Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/60/4dc4de-8e8d-47fb-9d5c-74845414e071/1/T3Atau7Xjhh9HtNGQCsgf89Ukpo.roa
File:                     T3Atau7Xjhh9HtNGQCsgf89Ukpo.roa (raw, json)
Hash identifier:          NEMOylcj05gMYltmG+7aFN+m2gklsj4KP4M4tldOLaU=
Subject key identifier:   4F:70:2D:6A:EE:D7:8E:18:7D:1E:D3:46:40:2B:20:7F:CF:54:92:9A
Certificate issuer:       /CN=19e579fd74609d268ccbcfb82f53a5a4d06135b0
Certificate serial:       0191039642761AE4F0E48B9EFFBDBEF386CA
Authority key identifier: 19:E5:79:FD:74:60:9D:26:8C:CB:CF:B8:2F:53:A5:A4:D0:61:35:B0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GeV5_XRgnSaMy8-4L1OlpNBhNbA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/60/4dc4de-8e8d-47fb-9d5c-74845414e071/1/T3Atau7Xjhh9HtNGQCsgf89Ukpo.roa
Signing time:             Tue 30 Jul 2024 12:21:04 +0000
ROA not before:           Tue 30 Jul 2024 12:21:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214469
IP address blocks:        2a13:9ec0::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/60/4dc4de-8e8d-47fb-9d5c-74845414e071/1/GeV5_XRgnSaMy8-4L1OlpNBhNbA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/60/4dc4de-8e8d-47fb-9d5c-74845414e071/1/GeV5_XRgnSaMy8-4L1OlpNBhNbA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GeV5_XRgnSaMy8-4L1OlpNBhNbA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 18:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:03:96:42:76:1a:e4:f0:e4:8b:9e:ff:bd:be:f3:86:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=19e579fd74609d268ccbcfb82f53a5a4d06135b0
        Validity
            Not Before: Jul 30 12:21:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4f702d6aeed78e187d1ed346402b207fcf54929a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:83:08:ee:a6:75:4c:fc:d3:22:6e:01:23:d0:
                    f1:9b:d5:57:65:78:1f:ed:3e:1b:66:d6:8f:ab:4c:
                    c9:45:d6:05:60:51:c7:e0:ce:5e:31:9b:d7:a6:b5:
                    22:31:ce:16:4c:60:4a:c2:3e:e1:dc:d1:ed:bf:94:
                    fe:fb:6f:ff:02:9c:ac:e6:a6:07:0b:45:bc:21:f4:
                    19:72:1e:70:3b:52:f4:77:ba:73:cf:d5:43:1c:c5:
                    3c:b6:a2:c0:50:a9:b5:43:97:d3:e9:b5:d9:6c:e4:
                    46:1a:f5:0a:2b:91:03:b4:11:79:99:52:18:8e:4c:
                    fe:36:a0:99:97:ec:a8:00:e6:49:17:a5:0b:77:77:
                    af:5c:08:d5:f5:dd:7f:d6:9d:d6:77:1b:22:ae:b7:
                    bf:fb:c3:0e:7d:15:58:91:d9:f8:9b:3e:92:f2:46:
                    e5:31:29:b0:c9:e4:d4:31:ca:a9:78:d6:48:8e:13:
                    b6:85:a0:a6:29:77:76:d2:56:7b:9a:49:98:b2:f8:
                    a8:56:d8:a1:ef:06:74:ac:54:23:f9:ea:95:ba:39:
                    b5:76:c7:47:83:2b:ed:20:42:38:84:b1:2c:cd:9e:
                    e3:54:b4:ae:83:06:19:47:1a:4d:75:c9:64:e5:f9:
                    a5:34:de:5d:8d:cd:19:ee:a0:cf:68:dd:b2:f7:d5:
                    9c:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:70:2D:6A:EE:D7:8E:18:7D:1E:D3:46:40:2B:20:7F:CF:54:92:9A
            X509v3 Authority Key Identifier:
                keyid:19:E5:79:FD:74:60:9D:26:8C:CB:CF:B8:2F:53:A5:A4:D0:61:35:B0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GeV5_XRgnSaMy8-4L1OlpNBhNbA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/60/4dc4de-8e8d-47fb-9d5c-74845414e071/1/T3Atau7Xjhh9HtNGQCsgf89Ukpo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/60/4dc4de-8e8d-47fb-9d5c-74845414e071/1/GeV5_XRgnSaMy8-4L1OlpNBhNbA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:9ec0::/29

    Signature Algorithm: sha256WithRSAEncryption
         45:fd:1c:b5:be:3f:cb:f6:0a:ef:96:4f:01:10:f9:01:87:af:
         cf:ec:4f:b6:58:19:7e:41:11:5a:2a:ac:7f:fc:b5:72:aa:04:
         6e:7f:8a:32:d9:a0:15:52:61:ba:dc:cb:52:fa:7a:0e:92:de:
         80:60:a9:05:62:e0:67:71:5f:9f:50:c1:35:af:90:aa:4b:18:
         e0:cd:3a:0d:8f:8b:85:06:c3:04:f3:c8:ee:b5:c0:ce:7e:f2:
         3a:f0:a3:d3:13:1e:0e:2e:aa:3d:ea:c2:11:ee:89:b9:ed:96:
         0b:ed:40:af:b8:a7:eb:29:ea:48:15:08:e2:4a:15:10:00:63:
         7c:0a:db:0c:35:0a:b0:28:25:d1:af:a5:ea:09:58:be:e6:2b:
         0a:c7:f7:f4:9b:4a:ec:e7:58:ec:24:21:f1:28:3b:f5:3f:a9:
         c0:f9:46:0f:60:33:97:e4:b4:14:dd:af:c1:8d:f2:96:66:77:
         27:94:43:45:8a:68:db:89:5c:d9:fe:42:2c:29:1c:80:03:53:
         8e:a3:f2:1e:4c:2c:49:86:76:1d:ef:19:7c:13:a1:00:e8:be:
         2a:a6:90:23:a2:af:99:bc:0a:5c:f3:9b:1f:58:c0:5b:21:7e:
         e6:c8:79:e4:cf:23:d7:f4:44:70:61:95:c7:40:9a:a4:d6:ea:
         d1:9b:99:26
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZEDlkJ2GuTw5Iue/72+84bKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE5ZTU3OWZkNzQ2MDlkMjY4Y2NiY2ZiODJmNTNhNWE0ZDA2
MTM1YjAwHhcNMjQwNzMwMTIyMTA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZjcwMmQ2YWVlZDc4ZTE4N2QxZWQzNDY0MDJiMjA3ZmNmNTQ5MjlhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnoMI7qZ1TPzTIm4BI9Dxm9VXZXgf
7T4bZtaPq0zJRdYFYFHH4M5eMZvXprUiMc4WTGBKwj7h3NHtv5T++2//Apys5qYH
C0W8IfQZch5wO1L0d7pzz9VDHMU8tqLAUKm1Q5fT6bXZbORGGvUKK5EDtBF5mVIY
jkz+NqCZl+yoAOZJF6ULd3evXAjV9d1/1p3Wdxsirre/+8MOfRVYkdn4mz6S8kbl
MSmwyeTUMcqpeNZIjhO2haCmKXd20lZ7mkmYsvioVtih7wZ0rFQj+eqVujm1dsdH
gyvtIEI4hLEszZ7jVLSugwYZRxpNdclk5fmlNN5djc0Z7qDPaN2y99WcmwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFE9wLWru144YfR7TRkArIH/PVJKaMB8GA1UdIwQY
MBaAFBnlef10YJ0mjMvPuC9TpaTQYTWwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR2VWNV9YUmduU2FNeTgtNEwxT2xwTkJoTmJBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MC80ZGM0ZGUtOGU4ZC00N2ZiLTlkNWMt
NzQ4NDU0MTRlMDcxLzEvVDNBdGF1N1hqaGg5SHROR1FDc2dmODlVa3BvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MC80ZGM0ZGUtOGU4ZC00N2ZiLTlkNWMtNzQ4NDU0MTRlMDcx
LzEvR2VWNV9YUmduU2FNeTgtNEwxT2xwTkJoTmJBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhOewDAN
BgkqhkiG9w0BAQsFAAOCAQEARf0ctb4/y/YK75ZPARD5AYevz+xPtlgZfkERWiqs
f/y1cqoEbn+KMtmgFVJhutzLUvp6DpLegGCpBWLgZ3Ffn1DBNa+QqksY4M06DY+L
hQbDBPPI7rXAzn7yOvCj0xMeDi6qPerCEe6Jue2WC+1Ar7in6ynqSBUI4koVEABj
fArbDDUKsCgl0a+l6glYvuYrCsf39JtK7OdY7CQh8Sg79T+pwPlGD2Azl+S0FN2v
wY3ylmZ3J5RDRYpo24lc2f5CLCkcgANTjqPyHkwsSYZ2He8ZfBOhAOi+KqaQI6Kv
mbwKXPObH1jAWyF+5sh55M8j1/REcGGVx0CapNbq0ZuZJg==
-----END CERTIFICATE-----