Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/ca641f-db3a-4f64-a25b-cfa6a91481e2/1/CAZ5fbXsTwatspqA43EupVKEIQI.roa
File:                     CAZ5fbXsTwatspqA43EupVKEIQI.roa (raw, json)
Hash identifier:          Mtex0Jx1711Yk1OGCxpsgaHyqoqAdczrudoTho69oXc=
Subject key identifier:   08:06:79:7D:B5:EC:4F:06:AD:B2:9A:80:E3:71:2E:A5:52:84:21:02
Certificate issuer:       /CN=97d23ae28cd860c8edfd618356f8b31f5e4dc928
Certificate serial:       0191F772E9570EBD8BCBDE1E4A0131B9EB16
Authority key identifier: 97:D2:3A:E2:8C:D8:60:C8:ED:FD:61:83:56:F8:B3:1F:5E:4D:C9:28
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/l9I64ozYYMjt_WGDVvizH15NySg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b0/ca641f-db3a-4f64-a25b-cfa6a91481e2/1/CAZ5fbXsTwatspqA43EupVKEIQI.roa
Signing time:             Sun 15 Sep 2024 20:49:48 +0000
ROA not before:           Sun 15 Sep 2024 20:49:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208046
IP address blocks:        2a13:29c0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b0/ca641f-db3a-4f64-a25b-cfa6a91481e2/1/l9I64ozYYMjt_WGDVvizH15NySg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b0/ca641f-db3a-4f64-a25b-cfa6a91481e2/1/l9I64ozYYMjt_WGDVvizH15NySg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/l9I64ozYYMjt_WGDVvizH15NySg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:f7:72:e9:57:0e:bd:8b:cb:de:1e:4a:01:31:b9:eb:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=97d23ae28cd860c8edfd618356f8b31f5e4dc928
        Validity
            Not Before: Sep 15 20:49:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0806797db5ec4f06adb29a80e3712ea552842102
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:c3:25:aa:0f:0f:fd:a7:b4:66:09:4f:62:23:
                    3e:a0:1d:2f:44:cc:6b:ce:77:f7:83:65:49:3c:0b:
                    10:df:d7:b8:87:58:ff:c3:f3:1d:aa:64:24:34:cd:
                    7d:29:6b:ac:de:10:01:7f:08:af:b5:24:58:bb:2f:
                    dd:03:89:df:f9:be:a8:6f:00:27:ae:a2:e5:6d:ff:
                    6e:c0:d9:90:9f:c8:d1:06:0c:c6:5a:11:ab:a1:18:
                    f0:9d:94:38:71:8f:77:39:11:09:b3:11:ef:2d:a6:
                    8a:e3:a9:66:7e:75:e0:8b:8c:48:aa:25:fe:ab:f7:
                    65:9f:62:5b:03:53:83:79:30:53:88:e9:1a:e1:6b:
                    b5:ed:2e:cc:83:1c:a3:3a:4f:f8:25:46:1c:14:84:
                    10:7f:be:56:7d:94:53:2c:ba:fe:7d:94:98:b9:03:
                    5b:e1:4e:ef:27:2b:36:e6:d6:00:3d:3f:a3:83:3e:
                    27:98:4c:27:9d:c1:2a:11:ec:e4:7e:f7:61:fd:2c:
                    a7:36:0e:af:69:c5:84:d1:2d:06:4e:b0:7d:7c:c3:
                    8d:f1:ff:b1:20:e3:9d:e0:40:bf:51:89:05:c7:fa:
                    99:55:99:ad:91:fc:b9:bf:1f:9c:6e:86:e9:8c:db:
                    50:ed:d9:01:05:0c:7a:59:0f:6d:30:55:e0:9e:5b:
                    36:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:06:79:7D:B5:EC:4F:06:AD:B2:9A:80:E3:71:2E:A5:52:84:21:02
            X509v3 Authority Key Identifier:
                keyid:97:D2:3A:E2:8C:D8:60:C8:ED:FD:61:83:56:F8:B3:1F:5E:4D:C9:28

