Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/X4IJd97ntE760IZxrUtcM6glaf0.roa
File:                     X4IJd97ntE760IZxrUtcM6glaf0.roa (raw, json)
Hash identifier:          dO8EPvbbgD+tT6eDezTjme65bwK9vYbUA5BCa7Gw8WY=
Subject key identifier:   5F:82:09:77:DE:E7:B4:4E:FA:D0:86:71:AD:4B:5C:33:A8:25:69:FD
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       0191E16A5ADC98766055084A69BC55D1E434
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/X4IJd97ntE760IZxrUtcM6glaf0.roa
Signing time:             Wed 11 Sep 2024 14:08:49 +0000
ROA not before:           Wed 11 Sep 2024 14:08:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214223
IP address blocks:        2a0c:b641:d00::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 02:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:e1:6a:5a:dc:98:76:60:55:08:4a:69:bc:55:d1:e4:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Sep 11 14:08:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5f820977dee7b44efad08671ad4b5c33a82569fd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:b8:ab:66:13:1d:9f:34:6f:b8:25:9b:ba:eb:
                    18:da:86:44:14:2f:25:34:8d:73:4e:5e:ee:54:e6:
                    99:2e:14:a8:62:14:71:91:12:64:c0:51:94:66:81:
                    eb:05:cd:05:86:46:e8:dd:5e:53:e0:c9:3d:bc:17:
                    e4:85:7c:c0:6e:91:5e:41:5f:c1:dd:ba:50:36:5b:
                    b7:aa:1e:76:a7:a1:19:77:84:2a:de:7c:40:1f:d6:
                    97:a9:d7:91:e2:f7:b2:37:ef:f9:8c:86:5a:dd:52:
                    43:84:fa:3d:cf:fb:54:50:37:15:95:d2:09:9f:f8:
                    ff:01:1f:18:cc:7f:4c:20:a2:93:d6:9d:36:ed:74:
                    f8:71:bb:99:00:01:d9:58:94:70:37:7a:77:05:38:
                    84:c3:06:31:ba:f4:d8:8f:df:4b:07:73:73:e2:c4:
                    77:b0:ca:89:a1:79:af:b2:06:d0:79:58:4b:de:2f:
                    89:5e:93:fc:95:5f:0d:34:94:52:a3:57:4d:06:bf:
                    fe:d1:83:65:74:a6:4c:90:10:c0:3a:22:da:cd:fd:
                    fd:44:18:7a:c5:97:cd:d6:50:97:9d:ab:9b:3f:22:
                    2d:3f:2f:26:92:03:1f:4f:aa:cb:87:d7:3b:5e:91:
                    65:15:ae:2b:34:fc:5a:93:91:a4:84:42:63:65:a7:
                    07:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:82:09:77:DE:E7:B4:4E:FA:D0:86:71:AD:4B:5C:33:A8:25:69:FD
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/X4IJd97ntE760IZxrUtcM6glaf0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b641:d00::/44

    Signature Algorithm: sha256WithRSAEncryption
         5c:32:30:5e:c0:55:38:f7:37:e0:df:1a:04:b4:d4:74:85:28:
         3e:8c:d1:3f:c8:46:42:aa:66:97:96:1c:2a:0c:0f:a5:a6:17:
         b8:8a:aa:05:27:a9:38:c8:8f:89:65:a2:30:8a:f6:b7:9d:ae:
         59:7a:db:26:8c:c2:d7:6e:24:d7:51:91:5d:b5:a5:96:24:85:
         ed:b2:1b:e7:f7:03:01:9d:31:58:92:a5:f9:9e:6d:e2:ac:a2:
         8b:29:ef:ed:8b:25:26:7b:62:24:71:f3:91:bc:e7:e3:f4:b0:
         10:54:92:11:6f:0e:89:c6:88:6a:e2:2a:7e:fb:69:f0:9e:11:
         88:5d:c7:6d:0d:ae:68:79:b2:fa:6d:2f:6a:6e:6e:52:d1:be:
         25:4d:1c:4c:3b:2b:f1:48:93:82:90:b6:ea:25:32:ec:3a:d2:
         f6:4c:05:bb:07:69:fb:bb:d8:b9:ea:b0:b4:99:14:5f:4e:d3:
         71:5c:f7:86:6a:8f:7b:5d:46:a2:82:42:23:d2:57:63:6e:2d:
         22:85:3b:91:74:0c:83:f3:f1:f9:e4:17:f4:f3:72:48:fc:79:
         5f:fe:fa:09:f7:08:71:4b:ec:16:8c:34:68:4d:f6:9a:cc:fc:
         37:64:6c:1e:3e:86:fa:dd:55:dc:68:61:cb:9d:52:4d:56:0e:
         0f:32:4b:81
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZHhalrcmHZgVQhKabxV0eQ0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjQwOTExMTQwODQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZjgyMDk3N2RlZTdiNDRlZmFkMDg2NzFhZDRiNWMzM2E4MjU2OWZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzrirZhMdnzRvuCWbuusY2oZEFC8l
NI1zTl7uVOaZLhSoYhRxkRJkwFGUZoHrBc0Fhkbo3V5T4Mk9vBfkhXzAbpFeQV/B
3bpQNlu3qh52p6EZd4Qq3nxAH9aXqdeR4veyN+/5jIZa3VJDhPo9z/tUUDcVldIJ
n/j/AR8YzH9MIKKT1p027XT4cbuZAAHZWJRwN3p3BTiEwwYxuvTYj99LB3Nz4sR3
sMqJoXmvsgbQeVhL3i+JXpP8lV8NNJRSo1dNBr/+0YNldKZMkBDAOiLazf39RBh6
xZfN1lCXnaubPyItPy8mkgMfT6rLh9c7XpFlFa4rNPxak5GkhEJjZacH3QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFF+CCXfe57RO+tCGca1LXDOoJWn9MB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvWDRJSmQ5N250RTc2MElaeHJVdGNNNmdsYWYwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgy2QQ0A
MA0GCSqGSIb3DQEBCwUAA4IBAQBcMjBewFU49zfg3xoEtNR0hSg+jNE/yEZCqmaX
lhwqDA+lphe4iqoFJ6k4yI+JZaIwiva3na5ZetsmjMLXbiTXUZFdtaWWJIXtshvn
9wMBnTFYkqX5nm3irKKLKe/tiyUme2IkcfORvOfj9LAQVJIRbw6Jxohq4ip++2nw
nhGIXcdtDa5oebL6bS9qbm5S0b4lTRxMOyvxSJOCkLbqJTLsOtL2TAW7B2n7u9i5
6rC0mRRfTtNxXPeGao97XUaigkIj0ldjbi0ihTuRdAyD8/H55Bf083JI/Hlf/voJ
9whxS+wWjDRoTfaazPw3ZGwePob63VXcaGHLnVJNVg4PMkuB
-----END CERTIFICATE-----