Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/56/b3c443-b199-4041-8247-b403d10c3e91/1/KbHSaDitknf_vw2Y0vNPZiG2-WU.roa
File:                     KbHSaDitknf_vw2Y0vNPZiG2-WU.roa (raw, json)
Hash identifier:          vniSFXySv0YzFNsEhCVOvtXFilzUNKpEfWkX3Qio2Lg=
Subject key identifier:   29:B1:D2:68:38:AD:92:77:FF:BF:0D:98:D2:F3:4F:66:21:B6:F9:65
Certificate issuer:       /CN=8b0cd696ada8911302563ba4e442e6cfa6a28ffb
Certificate serial:       0194236978AABDD4786046C638E27C65828A
Authority key identifier: 8B:0C:D6:96:AD:A8:91:13:02:56:3B:A4:E4:42:E6:CF:A6:A2:8F:FB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iwzWlq2okRMCVjuk5ELmz6aij_s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/56/b3c443-b199-4041-8247-b403d10c3e91/1/KbHSaDitknf_vw2Y0vNPZiG2-WU.roa
Signing time:             Wed 01 Jan 2025 19:48:22 +0000
ROA not before:           Wed 01 Jan 2025 19:48:22 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     1213
IP address blocks:        160.6.0.0/16 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/56/b3c443-b199-4041-8247-b403d10c3e91/1/iwzWlq2okRMCVjuk5ELmz6aij_s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/56/b3c443-b199-4041-8247-b403d10c3e91/1/iwzWlq2okRMCVjuk5ELmz6aij_s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iwzWlq2okRMCVjuk5ELmz6aij_s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 16 Apr 2025 07:00:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:69:78:aa:bd:d4:78:60:46:c6:38:e2:7c:65:82:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b0cd696ada8911302563ba4e442e6cfa6a28ffb
        Validity
            Not Before: Jan  1 19:48:22 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=29b1d26838ad9277ffbf0d98d2f34f6621b6f965
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:e1:ba:a3:57:9d:50:e1:c0:dd:6a:ae:c0:49:
                    fd:c5:33:33:84:90:7f:54:20:a6:25:e2:30:8d:62:
                    97:29:7f:77:a2:07:0c:84:15:7f:4e:aa:7c:76:cb:
                    f6:68:08:8b:d1:a8:10:ae:61:a6:a1:ec:71:61:30:
                    2a:82:b5:f5:65:c8:67:9d:23:83:5c:f9:87:1d:e7:
                    c3:a9:37:3a:0c:08:b8:a1:8f:cc:dd:88:f7:ba:e0:
                    0b:ae:a4:b4:61:bd:93:c8:1e:32:43:a9:ef:a7:98:
                    d6:35:07:54:10:47:1b:51:c3:bd:c7:b4:e6:d4:fe:
                    6d:19:76:9b:2a:f3:5a:c1:63:d2:35:33:7a:29:b0:
                    8a:7d:fc:2d:54:2d:07:57:3f:f3:5f:3e:b6:3b:34:
                    eb:10:d0:d4:63:8a:79:a9:b3:84:2a:94:e5:89:a4:
                    e8:12:35:45:65:97:48:b1:db:e1:c4:e5:e0:f3:84:
                    fe:7c:50:0a:23:84:9d:a6:22:b0:00:55:c7:91:3f:
                    26:cf:5f:2b:85:df:25:09:6a:2c:c7:b2:26:e2:13:
                    2b:34:80:ba:d2:fd:c8:4e:e9:06:03:57:3e:b8:69:
                    71:13:68:b7:6b:46:a7:58:a9:12:04:af:2f:5e:f8:
                    c1:8d:ad:c3:f9:24:ec:07:e6:28:93:5f:66:b2:60:
                    aa:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:B1:D2:68:38:AD:92:77:FF:BF:0D:98:D2:F3:4F:66:21:B6:F9:65
            X509v3 Authority Key Identifier:
                keyid:8B:0C:D6:96:AD:A8:91:13:02:56:3B:A4:E4:42:E6:CF:A6:A2:8F:FB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iwzWlq2okRMCVjuk5ELmz6aij_s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/56/b3c443-b199-4041-8247-b403d10c3e91/1/KbHSaDitknf_vw2Y0vNPZiG2-WU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/56/b3c443-b199-4041-8247-b403d10c3e91/1/iwzWlq2okRMCVjuk5ELmz6aij_s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  160.6.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         89:68:32:a5:6e:43:b4:78:e6:4e:4d:74:4f:09:fc:f0:5b:28:
         f3:5f:24:7b:21:d7:c0:9a:e5:b3:15:e8:b5:05:9e:89:c7:70:
         5d:1f:27:25:72:22:22:79:df:ec:51:e7:a1:c3:1b:02:dc:27:
         56:c8:91:41:35:c3:89:b6:75:2e:84:14:55:2c:f7:65:4f:70:
         5b:a7:e0:66:4e:2f:49:db:58:57:2a:56:c6:eb:9b:11:0a:d4:
         fb:11:8c:cc:8d:8f:1f:f8:2d:ef:52:e7:bf:21:6a:72:12:b2:
         85:76:42:a8:69:c2:a6:5a:93:8e:82:72:0a:cd:04:fa:83:b0:
         54:c9:10:bd:64:6d:55:05:84:2a:8e:4c:10:ad:f1:65:61:f3:
         8e:9b:d9:13:11:81:3a:e9:c8:00:92:17:eb:44:f8:c0:95:61:
         0d:f0:fa:c5:f3:f4:0a:32:1f:7c:b1:6d:91:3a:5b:78:6e:3e:
         42:55:09:11:fb:74:d9:b0:56:cf:55:3e:08:6c:8a:12:ef:a8:
         16:b1:c0:07:48:ed:df:a3:21:00:56:e4:58:d0:5b:5f:ca:f2:
         16:b3:80:32:5b:bd:34:68:39:89:96:23:c4:a1:6d:4f:2e:20:
         e6:a5:6b:a0:93:6a:14:cf:53:6e:4c:fd:9e:00:b0:f9:4e:6c:
         69:11:16:1c
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAZQjaXiqvdR4YEbGOOJ8ZYKKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiMGNkNjk2YWRhODkxMTMwMjU2M2JhNGU0NDJlNmNmYTZh
MjhmZmIwHhcNMjUwMTAxMTk0ODIyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOWIxZDI2ODM4YWQ5Mjc3ZmZiZjBkOThkMmYzNGY2NjIxYjZmOTY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2eG6o1edUOHA3WquwEn9xTMzhJB/
VCCmJeIwjWKXKX93ogcMhBV/Tqp8dsv2aAiL0agQrmGmoexxYTAqgrX1ZchnnSOD
XPmHHefDqTc6DAi4oY/M3Yj3uuALrqS0Yb2TyB4yQ6nvp5jWNQdUEEcbUcO9x7Tm
1P5tGXabKvNawWPSNTN6KbCKffwtVC0HVz/zXz62OzTrENDUY4p5qbOEKpTliaTo
EjVFZZdIsdvhxOXg84T+fFAKI4SdpiKwAFXHkT8mz18rhd8lCWosx7Im4hMrNIC6
0v3ITukGA1c+uGlxE2i3a0anWKkSBK8vXvjBja3D+STsB+Yok19msmCqIQIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFCmx0mg4rZJ3/78NmNLzT2YhtvllMB8GA1UdIwQY
MBaAFIsM1patqJETAlY7pORC5s+moo/7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaXd6V2xxMm9rUk1DVmp1azVFTG16NmFpal9zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ni9iM2M0NDMtYjE5OS00MDQxLTgyNDct
YjQwM2QxMGMzZTkxLzEvS2JIU2FEaXRrbmZfdncyWTB2TlBaaUcyLVdVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ni9iM2M0NDMtYjE5OS00MDQxLTgyNDctYjQwM2QxMGMzZTkx
LzEvaXd6V2xxMm9rUk1DVmp1azVFTG16NmFpal9zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAoAYwDQYJ
KoZIhvcNAQELBQADggEBAIloMqVuQ7R45k5NdE8J/PBbKPNfJHsh18Ca5bMV6LUF
nonHcF0fJyVyIiJ53+xR56HDGwLcJ1bIkUE1w4m2dS6EFFUs92VPcFun4GZOL0nb
WFcqVsbrmxEK1PsRjMyNjx/4Le9S578hanISsoV2QqhpwqZak46CcgrNBPqDsFTJ
EL1kbVUFhCqOTBCt8WVh846b2RMRgTrpyACSF+tE+MCVYQ3w+sXz9AoyH3yxbZE6
W3huPkJVCRH7dNmwVs9VPghsihLvqBaxwAdI7d+jIQBW5FjQW1/K8hazgDJbvTRo
OYmWI8ShbU8uIOala6CTahTPU25M/Z4AsPlObGkRFhw=
-----END CERTIFICATE-----