Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/757b56-7b57-48a0-9a75-a2a4c6a621cd/1/7RGILrXK50wySdiYQI1CdrIig-Q.roa
File:                     7RGILrXK50wySdiYQI1CdrIig-Q.roa (raw, json)
Hash identifier:          t1m+//JMQ0/7ACWd96+mL2h85r2ApmaeDxWCNbIU3Z4=
Subject key identifier:   ED:11:88:2E:B5:CA:E7:4C:32:49:D8:98:40:8D:42:76:B2:22:83:E4
Certificate issuer:       /CN=189d6b55d6a688ee5e3381883bb5af68433276e3
Certificate serial:       0192AE9F28A44550DCF8A32E8C24CE589C4B
Authority key identifier: 18:9D:6B:55:D6:A6:88:EE:5E:33:81:88:3B:B5:AF:68:43:32:76:E3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GJ1rVdamiO5eM4GIO7WvaEMyduM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/11/757b56-7b57-48a0-9a75-a2a4c6a621cd/1/7RGILrXK50wySdiYQI1CdrIig-Q.roa
Signing time:             Mon 21 Oct 2024 10:28:39 +0000
ROA not before:           Mon 21 Oct 2024 10:28:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47272
IP address blocks:        2a0e:7780::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/11/757b56-7b57-48a0-9a75-a2a4c6a621cd/1/GJ1rVdamiO5eM4GIO7WvaEMyduM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/11/757b56-7b57-48a0-9a75-a2a4c6a621cd/1/GJ1rVdamiO5eM4GIO7WvaEMyduM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GJ1rVdamiO5eM4GIO7WvaEMyduM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 02:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:ae:9f:28:a4:45:50:dc:f8:a3:2e:8c:24:ce:58:9c:4b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=189d6b55d6a688ee5e3381883bb5af68433276e3
        Validity
            Not Before: Oct 21 10:28:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ed11882eb5cae74c3249d898408d4276b22283e4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:fe:5d:46:38:de:db:08:93:29:6a:ae:f0:37:
                    df:dc:ea:0c:ef:57:24:34:c2:c4:10:fb:02:17:9a:
                    50:a3:f3:3e:ae:2d:ca:4e:8b:6c:65:92:ab:13:49:
                    ad:85:b7:01:bf:d4:a7:c6:28:30:21:41:e9:6c:d6:
                    5c:de:aa:eb:c3:ee:3c:59:b4:be:e3:12:b0:30:5d:
                    70:91:34:79:05:de:47:e3:23:2b:49:15:f8:5b:eb:
                    f2:fa:01:57:7e:f2:62:ae:60:38:b1:8b:1e:0d:4d:
                    92:22:e2:92:1d:dd:45:98:ab:6f:07:78:fc:e4:95:
                    d8:55:25:c8:17:68:56:e5:f8:11:f1:97:95:a7:5c:
                    42:a5:65:d4:58:68:d4:e8:22:18:32:4b:2b:26:e0:
                    96:9c:b2:1e:56:0f:57:04:38:c2:f2:69:26:e5:af:
                    08:46:8e:b3:23:e6:dc:6b:a2:8d:af:d1:a4:34:b6:
                    af:1f:81:f6:a0:32:08:23:12:a6:39:6f:11:4c:f5:
                    74:6e:80:0a:59:7c:03:57:7c:e5:4f:c1:0a:52:09:
                    91:af:6d:19:8c:94:ff:cd:00:57:b1:e1:b4:87:d3:
                    23:a9:65:51:eb:fe:57:59:a1:91:84:ac:00:ed:73:
                    e7:e5:ab:01:2b:23:d7:dd:f0:68:29:87:35:12:46:
                    70:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                ED:11:88:2E:B5:CA:E7:4C:32:49:D8:98:40:8D:42:76:B2:22:83:E4
            X509v3 Authority Key Identifier:
                keyid:18:9D:6B:55:D6:A6:88:EE:5E:33:81:88:3B:B5:AF:68:43:32:76:E3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GJ1rVdamiO5eM4GIO7WvaEMyduM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/757b56-7b57-48a0-9a75-a2a4c6a621cd/1/7RGILrXK50wySdiYQI1CdrIig-Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/11/757b56-7b57-48a0-9a75-a2a4c6a621cd/1/GJ1rVdamiO5eM4GIO7WvaEMyduM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:7780::/29

    Signature Algorithm: sha256WithRSAEncryption
         82:ca:99:48:a8:98:10:c2:d9:46:c8:c4:ac:c0:3c:b6:eb:d3:
         d6:4b:7d:1b:1e:a9:85:a1:ad:ae:a9:aa:00:30:b7:d7:05:00:
         46:60:c5:eb:c4:63:37:93:f8:04:ac:75:2b:39:e0:e1:e1:4d:
         05:55:57:f3:7a:5c:5b:ba:61:5b:58:52:89:b2:12:10:45:b7:
         70:f3:1f:d3:fb:50:24:c2:ae:ff:9c:0e:52:50:26:84:17:36:
         ad:46:92:ff:67:6b:28:f3:ea:62:6d:dc:96:54:9c:76:79:9b:
         a5:b2:f4:08:ca:ec:29:d2:9a:61:68:ab:57:83:50:09:f0:d8:
         a6:32:95:fe:0d:1c:65:2a:f2:30:fc:80:14:a3:2e:1c:0c:dd:
         ca:80:e7:ed:dc:a5:82:83:54:fd:3f:b4:69:5e:05:b3:72:cb:
         da:a0:49:04:3e:1e:4f:4b:75:ce:58:b4:e2:6f:9a:7e:6f:71:
         fb:43:1c:cc:72:6e:d7:9c:ab:73:02:48:52:d1:32:7d:a0:5f:
         b7:fd:12:80:3e:11:b2:9a:e7:d8:70:14:77:6a:50:0c:8d:73:
         84:0f:46:ff:e3:1e:e7:78:3a:d5:48:03:c6:56:db:c3:e9:0c:
         71:f1:a1:4a:ec:ea:fc:93:a3:68:9d:c8:fc:66:d6:a1:ae:af:
         72:e2:ec:87
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZKunyikRVDc+KMujCTOWJxLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE4OWQ2YjU1ZDZhNjg4ZWU1ZTMzODE4ODNiYjVhZjY4NDMz
Mjc2ZTMwHhcNMjQxMDIxMTAyODM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZDExODgyZWI1Y2FlNzRjMzI0OWQ4OTg0MDhkNDI3NmIyMjI4M2U0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmf5dRjje2wiTKWqu8Dff3OoM71ck
NMLEEPsCF5pQo/M+ri3KTotsZZKrE0mthbcBv9SnxigwIUHpbNZc3qrrw+48WbS+
4xKwMF1wkTR5Bd5H4yMrSRX4W+vy+gFXfvJirmA4sYseDU2SIuKSHd1FmKtvB3j8
5JXYVSXIF2hW5fgR8ZeVp1xCpWXUWGjU6CIYMksrJuCWnLIeVg9XBDjC8mkm5a8I
Ro6zI+bca6KNr9GkNLavH4H2oDIIIxKmOW8RTPV0boAKWXwDV3zlT8EKUgmRr20Z
jJT/zQBXseG0h9MjqWVR6/5XWaGRhKwA7XPn5asBKyPX3fBoKYc1EkZw9QIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFO0RiC61yudMMknYmECNQnayIoPkMB8GA1UdIwQY
MBaAFBida1XWpojuXjOBiDu1r2hDMnbjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR0oxclZkYW1pTzVlTTRHSU83V3ZhRU15ZHVNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS83NTdiNTYtN2I1Ny00OGEwLTlhNzUt
YTJhNGM2YTYyMWNkLzEvN1JHSUxyWEs1MHd5U2RpWVFJMUNkcklpZy1RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS83NTdiNTYtN2I1Ny00OGEwLTlhNzUtYTJhNGM2YTYyMWNk
LzEvR0oxclZkYW1pTzVlTTRHSU83V3ZhRU15ZHVNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKg53gDAN
BgkqhkiG9w0BAQsFAAOCAQEAgsqZSKiYEMLZRsjErMA8tuvT1kt9Gx6phaGtrqmq
ADC31wUARmDF68RjN5P4BKx1Kzng4eFNBVVX83pcW7phW1hSibISEEW3cPMf0/tQ
JMKu/5wOUlAmhBc2rUaS/2drKPPqYm3cllScdnmbpbL0CMrsKdKaYWirV4NQCfDY
pjKV/g0cZSryMPyAFKMuHAzdyoDn7dylgoNU/T+0aV4Fs3LL2qBJBD4eT0t1zli0
4m+afm9x+0MczHJu15yrcwJIUtEyfaBft/0SgD4Rsprn2HAUd2pQDI1zhA9G/+Me
53g61UgDxlbbw+kMcfGhSuzq/JOjaJ3I/GbWoa6vcuLshw==
-----END CERTIFICATE-----