Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b4/225bcb-6d3d-4c0e-824f-2f1c8e408b64/1/akWhVKICoJPrPTRQa2jis5mxwdQ.roa
File:                     akWhVKICoJPrPTRQa2jis5mxwdQ.roa (raw, json)
Hash identifier:          wqPwuHoOUwj/mvwfuquGTTtnBqLqXhWdDMrSxQYFSbU=
Subject key identifier:   6A:45:A1:54:A2:02:A0:93:EB:3D:34:50:6B:68:E2:B3:99:B1:C1:D4
Certificate issuer:       /CN=32c78eeef7acb451fc37575feb9114dfccc1cdfb
Certificate serial:       019150F35EBC6D48BD04287C30595A026867
Authority key identifier: 32:C7:8E:EE:F7:AC:B4:51:FC:37:57:5F:EB:91:14:DF:CC:C1:CD:FB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MseO7vestFH8N1df65EU38zBzfs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b4/225bcb-6d3d-4c0e-824f-2f1c8e408b64/1/akWhVKICoJPrPTRQa2jis5mxwdQ.roa
Signing time:             Wed 14 Aug 2024 12:53:32 +0000
ROA not before:           Wed 14 Aug 2024 12:53:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209235
IP address blocks:        2a09:c0c0::/29 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b4/225bcb-6d3d-4c0e-824f-2f1c8e408b64/1/MseO7vestFH8N1df65EU38zBzfs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b4/225bcb-6d3d-4c0e-824f-2f1c8e408b64/1/MseO7vestFH8N1df65EU38zBzfs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MseO7vestFH8N1df65EU38zBzfs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 09:00:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:50:f3:5e:bc:6d:48:bd:04:28:7c:30:59:5a:02:68:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=32c78eeef7acb451fc37575feb9114dfccc1cdfb
        Validity
            Not Before: Aug 14 12:53:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6a45a154a202a093eb3d34506b68e2b399b1c1d4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:e2:11:8d:c9:df:07:c7:3e:ce:28:65:46:c3:
                    b0:02:37:c1:e3:19:95:b2:76:bc:4e:02:4d:5b:ce:
                    3b:e9:f7:c0:6c:d2:6c:96:ee:f3:b1:08:0a:90:fd:
                    1b:a8:7a:0d:30:13:4e:e1:19:fc:df:e2:86:45:9b:
                    98:19:8a:82:73:fc:31:3b:dd:0e:05:6c:a3:e4:1e:
                    52:2b:aa:68:a7:43:7d:a3:3b:c8:b8:df:89:6b:7a:
                    77:5f:44:b5:b4:0f:18:c9:4e:7a:01:29:29:11:ff:
                    5f:f4:1f:3c:85:7d:bb:71:f1:52:4d:00:c6:40:bd:
                    5c:03:39:1f:7e:ae:32:cd:fd:9d:55:cb:11:85:c3:
                    97:eb:f2:b3:21:fb:b5:37:a0:be:72:ba:12:ed:f1:
                    e4:d2:e5:7e:b1:09:15:d2:56:a1:20:d6:a2:01:2c:
                    f5:d7:30:c3:99:1b:dc:3f:0a:2c:e8:e4:0b:f8:f9:
                    cd:67:49:5a:05:56:63:c2:5a:36:0f:84:db:1b:bc:
                    a8:49:40:26:93:69:7d:7b:97:51:ad:d7:ee:bc:8b:
                    c6:1a:49:3f:09:22:11:90:2d:3b:d3:4d:3b:46:d2:
                    f3:0d:c1:88:10:1f:86:d4:c0:0f:18:f5:57:69:02:
                    04:75:ad:fd:ad:57:e8:ab:fe:03:f9:18:f7:60:a2:
                    07:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:45:A1:54:A2:02:A0:93:EB:3D:34:50:6B:68:E2:B3:99:B1:C1:D4
            X509v3 Authority Key Identifier:
