Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/37/81ac71-0f2a-4861-959b-afa4fd3506d0/1/etkRbnW9ryrJ6e3ywwJ1q9bD7Xw.roa
File:                     etkRbnW9ryrJ6e3ywwJ1q9bD7Xw.roa (raw, json)
Hash identifier:          JMmWgxd8mijwpLVsPTeG3AKA8OAxDNzyK+lSzQE8/U0=
Subject key identifier:   7A:D9:11:6E:75:BD:AF:2A:C9:E9:ED:F2:C3:02:75:AB:D6:C3:ED:7C
Certificate issuer:       /CN=4603c656c197461a49caa1ffd720d18beeac8076
Certificate serial:       019426D9636017350373525F037006080DAA
Authority key identifier: 46:03:C6:56:C1:97:46:1A:49:CA:A1:FF:D7:20:D1:8B:EE:AC:80:76
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RgPGVsGXRhpJyqH_1yDRi-6sgHY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/37/81ac71-0f2a-4861-959b-afa4fd3506d0/1/etkRbnW9ryrJ6e3ywwJ1q9bD7Xw.roa
Signing time:             Thu 02 Jan 2025 11:49:28 +0000
ROA not before:           Thu 02 Jan 2025 11:49:28 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214457
IP address blocks:        2001:3200::/29 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/37/81ac71-0f2a-4861-959b-afa4fd3506d0/1/RgPGVsGXRhpJyqH_1yDRi-6sgHY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/37/81ac71-0f2a-4861-959b-afa4fd3506d0/1/RgPGVsGXRhpJyqH_1yDRi-6sgHY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RgPGVsGXRhpJyqH_1yDRi-6sgHY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 20:00:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:63:60:17:35:03:73:52:5f:03:70:06:08:0d:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4603c656c197461a49caa1ffd720d18beeac8076
        Validity
            Not Before: Jan  2 11:49:28 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7ad9116e75bdaf2ac9e9edf2c30275abd6c3ed7c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:2b:9e:d7:2c:c6:bf:83:f6:3a:d7:9b:58:86:
                    54:b8:30:9a:d8:21:8f:00:3a:68:be:1b:a4:6f:27:
                    f1:19:94:95:f9:3b:ac:df:87:cb:de:99:d9:87:8b:
                    de:05:91:45:00:c0:f3:19:0f:e6:ca:a1:c7:ee:82:
                    72:1a:89:2a:5b:02:c6:72:c2:f7:c2:25:ed:3b:68:
                    f3:49:53:31:98:5d:15:7f:ef:af:a8:2a:c4:95:59:
                    d1:3a:11:2c:8c:dd:9d:03:3d:a0:b8:cb:fc:28:e2:
                    5b:51:41:7d:a0:4b:9e:e5:50:52:61:7f:b3:b2:29:
                    e9:29:7f:c7:82:df:ac:00:ea:86:ab:d8:41:06:64:
                    a9:eb:5f:68:a4:91:80:a7:ba:c0:c3:3d:35:ba:34:
                    ca:04:ab:93:1b:f0:01:9b:ac:89:ee:85:3d:9f:d1:
                    a2:fb:d6:9a:d5:93:fd:e9:65:da:da:a9:0b:ab:97:
                    14:6b:1e:ea:06:ed:c1:c9:b4:ea:67:17:c2:11:fa:
                    8f:9e:16:0e:50:16:e9:b3:20:ce:6d:56:a8:a2:73:
                    a6:27:26:cb:46:15:d4:0b:03:8f:cc:aa:b2:dd:a5:
                    9f:75:fd:11:e0:a0:e8:c4:60:fc:d1:b8:f1:c4:28:
                    c1:72:0b:07:96:b7:f7:4c:32:0e:d1:7b:be:8e:45:
                    f0:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7A:D9:11:6E:75:BD:AF:2A:C9:E9:ED:F2:C3:02:75:AB:D6:C3:ED:7C
            X509v3 Authority Key Identifier:
                keyid:46:03:C6:56:C1:97:46:1A:49:CA:A1:FF:D7:20:D1:8B:EE:AC:80:76

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RgPGVsGXRhpJyqH_1yDRi-6sgHY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/37/81ac71-0f2a-4861-959b-afa4fd3506d0/1/etkRbnW9ryrJ6e3ywwJ1q9bD7Xw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/37/81ac71-0f2a-4861-959b-afa4fd3506d0/1/RgPGVsGXRhpJyqH_1yDRi-6sgHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:3200::/29

    Signature Algorithm: sha256WithRSAEncryption
         3d:55:40:18:14:ea:1a:3f:b6:9e:74:cf:6f:49:e6:ee:da:59:
         e4:f6:4d:c9:c7:66:f3:bf:31:4b:ec:07:71:a8:73:d2:ef:67:
         bc:f9:63:b7:00:98:bd:1c:c0:20:88:47:77:29:d8:ca:f0:af:
         1f:30:93:0e:fe:a0:80:8b:6e:77:29:8d:62:5c:e2:7a:b7:92:
         a8:55:c6:7b:d7:85:5b:72:db:34:6b:1b:7a:08:40:1f:6d:8b:
         3f:28:db:68:a4:8d:6b:e4:1d:c6:05:eb:fa:f2:45:35:70:68:
         35:c9:8e:b9:f2:ba:4e:a7:41:91:96:37:fa:7d:c9:ee:36:40:
         81:b2:ad:c1:35:6c:62:39:dd:f1:c7:9a:f5:bb:98:c9:28:15:
         77:14:64:c9:a3:1e:9d:53:10:c5:fa:a7:c8:60:d6:3f:c3:06:
         13:4a:ba:d6:e1:12:d8:e8:ae:e9:ea:00:45:9a:ea:24:ab:d9:
         83:33:39:0d:74:16:81:b6:f4:fa:5c:20:fc:0d:0c:14:c7:2a:
         24:38:69:e6:56:db:8c:3b:6e:27:e0:9f:97:02:55:f1:db:7a:
         c7:16:df:8d:39:be:2e:b2:c0:da:3a:94:22:56:78:42:ab:c3:
         6c:96:48:b2:67:30:52:88:a7:22:39:7e:ca:3c:9a:13:08:2a:
         a2:6b:6d:22
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQm2WNgFzUDc1JfA3AGCA2qMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ2MDNjNjU2YzE5NzQ2MWE0OWNhYTFmZmQ3MjBkMThiZWVh
YzgwNzYwHhcNMjUwMTAyMTE0OTI4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YWQ5MTE2ZTc1YmRhZjJhYzllOWVkZjJjMzAyNzVhYmQ2YzNlZDdjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0Cue1yzGv4P2OtebWIZUuDCa2CGP
ADpovhukbyfxGZSV+Tus34fL3pnZh4veBZFFAMDzGQ/myqHH7oJyGokqWwLGcsL3
wiXtO2jzSVMxmF0Vf++vqCrElVnROhEsjN2dAz2guMv8KOJbUUF9oEue5VBSYX+z
sinpKX/Hgt+sAOqGq9hBBmSp619opJGAp7rAwz01ujTKBKuTG/ABm6yJ7oU9n9Gi
+9aa1ZP96WXa2qkLq5cUax7qBu3BybTqZxfCEfqPnhYOUBbpsyDObVaoonOmJybL
RhXUCwOPzKqy3aWfdf0R4KDoxGD80bjxxCjBcgsHlrf3TDIO0Xu+jkXwRQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFHrZEW51va8qyent8sMCdavWw+18MB8GA1UdIwQY
MBaAFEYDxlbBl0YaScqh/9cg0YvurIB2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUmdQR1ZzR1hSaHBKeXFIXzF5RFJpLTZzZ0hZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNy84MWFjNzEtMGYyYS00ODYxLTk1OWIt
YWZhNGZkMzUwNmQwLzEvZXRrUmJuVzlyeXJKNmUzeXd3SjFxOWJEN1h3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNy84MWFjNzEtMGYyYS00ODYxLTk1OWItYWZhNGZkMzUwNmQw
LzEvUmdQR1ZzR1hSaHBKeXFIXzF5RFJpLTZzZ0hZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDIAEyADAN
BgkqhkiG9w0BAQsFAAOCAQEAPVVAGBTqGj+2nnTPb0nm7tpZ5PZNycdm878xS+wH
cahz0u9nvPljtwCYvRzAIIhHdynYyvCvHzCTDv6ggItudymNYlziereSqFXGe9eF
W3LbNGsbeghAH22LPyjbaKSNa+QdxgXr+vJFNXBoNcmOufK6TqdBkZY3+n3J7jZA
gbKtwTVsYjnd8cea9buYySgVdxRkyaMenVMQxfqnyGDWP8MGE0q61uES2Oiu6eoA
RZrqJKvZgzM5DXQWgbb0+lwg/A0MFMcqJDhp5lbbjDtuJ+CflwJV8dt6xxbfjTm+
LrLA2jqUIlZ4QqvDbJZIsmcwUoinIjl+yjyaEwgqomttIg==
-----END CERTIFICATE-----