Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/uHnUp8alk4kl7R1__u3juRedX1A.roa
File:                     uHnUp8alk4kl7R1__u3juRedX1A.roa (raw, json)
Hash identifier:          2Hv2oFFIwo0j/kizpuCBjWy1nT4b1wl0hiQz103C3L0=
Subject key identifier:   B8:79:D4:A7:C6:A5:93:89:25:ED:1D:7F:FE:ED:E3:B9:17:9D:5F:50
Certificate issuer:       /CN=fdd6ee010b990a33735756b4fe2f3d3c2671dd9d
Certificate serial:       019446B86E1D97FFCACE023BB94AB226C518
Authority key identifier: FD:D6:EE:01:0B:99:0A:33:73:57:56:B4:FE:2F:3D:3C:26:71:DD:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_dbuAQuZCjNzV1a0_i89PCZx3Z0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/uHnUp8alk4kl7R1__u3juRedX1A.roa
Signing time:             Wed 08 Jan 2025 16:21:19 +0000
ROA not before:           Wed 08 Jan 2025 16:21:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     51087
IP address blocks:        2a13:a5c7:1400::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/_dbuAQuZCjNzV1a0_i89PCZx3Z0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/_dbuAQuZCjNzV1a0_i89PCZx3Z0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_dbuAQuZCjNzV1a0_i89PCZx3Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:46:b8:6e:1d:97:ff:ca:ce:02:3b:b9:4a:b2:26:c5:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fdd6ee010b990a33735756b4fe2f3d3c2671dd9d
        Validity
            Not Before: Jan  8 16:21:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b879d4a7c6a5938925ed1d7ffeede3b9179d5f50
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:df:09:1e:14:3d:97:f2:41:2a:0d:08:de:98:
                    d7:9f:11:5c:34:f5:f1:ce:77:b5:11:18:16:71:8b:
                    28:25:97:38:94:29:95:89:d6:17:57:1b:02:b9:4f:
                    c1:34:55:91:5f:5c:c1:34:51:92:98:62:2d:ab:d1:
                    76:9d:97:db:bf:b6:0d:37:c8:e2:55:b3:13:03:4a:
                    fe:4a:19:67:14:42:ef:69:f1:28:7a:71:a1:de:27:
                    a5:24:33:4c:57:b1:b8:f4:ae:43:af:0c:49:9b:39:
                    68:00:7b:e1:cf:d1:bd:25:b3:22:92:7c:02:c0:17:
                    ff:42:02:9c:85:59:89:6d:e8:bf:2e:3e:29:92:33:
                    cb:57:dc:7c:56:b4:5b:8e:80:ea:80:fe:ed:76:80:
                    74:03:49:e7:57:4b:d0:17:85:d3:13:4e:8c:8b:b2:
                    04:9c:72:2a:68:c9:7d:b1:3b:e2:83:34:b9:f8:bd:
                    7c:ea:4a:be:59:1b:f3:9b:8b:ee:ab:9d:a2:84:07:
                    1c:5c:3f:26:eb:13:81:65:93:87:88:cd:79:13:dc:
                    f1:ea:71:5b:92:5a:7f:4c:b9:c5:3f:b4:79:ef:71:
                    99:9a:2d:a7:06:4a:a4:00:bf:de:a7:42:01:21:5a:
                    f7:21:c8:39:a4:18:bc:21:50:50:c0:89:46:6c:ad:
                    32:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:79:D4:A7:C6:A5:93:89:25:ED:1D:7F:FE:ED:E3:B9:17:9D:5F:50
            X509v3 Authority Key Identifier:
                keyid:FD:D6:EE:01:0B:99:0A:33:73:57:56:B4:FE:2F:3D:3C:26:71:DD:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_dbuAQuZCjNzV1a0_i89PCZx3Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/uHnUp8alk4kl7R1__u3juRedX1A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/_dbuAQuZCjNzV1a0_i89PCZx3Z0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:a5c7:1400::/40

    Signature Algorithm: sha256WithRSAEncryption
         6d:18:d5:b4:6d:65:06:4b:38:fd:a0:69:1c:64:7f:76:e8:3f:
         12:20:be:63:e1:b3:2b:ab:32:55:15:9c:f2:78:94:c5:37:be:
         b2:88:a1:cf:eb:30:5b:4b:e7:d3:52:7b:12:0a:07:94:5a:b0:
         a3:fd:ca:a7:c6:8b:80:2a:3d:12:e8:ab:94:de:91:b9:94:6c:
         25:f5:05:55:34:f0:18:97:2f:0e:21:2e:f5:0a:0e:8e:fa:c4:
         25:d0:bc:de:20:4c:03:ac:3a:c2:65:38:02:b1:1e:c3:c9:b4:
         62:a3:3e:9b:fe:d3:76:e5:33:31:db:d1:8b:aa:90:e9:12:bd:
         66:49:9a:4f:a3:96:ed:02:95:46:c9:c1:8e:83:02:2f:b6:da:
         a1:a8:7e:26:2e:01:91:83:7a:d3:24:10:65:62:89:2e:ee:ea:
         c9:f2:fa:db:85:d1:92:9f:0e:1a:36:8f:17:8d:1c:e1:4d:2b:
         d0:ee:1c:13:21:9e:84:8d:d6:d1:ea:0d:81:b4:a8:d4:0b:64:
         20:6b:96:df:2a:63:24:3f:0f:8f:cb:26:50:a0:65:1b:51:b9:
         8f:b9:42:8c:fd:f0:86:d8:b5:ac:b9:4c:8c:78:58:78:d9:78:
         10:bb:60:7c:cc:62:90:25:2f:1f:a9:de:bc:cb:92:7c:51:d3:
         27:f8:ee:91
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZRGuG4dl//KzgI7uUqyJsUYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZkZDZlZTAxMGI5OTBhMzM3MzU3NTZiNGZlMmYzZDNjMjY3
MWRkOWQwHhcNMjUwMTA4MTYyMTE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiODc5ZDRhN2M2YTU5Mzg5MjVlZDFkN2ZmZWVkZTNiOTE3OWQ1ZjUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnd8JHhQ9l/JBKg0I3pjXnxFcNPXx
zne1ERgWcYsoJZc4lCmVidYXVxsCuU/BNFWRX1zBNFGSmGItq9F2nZfbv7YNN8ji
VbMTA0r+ShlnFELvafEoenGh3ielJDNMV7G49K5DrwxJmzloAHvhz9G9JbMiknwC
wBf/QgKchVmJbei/Lj4pkjPLV9x8VrRbjoDqgP7tdoB0A0nnV0vQF4XTE06Mi7IE
nHIqaMl9sTvigzS5+L186kq+WRvzm4vuq52ihAccXD8m6xOBZZOHiM15E9zx6nFb
klp/TLnFP7R573GZmi2nBkqkAL/ep0IBIVr3Icg5pBi8IVBQwIlGbK0yuQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFLh51KfGpZOJJe0df/7t47kXnV9QMB8GA1UdIwQY
MBaAFP3W7gELmQozc1dWtP4vPTwmcd2dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX2RidUFRdVpDak56VjFhMF9pODlQQ1p4M1owLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS8yZDFhMzUtZmY4YS00NmI0LThjNDct
NjNjNzIxY2YxZjU2LzEvdUhuVXA4YWxrNGtsN1IxX191M2p1UmVkWDFBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS8yZDFhMzUtZmY4YS00NmI0LThjNDctNjNjNzIxY2YxZjU2
LzEvX2RidUFRdVpDak56VjFhMF9pODlQQ1p4M1owLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKhOlxxQw
DQYJKoZIhvcNAQELBQADggEBAG0Y1bRtZQZLOP2gaRxkf3boPxIgvmPhsyurMlUV
nPJ4lMU3vrKIoc/rMFtL59NSexIKB5RasKP9yqfGi4AqPRLoq5TekbmUbCX1BVU0
8BiXLw4hLvUKDo76xCXQvN4gTAOsOsJlOAKxHsPJtGKjPpv+03blMzHb0YuqkOkS
vWZJmk+jlu0ClUbJwY6DAi+22qGofiYuAZGDetMkEGViiS7u6sny+tuF0ZKfDho2
jxeNHOFNK9DuHBMhnoSN1tHqDYG0qNQLZCBrlt8qYyQ/D4/LJlCgZRtRuY+5Qoz9
8IbYtay5TIx4WHjZeBC7YHzMYpAlLx+p3rzLknxR0yf47pE=
-----END CERTIFICATE-----