Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/28/ec3284-3576-4ee4-93b8-1847cb88e83a/1/khRg4MYEnETJ2jPimtqut6SDcfI.roa
File:                     khRg4MYEnETJ2jPimtqut6SDcfI.roa (raw, json)
Hash identifier:          Nu5ttQZeyOdAqpRtT8J7JzoHpXrE1o2QevNWAJZ6hBk=
Subject key identifier:   92:14:60:E0:C6:04:9C:44:C9:DA:33:E2:9A:DA:AE:B7:A4:83:71:F2
Certificate issuer:       /CN=c2afc14dce450b05ec86c7c53070cd6bb6dbc7ee
Certificate serial:       019420D5CBE12E1A9304ABD41F85E76101F6
Authority key identifier: C2:AF:C1:4D:CE:45:0B:05:EC:86:C7:C5:30:70:CD:6B:B6:DB:C7:EE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wq_BTc5FCwXshsfFMHDNa7bbx-4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/28/ec3284-3576-4ee4-93b8-1847cb88e83a/1/khRg4MYEnETJ2jPimtqut6SDcfI.roa
Signing time:             Wed 01 Jan 2025 07:47:49 +0000
ROA not before:           Wed 01 Jan 2025 07:47:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     48809
IP address blocks:        2a05:36c0:2::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/28/ec3284-3576-4ee4-93b8-1847cb88e83a/1/wq_BTc5FCwXshsfFMHDNa7bbx-4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/28/ec3284-3576-4ee4-93b8-1847cb88e83a/1/wq_BTc5FCwXshsfFMHDNa7bbx-4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wq_BTc5FCwXshsfFMHDNa7bbx-4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 20 Apr 2025 22:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d5:cb:e1:2e:1a:93:04:ab:d4:1f:85:e7:61:01:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2afc14dce450b05ec86c7c53070cd6bb6dbc7ee
        Validity
            Not Before: Jan  1 07:47:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=921460e0c6049c44c9da33e29adaaeb7a48371f2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:66:43:38:d0:62:12:8d:7a:f1:f1:54:26:27:
                    57:9e:10:c3:55:b4:0c:1e:89:7b:cf:bf:b8:f9:17:
                    6d:50:52:6c:e5:62:31:21:71:8e:fa:09:0c:77:18:
                    7b:71:fd:4d:5c:a8:06:12:b0:87:14:ff:9b:6b:b6:
                    aa:cf:d4:47:80:2e:50:9c:3d:f9:da:c4:31:8f:0a:
                    04:69:1f:31:3d:73:f0:c6:96:84:f4:3f:60:b4:88:
                    61:b8:8d:04:4b:4e:50:a4:ea:c4:3b:85:e2:c0:06:
                    93:3c:0b:68:32:44:27:b7:10:19:7d:f2:8b:69:ca:
                    ec:4f:45:04:19:19:b0:fb:b9:91:b6:d9:60:23:ff:
                    a6:e9:a3:b8:bb:2b:09:c3:2a:75:68:ae:b9:96:c1:
                    f5:77:93:69:7a:cd:d8:1f:42:a7:d7:9d:0a:40:fa:
                    f3:41:dc:67:82:8f:50:f2:69:7a:99:81:c6:be:00:
                    60:c7:54:a5:f2:24:e5:eb:98:01:5e:c1:b0:b2:96:
                    24:1c:ea:6a:d7:6a:70:38:09:12:40:3b:07:15:28:
                    a3:79:29:85:bd:8a:8b:60:c0:f6:b1:c1:0f:43:54:
                    61:7c:ff:8c:c3:a5:82:5e:de:e0:1e:cb:3d:c6:8e:
                    3c:99:2b:46:c9:b8:d9:cd:e9:cf:58:a0:94:6f:65:
                    84:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:14:60:E0:C6:04:9C:44:C9:DA:33:E2:9A:DA:AE:B7:A4:83:71:F2
            X509v3 Authority Key Identifier:
