Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/6e79b8-2b8f-4ecc-9a6e-70e898bb38dd/1/kQOaGpW4jD-8xGlNbkC3aZmZ2oA.roa
File:                     kQOaGpW4jD-8xGlNbkC3aZmZ2oA.roa (raw, json)
Hash identifier:          nAfr6WTUGifpmHx8/uBqTFl3/GkMakZU6HzPC4BRKRc=
Subject key identifier:   91:03:9A:1A:95:B8:8C:3F:BC:C4:69:4D:6E:40:B7:69:99:99:DA:80
Certificate issuer:       /CN=e14ac611614dd165d94557296ed7ed46c8fc025f
Certificate serial:       0194228D48C3B4043C668A1B25BEAACDAD71
Authority key identifier: E1:4A:C6:11:61:4D:D1:65:D9:45:57:29:6E:D7:ED:46:C8:FC:02:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4UrGEWFN0WXZRVcpbtftRsj8Al8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/6e79b8-2b8f-4ecc-9a6e-70e898bb38dd/1/kQOaGpW4jD-8xGlNbkC3aZmZ2oA.roa
Signing time:             Wed 01 Jan 2025 15:47:51 +0000
ROA not before:           Wed 01 Jan 2025 15:47:51 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215341
IP address blocks:        2a0d:2146:8660::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/6e79b8-2b8f-4ecc-9a6e-70e898bb38dd/1/4UrGEWFN0WXZRVcpbtftRsj8Al8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/6e79b8-2b8f-4ecc-9a6e-70e898bb38dd/1/4UrGEWFN0WXZRVcpbtftRsj8Al8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4UrGEWFN0WXZRVcpbtftRsj8Al8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:48:c3:b4:04:3c:66:8a:1b:25:be:aa:cd:ad:71
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e14ac611614dd165d94557296ed7ed46c8fc025f
        Validity
            Not Before: Jan  1 15:47:51 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=91039a1a95b88c3fbcc4694d6e40b7699999da80
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f7:ba:cd:ba:b7:20:be:45:d4:f0:7b:d5:6e:a5:
                    d0:88:d1:1c:f5:d9:2b:a5:e0:89:79:8a:ed:d8:00:
                    78:cd:b5:a0:18:70:78:37:2a:94:43:fb:0a:38:f2:
                    16:81:0d:4b:32:e6:44:a2:bf:ba:23:cd:53:73:20:
                    91:54:38:73:69:35:2b:1c:d0:3f:6e:7f:c8:a9:0f:
                    a7:ac:9b:66:4f:47:8b:b8:84:43:04:26:3e:7e:ff:
                    6a:69:82:c2:c8:d2:de:8b:a1:ff:3a:d4:7c:a0:f5:
                    80:80:f7:66:1f:c7:02:b1:8d:ac:ba:7e:d0:9f:c5:
                    a4:b0:5f:44:e3:d0:83:41:a9:e6:f2:85:cb:12:29:
                    24:44:08:e0:20:fd:63:6b:3a:9b:df:14:c8:12:b1:
                    b4:74:95:00:52:13:2c:fa:46:37:fe:10:36:87:4c:
                    76:d5:d5:9f:9e:0e:56:29:90:6b:1f:e0:83:48:19:
                    e6:10:97:2b:f7:0e:0b:d5:99:82:9d:2a:dc:2a:49:
                    1b:3b:bd:33:be:d1:ff:9c:03:c4:3c:58:9c:85:08:
                    db:1b:e0:f2:ef:6e:e4:7c:1e:89:f4:59:cc:49:81:
                    11:6f:48:95:23:6d:6f:24:17:12:f3:84:64:db:ef:
                    83:2e:4f:22:de:6f:da:7e:c7:f9:f7:44:aa:b3:be:
                    31:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:03:9A:1A:95:B8:8C:3F:BC:C4:69:4D:6E:40:B7:69:99:99:DA:80
            X509v3 Authority Key Identifier:
