Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/38/b91d05-6a03-40ed-a983-bd809d9dedb9/1/a15ql9whSmA7v8PDlzobAKStIYU.roa
File:                     a15ql9whSmA7v8PDlzobAKStIYU.roa (raw, json)
Hash identifier:          i4JQTq1d7soOmwMqfdiIR8FwyHTrIMo+VQIkB92oIzE=
Subject key identifier:   6B:5E:6A:97:DC:21:4A:60:3B:BF:C3:C3:97:3A:1B:00:A4:AD:21:85
Certificate issuer:       /CN=5e399fba9aae9d2d6ffe52ae8c74ae38fc6c1af1
Certificate serial:       019422FBAEEAC7D39D2F9A5188D4F70EE867
Authority key identifier: 5E:39:9F:BA:9A:AE:9D:2D:6F:FE:52:AE:8C:74:AE:38:FC:6C:1A:F1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XjmfupqunS1v_lKujHSuOPxsGvE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/38/b91d05-6a03-40ed-a983-bd809d9dedb9/1/a15ql9whSmA7v8PDlzobAKStIYU.roa
Signing time:             Wed 01 Jan 2025 17:48:27 +0000
ROA not before:           Wed 01 Jan 2025 17:48:27 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210916
IP address blocks:        2a11:6c6::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/38/b91d05-6a03-40ed-a983-bd809d9dedb9/1/XjmfupqunS1v_lKujHSuOPxsGvE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/38/b91d05-6a03-40ed-a983-bd809d9dedb9/1/XjmfupqunS1v_lKujHSuOPxsGvE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XjmfupqunS1v_lKujHSuOPxsGvE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 05:01:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fb:ae:ea:c7:d3:9d:2f:9a:51:88:d4:f7:0e:e8:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5e399fba9aae9d2d6ffe52ae8c74ae38fc6c1af1
        Validity
            Not Before: Jan  1 17:48:27 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6b5e6a97dc214a603bbfc3c3973a1b00a4ad2185
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:74:cb:fd:a3:15:d2:b2:c0:5f:81:9a:4c:7f:
                    1c:b5:db:b6:6d:ec:8a:48:b1:22:8d:c5:44:12:9d:
                    41:81:84:f8:e4:3e:08:56:e3:06:55:9a:e6:fe:1e:
                    be:73:5a:4f:09:77:17:f0:51:b0:45:3d:e7:46:44:
                    b1:56:df:51:46:05:7d:ab:22:4b:83:e1:3e:9b:61:
                    1e:bf:68:14:42:ef:8f:6a:87:ef:be:13:3d:42:70:
                    7f:0b:7a:f3:16:bb:a3:fe:ff:11:1b:d5:ec:3e:69:
                    a8:85:04:f6:2a:84:61:8f:33:b9:46:e6:9b:ba:50:
                    e9:74:e0:db:3d:c2:45:a9:9d:35:8f:13:51:67:f1:
                    13:11:3a:35:af:2e:e7:e7:51:4b:b0:e3:a8:0f:45:
                    01:18:df:6a:d3:f1:56:b9:5a:f6:8b:c3:e1:86:ca:
                    d6:ff:d9:e4:23:a9:9f:9b:b8:20:3a:9d:85:5a:d1:
                    8b:6e:e2:83:0e:7e:1b:1d:49:bb:83:95:db:60:89:
                    64:70:0a:ad:56:b5:f1:1b:21:cd:47:c4:f6:40:6a:
                    fe:29:58:d0:99:1c:e8:9c:72:06:28:f3:cd:d0:9c:
                    6b:2f:c1:14:cd:28:f0:c9:ae:37:44:6d:2c:7f:0b:
                    74:ad:51:d7:ae:fc:b1:9f:5a:4e:7a:7d:19:75:6d:
                    13:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:5E:6A:97:DC:21:4A:60:3B:BF:C3:C3:97:3A:1B:00:A4:AD:21:85
            X509v3 Authority Key Identifier:
                keyid:5E:39:9F:BA:9A:AE:9D:2D:6F:FE:52:AE:8C:74:AE:38:FC:6C:1A:F1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XjmfupqunS1v_lKujHSuOPxsGvE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/38/b91d05-6a03-40ed-a983-bd809d9dedb9/1/a15ql9whSmA7v8PDlzobAKStIYU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/38/b91d05-6a03-40ed-a983-bd809d9dedb9/1/XjmfupqunS1v_lKujHSuOPxsGvE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a11:6c6::/32

    Signature Algorithm: sha256WithRSAEncryption
         5c:d0:99:bd:01:62:7d:77:59:f7:e9:9c:21:30:b4:48:f9:d8:
         e3:7c:3b:89:1e:36:74:d6:06:e0:67:d7:03:59:ce:ca:a1:e4:
         ce:75:7b:81:c4:90:1c:b3:fc:ae:df:00:4c:de:73:f2:d4:0c:
         8f:6e:77:ab:e3:11:ac:2f:7a:19:17:0e:9a:e7:1b:8f:d4:c5:
         e8:7d:6f:16:63:0b:5d:e5:aa:7e:6f:64:14:c2:dc:94:c7:87:
         2c:f9:e8:3f:aa:ab:47:78:be:db:f2:8c:44:20:e9:c0:4e:78:
         a4:47:96:c7:eb:9f:11:6a:32:4d:b2:f7:bc:26:de:6f:8c:63:
         fa:f1:8a:82:49:74:b6:3e:76:7b:b8:d0:4b:da:0f:14:5a:89:
         68:4c:9d:cf:cf:bd:58:ed:5c:3a:c9:c9:e2:db:30:ee:57:9e:
         1e:61:a3:63:d9:a2:7b:35:d0:83:7e:14:18:b3:32:06:b2:ff:
         8e:8b:b3:a1:15:da:71:b0:f1:e5:de:d3:33:69:97:d8:6c:3c:
         9a:31:9f:88:b3:75:8f:40:b2:bd:9a:eb:17:da:6c:04:25:49:
         b2:cf:96:1e:61:97:a9:5b:85:4e:ec:5d:d6:a2:e9:e2:7c:b5:
         c3:ef:ac:43:fc:9b:b0:47:16:6c:48:46:0d:a3:fb:e1:67:8c:
         a7:c6:91:51
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQi+67qx9OdL5pRiNT3DuhnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVlMzk5ZmJhOWFhZTlkMmQ2ZmZlNTJhZThjNzRhZTM4ZmM2
YzFhZjEwHhcNMjUwMTAxMTc0ODI3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YjVlNmE5N2RjMjE0YTYwM2JiZmMzYzM5NzNhMWIwMGE0YWQyMTg1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs3TL/aMV0rLAX4GaTH8ctdu2beyK
SLEijcVEEp1BgYT45D4IVuMGVZrm/h6+c1pPCXcX8FGwRT3nRkSxVt9RRgV9qyJL
g+E+m2Eev2gUQu+PaofvvhM9QnB/C3rzFruj/v8RG9XsPmmohQT2KoRhjzO5Ruab
ulDpdODbPcJFqZ01jxNRZ/ETETo1ry7n51FLsOOoD0UBGN9q0/FWuVr2i8PhhsrW
/9nkI6mfm7ggOp2FWtGLbuKDDn4bHUm7g5XbYIlkcAqtVrXxGyHNR8T2QGr+KVjQ
mRzonHIGKPPN0JxrL8EUzSjwya43RG0sfwt0rVHXrvyxn1pOen0ZdW0TIwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFGteapfcIUpgO7/Dw5c6GwCkrSGFMB8GA1UdIwQY
MBaAFF45n7qarp0tb/5Srox0rjj8bBrxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWGptZnVwcXVuUzF2X2xLdWpIU3VPUHhzR3ZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOC9iOTFkMDUtNmEwMy00MGVkLWE5ODMt
YmQ4MDlkOWRlZGI5LzEvYTE1cWw5d2hTbUE3djhQRGx6b2JBS1N0SVlVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOC9iOTFkMDUtNmEwMy00MGVkLWE5ODMtYmQ4MDlkOWRlZGI5
LzEvWGptZnVwcXVuUzF2X2xLdWpIU3VPUHhzR3ZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhEGxjAN
BgkqhkiG9w0BAQsFAAOCAQEAXNCZvQFifXdZ9+mcITC0SPnY43w7iR42dNYG4GfX
A1nOyqHkznV7gcSQHLP8rt8ATN5z8tQMj253q+MRrC96GRcOmucbj9TF6H1vFmML
XeWqfm9kFMLclMeHLPnoP6qrR3i+2/KMRCDpwE54pEeWx+ufEWoyTbL3vCbeb4xj
+vGKgkl0tj52e7jQS9oPFFqJaEydz8+9WO1cOsnJ4tsw7leeHmGjY9miezXQg34U
GLMyBrL/jouzoRXacbDx5d7TM2mX2Gw8mjGfiLN1j0CyvZrrF9psBCVJss+WHmGX
qVuFTuxd1qLp4ny1w++sQ/ybsEcWbEhGDaP74WeMp8aRUQ==
-----END CERTIFICATE-----