Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a9/2bde01-365c-4084-a7d6-9e9e4caf3175/1/JFyXpYvBdHdyQP6Pna3x5Y0I0AU.roa
File:                     JFyXpYvBdHdyQP6Pna3x5Y0I0AU.roa (raw, json)
Hash identifier:          cQS/6KcppXOQMwWOkjxI8rOwyMyWZtgJ3DNf+BGyB2c=
Subject key identifier:   24:5C:97:A5:8B:C1:74:77:72:40:FE:8F:9D:AD:F1:E5:8D:08:D0:05
Certificate issuer:       /CN=90c8d07022ce502da1365e573b8c3b1484df1e87
Certificate serial:       0190C00A3ADBC54733B02C2B1C031CE29E7A
Authority key identifier: 90:C8:D0:70:22:CE:50:2D:A1:36:5E:57:3B:8C:3B:14:84:DF:1E:87
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kMjQcCLOUC2hNl5XO4w7FITfHoc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a9/2bde01-365c-4084-a7d6-9e9e4caf3175/1/JFyXpYvBdHdyQP6Pna3x5Y0I0AU.roa
Signing time:             Wed 17 Jul 2024 09:33:34 +0000
ROA not before:           Wed 17 Jul 2024 09:33:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205227
IP address blocks:        2a06:e940::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a9/2bde01-365c-4084-a7d6-9e9e4caf3175/1/kMjQcCLOUC2hNl5XO4w7FITfHoc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a9/2bde01-365c-4084-a7d6-9e9e4caf3175/1/kMjQcCLOUC2hNl5XO4w7FITfHoc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kMjQcCLOUC2hNl5XO4w7FITfHoc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Sep 2024 18:00:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:c0:0a:3a:db:c5:47:33:b0:2c:2b:1c:03:1c:e2:9e:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=90c8d07022ce502da1365e573b8c3b1484df1e87
        Validity
            Not Before: Jul 17 09:33:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=245c97a58bc174777240fe8f9dadf1e58d08d005
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:c8:8a:41:96:a2:bb:48:08:11:00:6f:91:31:
                    ed:9e:a4:c0:40:5a:39:ca:60:be:bd:32:37:fb:99:
                    2c:d4:e1:68:48:38:7b:cb:c0:ee:28:14:fb:3c:36:
                    4b:59:f7:84:34:56:64:a3:a3:f7:1c:ca:bf:22:40:
                    3e:20:f7:05:6b:0c:0a:e4:9a:b9:60:c8:f5:d7:63:
                    85:bc:f5:62:b2:25:99:5f:66:58:23:b2:93:67:fa:
                    e1:e4:a7:5b:95:a4:ec:20:71:41:0d:03:d4:d5:99:
                    13:ae:2f:c5:eb:22:52:f4:92:2f:da:b1:f6:e2:4e:
                    ee:98:06:a1:e3:61:5d:97:8d:d5:d6:b7:03:d9:b1:
                    ad:41:ae:79:d8:7a:f7:1f:44:15:0b:5c:48:19:20:
                    a3:89:91:86:66:1a:16:f5:4e:28:cc:c9:a7:d3:21:
                    3a:38:cf:af:63:e4:42:63:cf:93:56:7c:e5:03:6c:
                    fa:b5:31:7b:1b:bd:02:d1:9b:ee:9b:c3:ac:97:79:
                    00:96:5f:70:91:67:28:84:e4:14:25:1a:e1:09:98:
                    98:7d:09:99:a1:f2:5c:eb:ea:4f:4c:aa:e4:ae:b6:
                    33:55:c2:05:b8:1f:c4:0b:62:07:5a:c2:10:9e:33:
                    3a:69:33:b8:4d:5b:28:40:e0:7e:5b:f3:f3:d9:ce:
                    10:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:5C:97:A5:8B:C1:74:77:72:40:FE:8F:9D:AD:F1:E5:8D:08:D0:05
            X509v3 Authority Key Identifier:
