Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a5/1e3c12-3207-4325-86f5-8befee49ed4d/1/553lKMIKwThYw8AISbuyrXf1Y3Y.roa
File:                     553lKMIKwThYw8AISbuyrXf1Y3Y.roa (raw, json)
Hash identifier:          nZE4YzzK77LLVsV2aH36whqra+m62dlwzfCf/rC05r0=
Subject key identifier:   E7:9D:E5:28:C2:0A:C1:38:58:C3:C0:08:49:BB:B2:AD:77:F5:63:76
Certificate issuer:       /CN=2b6d142b5b6a5298d6b8fa5845f29878cfebbc54
Certificate serial:       01949A2A3CD4B8AD5E0FED58E9E9E41B7918
Authority key identifier: 2B:6D:14:2B:5B:6A:52:98:D6:B8:FA:58:45:F2:98:78:CF:EB:BC:54
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/K20UK1tqUpjWuPpYRfKYeM_rvFQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a5/1e3c12-3207-4325-86f5-8befee49ed4d/1/553lKMIKwThYw8AISbuyrXf1Y3Y.roa
Signing time:             Fri 24 Jan 2025 21:14:06 +0000
ROA not before:           Fri 24 Jan 2025 21:14:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     44947
IP address blocks:        2a13:6fc0::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a5/1e3c12-3207-4325-86f5-8befee49ed4d/1/K20UK1tqUpjWuPpYRfKYeM_rvFQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a5/1e3c12-3207-4325-86f5-8befee49ed4d/1/K20UK1tqUpjWuPpYRfKYeM_rvFQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/K20UK1tqUpjWuPpYRfKYeM_rvFQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 13:43:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:9a:2a:3c:d4:b8:ad:5e:0f:ed:58:e9:e9:e4:1b:79:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2b6d142b5b6a5298d6b8fa5845f29878cfebbc54
        Validity
            Not Before: Jan 24 21:14:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e79de528c20ac13858c3c00849bbb2ad77f56376
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:7c:f8:1e:13:4a:c9:d7:6d:ef:e3:49:84:e1:
                    3c:15:91:1a:90:db:e8:f6:63:6c:80:11:15:94:22:
                    57:95:69:d1:89:6a:ad:d2:70:7b:f5:26:f6:eb:49:
                    e3:f3:9a:b7:35:3d:29:ae:13:b3:21:30:07:4d:6d:
                    8e:9a:1a:9c:20:33:64:36:c6:2c:41:8e:9c:54:79:
                    58:fe:c4:cf:1c:59:23:1f:e2:08:9f:ea:db:e4:36:
                    13:28:90:5b:cc:19:f4:68:fd:56:ab:bf:b6:a6:2f:
                    b0:51:35:e6:00:f5:8e:ca:a6:7d:c7:2c:63:8b:d2:
                    cb:d6:9c:65:e0:1a:e4:bf:00:7b:5b:3f:b7:82:dc:
                    b5:06:cb:97:ab:73:41:a2:91:e6:cf:f6:e0:dd:d3:
                    ca:3f:d8:1b:dd:67:fc:c7:dd:53:75:5c:9d:6d:8e:
                    bd:37:6f:0a:6a:fe:ea:cf:16:e2:37:c6:0a:31:b7:
                    4d:8d:39:3b:59:a5:74:fc:88:99:37:66:68:d6:93:
                    22:33:1e:a7:13:6b:1d:3f:55:f2:68:09:df:d6:fe:
                    b2:26:7a:4d:24:32:fd:14:d1:71:87:aa:93:9e:11:
                    1f:bc:75:db:e1:86:4b:66:df:78:99:f8:df:c7:ae:
                    18:95:fb:20:b3:b7:45:fc:7d:3f:7b:2d:36:94:cf:
                    88:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:9D:E5:28:C2:0A:C1:38:58:C3:C0:08:49:BB:B2:AD:77:F5:63:76
            X509v3 Authority Key Identifier:
                keyid:2B:6D:14:2B:5B:6A:52:98:D6:B8:FA:58:45:F2:98:78:CF:EB:BC:54

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/K20UK1tqUpjWuPpYRfKYeM_rvFQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/1e3c12-3207-4325-86f5-8befee49ed4d/1/553lKMIKwThYw8AISbuyrXf1Y3Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/1e3c12-3207-4325-86f5-8befee49ed4d/1/K20UK1tqUpjWuPpYRfKYeM_rvFQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:6fc0::/29

    Signature Algorithm: sha256WithRSAEncryption
         7f:b3:65:bc:1b:66:91:2c:58:24:81:b8:a4:90:34:6d:70:51:
         1d:7f:42:28:2f:7d:5d:4e:0a:d8:da:38:66:88:c2:c2:ca:d9:
         1e:02:ec:97:2d:32:d4:9a:02:b2:10:53:df:64:6c:e4:af:b2:
         0b:45:23:6f:4a:6c:92:33:34:80:7e:a1:5e:d2:96:bb:91:1e:
         f3:23:bd:85:42:c2:7a:b5:3a:55:b9:9b:ce:33:76:e9:e5:bb:
         a8:9e:fe:7d:47:23:6c:f4:9c:5b:d3:a4:4b:70:ae:bc:11:6d:
         31:fd:e8:d5:d1:d5:fe:0f:02:20:f0:ab:be:0f:ed:72:56:8e:
         0d:e1:cf:cc:ae:51:a8:d5:52:fb:89:4a:35:c5:fe:50:65:9a:
         57:be:64:c6:89:ea:50:90:01:61:70:fa:36:d8:58:7f:0b:40:
         15:ef:a1:9d:54:00:6f:62:42:29:53:f3:c3:f6:e5:b0:45:3d:
         bc:5f:7e:cf:95:3a:9d:9b:40:07:ab:7f:8f:4b:1a:cf:50:e6:
         eb:c9:00:d4:e8:88:cb:00:3f:1f:33:c5:aa:aa:ee:7b:37:b4:
         07:c4:71:a0:35:19:c7:28:70:a4:79:74:a4:72:69:4a:7a:eb:
         b4:8d:10:b3:13:12:5e:6b:1e:9d:62:86:53:bb:a6:d4:b1:49:
         80:c8:d7:b2
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZSaKjzUuK1eD+1Y6enkG3kYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJiNmQxNDJiNWI2YTUyOThkNmI4ZmE1ODQ1ZjI5ODc4Y2Zl
YmJjNTQwHhcNMjUwMTI0MjExNDA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNzlkZTUyOGMyMGFjMTM4NThjM2MwMDg0OWJiYjJhZDc3ZjU2Mzc2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA23z4HhNKyddt7+NJhOE8FZEakNvo
9mNsgBEVlCJXlWnRiWqt0nB79Sb260nj85q3NT0prhOzITAHTW2OmhqcIDNkNsYs
QY6cVHlY/sTPHFkjH+IIn+rb5DYTKJBbzBn0aP1Wq7+2pi+wUTXmAPWOyqZ9xyxj
i9LL1pxl4BrkvwB7Wz+3gty1BsuXq3NBopHmz/bg3dPKP9gb3Wf8x91TdVydbY69
N28Kav7qzxbiN8YKMbdNjTk7WaV0/IiZN2Zo1pMiMx6nE2sdP1XyaAnf1v6yJnpN
JDL9FNFxh6qTnhEfvHXb4YZLZt94mfjfx64Ylfsgs7dF/H0/ey02lM+IuQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFOed5SjCCsE4WMPACEm7sq139WN2MB8GA1UdIwQY
MBaAFCttFCtbalKY1rj6WEXymHjP67xUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSzIwVUsxdHFVcGpXdVBwWVJmS1llTV9ydkZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNS8xZTNjMTItMzIwNy00MzI1LTg2ZjUt
OGJlZmVlNDllZDRkLzEvNTUzbEtNSUt3VGhZdzhBSVNidXlyWGYxWTNZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNS8xZTNjMTItMzIwNy00MzI1LTg2ZjUtOGJlZmVlNDllZDRk
LzEvSzIwVUsxdHFVcGpXdVBwWVJmS1llTV9ydkZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhNvwDAN
BgkqhkiG9w0BAQsFAAOCAQEAf7NlvBtmkSxYJIG4pJA0bXBRHX9CKC99XU4K2No4
ZojCwsrZHgLsly0y1JoCshBT32Rs5K+yC0Ujb0pskjM0gH6hXtKWu5Ee8yO9hULC
erU6VbmbzjN26eW7qJ7+fUcjbPScW9OkS3CuvBFtMf3o1dHV/g8CIPCrvg/tclaO
DeHPzK5RqNVS+4lKNcX+UGWaV75kxonqUJABYXD6NthYfwtAFe+hnVQAb2JCKVPz
w/blsEU9vF9+z5U6nZtAB6t/j0saz1Dm68kA1OiIywA/HzPFqqrueze0B8RxoDUZ
xyhwpHl0pHJpSnrrtI0QsxMSXmsenWKGU7um1LFJgMjXsg==
-----END CERTIFICATE-----