Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9f/a155c9-13e2-4b28-b682-47ea3f874355/1/AqNcisECeia8r42sdVkCO6MArLA.roa
File:                     AqNcisECeia8r42sdVkCO6MArLA.roa (raw, json)
Hash identifier:          18o7z7bmdzyzqumEyVAcE9Q6zGKgPT0KV/iWQ82M7jg=
Subject key identifier:   02:A3:5C:8A:C1:02:7A:26:BC:AF:8D:AC:75:59:02:3B:A3:00:AC:B0
Certificate issuer:       /CN=1024e66d7cba77b977685559c2481bb9044c5b75
Certificate serial:       0194221FE7047138D3E04C6EA41E2C811606
Authority key identifier: 10:24:E6:6D:7C:BA:77:B9:77:68:55:59:C2:48:1B:B9:04:4C:5B:75
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ECTmbXy6d7l3aFVZwkgbuQRMW3U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9f/a155c9-13e2-4b28-b682-47ea3f874355/1/AqNcisECeia8r42sdVkCO6MArLA.roa
Signing time:             Wed 01 Jan 2025 13:48:23 +0000
ROA not before:           Wed 01 Jan 2025 13:48:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     203881
IP address blocks:        2001:67c:2ea4::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9f/a155c9-13e2-4b28-b682-47ea3f874355/1/ECTmbXy6d7l3aFVZwkgbuQRMW3U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9f/a155c9-13e2-4b28-b682-47ea3f874355/1/ECTmbXy6d7l3aFVZwkgbuQRMW3U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ECTmbXy6d7l3aFVZwkgbuQRMW3U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 23:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:e7:04:71:38:d3:e0:4c:6e:a4:1e:2c:81:16:06
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1024e66d7cba77b977685559c2481bb9044c5b75
        Validity
            Not Before: Jan  1 13:48:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=02a35c8ac1027a26bcaf8dac7559023ba300acb0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:78:88:7e:47:3b:7c:14:ae:60:53:63:da:71:
                    3a:35:5e:e7:3d:e7:0d:62:4c:3b:82:70:4c:6f:35:
                    40:6d:3e:be:61:aa:5f:20:dc:d6:c5:c3:05:36:46:
                    2f:02:3c:cc:20:b9:f3:eb:94:67:d3:82:f1:6d:8b:
                    e9:14:59:c3:0b:ad:1b:e7:32:4f:14:1b:a8:11:53:
                    ff:db:e3:ec:f3:96:28:22:cd:56:26:dc:6a:8f:da:
                    bd:bf:91:ed:cc:ec:71:fb:a7:d2:45:21:19:76:e0:
                    84:fa:89:6f:b1:b1:63:52:67:4d:2a:11:cc:00:2d:
                    32:cf:6a:34:53:a5:3a:6b:e7:27:3e:6b:d8:35:07:
                    2d:0f:e3:e3:ff:a8:14:75:ab:b2:40:6d:91:41:e5:
                    10:a9:64:c9:86:e8:f1:0a:a8:47:25:6d:dc:dd:bf:
                    fd:e4:07:bf:72:02:0d:9d:2e:ad:13:ea:31:9f:b3:
                    8e:5b:38:8e:42:6e:17:27:61:fa:14:81:6e:4c:89:
                    42:bf:73:42:df:54:87:7e:78:2b:a9:01:db:b3:3e:
                    f0:aa:05:b5:58:5c:4a:12:a1:61:53:ce:b2:b1:78:
                    d6:0e:93:47:71:33:f4:d7:d7:0c:dd:5d:86:c6:42:
                    24:8f:90:a0:8c:e2:2c:4c:56:c5:74:89:4f:03:39:
                    21:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:A3:5C:8A:C1:02:7A:26:BC:AF:8D:AC:75:59:02:3B:A3:00:AC:B0
            X509v3 Authority Key Identifier:
                keyid:10:24:E6:6D:7C:BA:77:B9:77:68:55:59:C2:48:1B:B9:04:4C:5B:75

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ECTmbXy6d7l3aFVZwkgbuQRMW3U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/a155c9-13e2-4b28-b682-47ea3f874355/1/AqNcisECeia8r42sdVkCO6MArLA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/a155c9-13e2-4b28-b682-47ea3f874355/1/ECTmbXy6d7l3aFVZwkgbuQRMW3U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:2ea4::/48

    Signature Algorithm: sha256WithRSAEncryption
         d0:5d:ab:e5:fe:f4:de:ac:34:18:81:27:38:ed:ad:17:07:8a:
         90:c8:d9:ac:3a:70:91:f8:21:7f:aa:8b:c0:05:a3:a1:c6:65:
         a9:98:a2:1c:14:d7:5a:23:e9:b7:35:ca:46:07:1a:8c:c7:75:
         e8:f4:1b:99:a5:3d:70:11:f0:34:80:56:4b:40:c9:51:10:a0:
         ae:8d:0f:41:bc:b1:5f:0d:be:78:79:5b:03:97:ac:a9:69:c0:
         c1:19:85:1f:35:4d:65:3b:67:3a:14:30:66:a5:21:46:c7:2d:
         68:da:1a:b0:c4:5c:fa:ab:28:a4:46:a5:84:72:4e:b7:18:16:
         ec:1d:ab:cc:a6:ac:44:b9:9d:95:d5:f6:3a:ab:17:c0:f3:3e:
         38:61:19:72:97:98:99:93:2f:40:d4:41:86:c5:99:d7:d3:57:
         8b:39:59:39:c4:35:b4:ec:fc:97:a3:38:d1:37:02:30:e1:19:
         6b:80:a5:d6:40:79:f8:b9:af:20:1e:7e:e8:e8:63:2d:f3:44:
         69:7e:da:4a:eb:31:82:d9:a2:b2:e1:65:94:d3:4a:50:b1:2e:
         4b:91:7d:90:a4:93:d0:7d:6b:d7:2b:b0:ff:64:c9:64:9c:7e:
         91:6b:8c:6e:a8:aa:9a:69:8a:ee:be:e1:28:70:ed:cf:ba:68:
         35:71:8c:e0
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQiH+cEcTjT4ExupB4sgRYGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEwMjRlNjZkN2NiYTc3Yjk3NzY4NTU1OWMyNDgxYmI5MDQ0
YzViNzUwHhcNMjUwMTAxMTM0ODIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMmEzNWM4YWMxMDI3YTI2YmNhZjhkYWM3NTU5MDIzYmEzMDBhY2IwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmniIfkc7fBSuYFNj2nE6NV7nPecN
Ykw7gnBMbzVAbT6+YapfINzWxcMFNkYvAjzMILnz65Rn04LxbYvpFFnDC60b5zJP
FBuoEVP/2+Ps85YoIs1WJtxqj9q9v5HtzOxx+6fSRSEZduCE+olvsbFjUmdNKhHM
AC0yz2o0U6U6a+cnPmvYNQctD+Pj/6gUdauyQG2RQeUQqWTJhujxCqhHJW3c3b/9
5Ae/cgINnS6tE+oxn7OOWziOQm4XJ2H6FIFuTIlCv3NC31SHfngrqQHbsz7wqgW1
WFxKEqFhU86ysXjWDpNHcTP019cM3V2GxkIkj5CgjOIsTFbFdIlPAzkhzQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFAKjXIrBAnomvK+NrHVZAjujAKywMB8GA1UdIwQY
MBaAFBAk5m18une5d2hVWcJIG7kETFt1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRUNUbWJYeTZkN2wzYUZWWndrZ2J1UVJNVzNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Zi9hMTU1YzktMTNlMi00YjI4LWI2ODIt
NDdlYTNmODc0MzU1LzEvQXFOY2lzRUNlaWE4cjQyc2RWa0NPNk1BckxBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Zi9hMTU1YzktMTNlMi00YjI4LWI2ODItNDdlYTNmODc0MzU1
LzEvRUNUbWJYeTZkN2wzYUZWWndrZ2J1UVJNVzNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfC6k
MA0GCSqGSIb3DQEBCwUAA4IBAQDQXavl/vTerDQYgSc47a0XB4qQyNmsOnCR+CF/
qovABaOhxmWpmKIcFNdaI+m3NcpGBxqMx3Xo9BuZpT1wEfA0gFZLQMlREKCujQ9B
vLFfDb54eVsDl6ypacDBGYUfNU1lO2c6FDBmpSFGxy1o2hqwxFz6qyikRqWEck63
GBbsHavMpqxEuZ2V1fY6qxfA8z44YRlyl5iZky9A1EGGxZnX01eLOVk5xDW07PyX
ozjRNwIw4RlrgKXWQHn4ua8gHn7o6GMt80RpftpK6zGC2aKy4WWU00pQsS5LkX2Q
pJPQfWvXK7D/ZMlknH6Ra4xuqKqaaYruvuEocO3Pumg1cYzg
-----END CERTIFICATE-----