Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9b/f59fe3-956e-4937-858d-eec416a886f7/1/1-5V6RXgQOXjxU3mO34q_0PmmYk4.roa
File:                     1-5V6RXgQOXjxU3mO34q_0PmmYk4.roa (raw, json)
Hash identifier:          UBzppXP3Ubih2qJBoeebTWZSAjaul2dwW+uHzrrKrpI=
Subject key identifier:   FB:95:7A:45:78:10:39:78:F1:53:79:8E:DF:8A:BF:D0:F9:A6:62:4E
Certificate issuer:       /CN=3af7710df8add64bb9688e0f4581bea67e402c66
Certificate serial:       0194602EDD4643515846D7CBEC4B0D4323F7
Authority key identifier: 3A:F7:71:0D:F8:AD:D6:4B:B9:68:8E:0F:45:81:BE:A6:7E:40:2C:66
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OvdxDfit1ku5aI4PRYG-pn5ALGY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9b/f59fe3-956e-4937-858d-eec416a886f7/1/1-5V6RXgQOXjxU3mO34q_0PmmYk4.roa
Signing time:             Mon 13 Jan 2025 15:01:11 +0000
ROA not before:           Mon 13 Jan 2025 15:01:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     44160
IP address blocks:        2a02:210::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9b/f59fe3-956e-4937-858d-eec416a886f7/1/OvdxDfit1ku5aI4PRYG-pn5ALGY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9b/f59fe3-956e-4937-858d-eec416a886f7/1/OvdxDfit1ku5aI4PRYG-pn5ALGY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OvdxDfit1ku5aI4PRYG-pn5ALGY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 15 Mar 2025 03:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:60:2e:dd:46:43:51:58:46:d7:cb:ec:4b:0d:43:23:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3af7710df8add64bb9688e0f4581bea67e402c66
        Validity
            Not Before: Jan 13 15:01:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=fb957a4578103978f153798edf8abfd0f9a6624e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:84:9f:24:55:5f:94:34:f7:92:c7:b3:55:05:
                    c2:12:fd:7b:3f:e4:05:7d:c6:8c:ee:6b:a0:a9:9b:
                    0d:63:b6:6e:f9:ce:c4:af:da:e8:b3:36:25:01:18:
                    5a:74:ee:4c:bb:71:06:90:41:56:e7:bf:38:be:9c:
                    8d:5a:96:70:6b:0f:61:d3:20:90:19:bb:5a:bb:34:
                    76:f7:50:e5:a9:33:0c:2f:e8:ed:10:91:cf:49:51:
                    0f:b4:78:38:61:cd:61:b1:46:0f:fc:be:e6:45:1d:
                    28:39:5b:5f:7e:68:54:0f:88:8d:4f:a7:c1:d9:ef:
                    e6:59:ef:dd:99:a0:52:a1:31:d7:a8:3f:a3:24:1f:
                    5a:0c:7c:45:a1:f2:e9:c7:a1:f5:91:d7:c9:57:25:
                    11:f7:ef:a3:ee:90:23:65:cf:31:3a:e6:49:bc:57:
                    9f:8a:4e:57:e7:a2:1f:b4:88:4e:df:c2:c4:63:36:
                    f6:a5:4d:f6:dd:f9:7d:dc:6e:d9:ff:1f:25:9e:5f:
                    04:b2:19:db:55:29:64:be:f3:89:a3:7d:f7:6a:5e:
                    35:2a:58:f7:06:61:f9:1d:04:49:a7:7c:a1:f6:fb:
                    5b:6e:8c:08:7d:f0:10:ca:5e:59:20:c9:d7:60:5d:
                    c7:80:04:e7:d5:18:c7:f6:c9:4a:41:4a:a7:65:e0:
                    e5:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FB:95:7A:45:78:10:39:78:F1:53:79:8E:DF:8A:BF:D0:F9:A6:62:4E
            X509v3 Authority Key Identifier:
                keyid:3A:F7:71:0D:F8:AD:D6:4B:B9:68:8E:0F:45:81:BE:A6:7E:40:2C:66

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OvdxDfit1ku5aI4PRYG-pn5ALGY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/f59fe3-956e-4937-858d-eec416a886f7/1/1-5V6RXgQOXjxU3mO34q_0PmmYk4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/f59fe3-956e-4937-858d-eec416a886f7/1/OvdxDfit1ku5aI4PRYG-pn5ALGY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a02:210::/32

    Signature Algorithm: sha256WithRSAEncryption
         07:f9:bc:23:26:e6:e4:06:30:c0:0e:9f:66:f7:b2:cb:13:89:
         85:c8:48:d5:ea:69:cb:d6:11:56:33:f5:6f:b8:2d:a9:7b:2c:
         52:15:1b:23:82:ca:28:0d:bb:b9:d0:e2:d5:36:0d:26:b0:85:
         26:28:87:0f:75:3e:c4:dd:e5:0c:c3:06:8a:a6:77:09:fa:ea:
         e1:07:09:f9:3e:e4:da:51:c1:1f:71:25:2a:d7:30:6b:85:4d:
         e6:61:94:76:d7:38:50:ce:88:2b:59:a9:0a:93:01:f3:f9:37:
         62:e0:d9:6f:77:30:4c:fc:7d:b3:a0:e8:6f:d0:a4:4e:31:77:
         a0:d7:31:5c:32:07:ac:d0:60:d8:e5:ef:77:bb:d7:96:dd:10:
         c8:1d:59:7b:7a:17:ce:32:b2:9b:55:a8:ee:fe:75:00:49:ff:
         84:c4:43:6c:70:64:2f:18:d1:4f:d5:90:d5:a6:03:87:27:15:
         86:14:29:e9:91:19:ac:81:83:d8:58:d1:4c:1e:5a:73:85:49:
         93:cb:6d:d7:a8:70:2e:e0:75:7b:7b:b7:09:81:8e:ef:a8:18:
         6b:f3:70:42:99:1b:fe:f7:75:6e:d9:16:a4:83:e7:f5:2d:cf:
         ca:c2:bc:c7:a4:09:19:a8:5c:30:5a:0a:d0:15:49:00:3a:63:
         a9:f2:4a:35
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZRgLt1GQ1FYRtfL7EsNQyP3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhZjc3MTBkZjhhZGQ2NGJiOTY4OGUwZjQ1ODFiZWE2N2U0
MDJjNjYwHhcNMjUwMTEzMTUwMTExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYjk1N2E0NTc4MTAzOTc4ZjE1Mzc5OGVkZjhhYmZkMGY5YTY2MjRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx4SfJFVflDT3ksezVQXCEv17P+QF
fcaM7mugqZsNY7Zu+c7Er9roszYlARhadO5Mu3EGkEFW5784vpyNWpZwaw9h0yCQ
GbtauzR291DlqTMML+jtEJHPSVEPtHg4Yc1hsUYP/L7mRR0oOVtffmhUD4iNT6fB
2e/mWe/dmaBSoTHXqD+jJB9aDHxFofLpx6H1kdfJVyUR9++j7pAjZc8xOuZJvFef
ik5X56IftIhO38LEYzb2pU323fl93G7Z/x8lnl8EshnbVSlkvvOJo333al41Klj3
BmH5HQRJp3yh9vtbbowIffAQyl5ZIMnXYF3HgATn1RjH9slKQUqnZeDlfQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFPuVekV4EDl48VN5jt+Kv9D5pmJOMB8GA1UdIwQY
MBaAFDr3cQ34rdZLuWiOD0WBvqZ+QCxmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3ZkeERmaXQxa3U1YUk0UFJZRy1wbjVBTEdZLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yi9mNTlmZTMtOTU2ZS00OTM3LTg1OGQt
ZWVjNDE2YTg4NmY3LzEvMS01VjZSWGdRT1hqeFUzbU8zNHFfMFBtbVlrNC5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvOWIvZjU5ZmUzLTk1NmUtNDkzNy04NThkLWVlYzQxNmE4ODZm
Ny8xL092ZHhEZml0MWt1NWFJNFBSWUctcG41QUxHWS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACoCAhAw
DQYJKoZIhvcNAQELBQADggEBAAf5vCMm5uQGMMAOn2b3sssTiYXISNXqacvWEVYz
9W+4Lal7LFIVGyOCyigNu7nQ4tU2DSawhSYohw91PsTd5QzDBoqmdwn66uEHCfk+
5NpRwR9xJSrXMGuFTeZhlHbXOFDOiCtZqQqTAfP5N2Lg2W93MEz8fbOg6G/QpE4x
d6DXMVwyB6zQYNjl73e715bdEMgdWXt6F84ysptVqO7+dQBJ/4TEQ2xwZC8Y0U/V
kNWmA4cnFYYUKemRGayBg9hY0UweWnOFSZPLbdeocC7gdXt7twmBju+oGGvzcEKZ
G/73dW7ZFqSD5/Utz8rCvMekCRmoXDBaCtAVSQA6Y6nySjU=
-----END CERTIFICATE-----