                keyid:E1:4A:C6:11:61:4D:D1:65:D9:45:57:29:6E:D7:ED:46:C8:FC:02:5F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4UrGEWFN0WXZRVcpbtftRsj8Al8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/6e79b8-2b8f-4ecc-9a6e-70e898bb38dd/1/kQOaGpW4jD-8xGlNbkC3aZmZ2oA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/6e79b8-2b8f-4ecc-9a6e-70e898bb38dd/1/4UrGEWFN0WXZRVcpbtftRsj8Al8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0d:2146:8660::/44

    Signature Algorithm: sha256WithRSAEncryption
         6e:92:d9:97:e6:33:9d:1b:f3:e9:9e:c3:76:f8:10:3b:3f:16:
         27:ec:66:d1:b5:28:c4:3a:de:35:7e:46:2e:59:6c:a6:d8:68:
         0b:c4:b0:67:b0:ec:67:ab:a9:4b:d3:f5:12:9b:ea:e9:05:f6:
         e3:d1:f7:e1:9b:fd:c2:54:70:56:4b:7a:85:9b:18:ba:3f:35:
         95:9f:87:e3:e9:7e:ba:4d:53:ff:6d:4c:ae:47:15:b5:57:c5:
         d2:84:cc:ce:24:47:fb:32:b4:e1:b4:a7:0a:84:df:51:d8:37:
         ef:b5:2f:67:5b:75:34:cb:e3:c3:60:c1:4d:80:a6:d5:78:be:
         a7:26:a2:c6:a4:ee:06:0a:0e:53:af:af:69:1b:de:e6:28:d9:
         c6:f9:39:10:21:48:b4:84:5b:5b:bf:b0:ff:20:88:59:f4:7a:
         a3:db:e2:96:d6:10:c9:af:f5:5c:ee:b5:98:13:b9:5c:93:a3:
         d7:78:0c:66:62:22:33:17:ea:73:5a:6d:aa:9d:db:79:62:0a:
         d3:9d:13:63:43:65:5b:53:0d:c8:db:82:20:66:05:fe:1b:09:
         20:04:8f:c1:a7:a9:10:f5:55:43:04:5d:81:ec:34:0b:56:da:
         73:76:62:01:1f:af:6d:f5:bb:b6:b2:ba:c9:3c:22:ac:bd:f9:
         4e:10:f1:e3
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQijUjDtAQ8ZoobJb6qza1xMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUxNGFjNjExNjE0ZGQxNjVkOTQ1NTcyOTZlZDdlZDQ2Yzhm
YzAyNWYwHhcNMjUwMTAxMTU0NzUxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MTAzOWExYTk1Yjg4YzNmYmNjNDY5NGQ2ZTQwYjc2OTk5OTlkYTgwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA97rNurcgvkXU8HvVbqXQiNEc9dkr
peCJeYrt2AB4zbWgGHB4NyqUQ/sKOPIWgQ1LMuZEor+6I81TcyCRVDhzaTUrHNA/
bn/IqQ+nrJtmT0eLuIRDBCY+fv9qaYLCyNLei6H/OtR8oPWAgPdmH8cCsY2sun7Q
n8WksF9E49CDQanm8oXLEikkRAjgIP1jazqb3xTIErG0dJUAUhMs+kY3/hA2h0x2
1dWfng5WKZBrH+CDSBnmEJcr9w4L1ZmCnSrcKkkbO70zvtH/nAPEPFichQjbG+Dy
727kfB6J9FnMSYERb0iVI21vJBcS84Rk2++DLk8i3m/afsf590Sqs74xwQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFJEDmhqVuIw/vMRpTW5At2mZmdqAMB8GA1UdIwQY
MBaAFOFKxhFhTdFl2UVXKW7X7UbI/AJfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNFVyR0VXRk4wV1haUlZjcGJ0ZnRSc2o4QWw4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS82ZTc5YjgtMmI4Zi00ZWNjLTlhNmUt
NzBlODk4YmIzOGRkLzEva1FPYUdwVzRqRC04eEdsTmJrQzNhWm1aMm9BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS82ZTc5YjgtMmI4Zi00ZWNjLTlhNmUtNzBlODk4YmIzOGRk
LzEvNFVyR0VXRk4wV1haUlZjcGJ0ZnRSc2o4QWw4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg0hRoZg
MA0GCSqGSIb3DQEBCwUAA4IBAQBuktmX5jOdG/PpnsN2+BA7PxYn7GbRtSjEOt41
fkYuWWym2GgLxLBnsOxnq6lL0/USm+rpBfbj0ffhm/3CVHBWS3qFmxi6PzWVn4fj
6X66TVP/bUyuRxW1V8XShMzOJEf7MrThtKcKhN9R2DfvtS9nW3U0y+PDYMFNgKbV
eL6nJqLGpO4GCg5Tr69pG97mKNnG+TkQIUi0hFtbv7D/IIhZ9Hqj2+KW1hDJr/Vc
7rWYE7lck6PXeAxmYiIzF+pzWm2qndt5YgrTnRNjQ2VbUw3I24IgZgX+GwkgBI/B
p6kQ9VVDBF2B7DQLVtpzdmIBH69t9bu2srrJPCKsvflOEPHj
-----END CERTIFICATE-----