Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/37/d9d3c9-f194-4b26-8f10-ff6a9cde6335/1/ktAbm-eMqyUysDj5Rz0ozhsQgoU.roa
File:                     ktAbm-eMqyUysDj5Rz0ozhsQgoU.roa (raw, json)
Hash identifier:          sOoFB/V0u6n0JOO4WrnOrE08EvrJyrBKeqUzyGdoIfI=
Subject key identifier:   92:D0:1B:9B:E7:8C:AB:25:32:B0:38:F9:47:3D:28:CE:1B:10:82:85
Certificate issuer:       /CN=b5c4787b80ab4801ab62b1bdbfb28e06d30cdf6a
Certificate serial:       019425FDEDE695EA2F854DA0C263D3E1D3CA
Authority key identifier: B5:C4:78:7B:80:AB:48:01:AB:62:B1:BD:BF:B2:8E:06:D3:0C:DF:6A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tcR4e4CrSAGrYrG9v7KOBtMM32o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/37/d9d3c9-f194-4b26-8f10-ff6a9cde6335/1/ktAbm-eMqyUysDj5Rz0ozhsQgoU.roa
Signing time:             Thu 02 Jan 2025 07:49:46 +0000
ROA not before:           Thu 02 Jan 2025 07:49:46 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214784
IP address blocks:        2001:67c:2fa4::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/37/d9d3c9-f194-4b26-8f10-ff6a9cde6335/1/tcR4e4CrSAGrYrG9v7KOBtMM32o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/37/d9d3c9-f194-4b26-8f10-ff6a9cde6335/1/tcR4e4CrSAGrYrG9v7KOBtMM32o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tcR4e4CrSAGrYrG9v7KOBtMM32o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 16 Apr 2025 19:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fd:ed:e6:95:ea:2f:85:4d:a0:c2:63:d3:e1:d3:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b5c4787b80ab4801ab62b1bdbfb28e06d30cdf6a
        Validity
            Not Before: Jan  2 07:49:46 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=92d01b9be78cab2532b038f9473d28ce1b108285
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:a8:a9:b4:a7:9e:4a:f7:00:d1:c2:23:2a:76:
                    54:50:75:2f:31:5a:86:d1:6b:b3:8c:96:f8:3f:a0:
                    49:ec:3d:42:9b:8f:84:ca:69:a1:72:5f:20:63:fa:
                    44:31:49:b5:9e:e5:76:12:5b:76:24:14:a3:69:3b:
                    f0:ed:8d:03:79:cf:eb:3a:04:fe:a5:70:56:64:54:
                    7b:8c:c9:59:f7:65:c7:91:9a:41:c6:3a:d7:3c:83:
                    46:e1:aa:f2:53:f8:db:a7:27:16:df:d2:15:d3:09:
                    f0:0d:10:09:78:fe:c9:51:64:c4:c4:38:2f:c9:c6:
                    73:3e:5c:00:92:63:a1:82:33:61:00:31:b2:45:ea:
                    3d:67:5e:70:61:44:79:0e:db:9d:9c:08:3f:08:c3:
                    cf:05:28:b3:c3:32:c7:80:35:22:83:f4:fb:4e:d7:
                    df:ab:12:d8:65:85:47:27:8e:65:72:32:db:2a:c4:
                    29:ea:6d:47:79:9a:37:7c:12:7c:d1:68:e4:be:10:
                    50:7a:75:24:0f:16:ab:0c:ec:6d:d6:4a:a1:58:f4:
                    9b:2a:a9:f8:6d:3a:d7:16:cb:97:35:c1:ac:fe:dc:
                    08:cb:10:c4:a3:09:a0:63:3c:b0:83:8c:eb:2c:44:
                    6e:91:7c:36:a1:ec:bc:ae:50:6b:cc:e2:31:b3:9c:
                    a3:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:D0:1B:9B:E7:8C:AB:25:32:B0:38:F9:47:3D:28:CE:1B:10:82:85
            X509v3 Authority Key Identifier:
                keyid:B5:C4:78:7B:80:AB:48:01:AB:62:B1:BD:BF:B2:8E:06:D3:0C:DF:6A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tcR4e4CrSAGrYrG9v7KOBtMM32o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/37/d9d3c9-f194-4b26-8f10-ff6a9cde6335/1/ktAbm-eMqyUysDj5Rz0ozhsQgoU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/37/d9d3c9-f194-4b26-8f10-ff6a9cde6335/1/tcR4e4CrSAGrYrG9v7KOBtMM32o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:2fa4::/48

    Signature Algorithm: sha256WithRSAEncryption
         b4:33:6e:7c:d3:73:a8:3b:51:51:f0:7e:83:31:de:56:78:ca:
         4d:9c:a4:e7:ac:aa:39:9f:07:2c:47:10:4b:df:9f:c0:f8:95:
         0c:65:a7:bd:34:61:f1:e5:69:a9:67:ba:19:06:87:a9:af:4d:
         11:21:d2:2e:af:03:6f:d0:05:e4:cd:c8:5b:a0:67:52:84:2a:
         a7:8f:11:79:7c:ac:8b:cd:ef:e6:ae:2f:15:bb:e9:28:1c:ee:
         5f:81:b0:be:5b:4d:3d:44:92:b3:44:05:11:1b:9d:dc:bc:dc:
         f3:fa:b9:44:94:8c:cd:45:ed:2f:2a:67:a3:d7:f1:3f:db:2d:
         fb:3b:f9:64:0c:f8:a0:9d:eb:82:0a:f2:84:d1:b4:f3:27:19:
         82:0e:d3:32:e5:c6:93:83:9d:2e:4c:42:79:b9:4c:40:7e:b9:
         6a:e1:0f:dd:a4:da:42:61:a5:35:38:ae:23:1a:be:61:eb:1b:
         58:4c:4c:7d:b5:96:85:76:81:d6:1b:e1:7a:61:b0:b4:ed:7e:
         e7:98:ac:bc:4a:ca:52:48:80:77:82:09:57:d8:a4:5b:0e:af:
         7b:59:33:b9:8e:1a:29:01:64:ae:e4:a7:98:46:fa:59:76:40:
         16:a4:7f:84:76:79:64:4f:99:cb:fe:90:57:45:08:ce:e5:bb:
         df:db:ea:80
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQl/e3mleovhU2gwmPT4dPKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI1YzQ3ODdiODBhYjQ4MDFhYjYyYjFiZGJmYjI4ZTA2ZDMw
Y2RmNmEwHhcNMjUwMTAyMDc0OTQ2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MmQwMWI5YmU3OGNhYjI1MzJiMDM4Zjk0NzNkMjhjZTFiMTA4Mjg1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn6iptKeeSvcA0cIjKnZUUHUvMVqG
0WuzjJb4P6BJ7D1Cm4+Eymmhcl8gY/pEMUm1nuV2Elt2JBSjaTvw7Y0Dec/rOgT+
pXBWZFR7jMlZ92XHkZpBxjrXPING4aryU/jbpycW39IV0wnwDRAJeP7JUWTExDgv
ycZzPlwAkmOhgjNhADGyReo9Z15wYUR5DtudnAg/CMPPBSizwzLHgDUig/T7Ttff
qxLYZYVHJ45lcjLbKsQp6m1HeZo3fBJ80WjkvhBQenUkDxarDOxt1kqhWPSbKqn4
bTrXFsuXNcGs/twIyxDEowmgYzywg4zrLERukXw2oey8rlBrzOIxs5yjNQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFJLQG5vnjKslMrA4+Uc9KM4bEIKFMB8GA1UdIwQY
MBaAFLXEeHuAq0gBq2Kxvb+yjgbTDN9qMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdGNSNGU0Q3JTQUdyWXJHOXY3S09CdE1NMzJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNy9kOWQzYzktZjE5NC00YjI2LThmMTAt
ZmY2YTljZGU2MzM1LzEva3RBYm0tZU1xeVV5c0RqNVJ6MG96aHNRZ29VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNy9kOWQzYzktZjE5NC00YjI2LThmMTAtZmY2YTljZGU2MzM1
LzEvdGNSNGU0Q3JTQUdyWXJHOXY3S09CdE1NMzJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfC+k
MA0GCSqGSIb3DQEBCwUAA4IBAQC0M25803OoO1FR8H6DMd5WeMpNnKTnrKo5nwcs
RxBL35/A+JUMZae9NGHx5WmpZ7oZBoepr00RIdIurwNv0AXkzchboGdShCqnjxF5
fKyLze/mri8Vu+koHO5fgbC+W009RJKzRAURG53cvNzz+rlElIzNRe0vKmej1/E/
2y37O/lkDPigneuCCvKE0bTzJxmCDtMy5caTg50uTEJ5uUxAfrlq4Q/dpNpCYaU1
OK4jGr5h6xtYTEx9tZaFdoHWG+F6YbC07X7nmKy8SspSSIB3gglX2KRbDq97WTO5
jhopAWSu5KeYRvpZdkAWpH+EdnlkT5nL/pBXRQjO5bvf2+qA
-----END CERTIFICATE-----