Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/dd394b-6bc4-4e47-b012-518f2c8f846b/1/rPYkUV6nfwhdUj6XmbMfGadCT6Y.roa
File:                     rPYkUV6nfwhdUj6XmbMfGadCT6Y.roa (raw, json)
Hash identifier:          mW+rUvDdHU6O/uOZQtDwBuoi8RTTJaTru/4xyReD69g=
Subject key identifier:   AC:F6:24:51:5E:A7:7F:08:5D:52:3E:97:99:B3:1F:19:A7:42:4F:A6
Certificate issuer:       /CN=23329cb3abe4e940cfc62a20e2a6e2c28fc28329
Certificate serial:       01925E7EE9D8116FA9AB049F62602A2EC4EB
Authority key identifier: 23:32:9C:B3:AB:E4:E9:40:CF:C6:2A:20:E2:A6:E2:C2:8F:C2:83:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IzKcs6vk6UDPxiog4qbiwo_Cgyk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/15/dd394b-6bc4-4e47-b012-518f2c8f846b/1/rPYkUV6nfwhdUj6XmbMfGadCT6Y.roa
Signing time:             Sat 05 Oct 2024 21:03:48 +0000
ROA not before:           Sat 05 Oct 2024 21:03:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201207
IP address blocks:        2001:3480::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/15/dd394b-6bc4-4e47-b012-518f2c8f846b/1/IzKcs6vk6UDPxiog4qbiwo_Cgyk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/15/dd394b-6bc4-4e47-b012-518f2c8f846b/1/IzKcs6vk6UDPxiog4qbiwo_Cgyk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IzKcs6vk6UDPxiog4qbiwo_Cgyk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:5e:7e:e9:d8:11:6f:a9:ab:04:9f:62:60:2a:2e:c4:eb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=23329cb3abe4e940cfc62a20e2a6e2c28fc28329
        Validity
            Not Before: Oct  5 21:03:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=acf624515ea77f085d523e9799b31f19a7424fa6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:81:69:4b:da:0b:ec:13:ae:ff:9a:84:e0:ed:
                    01:db:a8:b3:58:56:23:9b:9e:e8:9d:5a:95:6a:09:
                    c1:76:e1:43:c7:48:b3:cc:2a:49:9c:1b:7a:92:23:
                    fb:87:47:ed:28:fe:01:71:c7:49:94:75:04:a5:78:
                    ce:40:0b:08:f0:79:a9:31:91:33:c3:bb:1b:2e:61:
                    4b:33:83:48:e7:77:77:6f:71:48:d7:3a:1c:01:b2:
                    b8:af:dd:18:59:b1:57:2c:cc:9b:dd:8b:45:52:59:
                    4a:8e:88:07:52:ee:74:f8:60:70:37:14:9e:cc:a4:
                    41:7b:7c:7c:b5:c2:08:5b:49:a3:09:1c:2e:69:37:
                    ba:2c:98:92:e4:70:02:2b:79:47:e7:34:c1:9a:bc:
                    2b:ec:f8:f8:7b:66:9a:f8:9d:94:f0:69:04:23:1d:
                    da:a3:46:94:56:2b:8a:d8:30:91:c6:96:6e:56:a5:
                    3a:c4:f3:c9:36:42:eb:85:d3:cb:a9:c3:3d:bc:5c:
                    f6:f8:05:71:21:8b:a4:cc:d0:51:7a:14:8b:e8:a1:
                    2c:72:a1:01:04:ca:50:68:a1:c9:50:9a:4f:91:54:
                    3c:a8:d2:16:d5:c4:72:c5:88:0a:7e:8c:9e:5e:b7:
                    3a:3b:74:9c:54:a2:df:b5:2a:26:87:8f:99:34:ee:
                    dc:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:F6:24:51:5E:A7:7F:08:5D:52:3E:97:99:B3:1F:19:A7:42:4F:A6
            X509v3 Authority Key Identifier:
