Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/48/727015-e14e-4d41-b05b-8d94553b75e1/1/Q3vu4yIjP5tQ3ZkveuaKxh52yEQ.roa
File:                     Q3vu4yIjP5tQ3ZkveuaKxh52yEQ.roa (raw, json)
Hash identifier:          XOIGj5FrrgEKXz5Gx3Wu1STcVdiwcmi5aOQb5MHsVEw=
Subject key identifier:   43:7B:EE:E3:22:23:3F:9B:50:DD:99:2F:7A:E6:8A:C6:1E:76:C8:44
Certificate issuer:       /CN=69dbe1e7d9e87d68701a4035a76c51bfecd88d81
Certificate serial:       019296926EA4370A4D25801E0641B8B4F39A
Authority key identifier: 69:DB:E1:E7:D9:E8:7D:68:70:1A:40:35:A7:6C:51:BF:EC:D8:8D:81
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/advh59nofWhwGkA1p2xRv-zYjYE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/48/727015-e14e-4d41-b05b-8d94553b75e1/1/Q3vu4yIjP5tQ3ZkveuaKxh52yEQ.roa
Signing time:             Wed 16 Oct 2024 18:23:51 +0000
ROA not before:           Wed 16 Oct 2024 18:23:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214731
IP address blocks:        2a01:e281:ad00::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/48/727015-e14e-4d41-b05b-8d94553b75e1/1/advh59nofWhwGkA1p2xRv-zYjYE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/48/727015-e14e-4d41-b05b-8d94553b75e1/1/advh59nofWhwGkA1p2xRv-zYjYE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/advh59nofWhwGkA1p2xRv-zYjYE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:96:92:6e:a4:37:0a:4d:25:80:1e:06:41:b8:b4:f3:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=69dbe1e7d9e87d68701a4035a76c51bfecd88d81
        Validity
            Not Before: Oct 16 18:23:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=437beee322233f9b50dd992f7ae68ac61e76c844
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:d2:fb:8d:40:84:d3:8b:d0:14:a3:c0:ab:15:
                    66:88:b8:bd:47:92:2f:16:08:f5:9e:07:71:d6:38:
                    1d:bb:ed:e9:91:20:80:bd:bc:68:ae:41:10:32:54:
                    19:e1:bd:63:49:e9:a6:52:b8:c7:f5:9e:ab:ed:50:
                    95:e6:5d:43:ae:8b:1e:3d:c3:02:51:58:30:4c:a9:
                    13:26:9d:70:b3:6c:ae:a6:19:e5:db:89:7f:a6:85:
                    6b:07:a1:74:1b:a0:41:5c:69:d1:88:0d:77:0e:b0:
                    7f:95:28:72:01:27:38:89:f2:20:0d:d4:28:36:86:
                    31:6d:ec:71:a1:60:65:65:a7:8b:0c:14:87:7b:72:
                    81:62:96:47:de:c8:b8:ff:a5:c1:c8:d9:6f:01:42:
                    84:b2:0a:d9:21:a5:e8:8f:73:02:e8:df:01:1b:69:
                    72:e7:ed:8c:de:14:6e:0e:60:50:c2:32:72:9d:03:
                    ba:5a:bc:2e:86:ff:16:ba:80:27:38:2b:5a:2e:89:
                    f7:6c:47:03:e6:6d:71:fd:0c:10:9e:14:6a:b8:a4:
                    08:3a:a4:5b:0a:a4:bc:49:3b:a0:30:d9:8b:f4:81:
                    a7:c4:59:01:88:dc:6c:0c:e1:37:ca:11:26:2f:bf:
                    5c:09:9f:e5:e5:6a:5b:0f:d6:24:ad:2f:6d:13:22:
                    7d:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:7B:EE:E3:22:23:3F:9B:50:DD:99:2F:7A:E6:8A:C6:1E:76:C8:44
            X509v3 Authority Key Identifier:
                keyid:69:DB:E1:E7:D9:E8:7D:68:70:1A:40:35:A7:6C:51:BF:EC:D8:8D:81