                keyid:32:C7:8E:EE:F7:AC:B4:51:FC:37:57:5F:EB:91:14:DF:CC:C1:CD:FB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MseO7vestFH8N1df65EU38zBzfs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/225bcb-6d3d-4c0e-824f-2f1c8e408b64/1/akWhVKICoJPrPTRQa2jis5mxwdQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/225bcb-6d3d-4c0e-824f-2f1c8e408b64/1/MseO7vestFH8N1df65EU38zBzfs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a09:c0c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         74:da:f6:36:8a:c7:71:c5:7b:a4:35:44:4b:f4:3d:0d:51:13:
         41:eb:c8:bc:1e:4a:d2:e4:a7:96:2e:ff:79:6a:b3:cf:67:35:
         33:9d:6e:65:c0:1b:2d:26:64:4f:4f:5c:38:43:70:b1:a6:14:
         77:86:16:4c:97:12:6c:41:ce:de:6d:30:97:13:c9:e1:9b:38:
         f4:5e:9f:58:d9:46:d4:21:fe:c9:81:85:7e:de:3c:70:55:91:
         1e:25:dc:c1:95:86:59:b9:a1:e4:aa:09:a1:4a:7e:a6:c9:56:
         21:5c:97:52:8c:df:ed:bf:db:d0:32:35:36:60:96:e0:94:89:
         be:74:2c:4b:e3:bd:54:39:a5:73:6f:5d:f4:f4:83:15:a0:7f:
         14:bd:67:ca:ef:bc:b4:0f:00:ca:3c:3c:16:02:c7:c2:54:4d:
         e3:06:6a:3b:6b:68:ac:e3:36:4b:9c:b9:86:9e:3d:5f:08:3e:
         85:1f:45:f2:e0:b6:95:3a:5a:12:c7:67:ae:2e:dc:9f:39:f0:
         69:cd:32:d3:29:41:45:6f:1a:0e:6d:24:23:00:b1:db:d8:f8:
         ec:c8:e6:54:73:c5:70:56:dd:8c:8c:d2:73:ab:a1:78:3a:9e:
         9d:ad:7c:0c:e3:18:81:9b:3a:fc:28:a0:ed:7e:92:43:3e:fb:
         cc:83:e8:53
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZFQ8168bUi9BCh8MFlaAmhnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMyYzc4ZWVlZjdhY2I0NTFmYzM3NTc1ZmViOTExNGRmY2Nj
MWNkZmIwHhcNMjQwODE0MTI1MzMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YTQ1YTE1NGEyMDJhMDkzZWIzZDM0NTA2YjY4ZTJiMzk5YjFjMWQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu+IRjcnfB8c+zihlRsOwAjfB4xmV
sna8TgJNW8476ffAbNJslu7zsQgKkP0bqHoNMBNO4Rn83+KGRZuYGYqCc/wxO90O
BWyj5B5SK6pop0N9ozvIuN+Ja3p3X0S1tA8YyU56ASkpEf9f9B88hX27cfFSTQDG
QL1cAzkffq4yzf2dVcsRhcOX6/KzIfu1N6C+croS7fHk0uV+sQkV0lahINaiASz1
1zDDmRvcPwos6OQL+PnNZ0laBVZjwlo2D4TbG7yoSUAmk2l9e5dRrdfuvIvGGkk/
CSIRkC070007RtLzDcGIEB+G1MAPGPVXaQIEda39rVfoq/4D+Rj3YKIHGQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFGpFoVSiAqCT6z00UGto4rOZscHUMB8GA1UdIwQY
MBaAFDLHju73rLRR/DdXX+uRFN/Mwc37MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTXNlTzd2ZXN0Rkg4TjFkZjY1RVUzOHpCemZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNC8yMjViY2ItNmQzZC00YzBlLTgyNGYt
MmYxYzhlNDA4YjY0LzEvYWtXaFZLSUNvSlByUFRSUWEyamlzNW14d2RRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNC8yMjViY2ItNmQzZC00YzBlLTgyNGYtMmYxYzhlNDA4YjY0
LzEvTXNlTzd2ZXN0Rkg4TjFkZjY1RVUzOHpCemZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKgnAwDAN
BgkqhkiG9w0BAQsFAAOCAQEAdNr2NorHccV7pDVES/Q9DVETQevIvB5K0uSnli7/
eWqzz2c1M51uZcAbLSZkT09cOENwsaYUd4YWTJcSbEHO3m0wlxPJ4Zs49F6fWNlG
1CH+yYGFft48cFWRHiXcwZWGWbmh5KoJoUp+pslWIVyXUozf7b/b0DI1NmCW4JSJ
vnQsS+O9VDmlc29d9PSDFaB/FL1nyu+8tA8Ayjw8FgLHwlRN4wZqO2torOM2S5y5
hp49Xwg+hR9F8uC2lTpaEsdnri7cnznwac0y0ylBRW8aDm0kIwCx29j47MjmVHPF
cFbdjIzSc6uheDqena18DOMYgZs6/Cig7X6SQz77zIPoUw==
-----END CERTIFICATE-----