Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5f/22df61-b609-4986-99e3-926c4a326e08/1/JNkggvQx74p1btfiu-ncCk_cuvY.roa
File:                     JNkggvQx74p1btfiu-ncCk_cuvY.roa (raw, json)
Hash identifier:          3PlXzxEghXwRv2XVfxrZveNHTFUHK5O1XcLko9Bh3BM=
Subject key identifier:   24:D9:20:82:F4:31:EF:8A:75:6E:D7:E2:BB:E9:DC:0A:4F:DC:BA:F6
Certificate issuer:       /CN=aeb0b777f5377bb1c50653884b03e27dcdee828e
Certificate serial:       019420680484E8614116A8464CFA9C793B67
Authority key identifier: AE:B0:B7:77:F5:37:7B:B1:C5:06:53:88:4B:03:E2:7D:CD:EE:82:8E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rrC3d_U3e7HFBlOISwPifc3ugo4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5f/22df61-b609-4986-99e3-926c4a326e08/1/JNkggvQx74p1btfiu-ncCk_cuvY.roa
Signing time:             Wed 01 Jan 2025 05:47:54 +0000
ROA not before:           Wed 01 Jan 2025 05:47:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     14618
IP address blocks:        2a13:a380:300::/48 maxlen: 48
                          2a13:a380:301::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5f/22df61-b609-4986-99e3-926c4a326e08/1/rrC3d_U3e7HFBlOISwPifc3ugo4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5f/22df61-b609-4986-99e3-926c4a326e08/1/rrC3d_U3e7HFBlOISwPifc3ugo4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rrC3d_U3e7HFBlOISwPifc3ugo4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:68:04:84:e8:61:41:16:a8:46:4c:fa:9c:79:3b:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aeb0b777f5377bb1c50653884b03e27dcdee828e
        Validity
            Not Before: Jan  1 05:47:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=24d92082f431ef8a756ed7e2bbe9dc0a4fdcbaf6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:09:88:cc:11:c0:1f:85:e2:bd:59:30:5d:d6:
                    b6:01:64:d2:33:70:14:b3:17:bd:a3:e2:1e:be:fe:
                    17:60:13:7b:66:5c:4a:7d:a6:53:61:50:1d:72:6e:
                    3f:30:f8:42:bf:a7:74:b1:90:36:88:c2:66:d3:b0:
                    80:43:23:1a:32:71:1e:60:ae:a6:c4:70:ec:3d:86:
                    15:d6:eb:c5:cc:fc:57:d9:db:0c:0f:04:44:67:20:
                    53:48:82:ee:cb:3e:74:6d:1c:cb:79:54:1e:be:b4:
                    b2:01:c1:5c:f6:5c:0e:17:98:ab:8a:0e:50:fd:fe:
                    49:37:d9:1a:a9:f1:f5:4f:78:6d:c6:dd:46:85:05:
                    8f:de:97:26:e9:93:52:34:41:7c:dd:1b:3a:60:96:
                    5f:b0:e1:53:da:70:e0:c1:5a:ad:82:4f:37:0a:92:
                    f7:a2:77:f7:a9:bc:4c:53:82:98:ac:f2:fd:d0:4b:
                    69:68:33:aa:e0:e2:bc:d9:19:eb:ea:1e:37:9a:21:
                    48:66:13:4e:ba:a6:a4:29:10:f3:b6:7b:a4:3d:bb:
                    8f:be:b0:55:e6:5f:5d:d7:07:2f:e2:e4:cf:b6:48:
                    62:a0:12:07:1b:75:b8:81:f0:16:1c:c4:13:a3:c7:
                    1c:54:67:3b:bd:a2:13:ca:f8:36:da:b3:e9:c0:35:
                    2a:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:D9:20:82:F4:31:EF:8A:75:6E:D7:E2:BB:E9:DC:0A:4F:DC:BA:F6
            X509v3 Authority Key Identifier:
                keyid:AE:B0:B7:77:F5:37:7B:B1:C5:06:53:88:4B:03:E2:7D:CD:EE:82:8E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rrC3d_U3e7HFBlOISwPifc3ugo4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/22df61-b609-4986-99e3-926c4a326e08/1/JNkggvQx74p1btfiu-ncCk_cuvY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/22df61-b609-4986-99e3-926c4a326e08/1/rrC3d_U3e7HFBlOISwPifc3ugo4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:a380:300::/47

    Signature Algorithm: sha256WithRSAEncryption
         90:c8:a4:ec:db:46:34:78:fb:4f:0d:a4:3f:2f:7e:e2:a9:61:
         de:fc:e2:35:e6:43:41:4e:42:cd:10:60:af:9c:cf:aa:00:a0:
         1f:a9:c9:1a:b2:78:b0:aa:86:d7:ab:df:2c:b9:79:5d:90:d1:
         a1:c0:61:5e:56:c3:11:4f:71:15:d6:c0:59:62:b6:2d:e1:b5:
         59:61:b8:de:60:56:5d:e5:01:4a:93:b7:0e:5e:42:5c:83:e5:
         46:33:1d:da:4a:56:a3:f6:3a:23:6e:09:58:8b:88:a6:60:fb:
         7a:b6:bb:68:2b:ec:9f:10:46:af:9b:91:bc:37:d0:20:19:73:
         52:03:93:d7:0d:df:2d:03:a6:81:52:76:30:f8:35:54:21:e9:
         9a:d1:c3:4d:a0:84:e5:8e:f0:5e:e6:52:40:df:2f:20:db:bf:
         de:e8:7e:dc:98:fa:a3:58:cc:eb:c8:a8:9c:9e:d2:6e:ba:ac:
         37:bc:f9:cf:ee:8b:d9:af:3b:4e:64:e6:ba:ff:2f:59:88:eb:
         16:b8:c2:06:6b:0b:de:1f:24:3a:ff:99:9f:b3:e6:b3:a9:65:
         aa:16:75:8d:b0:1b:2c:42:53:7f:a3:d6:43:88:a0:61:9e:a2:
         b2:87:39:ef:4e:ef:98:e3:57:be:94:0a:61:ad:6e:0e:fd:57:
         59:b4:db:93
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQgaASE6GFBFqhGTPqceTtnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFlYjBiNzc3ZjUzNzdiYjFjNTA2NTM4ODRiMDNlMjdkY2Rl
ZTgyOGUwHhcNMjUwMTAxMDU0NzU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNGQ5MjA4MmY0MzFlZjhhNzU2ZWQ3ZTJiYmU5ZGMwYTRmZGNiYWY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgQmIzBHAH4XivVkwXda2AWTSM3AU
sxe9o+Ievv4XYBN7ZlxKfaZTYVAdcm4/MPhCv6d0sZA2iMJm07CAQyMaMnEeYK6m
xHDsPYYV1uvFzPxX2dsMDwREZyBTSILuyz50bRzLeVQevrSyAcFc9lwOF5irig5Q
/f5JN9kaqfH1T3htxt1GhQWP3pcm6ZNSNEF83Rs6YJZfsOFT2nDgwVqtgk83CpL3
onf3qbxMU4KYrPL90EtpaDOq4OK82Rnr6h43miFIZhNOuqakKRDztnukPbuPvrBV
5l9d1wcv4uTPtkhioBIHG3W4gfAWHMQTo8ccVGc7vaITyvg22rPpwDUqJwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFCTZIIL0Me+KdW7X4rvp3ApP3Lr2MB8GA1UdIwQY
MBaAFK6wt3f1N3uxxQZTiEsD4n3N7oKOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcnJDM2RfVTNlN0hGQmxPSVN3UGlmYzN1Z280LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Zi8yMmRmNjEtYjYwOS00OTg2LTk5ZTMt
OTI2YzRhMzI2ZTA4LzEvSk5rZ2d2UXg3NHAxYnRmaXUtbmNDa19jdXZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Zi8yMmRmNjEtYjYwOS00OTg2LTk5ZTMtOTI2YzRhMzI2ZTA4
LzEvcnJDM2RfVTNlN0hGQmxPSVN3UGlmYzN1Z280LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcBKhOjgAMA
MA0GCSqGSIb3DQEBCwUAA4IBAQCQyKTs20Y0ePtPDaQ/L37iqWHe/OI15kNBTkLN
EGCvnM+qAKAfqckasniwqobXq98suXldkNGhwGFeVsMRT3EV1sBZYrYt4bVZYbje
YFZd5QFKk7cOXkJcg+VGMx3aSlaj9jojbglYi4imYPt6trtoK+yfEEavm5G8N9Ag
GXNSA5PXDd8tA6aBUnYw+DVUIema0cNNoITljvBe5lJA3y8g27/e6H7cmPqjWMzr
yKicntJuuqw3vPnP7ovZrztOZOa6/y9ZiOsWuMIGawveHyQ6/5mfs+azqWWqFnWN
sBssQlN/o9ZDiKBhnqKyhznvTu+Y41e+lAphrW4O/VdZtNuT
-----END CERTIFICATE-----