Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/KvOJHKAeGDCeKLkhq9pdSk6taCI.roa
File:                     KvOJHKAeGDCeKLkhq9pdSk6taCI.roa (raw, json)
Hash identifier:          Utpb4p6sMigitDFrU3vkuJ9LNtTzlJoCBSnn2mdzHV0=
Subject key identifier:   2A:F3:89:1C:A0:1E:18:30:9E:28:B9:21:AB:DA:5D:4A:4E:AD:68:22
Certificate issuer:       /CN=4a644c1156851803f37adeec0876ccf989d5aef0
Certificate serial:       0194266BE5C097677005658D3B23E1C311A0
Authority key identifier: 4A:64:4C:11:56:85:18:03:F3:7A:DE:EC:08:76:CC:F9:89:D5:AE:F0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SmRMEVaFGAPzet7sCHbM-YnVrvA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/KvOJHKAeGDCeKLkhq9pdSk6taCI.roa
Signing time:             Thu 02 Jan 2025 09:49:52 +0000
ROA not before:           Thu 02 Jan 2025 09:49:52 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     139949
IP address blocks:        2a0f:5701:fe06::/48 maxlen: 64
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/SmRMEVaFGAPzet7sCHbM-YnVrvA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/SmRMEVaFGAPzet7sCHbM-YnVrvA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SmRMEVaFGAPzet7sCHbM-YnVrvA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 10:07:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:e5:c0:97:67:70:05:65:8d:3b:23:e1:c3:11:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4a644c1156851803f37adeec0876ccf989d5aef0
        Validity
            Not Before: Jan  2 09:49:52 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2af3891ca01e18309e28b921abda5d4a4ead6822
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:3a:63:8c:b7:78:73:4d:8f:df:8b:dc:e8:5b:
                    b6:07:cf:9e:dc:df:aa:d8:6f:bb:52:13:d6:d4:9d:
                    07:39:7b:d2:c4:73:87:be:2e:2e:76:fb:25:61:13:
                    ab:ad:ab:3a:fb:e6:ba:74:21:af:af:f6:56:18:30:
                    eb:c4:d2:20:8f:81:2b:50:bd:0e:8a:6c:3e:3e:d1:
                    e5:e3:7f:4a:04:11:a7:28:dc:4f:8d:91:a9:dd:25:
                    27:5a:f0:67:db:33:27:7d:22:a3:ee:e5:4b:04:00:
                    42:c9:27:4e:dd:8b:97:36:9c:0a:98:96:8e:75:1f:
                    83:83:9c:ae:c6:53:b4:1c:0d:cc:3e:8c:65:26:91:
                    a1:64:5f:2f:f4:5c:25:38:81:e8:e4:0b:00:c2:9a:
                    00:52:4c:13:ee:8d:8d:8e:70:f8:fb:f5:4f:39:1a:
                    49:bf:38:f3:31:ac:ff:c0:09:d5:2b:38:97:18:b1:
                    2c:a2:a3:73:ea:a8:c6:d0:f1:4d:09:33:b3:60:77:
                    a5:fc:f1:4d:45:37:54:32:a1:04:6c:fd:ac:5f:fa:
                    2e:cd:ce:81:15:56:27:92:6d:91:01:68:88:e7:04:
                    0b:a2:4e:96:e7:33:3a:32:1a:c7:13:d4:72:f4:8f:
                    a2:8b:51:bd:47:46:4b:67:4b:20:07:da:48:5a:27:
                    cf:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:F3:89:1C:A0:1E:18:30:9E:28:B9:21:AB:DA:5D:4A:4E:AD:68:22
            X509v3 Authority Key Identifier:
                keyid:4A:64:4C:11:56:85:18:03:F3:7A:DE:EC:08:76:CC:F9:89:D5:AE:F0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SmRMEVaFGAPzet7sCHbM-YnVrvA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/KvOJHKAeGDCeKLkhq9pdSk6taCI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/SmRMEVaFGAPzet7sCHbM-YnVrvA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:5701:fe06::/48

    Signature Algorithm: sha256WithRSAEncryption
         56:50:1b:aa:7c:a7:8d:79:b9:2e:6d:11:15:e0:19:4f:04:a8:
         32:3b:fd:79:f5:75:f4:ba:fe:c8:b0:d7:09:22:e8:2c:cd:4e:
         b3:80:af:a5:ca:f0:90:35:1b:f8:59:9e:a5:d3:91:54:c2:88:
         d5:64:f7:bd:49:c5:fb:8b:32:fe:f4:62:77:08:e3:09:5c:6f:
         71:30:c3:0d:30:ca:45:05:64:c4:ff:13:5b:ee:88:43:36:ba:
         02:2d:39:51:26:97:01:72:fa:5e:35:75:5f:73:8f:8c:33:8f:
         76:e0:e4:35:2f:43:9b:3e:58:5e:ce:45:4f:5b:08:ce:20:65:
         09:8e:0c:b3:3c:67:85:1b:a5:83:4f:08:02:64:9e:78:86:79:
         72:7d:2f:50:23:9f:3c:6d:1c:2e:79:6a:13:23:23:5e:b0:1a:
         1f:38:f4:20:08:71:1c:61:f0:23:44:70:4f:59:87:e3:f5:27:
         95:84:3a:33:ac:33:89:86:0f:a0:0d:5e:77:39:aa:47:e9:ca:
         5e:22:d0:93:0a:f6:73:f3:1d:af:ab:21:59:85:ec:6c:8a:37:
         76:55:5c:d5:8a:3e:de:a0:d1:0a:2e:fe:6b:21:cd:34:62:8a:
         72:89:9b:4d:d0:3c:ab:6d:ba:d1:7a:04:02:59:2f:e6:c8:ac:
         19:29:e9:9c
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQma+XAl2dwBWWNOyPhwxGgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRhNjQ0YzExNTY4NTE4MDNmMzdhZGVlYzA4NzZjY2Y5ODlk
NWFlZjAwHhcNMjUwMTAyMDk0OTUyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYWYzODkxY2EwMWUxODMwOWUyOGI5MjFhYmRhNWQ0YTRlYWQ2ODIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyjpjjLd4c02P34vc6Fu2B8+e3N+q
2G+7UhPW1J0HOXvSxHOHvi4udvslYROrras6++a6dCGvr/ZWGDDrxNIgj4ErUL0O
imw+PtHl439KBBGnKNxPjZGp3SUnWvBn2zMnfSKj7uVLBABCySdO3YuXNpwKmJaO
dR+Dg5yuxlO0HA3MPoxlJpGhZF8v9FwlOIHo5AsAwpoAUkwT7o2NjnD4+/VPORpJ
vzjzMaz/wAnVKziXGLEsoqNz6qjG0PFNCTOzYHel/PFNRTdUMqEEbP2sX/ouzc6B
FVYnkm2RAWiI5wQLok6W5zM6MhrHE9Ry9I+ii1G9R0ZLZ0sgB9pIWifPwQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFCrziRygHhgwnii5IavaXUpOrWgiMB8GA1UdIwQY
MBaAFEpkTBFWhRgD83re7Ah2zPmJ1a7wMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU21STUVWYUZHQVB6ZXQ3c0NIYk0tWW5WcnZBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOS82YjA3OTgtM2Q0Zi00MGU2LWI3Mzkt
Y2MxYzliNWY2NjQwLzEvS3ZPSkhLQWVHRENlS0xraHE5cGRTazZ0YUNJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOS82YjA3OTgtM2Q0Zi00MGU2LWI3MzktY2MxYzliNWY2NjQw
LzEvU21STUVWYUZHQVB6ZXQ3c0NIYk0tWW5WcnZBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg9XAf4G
MA0GCSqGSIb3DQEBCwUAA4IBAQBWUBuqfKeNebkubREV4BlPBKgyO/159XX0uv7I
sNcJIugszU6zgK+lyvCQNRv4WZ6l05FUwojVZPe9ScX7izL+9GJ3COMJXG9xMMMN
MMpFBWTE/xNb7ohDNroCLTlRJpcBcvpeNXVfc4+MM4924OQ1L0ObPlhezkVPWwjO
IGUJjgyzPGeFG6WDTwgCZJ54hnlyfS9QI588bRwueWoTIyNesBofOPQgCHEcYfAj
RHBPWYfj9SeVhDozrDOJhg+gDV53OapH6cpeItCTCvZz8x2vqyFZhexsijd2VVzV
ij7eoNEKLv5rIc00YopyiZtN0DyrbbrRegQCWS/myKwZKemc
-----END CERTIFICATE-----