Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/31/afda9a-6630-4a9f-b522-28829c03c69a/1/9d6LfdEPa--l7n_u-iZzdOMv7DQ.roa
File:                     9d6LfdEPa--l7n_u-iZzdOMv7DQ.roa (raw, json)
Hash identifier:          ghwex2I1qDW5wrBzbnSbeskaxirFKUb1QOk4LZOCa7I=
Subject key identifier:   F5:DE:8B:7D:D1:0F:6B:EF:A5:EE:7F:EE:FA:26:73:74:E3:2F:EC:34
Certificate issuer:       /CN=aa9a164c656412b7daafae8571cc679cc6f587d0
Certificate serial:       018D127A3126652AB9B6C27959C4DA9C49D6
Authority key identifier: AA:9A:16:4C:65:64:12:B7:DA:AF:AE:85:71:CC:67:9C:C6:F5:87:D0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qpoWTGVkErfar66FccxnnMb1h9A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/31/afda9a-6630-4a9f-b522-28829c03c69a/1/9d6LfdEPa--l7n_u-iZzdOMv7DQ.roa
Signing time:             Tue 16 Jan 2024 13:33:34 +0000
ROA not before:           Tue 16 Jan 2024 13:33:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     25145
IP address blocks:        2a09:6080::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/31/afda9a-6630-4a9f-b522-28829c03c69a/1/qpoWTGVkErfar66FccxnnMb1h9A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/31/afda9a-6630-4a9f-b522-28829c03c69a/1/qpoWTGVkErfar66FccxnnMb1h9A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qpoWTGVkErfar66FccxnnMb1h9A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:12:7a:31:26:65:2a:b9:b6:c2:79:59:c4:da:9c:49:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aa9a164c656412b7daafae8571cc679cc6f587d0
        Validity
            Not Before: Jan 16 13:33:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f5de8b7dd10f6befa5ee7feefa267374e32fec34
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:75:15:dc:a4:43:be:f9:34:0b:7c:ca:b4:b5:
                    b1:9a:56:b4:97:cf:08:1f:1d:c0:34:87:d2:8d:8d:
                    c8:29:91:8c:22:78:57:2f:41:e4:7e:87:ae:c0:08:
                    6a:11:e7:d4:47:12:a6:64:94:2e:38:9a:b0:a7:9c:
                    be:b0:db:59:ef:5e:6b:eb:be:0f:12:be:64:98:d9:
                    fb:6e:31:57:5f:57:b2:1d:1c:83:17:95:91:a2:fe:
                    a0:49:39:c7:5d:af:b0:a5:11:4f:7c:1b:6b:f2:7c:
                    6a:a8:d6:01:2e:c3:c1:bc:e7:b1:e6:60:d7:4b:e2:
                    38:79:d7:22:3a:ce:b4:7a:46:22:d1:18:3f:5b:99:
                    ed:d1:44:cb:9f:4e:cf:08:45:1b:be:8d:1d:c3:2a:
                    02:93:94:3e:45:4f:4a:a2:87:a9:7d:ab:29:b9:39:
                    23:e8:83:77:09:68:fb:41:b5:6b:66:a5:50:6b:26:
                    3a:d9:f2:57:22:f8:43:35:da:c8:4d:85:37:c1:cd:
                    89:5b:1d:98:4d:f9:1c:77:4b:58:38:97:94:9b:1c:
                    f2:d2:45:74:28:61:eb:73:b6:c6:55:c7:6b:de:5f:
                    ff:a6:c5:28:59:68:68:53:1d:8a:4d:8a:88:5d:a7:
                    f8:03:b2:8e:91:c3:1b:c0:44:d2:2f:07:17:76:08:
                    fa:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:DE:8B:7D:D1:0F:6B:EF:A5:EE:7F:EE:FA:26:73:74:E3:2F:EC:34
            X509v3 Authority Key Identifier:
                keyid:AA:9A:16:4C:65:64:12:B7:DA:AF:AE:85:71:CC:67:9C:C6:F5:87:D0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qpoWTGVkErfar66FccxnnMb1h9A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/31/afda9a-6630-4a9f-b522-28829c03c69a/1/9d6LfdEPa--l7n_u-iZzdOMv7DQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/31/afda9a-6630-4a9f-b522-28829c03c69a/1/qpoWTGVkErfar66FccxnnMb1h9A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a09:6080::/29

    Signature Algorithm: sha256WithRSAEncryption
         34:5b:71:4f:c0:af:c9:1f:97:cb:48:0f:1c:50:93:fa:eb:46:
         26:cd:be:99:ca:3a:b0:f0:d6:0a:52:1f:25:fe:5a:a8:dd:d7:
         42:f0:19:df:0e:b8:06:44:9c:0d:d0:6f:fa:51:b6:c6:c1:a1:
         b7:3b:54:67:fb:76:38:65:b0:b2:4e:d9:ea:27:71:21:f9:5c:
         fa:a3:58:a2:f2:fb:72:0f:14:04:37:ca:d7:07:48:67:d2:5c:
         43:2a:90:d1:fa:62:cd:02:a2:89:a1:b7:41:69:64:f3:73:39:
         eb:13:74:3d:df:3f:b4:3b:f9:c9:50:a2:2d:c5:67:01:e5:75:
         d6:b7:55:a4:2b:1f:0e:e4:64:c0:72:c4:ec:94:eb:96:9d:97:
         78:31:12:17:cd:90:45:80:14:c2:c9:0d:80:bd:09:45:b2:61:
         2d:2e:f0:6a:7c:1d:b4:86:97:59:99:7b:8d:27:ce:6e:eb:9a:
         b6:45:2b:56:5e:98:b7:cc:ce:b8:82:77:31:0e:af:f4:04:67:
         ad:93:6e:ef:a3:c8:0d:ba:b2:2a:8a:66:b6:9f:d8:dd:fb:bb:
         89:d9:e8:99:0c:7b:c0:01:3f:7f:77:0e:0f:14:64:6a:ab:20:
         2d:41:2a:fb:a4:6c:a8:74:67:37:40:16:aa:91:7e:62:77:05:
         8d:85:de:d3
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAY0SejEmZSq5tsJ5WcTanEnWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFhOWExNjRjNjU2NDEyYjdkYWFmYWU4NTcxY2M2NzljYzZm
NTg3ZDAwHhcNMjQwMTE2MTMzMzM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNWRlOGI3ZGQxMGY2YmVmYTVlZTdmZWVmYTI2NzM3NGUzMmZlYzM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqXUV3KRDvvk0C3zKtLWxmla0l88I
Hx3ANIfSjY3IKZGMInhXL0HkfoeuwAhqEefURxKmZJQuOJqwp5y+sNtZ715r674P
Er5kmNn7bjFXX1eyHRyDF5WRov6gSTnHXa+wpRFPfBtr8nxqqNYBLsPBvOex5mDX
S+I4edciOs60ekYi0Rg/W5nt0UTLn07PCEUbvo0dwyoCk5Q+RU9KooepfaspuTkj
6IN3CWj7QbVrZqVQayY62fJXIvhDNdrITYU3wc2JWx2YTfkcd0tYOJeUmxzy0kV0
KGHrc7bGVcdr3l//psUoWWhoUx2KTYqIXaf4A7KOkcMbwETSLwcXdgj6owIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPXei33RD2vvpe5/7vomc3TjL+w0MB8GA1UdIwQY
MBaAFKqaFkxlZBK32q+uhXHMZ5zG9YfQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcXBvV1RHVmtFcmZhcjY2RmNjeG5uTWIxaDlBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMS9hZmRhOWEtNjYzMC00YTlmLWI1MjIt
Mjg4MjljMDNjNjlhLzEvOWQ2TGZkRVBhLS1sN25fdS1pWnpkT012N0RRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMS9hZmRhOWEtNjYzMC00YTlmLWI1MjItMjg4MjljMDNjNjlh
LzEvcXBvV1RHVmtFcmZhcjY2RmNjeG5uTWIxaDlBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKglggDAN
BgkqhkiG9w0BAQsFAAOCAQEANFtxT8CvyR+Xy0gPHFCT+utGJs2+mco6sPDWClIf
Jf5aqN3XQvAZ3w64BkScDdBv+lG2xsGhtztUZ/t2OGWwsk7Z6idxIflc+qNYovL7
cg8UBDfK1wdIZ9JcQyqQ0fpizQKiiaG3QWlk83M56xN0Pd8/tDv5yVCiLcVnAeV1
1rdVpCsfDuRkwHLE7JTrlp2XeDESF82QRYAUwskNgL0JRbJhLS7wanwdtIaXWZl7
jSfObuuatkUrVl6Yt8zOuIJ3MQ6v9ARnrZNu76PIDbqyKopmtp/Y3fu7idnomQx7
wAE/f3cODxRkaqsgLUEq+6RsqHRnN0AWqpF+YncFjYXe0w==
-----END CERTIFICATE-----