Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/98/c99d6f-82ee-4768-805b-476d7e62cef6/1/pdC1KsOnjOvGFainyuUjzICPFes.roa
File:                     pdC1KsOnjOvGFainyuUjzICPFes.roa (raw, json)
Hash identifier:          9PpZVEet2RmTDOe5qqgJNSaHCeSHC8NK2RueyDRCl5M=
Subject key identifier:   A5:D0:B5:2A:C3:A7:8C:EB:C6:15:A8:A7:CA:E5:23:CC:80:8F:15:EB
Certificate issuer:       /CN=60e773dbfb75957f0cc5c863fcce76ca58a39308
Certificate serial:       0194266B267EA3F252660BCFFDB7AE8EBD95
Authority key identifier: 60:E7:73:DB:FB:75:95:7F:0C:C5:C8:63:FC:CE:76:CA:58:A3:93:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YOdz2_t1lX8Mxchj_M52ylijkwg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/98/c99d6f-82ee-4768-805b-476d7e62cef6/1/pdC1KsOnjOvGFainyuUjzICPFes.roa
Signing time:             Thu 02 Jan 2025 09:49:03 +0000
ROA not before:           Thu 02 Jan 2025 09:49:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     52209
IP address blocks:        2a13:9a00::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/98/c99d6f-82ee-4768-805b-476d7e62cef6/1/YOdz2_t1lX8Mxchj_M52ylijkwg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/98/c99d6f-82ee-4768-805b-476d7e62cef6/1/YOdz2_t1lX8Mxchj_M52ylijkwg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YOdz2_t1lX8Mxchj_M52ylijkwg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 12 Apr 2025 11:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:26:7e:a3:f2:52:66:0b:cf:fd:b7:ae:8e:bd:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60e773dbfb75957f0cc5c863fcce76ca58a39308
        Validity
            Not Before: Jan  2 09:49:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a5d0b52ac3a78cebc615a8a7cae523cc808f15eb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:26:5a:9d:40:20:77:8c:11:63:c8:d5:27:2c:
                    41:7f:29:9b:66:8a:28:ae:ab:8d:57:3c:80:01:80:
                    bb:71:94:37:f7:9c:11:26:3b:56:f2:26:38:48:68:
                    76:64:83:d6:7d:a9:61:5f:d2:19:5d:3c:40:f7:cb:
                    82:09:eb:3e:1a:d5:80:8a:84:5c:9b:df:53:75:3a:
                    6a:d6:50:91:ea:32:ed:a4:fc:2d:62:49:8f:10:70:
                    45:e8:47:de:a1:3c:44:e2:26:e6:55:e9:69:07:ea:
                    81:8b:99:66:25:83:5f:36:2f:e3:72:fd:55:0c:74:
                    cc:c2:e4:2a:7e:bf:08:72:af:92:d2:24:99:27:7b:
                    26:e4:a6:d6:bd:ea:f1:66:f4:63:be:4f:79:11:8a:
                    9d:66:6a:a1:54:33:44:93:87:fe:ed:85:6e:b3:19:
                    26:83:71:4c:3e:4e:60:ec:48:fa:b2:77:72:0a:76:
                    c5:33:10:96:9a:4c:65:17:49:05:3b:78:16:44:2b:
                    28:b8:55:c7:64:39:70:23:23:3c:eb:66:da:a8:b2:
                    8e:06:9e:c9:4a:54:1b:3e:47:b1:ff:42:08:db:0d:
                    03:45:88:c5:dd:af:3c:1f:ba:29:25:86:ec:14:58:
                    37:57:99:9b:7d:1d:b8:2e:54:6f:7e:17:ee:33:71:
                    e8:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:D0:B5:2A:C3:A7:8C:EB:C6:15:A8:A7:CA:E5:23:CC:80:8F:15:EB
            X509v3 Authority Key Identifier:
                keyid:60:E7:73:DB:FB:75:95:7F:0C:C5:C8:63:FC:CE:76:CA:58:A3:93:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YOdz2_t1lX8Mxchj_M52ylijkwg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/98/c99d6f-82ee-4768-805b-476d7e62cef6/1/pdC1KsOnjOvGFainyuUjzICPFes.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/98/c99d6f-82ee-4768-805b-476d7e62cef6/1/YOdz2_t1lX8Mxchj_M52ylijkwg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:9a00::/29

    Signature Algorithm: sha256WithRSAEncryption
         ee:7f:0c:f5:78:11:46:79:af:42:3c:5a:e4:86:9c:d6:56:4e:
         e7:a6:25:86:7f:06:37:69:e6:d8:1e:b8:e0:80:dd:31:b1:ab:
         e1:bb:67:1c:91:1c:a1:f1:f6:e4:5d:f9:34:40:4e:b5:3e:26:
         18:dc:fc:23:ed:64:86:87:ca:39:60:81:f0:60:e5:d6:ce:3c:
         f5:20:a0:12:8e:79:3b:9c:29:a5:f4:0f:7b:3c:48:58:7f:27:
         3a:0e:f2:f7:2b:6c:86:9b:82:a6:f0:d6:b1:3e:9d:66:74:a5:
         c7:8f:62:08:fd:83:74:1c:ba:d2:d1:cf:c2:6c:73:f4:e0:52:
         5b:1e:91:34:3d:aa:a6:af:73:a8:63:92:b1:56:1d:23:8c:a4:
         cd:ec:7d:62:ed:a2:c6:16:32:dc:ee:80:3e:6f:5c:14:4d:78:
         b6:07:c5:94:9b:d9:7c:39:68:67:f8:e2:05:8a:7a:b3:75:02:
         01:72:e7:22:53:a2:02:67:5c:4b:71:f7:90:af:52:8b:88:70:
         34:7e:e1:93:46:53:d5:f0:c6:3a:c8:c5:72:e3:0c:40:ba:75:
         7f:c2:ad:1d:f9:44:ce:32:90:9d:68:4a:ca:9d:14:b9:86:87:
         65:fa:c3:83:e7:dc:23:b2:ac:75:81:e2:08:db:15:38:21:b6:
         72:cb:bd:b7
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQmayZ+o/JSZgvP/beujr2VMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwZTc3M2RiZmI3NTk1N2YwY2M1Yzg2M2ZjY2U3NmNhNThh
MzkzMDgwHhcNMjUwMTAyMDk0OTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNWQwYjUyYWMzYTc4Y2ViYzYxNWE4YTdjYWU1MjNjYzgwOGYxNWViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqyZanUAgd4wRY8jVJyxBfymbZooo
rquNVzyAAYC7cZQ395wRJjtW8iY4SGh2ZIPWfalhX9IZXTxA98uCCes+GtWAioRc
m99TdTpq1lCR6jLtpPwtYkmPEHBF6EfeoTxE4ibmVelpB+qBi5lmJYNfNi/jcv1V
DHTMwuQqfr8Icq+S0iSZJ3sm5KbWverxZvRjvk95EYqdZmqhVDNEk4f+7YVusxkm
g3FMPk5g7Ej6sndyCnbFMxCWmkxlF0kFO3gWRCsouFXHZDlwIyM862baqLKOBp7J
SlQbPkex/0II2w0DRYjF3a88H7opJYbsFFg3V5mbfR24LlRvfhfuM3HohwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFKXQtSrDp4zrxhWop8rlI8yAjxXrMB8GA1UdIwQY
MBaAFGDnc9v7dZV/DMXIY/zOdspYo5MIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWU9kejJfdDFsWDhNeGNoal9NNTJ5bGlqa3dnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OC9jOTlkNmYtODJlZS00NzY4LTgwNWIt
NDc2ZDdlNjJjZWY2LzEvcGRDMUtzT25qT3ZHRmFpbnl1VWp6SUNQRmVzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OC9jOTlkNmYtODJlZS00NzY4LTgwNWItNDc2ZDdlNjJjZWY2
LzEvWU9kejJfdDFsWDhNeGNoal9NNTJ5bGlqa3dnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhOaADAN
BgkqhkiG9w0BAQsFAAOCAQEA7n8M9XgRRnmvQjxa5Iac1lZO56Ylhn8GN2nm2B64
4IDdMbGr4btnHJEcofH25F35NEBOtT4mGNz8I+1khofKOWCB8GDl1s489SCgEo55
O5wppfQPezxIWH8nOg7y9ytshpuCpvDWsT6dZnSlx49iCP2DdBy60tHPwmxz9OBS
Wx6RND2qpq9zqGOSsVYdI4ykzex9Yu2ixhYy3O6APm9cFE14tgfFlJvZfDloZ/ji
BYp6s3UCAXLnIlOiAmdcS3H3kK9Si4hwNH7hk0ZT1fDGOsjFcuMMQLp1f8KtHflE
zjKQnWhKyp0UuYaHZfrDg+fcI7KsdYHiCNsVOCG2csu9tw==
-----END CERTIFICATE-----