuvk1vSZo9XHUhmYFBnUDrKIZ3JmR8igr
7tuijwTObRkVJ7tSACzn7VCuFL6pbkeSQuU+nctQyWu5Izs9yetsk2DZTzbdJvFW
332blkXX/NFGPBtKDQUXjUiF6J9vjs0v36AH0AlEebXjgGhaff/kV6Zf1QIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFK+61R7hN1GiRmyb3q2GIfiFMJenMB8GA1UdIwQY
MBaAFF4P+Kr3RTEUFHAo1UrhxpOooUe8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWGdfNHF2ZEZNUlFVY0NqVlN1SEdrNmloUjd3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS9kZDZlMWQtYWJjOS00NzNiLWE5MWEt
ZDg3MjEzNzU2NDRhLzEvcjdyVkh1RTNVYUpHYkp2ZXJZWWgtSVV3bDZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS9kZDZlMWQtYWJjOS00NzNiLWE5MWEtZDg3MjEzNzU2NDRh
LzEvWGdfNHF2ZEZNUlFVY0NqVlN1SEdrNmloUjd3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgtBQTAN
BgkqhkiG9w0BAQsFAAOCAQEAdjoKUcB2s0ujnGsooz5itZUnhCqGTeVFYFR0ZwF3
FewJqIbHsabZOESSqCYe/PpJ2Gqo8ltuWZAIY8qkIr+OA3NBFxQEn8ZCys2NL+so
+c58ksaI81l9MKbgGBH/FLHSOH6fOgA3JnANHDx3NLlyfDGBDIWYtK0/9Y7b4bsU
EDuObs0NPAzv6+4T8wvMLzZlJmtaRgFdHsgZSelVkfPEZlw0ZqlbU0hn76CzgrRU
DgpfHwuDOknpRIDltJrgkRXDPxACM8GrUhQdwV4WUdw/HY7ZkOMr0VBgko5EN1BX
1Rak7ETtjz47Anru6JuF5DoliYmZUUgV1XgopFNZAed5ig==
-----END CERTIFICATE-----