Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/71/5a7d2f-5168-4720-8ce0-704149619c46/1/_5WIvJfKyXPt7q3eDEUV4dqzXLc.roa
File:                     _5WIvJfKyXPt7q3eDEUV4dqzXLc.roa (raw, json)
Hash identifier:          WY6kQSCLPQqO6U8inB26YKVMLyQQktJDfS2xbDWHzWw=
Subject key identifier:   FF:95:88:BC:97:CA:C9:73:ED:EE:AD:DE:0C:45:15:E1:DA:B3:5C:B7
Certificate issuer:       /CN=458cc52a0707cc340ac9c7f6e9028b64b70267bc
Certificate serial:       01949A2C108CC21125A85ECD43F031D28105
Authority key identifier: 45:8C:C5:2A:07:07:CC:34:0A:C9:C7:F6:E9:02:8B:64:B7:02:67:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RYzFKgcHzDQKycf26QKLZLcCZ7w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/71/5a7d2f-5168-4720-8ce0-704149619c46/1/_5WIvJfKyXPt7q3eDEUV4dqzXLc.roa
Signing time:             Fri 24 Jan 2025 21:16:06 +0000
ROA not before:           Fri 24 Jan 2025 21:16:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     44947
IP address blocks:        2a13:9e40::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/71/5a7d2f-5168-4720-8ce0-704149619c46/1/RYzFKgcHzDQKycf26QKLZLcCZ7w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/71/5a7d2f-5168-4720-8ce0-704149619c46/1/RYzFKgcHzDQKycf26QKLZLcCZ7w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RYzFKgcHzDQKycf26QKLZLcCZ7w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 13:43:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:9a:2c:10:8c:c2:11:25:a8:5e:cd:43:f0:31:d2:81:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=458cc52a0707cc340ac9c7f6e9028b64b70267bc
        Validity
            Not Before: Jan 24 21:16:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ff9588bc97cac973edeeadde0c4515e1dab35cb7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:99:34:62:bb:c3:48:5e:a6:14:ff:3c:52:c0:
                    8f:be:a8:b8:fe:f0:7c:9e:1e:f6:64:7c:b8:21:8d:
                    0f:e1:a9:e9:15:d4:c5:c6:ad:96:f2:4b:13:82:c5:
                    31:8b:29:45:cc:6b:69:95:d5:52:92:07:09:df:dd:
                    49:72:78:8b:b5:9d:b4:db:71:36:fb:c3:82:d5:a8:
                    bf:a0:f0:de:5e:50:81:49:87:e7:e3:50:c9:d2:ca:
                    b2:bd:ed:64:9d:14:28:3a:99:49:ed:93:43:a5:d3:
                    dc:a5:5b:d8:3c:f4:2b:fb:fb:d2:1f:9c:13:98:f4:
                    2e:af:41:6d:15:14:69:2c:51:6d:f3:eb:aa:ef:cc:
                    9c:02:96:93:7f:cc:a6:1d:39:89:b6:4f:02:c9:6e:
                    f9:dc:ab:c8:14:f2:ed:b4:ee:77:50:d7:f6:e6:da:
                    24:9f:5a:51:b1:33:4a:b1:37:17:66:af:f2:2d:2d:
                    71:94:c0:b8:03:31:b5:a9:ac:bc:7d:aa:ba:a6:19:
                    64:a3:45:37:10:fd:1e:ab:db:44:cd:d4:46:df:79:
                    4d:a4:b8:89:7e:ad:dd:36:ca:e2:97:0f:12:ff:4e:
                    90:58:fb:89:ed:f9:db:a3:05:b3:79:ea:eb:61:c3:
                    af:3d:45:f4:67:f1:3a:7e:63:d8:44:7a:ee:bf:72:
                    22:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:95:88:BC:97:CA:C9:73:ED:EE:AD:DE:0C:45:15:E1:DA:B3:5C:B7
            X509v3 Authority Key Identifier:
                keyid:45:8C:C5:2A:07:07:CC:34:0A:C9:C7:F6:E9:02:8B:64:B7:02:67:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RYzFKgcHzDQKycf26QKLZLcCZ7w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/71/5a7d2f-5168-4720-8ce0-704149619c46/1/_5WIvJfKyXPt7q3eDEUV4dqzXLc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/71/5a7d2f-5168-4720-8ce0-704149619c46/1/RYzFKgcHzDQKycf26QKLZLcCZ7w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:9e40::/29

    Signature Algorithm: sha256WithRSAEncryption
         44:4b:60:b5:fe:fd:6a:88:0b:9d:ae:f9:31:11:92:a9:fa:24:
         5e:1b:7d:c4:c0:5b:cc:d5:d5:d2:46:e3:50:e0:d1:3e:c4:dd:
         5d:03:da:28:10:f5:c0:0e:da:66:04:1b:2e:d8:9e:e6:ca:e6:
         09:80:82:4e:5c:bb:87:18:4d:b1:df:8f:6c:1f:3a:98:ca:64:
         fc:73:ab:b2:4d:60:3e:4a:71:81:0c:28:ec:27:b0:00:b0:bf:
         cb:63:59:d5:59:c7:36:72:60:cc:98:7c:61:f7:60:9d:a9:a4:
         6f:24:45:3d:40:ca:ea:c8:42:8b:67:9c:ed:af:ae:6f:67:32:
         24:17:70:ad:f9:bb:f0:da:9c:f3:50:bc:2a:8d:e2:0a:c0:6a:
         c8:25:41:61:b9:67:e2:69:88:59:51:7b:1c:40:08:9f:d4:9e:
         5a:54:3f:5e:c6:30:14:e0:0f:be:fe:d7:78:81:67:42:07:59:
         c7:24:7d:10:9e:e8:1e:85:87:1c:7c:c5:fc:46:99:49:9f:e2:
         cb:77:72:14:0e:a9:f5:26:98:6f:d1:bb:b9:1d:6a:18:6a:54:
         9e:b6:ba:24:ae:8d:9a:3d:33:ad:69:8c:0c:93:d9:e8:a7:0e:
         35:83:77:22:36:47:9d:21:bd:b5:eb:c3:92:9e:b5:da:30:2c:
         42:d4:de:ef
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZSaLBCMwhElqF7NQ/Ax0oEFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ1OGNjNTJhMDcwN2NjMzQwYWM5YzdmNmU5MDI4YjY0Yjcw
MjY3YmMwHhcNMjUwMTI0MjExNjA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZjk1ODhiYzk3Y2FjOTczZWRlZWFkZGUwYzQ1MTVlMWRhYjM1Y2I3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAupk0YrvDSF6mFP88UsCPvqi4/vB8
nh72ZHy4IY0P4anpFdTFxq2W8ksTgsUxiylFzGtpldVSkgcJ391JcniLtZ2023E2
+8OC1ai/oPDeXlCBSYfn41DJ0sqyve1knRQoOplJ7ZNDpdPcpVvYPPQr+/vSH5wT
mPQur0FtFRRpLFFt8+uq78ycApaTf8ymHTmJtk8CyW753KvIFPLttO53UNf25tok
n1pRsTNKsTcXZq/yLS1xlMC4AzG1qay8faq6phlko0U3EP0eq9tEzdRG33lNpLiJ
fq3dNsrilw8S/06QWPuJ7fnbowWzeerrYcOvPUX0Z/E6fmPYRHruv3IiLwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFP+ViLyXyslz7e6t3gxFFeHas1y3MB8GA1UdIwQY
MBaAFEWMxSoHB8w0CsnH9ukCi2S3Ame8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUll6RktnY0h6RFFLeWNmMjZRS0xaTGNDWjd3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MS81YTdkMmYtNTE2OC00NzIwLThjZTAt
NzA0MTQ5NjE5YzQ2LzEvXzVXSXZKZkt5WFB0N3EzZURFVVY0ZHF6WExjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MS81YTdkMmYtNTE2OC00NzIwLThjZTAtNzA0MTQ5NjE5YzQ2
LzEvUll6RktnY0h6RFFLeWNmMjZRS0xaTGNDWjd3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhOeQDAN
BgkqhkiG9w0BAQsFAAOCAQEAREtgtf79aogLna75MRGSqfokXht9xMBbzNXV0kbj
UODRPsTdXQPaKBD1wA7aZgQbLtie5srmCYCCTly7hxhNsd+PbB86mMpk/HOrsk1g
PkpxgQwo7CewALC/y2NZ1VnHNnJgzJh8YfdgnamkbyRFPUDK6shCi2ec7a+ub2cy
JBdwrfm78Nqc81C8Ko3iCsBqyCVBYbln4mmIWVF7HEAIn9SeWlQ/XsYwFOAPvv7X
eIFnQgdZxyR9EJ7oHoWHHHzF/EaZSZ/iy3dyFA6p9SaYb9G7uR1qGGpUnra6JK6N
mj0zrWmMDJPZ6KcONYN3IjZHnSG9tevDkp612jAsQtTe7w==
-----END CERTIFICATE-----