Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/6b544c-50e7-4f96-8c8d-8dee1da10741/1/KZqAxy5iqIMDtOLtEGoxGEy07RI.roa
File:                     KZqAxy5iqIMDtOLtEGoxGEy07RI.roa (raw, json)
Hash identifier:          kbgYn28oaby5NUH4Ku4hnNvchyDC07zcNQ/v/n7K8DU=
Subject key identifier:   29:9A:80:C7:2E:62:A8:83:03:B4:E2:ED:10:6A:31:18:4C:B4:ED:12
Certificate issuer:       /CN=ec7469c5428eef9ab768d9ed6c2c89443a6bb4be
Certificate serial:       01949998AA153C8C40BB5ABED4A936FF5D01
Authority key identifier: EC:74:69:C5:42:8E:EF:9A:B7:68:D9:ED:6C:2C:89:44:3A:6B:B4:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7HRpxUKO75q3aNntbCyJRDprtL4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/6b544c-50e7-4f96-8c8d-8dee1da10741/1/KZqAxy5iqIMDtOLtEGoxGEy07RI.roa
Signing time:             Fri 24 Jan 2025 18:35:06 +0000
ROA not before:           Fri 24 Jan 2025 18:35:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     44947
IP address blocks:        81.30.107.0/24 maxlen: 24
                          2a09:cbc0::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/6b544c-50e7-4f96-8c8d-8dee1da10741/1/7HRpxUKO75q3aNntbCyJRDprtL4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/6b544c-50e7-4f96-8c8d-8dee1da10741/1/7HRpxUKO75q3aNntbCyJRDprtL4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7HRpxUKO75q3aNntbCyJRDprtL4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 13:43:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:99:98:aa:15:3c:8c:40:bb:5a:be:d4:a9:36:ff:5d:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ec7469c5428eef9ab768d9ed6c2c89443a6bb4be
        Validity
            Not Before: Jan 24 18:35:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=299a80c72e62a88303b4e2ed106a31184cb4ed12
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ea:ab:ab:3f:bf:e7:6a:d5:d8:0e:8e:2d:6a:19:
                    4c:4b:be:9f:b5:e7:cc:2d:a5:d7:11:cd:26:a8:ee:
                    c5:b6:30:8b:70:3e:f0:79:80:56:5f:d3:b5:f2:6e:
                    d3:90:f4:6d:3a:00:a8:79:35:1a:08:5a:26:1a:10:
                    6d:84:d5:d0:14:d3:99:3d:1e:b5:9e:55:ef:d1:8c:
                    5c:c8:b7:5d:a4:f3:32:ac:75:55:98:27:c8:30:42:
                    2b:e8:03:cf:b3:3d:71:bf:29:55:79:3c:85:79:67:
                    83:70:8f:b8:85:46:80:79:2e:b8:08:70:ff:a6:89:
                    f0:97:11:83:38:c6:8e:3b:c8:b6:18:f2:cd:3b:24:
                    6d:46:a5:90:49:44:98:f3:4c:11:3e:85:a4:16:4d:
                    07:7f:31:e8:e1:9d:21:30:d8:7f:de:70:fa:d3:78:
                    d6:cf:d1:9a:df:00:fb:45:41:f6:6c:54:e0:b0:ac:
                    76:7b:67:ff:10:b6:da:79:24:1b:33:93:f3:7b:e9:
                    29:1d:a6:61:a8:96:f3:cc:ba:1c:14:c3:2c:8d:9e:
                    ec:ca:fd:2d:c8:1d:58:77:b3:21:b7:30:58:13:9b:
                    bb:21:a9:d1:32:bf:f8:09:a8:0c:89:33:bf:cb:73:
                    4a:69:55:bc:64:84:8a:9d:78:7b:f3:af:86:a7:d1:
                    01:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:9A:80:C7:2E:62:A8:83:03:B4:E2:ED:10:6A:31:18:4C:B4:ED:12
            X509v3 Authority Key Identifier:
                keyid:EC:74:69:C5:42:8E:EF:9A:B7:68:D9:ED:6C:2C:89:44:3A:6B:B4:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7HRpxUKO75q3aNntbCyJRDprtL4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/6b544c-50e7-4f96-8c8d-8dee1da10741/1/KZqAxy5iqIMDtOLtEGoxGEy07RI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/6b544c-50e7-4f96-8c8d-8dee1da10741/1/7HRpxUKO75q3aNntbCyJRDprtL4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.30.107.0/24
                IPv6:
                  2a09:cbc0::/29

    Signature Algorithm: sha256WithRSAEncryption
         11:d1:e9:b2:86:d8:4b:30:a5:08:24:21:2c:10:ce:15:53:2c:
         75:1a:48:0d:ff:aa:49:31:d7:62:06:04:24:2a:6c:20:df:46:
         eb:11:3f:34:bb:94:ab:e9:e8:c1:e3:f5:19:98:77:c8:74:be:
         f8:72:3c:a6:51:be:7c:c8:30:48:ab:48:ee:b1:8c:50:e5:d3:
         b7:8d:e1:e9:f4:ca:39:7b:7b:4e:80:da:f8:71:22:1a:8e:b1:
         bd:5c:54:4e:97:3a:dc:23:04:71:10:e4:29:14:47:16:25:78:
         50:8f:f2:22:44:22:40:be:78:f2:17:73:02:09:03:09:31:76:
         d5:51:95:cd:3e:fc:b7:61:49:cb:ef:75:4c:44:45:a4:8b:fe:
         91:ef:53:4b:00:cc:9a:18:37:fd:21:bc:93:7c:91:ad:4e:8b:
         4c:5c:81:d1:74:d8:d7:c7:a5:2b:1f:0a:57:93:77:5a:31:68:
         1d:88:d7:e9:6f:07:4f:46:4f:17:42:49:63:2d:9d:d9:3c:f2:
         15:b6:4c:32:e0:01:ef:e6:c2:b2:56:08:34:82:85:aa:b5:a3:
         cc:d0:38:4d:71:a2:60:46:42:d4:84:e3:04:92:dd:4f:6e:ac:
         9e:72:3e:fd:0a:9d:56:27:da:da:da:55:a9:20:6f:cb:49:23:
         e9:d5:a0:52
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZSZmKoVPIxAu1q+1Kk2/10BMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVjNzQ2OWM1NDI4ZWVmOWFiNzY4ZDllZDZjMmM4OTQ0M2E2
YmI0YmUwHhcNMjUwMTI0MTgzNTA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOTlhODBjNzJlNjJhODgzMDNiNGUyZWQxMDZhMzExODRjYjRlZDEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6qurP7/natXYDo4tahlMS76ftefM
LaXXEc0mqO7FtjCLcD7weYBWX9O18m7TkPRtOgCoeTUaCFomGhBthNXQFNOZPR61
nlXv0YxcyLddpPMyrHVVmCfIMEIr6APPsz1xvylVeTyFeWeDcI+4hUaAeS64CHD/
ponwlxGDOMaOO8i2GPLNOyRtRqWQSUSY80wRPoWkFk0HfzHo4Z0hMNh/3nD603jW
z9Ga3wD7RUH2bFTgsKx2e2f/ELbaeSQbM5Pze+kpHaZhqJbzzLocFMMsjZ7syv0t
yB1Yd7MhtzBYE5u7IanRMr/4CagMiTO/y3NKaVW8ZISKnXh786+Gp9EBuwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFCmagMcuYqiDA7Ti7RBqMRhMtO0SMB8GA1UdIwQY
MBaAFOx0acVCju+at2jZ7WwsiUQ6a7S+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN0hScHhVS083NXEzYU5udGJDeUpSRHBydEw0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny82YjU0NGMtNTBlNy00Zjk2LThjOGQt
OGRlZTFkYTEwNzQxLzEvS1pxQXh5NWlxSU1EdE9MdEVHb3hHRXkwN1JJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny82YjU0NGMtNTBlNy00Zjk2LThjOGQtOGRlZTFkYTEwNzQx
LzEvN0hScHhVS083NXEzYU5udGJDeUpSRHBydEw0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAUR5rMA0E
AgACMAcDBQMqCcvAMA0GCSqGSIb3DQEBCwUAA4IBAQAR0emyhthLMKUIJCEsEM4V
Uyx1GkgN/6pJMddiBgQkKmwg30brET80u5Sr6ejB4/UZmHfIdL74cjymUb58yDBI
q0jusYxQ5dO3jeHp9Mo5e3tOgNr4cSIajrG9XFROlzrcIwRxEOQpFEcWJXhQj/Ii
RCJAvnjyF3MCCQMJMXbVUZXNPvy3YUnL73VMREWki/6R71NLAMyaGDf9IbyTfJGt
TotMXIHRdNjXx6UrHwpXk3daMWgdiNfpbwdPRk8XQkljLZ3ZPPIVtkwy4AHv5sKy
Vgg0goWqtaPM0DhNcaJgRkLUhOMEkt1Pbqyecj79Cp1WJ9ra2lWpIG/LSSPp1aBS
-----END CERTIFICATE-----