Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a2/b05e08-0762-4dc7-a4b0-5805d3f3dbb2/1/E4cEQ2bXcWZ0NrAGeBgn4KQ_rZ0.roa
File:                     E4cEQ2bXcWZ0NrAGeBgn4KQ_rZ0.roa (raw, json)
Hash identifier:          PlC9lf6Rj6VZK9vImLG8z7CxNna7Ca803KHh31aUxNE=
Subject key identifier:   13:87:04:43:66:D7:71:66:74:36:B0:06:78:18:27:E0:A4:3F:AD:9D
Certificate issuer:       /CN=153f24183d6c95185919349e6e92533736437b94
Certificate serial:       018CC7275762D2C905707C8E7FE9F8A17F94
Authority key identifier: 15:3F:24:18:3D:6C:95:18:59:19:34:9E:6E:92:53:37:36:43:7B:94
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FT8kGD1slRhZGTSebpJTNzZDe5Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a2/b05e08-0762-4dc7-a4b0-5805d3f3dbb2/1/E4cEQ2bXcWZ0NrAGeBgn4KQ_rZ0.roa
Signing time:             Mon 01 Jan 2024 22:31:33 +0000
ROA not before:           Mon 01 Jan 2024 22:31:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34984
IP address blocks:        2a13:e940::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a2/b05e08-0762-4dc7-a4b0-5805d3f3dbb2/1/FT8kGD1slRhZGTSebpJTNzZDe5Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a2/b05e08-0762-4dc7-a4b0-5805d3f3dbb2/1/FT8kGD1slRhZGTSebpJTNzZDe5Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FT8kGD1slRhZGTSebpJTNzZDe5Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 31 May 2024 13:01:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:57:62:d2:c9:05:70:7c:8e:7f:e9:f8:a1:7f:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=153f24183d6c95185919349e6e92533736437b94
        Validity
            Not Before: Jan  1 22:31:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1387044366d771667436b006781827e0a43fad9d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:6e:56:2c:a1:9d:32:cb:36:7f:b6:6e:d8:09:
                    37:fa:55:38:23:31:f7:87:73:94:14:fa:ba:68:96:
                    49:0a:f0:b6:77:9f:80:e9:89:99:18:37:70:e0:09:
                    36:a5:15:22:e1:44:4e:eb:a3:62:7f:0a:c1:ea:04:
                    c8:08:f6:c8:5a:68:5b:5d:1b:85:2b:8d:a9:d6:52:
                    cc:bc:28:d8:7c:49:f6:dd:6d:db:f3:25:80:fa:c8:
                    67:cf:7a:fc:c8:1a:89:76:76:b0:5b:cf:68:98:c2:
                    37:31:dc:b2:b8:36:bd:55:26:47:9e:e4:74:ad:bf:
                    1e:fe:3c:da:48:71:0a:f8:a3:5c:18:d4:f8:e2:20:
                    25:80:47:b7:36:87:f0:35:64:8d:6c:e4:04:f8:44:
                    35:ec:d8:73:05:ef:18:9d:f7:38:5e:63:cc:e6:ed:
                    1f:dd:89:a5:5d:62:4b:50:48:6b:c6:63:e5:9c:73:
                    0b:02:d2:76:c7:71:b0:95:47:0a:c4:09:10:6b:31:
                    ee:c0:dd:a9:20:05:a8:08:34:bd:2d:c2:dc:b6:43:
                    a0:af:17:f5:81:c6:6d:d1:b3:af:7b:ee:c8:81:47:
                    d4:df:99:24:ae:5f:87:15:7d:6a:38:7a:82:11:f2:
                    37:f4:4f:38:3e:18:c5:23:d2:6d:af:44:13:8c:11:
                    db:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                13:87:04:43:66:D7:71:66:74:36:B0:06:78:18:27:E0:A4:3F:AD:9D
            X509v3 Authority Key Identifier:
                keyid:15:3F:24:18:3D:6C:95:18:59:19:34:9E:6E:92:53:37:36:43:7B:94

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FT8kGD1slRhZGTSebpJTNzZDe5Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/b05e08-0762-4dc7-a4b0-5805d3f3dbb2/1/E4cEQ2bXcWZ0NrAGeBgn4KQ_rZ0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/b05e08-0762-4dc7-a4b0-5805d3f3dbb2/1/FT8kGD1slRhZGTSebpJTNzZDe5Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:e940::/29

    Signature Algorithm: sha256WithRSAEncryption
         4f:7b:e5:0b:8e:85:91:2b:7b:cb:32:4f:ae:c1:24:a7:b7:6c:
         ef:8d:e8:b2:b5:24:08:d3:25:fa:ff:9e:ff:50:7e:d4:98:64:
         71:81:00:7d:aa:29:55:3b:36:52:91:74:cb:77:c5:a0:c0:4c:
         48:f8:95:95:bb:45:16:11:9a:89:cd:e7:e4:79:79:d8:d6:3d:
         51:2c:70:77:d8:a6:e1:ef:1f:4d:bd:3d:73:20:c7:8e:d6:a3:
         20:28:b7:05:b1:9b:eb:ab:68:2d:07:80:ac:ad:4f:4b:d8:3e:
         ca:72:c1:05:0f:ca:d4:b3:5d:32:d7:0f:49:95:83:2d:22:5c:
         d7:88:89:1f:03:d1:a1:d6:f7:a2:c4:eb:7f:26:bd:46:fe:f8:
         f1:58:93:c8:b2:ec:ba:9e:d3:cf:4d:39:81:ff:e7:ae:85:d2:
         73:cf:69:bb:0a:d7:c8:b4:d8:b3:bd:23:b8:22:a0:be:9d:81:
         53:38:de:a3:33:8a:ec:69:a1:37:fd:5c:78:db:3d:70:e1:d5:
         77:65:28:7b:92:d6:dd:e4:f0:81:13:a2:42:00:a6:cd:2a:31:
         4e:af:43:28:a1:94:6d:cb:53:11:8e:a7:8a:04:ea:55:d4:d7:
         85:e1:a2:26:4c:5f:8b:3d:88:d4:1d:ba:e2:35:a0:72:b8:ff:
         59:12:dc:21
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzHJ1di0skFcHyOf+n4oX+UMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE1M2YyNDE4M2Q2Yzk1MTg1OTE5MzQ5ZTZlOTI1MzM3MzY0
MzdiOTQwHhcNMjQwMTAxMjIzMTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMzg3MDQ0MzY2ZDc3MTY2NzQzNmIwMDY3ODE4MjdlMGE0M2ZhZDlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtW5WLKGdMss2f7Zu2Ak3+lU4IzH3
h3OUFPq6aJZJCvC2d5+A6YmZGDdw4Ak2pRUi4URO66NifwrB6gTICPbIWmhbXRuF
K42p1lLMvCjYfEn23W3b8yWA+shnz3r8yBqJdnawW89omMI3MdyyuDa9VSZHnuR0
rb8e/jzaSHEK+KNcGNT44iAlgEe3NofwNWSNbOQE+EQ17NhzBe8Ynfc4XmPM5u0f
3YmlXWJLUEhrxmPlnHMLAtJ2x3GwlUcKxAkQazHuwN2pIAWoCDS9LcLctkOgrxf1
gcZt0bOve+7IgUfU35kkrl+HFX1qOHqCEfI39E84PhjFI9Jtr0QTjBHbEwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFBOHBENm13FmdDawBngYJ+CkP62dMB8GA1UdIwQY
MBaAFBU/JBg9bJUYWRk0nm6SUzc2Q3uUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRlQ4a0dEMXNsUmhaR1RTZWJwSlROelpEZTVRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMi9iMDVlMDgtMDc2Mi00ZGM3LWE0YjAt
NTgwNWQzZjNkYmIyLzEvRTRjRVEyYlhjV1owTnJBR2VCZ240S1FfclowLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMi9iMDVlMDgtMDc2Mi00ZGM3LWE0YjAtNTgwNWQzZjNkYmIy
LzEvRlQ4a0dEMXNsUmhaR1RTZWJwSlROelpEZTVRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhPpQDAN
BgkqhkiG9w0BAQsFAAOCAQEAT3vlC46FkSt7yzJPrsEkp7ds743osrUkCNMl+v+e
/1B+1JhkcYEAfaopVTs2UpF0y3fFoMBMSPiVlbtFFhGaic3n5Hl52NY9USxwd9im
4e8fTb09cyDHjtajICi3BbGb66toLQeArK1PS9g+ynLBBQ/K1LNdMtcPSZWDLSJc
14iJHwPRodb3osTrfya9Rv748ViTyLLsup7Tz005gf/nroXSc89puwrXyLTYs70j
uCKgvp2BUzjeozOK7GmhN/1ceNs9cOHVd2Uoe5LW3eTwgROiQgCmzSoxTq9DKKGU
bctTEY6nigTqVdTXheGiJkxfiz2I1B264jWgcrj/WRLcIQ==
-----END CERTIFICATE-----