                keyid:C2:AF:C1:4D:CE:45:0B:05:EC:86:C7:C5:30:70:CD:6B:B6:DB:C7:EE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wq_BTc5FCwXshsfFMHDNa7bbx-4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/28/ec3284-3576-4ee4-93b8-1847cb88e83a/1/khRg4MYEnETJ2jPimtqut6SDcfI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/28/ec3284-3576-4ee4-93b8-1847cb88e83a/1/wq_BTc5FCwXshsfFMHDNa7bbx-4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:36c0:2::/48

    Signature Algorithm: sha256WithRSAEncryption
         82:40:f4:95:93:23:b1:7b:b0:2d:14:6e:6d:3f:26:67:2f:07:
         b2:4c:a1:6f:56:4b:5e:9d:e9:32:56:16:8c:d8:a6:05:3d:a9:
         4b:e5:ee:ad:05:01:ab:3d:25:02:78:96:56:4d:8f:c9:d6:be:
         28:7b:6f:f2:52:09:b0:b6:54:06:cb:c8:55:97:46:47:8b:59:
         5d:af:1b:83:1f:9f:bd:9a:e6:a6:16:92:5f:b8:28:a2:94:79:
         a4:cc:18:b3:48:bb:eb:e9:d2:35:98:9f:65:4a:99:a4:5d:d6:
         48:6c:b7:14:e3:be:53:4d:e7:c2:77:4a:76:98:34:22:9c:a6:
         40:f2:ce:7d:b6:03:c3:cb:e0:bb:0f:5e:40:69:76:bf:91:8a:
         d9:c8:15:27:d9:f1:15:0f:d3:2c:c8:c3:b8:08:ad:26:f9:fe:
         19:82:cf:48:90:22:fc:4c:e2:bd:d9:7a:fb:ff:df:92:fe:94:
         30:66:00:1d:c9:1e:62:a1:c4:56:e9:de:c5:f7:e0:54:fc:8b:
         25:eb:d7:4a:a2:3c:64:15:3b:6e:ed:3f:a3:d0:06:9c:8e:b4:
         59:5d:ad:17:e7:8a:45:7a:b8:23:f5:6b:9c:7b:71:10:bf:58:
         b6:41:3e:da:0f:1d:e9:60:cb:7c:51:40:6e:e9:46:41:f8:f5:
         4c:63:97:0c
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQg1cvhLhqTBKvUH4XnYQH2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyYWZjMTRkY2U0NTBiMDVlYzg2YzdjNTMwNzBjZDZiYjZk
YmM3ZWUwHhcNMjUwMTAxMDc0NzQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MjE0NjBlMGM2MDQ5YzQ0YzlkYTMzZTI5YWRhYWViN2E0ODM3MWYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqWZDONBiEo168fFUJidXnhDDVbQM
Hol7z7+4+RdtUFJs5WIxIXGO+gkMdxh7cf1NXKgGErCHFP+ba7aqz9RHgC5QnD35
2sQxjwoEaR8xPXPwxpaE9D9gtIhhuI0ES05QpOrEO4XiwAaTPAtoMkQntxAZffKL
acrsT0UEGRmw+7mRttlgI/+m6aO4uysJwyp1aK65lsH1d5Npes3YH0Kn150KQPrz
Qdxngo9Q8ml6mYHGvgBgx1Sl8iTl65gBXsGwspYkHOpq12pwOAkSQDsHFSijeSmF
vYqLYMD2scEPQ1RhfP+Mw6WCXt7gHss9xo48mStGybjZzenPWKCUb2WE+wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFJIUYODGBJxEydoz4prarrekg3HyMB8GA1UdIwQY
MBaAFMKvwU3ORQsF7IbHxTBwzWu228fuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd3FfQlRjNUZDd1hzaHNmRk1IRE5hN2JieC00LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOC9lYzMyODQtMzU3Ni00ZWU0LTkzYjgt
MTg0N2NiODhlODNhLzEva2hSZzRNWUVuRVRKMmpQaW10cXV0NlNEY2ZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOC9lYzMyODQtMzU3Ni00ZWU0LTkzYjgtMTg0N2NiODhlODNh
LzEvd3FfQlRjNUZDd1hzaHNmRk1IRE5hN2JieC00LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgU2wAAC
MA0GCSqGSIb3DQEBCwUAA4IBAQCCQPSVkyOxe7AtFG5tPyZnLweyTKFvVkteneky
VhaM2KYFPalL5e6tBQGrPSUCeJZWTY/J1r4oe2/yUgmwtlQGy8hVl0ZHi1ldrxuD
H5+9muamFpJfuCiilHmkzBizSLvr6dI1mJ9lSpmkXdZIbLcU475TTefCd0p2mDQi
nKZA8s59tgPDy+C7D15AaXa/kYrZyBUn2fEVD9MsyMO4CK0m+f4Zgs9IkCL8TOK9
2Xr7/9+S/pQwZgAdyR5iocRW6d7F9+BU/Isl69dKojxkFTtu7T+j0AacjrRZXa0X
54pFergj9Wuce3EQv1i2QT7aDx3pYMt8UUBu6UZB+PVMY5cM
-----END CERTIFICATE-----