                keyid:23:32:9C:B3:AB:E4:E9:40:CF:C6:2A:20:E2:A6:E2:C2:8F:C2:83:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IzKcs6vk6UDPxiog4qbiwo_Cgyk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/dd394b-6bc4-4e47-b012-518f2c8f846b/1/rPYkUV6nfwhdUj6XmbMfGadCT6Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/15/dd394b-6bc4-4e47-b012-518f2c8f846b/1/IzKcs6vk6UDPxiog4qbiwo_Cgyk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:3480::/29

    Signature Algorithm: sha256WithRSAEncryption
         75:98:42:08:b4:cb:ec:8f:08:08:0a:78:93:41:02:c0:e9:36:
         fc:55:46:54:ea:8f:c4:f8:eb:f3:a6:20:ee:8d:8d:9d:64:82:
         bd:a9:7b:31:4e:24:c4:f4:99:4a:3f:ff:38:22:24:14:68:9f:
         81:c4:ba:f1:39:5b:d7:dc:d9:be:8b:5d:45:2e:ad:34:7d:f8:
         64:a7:5c:23:52:65:5d:d3:08:ec:85:1c:77:6d:29:94:c9:4a:
         b1:53:ee:a5:b9:cc:ca:e4:e5:e3:fb:f8:e3:7a:9c:1f:6e:55:
         48:e4:06:45:8f:3e:6b:2f:1b:46:53:3c:cf:1f:d8:84:60:b9:
         69:9a:5d:1c:c7:18:16:cc:8b:1b:1c:4f:95:5f:da:30:88:9e:
         8a:99:38:aa:42:e5:53:10:96:43:be:2f:aa:67:86:b0:04:f5:
         d5:96:b9:36:56:67:1b:2d:35:47:04:d6:87:68:cc:ae:62:f3:
         87:c9:bb:3a:50:a2:77:cc:97:27:6b:7a:da:a8:2e:9f:e7:af:
         09:95:08:99:1d:56:cc:f5:3a:ba:02:6b:f2:9b:55:05:c6:9d:
         84:e3:55:c1:3a:ee:c1:7c:7e:72:4e:f6:96:e4:8e:1b:ae:b5:
         c2:fe:eb:6f:76:a3:34:66:4d:8f:a4:c4:d8:b9:6f:9f:37:87:
         7d:7b:13:a2
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZJefunYEW+pqwSfYmAqLsTrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIzMzI5Y2IzYWJlNGU5NDBjZmM2MmEyMGUyYTZlMmMyOGZj
MjgzMjkwHhcNMjQxMDA1MjEwMzQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhY2Y2MjQ1MTVlYTc3ZjA4NWQ1MjNlOTc5OWIzMWYxOWE3NDI0ZmE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjIFpS9oL7BOu/5qE4O0B26izWFYj
m57onVqVagnBduFDx0izzCpJnBt6kiP7h0ftKP4BccdJlHUEpXjOQAsI8HmpMZEz
w7sbLmFLM4NI53d3b3FI1zocAbK4r90YWbFXLMyb3YtFUllKjogHUu50+GBwNxSe
zKRBe3x8tcIIW0mjCRwuaTe6LJiS5HACK3lH5zTBmrwr7Pj4e2aa+J2U8GkEIx3a
o0aUViuK2DCRxpZuVqU6xPPJNkLrhdPLqcM9vFz2+AVxIYukzNBRehSL6KEscqEB
BMpQaKHJUJpPkVQ8qNIW1cRyxYgKfoyeXrc6O3ScVKLftSomh4+ZNO7c8wIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFKz2JFFep38IXVI+l5mzHxmnQk+mMB8GA1UdIwQY
MBaAFCMynLOr5OlAz8YqIOKm4sKPwoMpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXpLY3M2dms2VURQeGlvZzRxYml3b19DZ3lrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNS9kZDM5NGItNmJjNC00ZTQ3LWIwMTIt
NTE4ZjJjOGY4NDZiLzEvclBZa1VWNm5md2hkVWo2WG1iTWZHYWRDVDZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNS9kZDM5NGItNmJjNC00ZTQ3LWIwMTItNTE4ZjJjOGY4NDZi
LzEvSXpLY3M2dms2VURQeGlvZzRxYml3b19DZ3lrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDIAE0gDAN
BgkqhkiG9w0BAQsFAAOCAQEAdZhCCLTL7I8ICAp4k0ECwOk2/FVGVOqPxPjr86Yg
7o2NnWSCval7MU4kxPSZSj//OCIkFGifgcS68Tlb19zZvotdRS6tNH34ZKdcI1Jl
XdMI7IUcd20plMlKsVPupbnMyuTl4/v443qcH25VSOQGRY8+ay8bRlM8zx/YhGC5
aZpdHMcYFsyLGxxPlV/aMIieipk4qkLlUxCWQ74vqmeGsAT11Za5NlZnGy01RwTW
h2jMrmLzh8m7OlCid8yXJ2t62qgun+evCZUImR1WzPU6ugJr8ptVBcadhONVwTru
wXx+ck72luSOG661wv7rb3ajNGZNj6TE2LlvnzeHfXsTog==
-----END CERTIFICATE-----