                keyid:90:C8:D0:70:22:CE:50:2D:A1:36:5E:57:3B:8C:3B:14:84:DF:1E:87

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kMjQcCLOUC2hNl5XO4w7FITfHoc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/2bde01-365c-4084-a7d6-9e9e4caf3175/1/JFyXpYvBdHdyQP6Pna3x5Y0I0AU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/2bde01-365c-4084-a7d6-9e9e4caf3175/1/kMjQcCLOUC2hNl5XO4w7FITfHoc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:e940::/29

    Signature Algorithm: sha256WithRSAEncryption
         5a:6f:71:a8:99:c2:5e:3a:79:b9:16:17:b7:bd:bb:6f:9f:7b:
         fd:a2:fa:35:e7:10:b3:db:23:58:6f:e5:0e:2e:18:a2:90:e6:
         49:70:ce:28:95:6c:84:8e:81:17:53:b6:94:dd:f0:f9:ce:0f:
         e7:ca:a7:91:b0:b5:9c:d4:bf:a4:b0:8a:6a:92:52:4a:8a:12:
         55:18:d4:2b:6f:07:4c:ce:2f:47:8e:23:11:f2:e9:7e:41:64:
         82:f2:ac:06:54:e7:c0:1a:e1:f8:ef:26:b6:5e:59:f3:b5:ee:
         fa:9a:d1:80:98:e4:3d:ba:cb:1e:f3:3a:a3:ec:3f:84:91:41:
         6d:a2:76:c7:9a:d7:e0:71:d4:85:ab:be:4f:d0:48:ae:9a:6e:
         b0:94:0a:97:e5:e6:c7:11:83:9b:88:10:71:c3:3f:5a:d8:db:
         bf:65:df:db:22:9a:da:39:19:03:fb:1d:12:7b:b9:67:5d:64:
         e1:50:06:13:2b:f0:6e:92:47:7a:1b:77:eb:8b:05:47:83:36:
         9d:e8:0c:d3:87:5d:5b:9f:a9:db:3d:1d:da:3e:b7:3a:f4:48:
         29:f1:83:2e:dc:39:7e:dc:94:c1:10:40:b3:d0:e2:aa:64:53:
         93:3d:53:41:31:f2:aa:2c:d7:fa:09:17:43:69:ec:94:cf:cb:
         5f:c7:20:bb
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZDACjrbxUczsCwrHAMc4p56MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkwYzhkMDcwMjJjZTUwMmRhMTM2NWU1NzNiOGMzYjE0ODRk
ZjFlODcwHhcNMjQwNzE3MDkzMzM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNDVjOTdhNThiYzE3NDc3NzI0MGZlOGY5ZGFkZjFlNThkMDhkMDA1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkciKQZaiu0gIEQBvkTHtnqTAQFo5
ymC+vTI3+5ks1OFoSDh7y8DuKBT7PDZLWfeENFZko6P3HMq/IkA+IPcFawwK5Jq5
YMj112OFvPVisiWZX2ZYI7KTZ/rh5KdblaTsIHFBDQPU1ZkTri/F6yJS9JIv2rH2
4k7umAah42Fdl43V1rcD2bGtQa552Hr3H0QVC1xIGSCjiZGGZhoW9U4ozMmn0yE6
OM+vY+RCY8+TVnzlA2z6tTF7G70C0Zvum8Osl3kAll9wkWcohOQUJRrhCZiYfQmZ
ofJc6+pPTKrkrrYzVcIFuB/EC2IHWsIQnjM6aTO4TVsoQOB+W/Pz2c4Q0QIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFCRcl6WLwXR3ckD+j52t8eWNCNAFMB8GA1UdIwQY
MBaAFJDI0HAizlAtoTZeVzuMOxSE3x6HMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva01qUWNDTE9VQzJoTmw1WE80dzdGSVRmSG9jLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOS8yYmRlMDEtMzY1Yy00MDg0LWE3ZDYt
OWU5ZTRjYWYzMTc1LzEvSkZ5WHBZdkJkSGR5UVA2UG5hM3g1WTBJMEFVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOS8yYmRlMDEtMzY1Yy00MDg0LWE3ZDYtOWU5ZTRjYWYzMTc1
LzEva01qUWNDTE9VQzJoTmw1WE80dzdGSVRmSG9jLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKgbpQDAN
BgkqhkiG9w0BAQsFAAOCAQEAWm9xqJnCXjp5uRYXt727b597/aL6NecQs9sjWG/l
Di4YopDmSXDOKJVshI6BF1O2lN3w+c4P58qnkbC1nNS/pLCKapJSSooSVRjUK28H
TM4vR44jEfLpfkFkgvKsBlTnwBrh+O8mtl5Z87Xu+prRgJjkPbrLHvM6o+w/hJFB
baJ2x5rX4HHUhau+T9BIrppusJQKl+XmxxGDm4gQccM/Wtjbv2Xf2yKa2jkZA/sd
Enu5Z11k4VAGEyvwbpJHeht364sFR4M2negM04ddW5+p2z0d2j63OvRIKfGDLtw5
ftyUwRBAs9DiqmRTkz1TQTHyqizX+gkXQ2nslM/LX8cguw==
-----END CERTIFICATE-----