Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/481637-6c1c-45e8-8fbd-44f8ed5d61d7/1/Ku6XMsqQA_kFDYVqVjxChxYSBZY.roa
File:                     Ku6XMsqQA_kFDYVqVjxChxYSBZY.roa (raw, json)
Hash identifier:          pXnRlmxITNF3VidUei1MBouSPcglkUZKCh+HofZVUX4=
Subject key identifier:   2A:EE:97:32:CA:90:03:F9:05:0D:85:6A:56:3C:42:87:16:12:05:96
Certificate issuer:       /CN=2968b4e0ef8106f0e12ab8e501d2aa4e36b783c2
Certificate serial:       01916E45A1A6D343E5B59AB4B4934DD5F268
Authority key identifier: 29:68:B4:E0:EF:81:06:F0:E1:2A:B8:E5:01:D2:AA:4E:36:B7:83:C2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KWi04O-BBvDhKrjlAdKqTja3g8I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a7/481637-6c1c-45e8-8fbd-44f8ed5d61d7/1/Ku6XMsqQA_kFDYVqVjxChxYSBZY.roa
Signing time:             Tue 20 Aug 2024 05:32:22 +0000
ROA not before:           Tue 20 Aug 2024 05:32:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216249
IP address blocks:        2a01:e901::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a7/481637-6c1c-45e8-8fbd-44f8ed5d61d7/1/KWi04O-BBvDhKrjlAdKqTja3g8I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a7/481637-6c1c-45e8-8fbd-44f8ed5d61d7/1/KWi04O-BBvDhKrjlAdKqTja3g8I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KWi04O-BBvDhKrjlAdKqTja3g8I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 20 Sep 2024 13:50:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:6e:45:a1:a6:d3:43:e5:b5:9a:b4:b4:93:4d:d5:f2:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2968b4e0ef8106f0e12ab8e501d2aa4e36b783c2
        Validity
            Not Before: Aug 20 05:32:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2aee9732ca9003f9050d856a563c428716120596
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:8b:47:db:0c:dd:07:30:53:22:a9:5c:4b:45:
                    d2:40:fd:50:77:f5:13:c3:30:0e:c9:17:d8:db:25:
                    e2:36:d5:44:e8:e3:e5:91:a0:62:46:2b:e4:ce:a1:
                    f0:6a:74:b9:ec:8f:f2:fe:8a:b8:48:b8:b5:7e:55:
                    1f:90:32:8c:22:8a:5d:cc:a6:d3:ca:79:4b:05:1b:
                    61:b9:49:f0:dd:64:ec:28:b3:46:64:48:91:28:b7:
                    0e:d2:6a:f5:dc:14:09:03:36:d7:95:53:6c:2b:c5:
                    b7:7d:8d:a0:5d:a1:ab:03:28:a2:f2:2b:aa:2c:e8:
                    3e:d1:71:8f:3a:75:44:5a:41:11:e8:78:11:9f:c0:
                    89:b0:22:d4:f3:9a:f6:8e:bb:41:3b:a5:cf:a0:45:
                    0a:2b:03:26:33:3e:cc:b7:17:46:16:ea:f5:2e:ee:
                    3f:ee:cd:3f:a4:79:34:9c:42:50:9b:5e:02:6b:3a:
                    88:6f:04:07:13:64:c5:1d:0a:87:06:72:e4:25:20:
                    2a:67:8d:7b:1b:50:62:8d:dc:22:02:ce:04:4c:e1:
                    ac:b0:94:26:43:b1:3a:20:b5:41:3c:d4:27:ef:d2:
                    58:27:ab:24:59:03:1e:9a:05:2d:78:39:81:60:78:
                    06:a8:e7:28:7f:e5:2d:19:75:da:c1:d8:eb:cb:e0:
                    1e:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:EE:97:32:CA:90:03:F9:05:0D:85:6A:56:3C:42:87:16:12:05:96
            X509v3 Authority Key Identifier:
                keyid:29:68:B4:E0:EF:81:06:F0:E1:2A:B8:E5:01:D2:AA:4E:36:B7:83:C2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KWi04O-BBvDhKrjlAdKqTja3g8I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/481637-6c1c-45e8-8fbd-44f8ed5d61d7/1/Ku6XMsqQA_kFDYVqVjxChxYSBZY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/481637-6c1c-45e8-8fbd-44f8ed5d61d7/1/KWi04O-BBvDhKrjlAdKqTja3g8I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:e901::/44

    Signature Algorithm: sha256WithRSAEncryption
         6a:90:9f:cd:14:a3:00:ec:cc:80:b9:45:60:8f:ad:e8:fa:d1:
         8f:f7:4c:83:41:e3:c7:d3:3b:b8:29:c0:69:2f:a7:08:48:48:
         3b:97:47:7a:b4:81:99:e4:76:5b:9a:a5:ab:69:85:bc:08:88:
         23:d1:87:c8:0a:eb:46:96:f8:14:62:54:14:2a:dc:31:8f:9b:
         d1:f1:63:c6:49:40:21:77:dc:cd:f5:68:c6:0f:af:48:b7:bb:
         71:fe:6c:01:5d:dc:b1:1e:d4:77:d1:41:b2:bb:96:03:9a:93:
         67:f1:83:72:69:87:d3:6a:14:fd:7a:5d:37:d5:f0:b2:63:b5:
         3a:b4:b0:32:06:40:59:a5:14:25:32:4f:c7:9f:bc:eb:43:a3:
         b1:10:f1:27:c4:dc:45:ca:9c:d6:5b:2b:82:28:c8:90:c6:f8:
         31:b4:28:46:3e:55:ae:9c:61:22:ce:17:4d:fa:b2:dd:6f:23:
         24:90:40:2c:38:73:0f:57:eb:47:39:8f:e1:0d:ed:76:a0:7f:
         a2:23:6d:4a:de:54:e2:64:6b:da:b7:a3:02:73:00:2f:d4:2b:
         a7:51:ad:c8:10:82:c1:aa:02:a9:b4:03:42:7d:67:3b:18:da:
         6e:4e:41:2d:2d:46:5b:2d:a6:38:d6:cc:bc:0a:6a:45:9a:cc:
         1f:6f:5b:1a
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZFuRaGm00PltZq0tJNN1fJoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5NjhiNGUwZWY4MTA2ZjBlMTJhYjhlNTAxZDJhYTRlMzZi
NzgzYzIwHhcNMjQwODIwMDUzMjIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYWVlOTczMmNhOTAwM2Y5MDUwZDg1NmE1NjNjNDI4NzE2MTIwNTk2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArYtH2wzdBzBTIqlcS0XSQP1Qd/UT
wzAOyRfY2yXiNtVE6OPlkaBiRivkzqHwanS57I/y/oq4SLi1flUfkDKMIopdzKbT
ynlLBRthuUnw3WTsKLNGZEiRKLcO0mr13BQJAzbXlVNsK8W3fY2gXaGrAyii8iuq
LOg+0XGPOnVEWkER6HgRn8CJsCLU85r2jrtBO6XPoEUKKwMmMz7MtxdGFur1Lu4/
7s0/pHk0nEJQm14CazqIbwQHE2TFHQqHBnLkJSAqZ417G1BijdwiAs4ETOGssJQm
Q7E6ILVBPNQn79JYJ6skWQMemgUteDmBYHgGqOcof+UtGXXawdjry+AeXQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFCrulzLKkAP5BQ2FalY8QocWEgWWMB8GA1UdIwQY
MBaAFClotODvgQbw4Sq45QHSqk42t4PCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1dpMDRPLUJCdkRoS3JqbEFkS3FUamEzZzhJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy80ODE2MzctNmMxYy00NWU4LThmYmQt
NDRmOGVkNWQ2MWQ3LzEvS3U2WE1zcVFBX2tGRFlWcVZqeENoeFlTQlpZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy80ODE2MzctNmMxYy00NWU4LThmYmQtNDRmOGVkNWQ2MWQ3
LzEvS1dpMDRPLUJCdkRoS3JqbEFkS3FUamEzZzhJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgHpAQAA
MA0GCSqGSIb3DQEBCwUAA4IBAQBqkJ/NFKMA7MyAuUVgj63o+tGP90yDQePH0zu4
KcBpL6cISEg7l0d6tIGZ5HZbmqWraYW8CIgj0YfICutGlvgUYlQUKtwxj5vR8WPG
SUAhd9zN9WjGD69It7tx/mwBXdyxHtR30UGyu5YDmpNn8YNyaYfTahT9el031fCy
Y7U6tLAyBkBZpRQlMk/Hn7zrQ6OxEPEnxNxFypzWWyuCKMiQxvgxtChGPlWunGEi
zhdN+rLdbyMkkEAsOHMPV+tHOY/hDe12oH+iI21K3lTiZGvat6MCcwAv1CunUa3I
EILBqgKptANCfWc7GNpuTkEtLUZbLaY41sy8CmpFmswfb1sa
-----END CERTIFICATE-----