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/advh59nofWhwGkA1p2xRv-zYjYE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/48/727015-e14e-4d41-b05b-8d94553b75e1/1/Q3vu4yIjP5tQ3ZkveuaKxh52yEQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/48/727015-e14e-4d41-b05b-8d94553b75e1/1/advh59nofWhwGkA1p2xRv-zYjYE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:e281:ad00::/40

    Signature Algorithm: sha256WithRSAEncryption
         b3:29:6c:a2:ec:04:80:bf:71:39:c7:c4:8a:23:ef:9e:75:14:
         78:0f:39:00:ee:69:7a:9c:67:bc:cb:1d:58:18:80:72:18:9e:
         ca:a5:53:dd:bf:48:1f:95:fb:91:54:ee:fb:1d:1e:1b:ad:52:
         8a:e2:b1:30:53:d6:90:c7:8f:62:f5:70:29:48:72:ef:44:ce:
         d0:8a:92:ad:0d:c5:ac:e1:e7:22:1c:6a:02:a2:64:e3:d5:14:
         ce:06:98:ff:fb:97:c1:2e:54:8e:8b:c3:5c:ca:8f:30:69:87:
         78:26:f1:21:19:2a:68:68:3d:0d:0a:9c:39:45:45:97:a4:fc:
         5b:24:a6:a1:80:96:52:d1:6b:54:17:43:81:08:05:7a:df:dd:
         a1:67:3f:2b:3b:dc:05:c2:d0:e3:6f:4a:98:ea:12:d1:b4:99:
         ec:da:06:a5:0e:2e:51:f9:00:ef:57:49:e8:d4:2f:b2:1c:fd:
         16:75:c9:a5:3c:b1:7b:d6:57:c4:a9:5b:b2:c4:8d:a3:2c:06:
         75:55:c2:51:bb:de:5b:62:ab:f3:ec:b6:72:21:56:e0:a6:3a:
         e3:9b:41:36:42:7d:7e:2a:07:c9:5b:02:76:ea:f1:fd:1c:ad:
         7c:19:f2:1f:2b:83:38:71:df:27:14:0e:41:74:c4:38:91:e1:
         05:95:15:21
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZKWkm6kNwpNJYAeBkG4tPOaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY5ZGJlMWU3ZDllODdkNjg3MDFhNDAzNWE3NmM1MWJmZWNk
ODhkODEwHhcNMjQxMDE2MTgyMzUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MzdiZWVlMzIyMjMzZjliNTBkZDk5MmY3YWU2OGFjNjFlNzZjODQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA19L7jUCE04vQFKPAqxVmiLi9R5Iv
Fgj1ngdx1jgdu+3pkSCAvbxorkEQMlQZ4b1jSemmUrjH9Z6r7VCV5l1DrosePcMC
UVgwTKkTJp1ws2yuphnl24l/poVrB6F0G6BBXGnRiA13DrB/lShyASc4ifIgDdQo
NoYxbexxoWBlZaeLDBSHe3KBYpZH3si4/6XByNlvAUKEsgrZIaXoj3MC6N8BG2ly
5+2M3hRuDmBQwjJynQO6Wrwuhv8WuoAnOCtaLon3bEcD5m1x/QwQnhRquKQIOqRb
CqS8STugMNmL9IGnxFkBiNxsDOE3yhEmL79cCZ/l5WpbD9YkrS9tEyJ9rQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFEN77uMiIz+bUN2ZL3rmisYedshEMB8GA1UdIwQY
MBaAFGnb4efZ6H1ocBpANadsUb/s2I2BMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYWR2aDU5bm9mV2h3R2tBMXAyeFJ2LXpZallFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OC83MjcwMTUtZTE0ZS00ZDQxLWIwNWIt
OGQ5NDU1M2I3NWUxLzEvUTN2dTR5SWpQNXRRM1prdmV1YUt4aDUyeUVRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OC83MjcwMTUtZTE0ZS00ZDQxLWIwNWItOGQ5NDU1M2I3NWUx
LzEvYWR2aDU5bm9mV2h3R2tBMXAyeFJ2LXpZallFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKgHiga0w
DQYJKoZIhvcNAQELBQADggEBALMpbKLsBIC/cTnHxIoj7551FHgPOQDuaXqcZ7zL
HVgYgHIYnsqlU92/SB+V+5FU7vsdHhutUorisTBT1pDHj2L1cClIcu9EztCKkq0N
xazh5yIcagKiZOPVFM4GmP/7l8EuVI6Lw1zKjzBph3gm8SEZKmhoPQ0KnDlFRZek
/FskpqGAllLRa1QXQ4EIBXrf3aFnPys73AXC0ONvSpjqEtG0mezaBqUOLlH5AO9X
SejUL7Ic/RZ1yaU8sXvWV8SpW7LEjaMsBnVVwlG73ltiq/PstnIhVuCmOuObQTZC
fX4qB8lbAnbq8f0crXwZ8h8rgzhx3ycUDkF0xDiR4QWVFSE=
-----END CERTIFICATE-----