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/l9I64ozYYMjt_WGDVvizH15NySg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/ca641f-db3a-4f64-a25b-cfa6a91481e2/1/CAZ5fbXsTwatspqA43EupVKEIQI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/ca641f-db3a-4f64-a25b-cfa6a91481e2/1/l9I64ozYYMjt_WGDVvizH15NySg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:29c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         28:67:90:35:5f:63:ee:0c:4c:81:ec:6d:82:49:a4:de:53:ca:
         f3:12:05:4c:77:bc:7c:c0:c4:35:49:ab:38:45:c9:35:89:65:
         8c:1a:ca:12:08:46:38:26:b7:b6:60:82:5c:3b:2d:77:e1:75:
         da:1e:5f:0e:c1:06:40:1f:cf:6a:fd:f2:43:fb:5f:d0:ce:79:
         d6:c7:c2:12:2d:fa:b6:e0:83:4c:83:83:1d:d7:7f:5a:2e:c0:
         28:2c:01:ef:37:e5:60:a7:93:cc:af:97:fe:6c:2b:b8:1f:3d:
         5b:dc:f1:01:0f:42:a1:65:95:8a:91:66:8e:ff:6b:c2:01:f4:
         9b:87:ab:b2:19:21:91:dc:da:e5:21:22:40:eb:2c:00:99:e6:
         45:6c:08:f6:1d:f5:1c:25:19:36:15:8b:d5:fa:6c:0f:d2:09:
         64:24:71:ed:33:46:42:92:ce:bb:bc:5b:f9:9c:47:26:39:51:
         d7:ca:8e:83:d2:9c:6c:56:ac:e9:55:c8:ea:89:d6:26:1f:00:
         d0:24:b1:d9:d1:06:62:c3:1a:f1:08:e0:60:9d:66:fe:80:29:
         58:4d:6d:59:c4:29:ae:e3:e0:1a:6e:f4:06:b1:6d:d3:1b:b2:
         0b:45:5a:a6:70:d5:e4:14:92:a1:18:e0:b8:02:fc:86:aa:da:
         11:c5:73:97
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZH3culXDr2Ly94eSgExuesWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk3ZDIzYWUyOGNkODYwYzhlZGZkNjE4MzU2ZjhiMzFmNWU0
ZGM5MjgwHhcNMjQwOTE1MjA0OTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwODA2Nzk3ZGI1ZWM0ZjA2YWRiMjlhODBlMzcxMmVhNTUyODQyMTAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1cMlqg8P/ae0ZglPYiM+oB0vRMxr
znf3g2VJPAsQ39e4h1j/w/MdqmQkNM19KWus3hABfwivtSRYuy/dA4nf+b6obwAn
rqLlbf9uwNmQn8jRBgzGWhGroRjwnZQ4cY93OREJsxHvLaaK46lmfnXgi4xIqiX+
q/dln2JbA1ODeTBTiOka4Wu17S7MgxyjOk/4JUYcFIQQf75WfZRTLLr+fZSYuQNb
4U7vJys25tYAPT+jgz4nmEwnncEqEezkfvdh/SynNg6vacWE0S0GTrB9fMON8f+x
IOOd4EC/UYkFx/qZVZmtkfy5vx+cbobpjNtQ7dkBBQx6WQ9tMFXgnls26QIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFAgGeX217E8GrbKagONxLqVShCECMB8GA1UdIwQY
MBaAFJfSOuKM2GDI7f1hg1b4sx9eTckoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbDlJNjRvellZTWp0X1dHRFZ2aXpIMTVOeVNnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC9jYTY0MWYtZGIzYS00ZjY0LWEyNWIt
Y2ZhNmE5MTQ4MWUyLzEvQ0FaNWZiWHNUd2F0c3BxQTQzRXVwVktFSVFJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC9jYTY0MWYtZGIzYS00ZjY0LWEyNWItY2ZhNmE5MTQ4MWUy
LzEvbDlJNjRvellZTWp0X1dHRFZ2aXpIMTVOeVNnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhMpwDAN
BgkqhkiG9w0BAQsFAAOCAQEAKGeQNV9j7gxMgextgkmk3lPK8xIFTHe8fMDENUmr
OEXJNYlljBrKEghGOCa3tmCCXDstd+F12h5fDsEGQB/Pav3yQ/tf0M551sfCEi36
tuCDTIODHdd/Wi7AKCwB7zflYKeTzK+X/mwruB89W9zxAQ9CoWWVipFmjv9rwgH0
m4ershkhkdza5SEiQOssAJnmRWwI9h31HCUZNhWL1fpsD9IJZCRx7TNGQpLOu7xb
+ZxHJjlR18qOg9KcbFas6VXI6onWJh8A0CSx2dEGYsMa8QjgYJ1m/oApWE1tWcQp
ruPgGm70BrFt0xuyC0VapnDV5BSSoRjguAL8hqraEcVzlw==
-----END CERTIFICATE-----