Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ba/a3d9a6-34b7-4f38-a9a5-8bfacae464f9/1/11vNr-R9Lg6knfO_JfFfT9W1Y3c.roa
File:                     11vNr-R9Lg6knfO_JfFfT9W1Y3c.roa (raw, json)
Hash identifier:          J93IPzLl0q9dWzjNhL+wpfoPfFjJlTMWv/WEKGvQfRw=
Subject key identifier:   D7:5B:CD:AF:E4:7D:2E:0E:A4:9D:F3:BF:25:F1:5F:4F:D5:B5:63:77
Certificate issuer:       /CN=8307a5224ae6d9a92e47e656dd801b10ffb9072b
Certificate serial:       0192F69FCFF3955189756789F1B6F8950B73
Authority key identifier: 83:07:A5:22:4A:E6:D9:A9:2E:47:E6:56:DD:80:1B:10:FF:B9:07:2B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gwelIkrm2akuR-ZW3YAbEP-5Bys.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ba/a3d9a6-34b7-4f38-a9a5-8bfacae464f9/1/11vNr-R9Lg6knfO_JfFfT9W1Y3c.roa
Signing time:             Mon 04 Nov 2024 10:02:01 +0000
ROA not before:           Mon 04 Nov 2024 10:02:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214042
IP address blocks:        2001:3040::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ba/a3d9a6-34b7-4f38-a9a5-8bfacae464f9/1/gwelIkrm2akuR-ZW3YAbEP-5Bys.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ba/a3d9a6-34b7-4f38-a9a5-8bfacae464f9/1/gwelIkrm2akuR-ZW3YAbEP-5Bys.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gwelIkrm2akuR-ZW3YAbEP-5Bys.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 04:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:f6:9f:cf:f3:95:51:89:75:67:89:f1:b6:f8:95:0b:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8307a5224ae6d9a92e47e656dd801b10ffb9072b
        Validity
            Not Before: Nov  4 10:02:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d75bcdafe47d2e0ea49df3bf25f15f4fd5b56377
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:55:47:0a:5d:69:5e:e0:7b:da:07:5f:37:17:
                    0b:1f:8a:5d:0c:4b:6c:4c:61:af:ad:2e:87:1f:44:
                    4c:88:5d:95:c8:48:3f:5f:1b:88:ae:f1:f4:b6:f5:
                    a3:59:f9:33:1d:29:09:8b:36:6f:83:f3:74:f3:11:
                    25:b8:08:50:e4:5d:95:75:98:b4:af:aa:1c:8a:31:
                    97:40:fc:5f:b6:54:60:75:20:c8:67:2e:1e:7e:0e:
                    67:a7:06:48:7b:9f:33:a5:50:29:25:f0:7d:aa:7f:
                    60:9c:0e:69:40:92:87:1d:c9:72:bf:b4:89:f6:04:
                    af:91:ee:d9:46:d7:57:06:de:cc:12:ee:ec:03:04:
                    89:74:ec:b3:49:fa:f8:b5:07:7c:f5:9d:0f:be:d1:
                    cd:68:4d:e4:ff:e0:fd:f5:e4:b5:15:7c:14:ad:e1:
                    66:c1:da:a0:3c:15:b6:4a:a5:b7:00:2e:c6:d5:7b:
                    a7:55:5a:c7:77:49:a9:10:37:f5:b4:62:e1:56:95:
                    df:fd:0f:d7:cd:78:2e:48:34:07:18:27:7e:1f:52:
                    6e:6c:27:b3:52:6e:7b:c1:82:96:11:3e:fa:55:cb:
                    46:5a:ab:7b:ab:b8:0e:ed:72:86:ff:39:80:16:e7:
                    4a:d1:b6:0b:28:98:fd:f1:ed:c5:6b:87:ad:6a:29:
                    5f:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:5B:CD:AF:E4:7D:2E:0E:A4:9D:F3:BF:25:F1:5F:4F:D5:B5:63:77
            X509v3 Authority Key Identifier:
                keyid:83:07:A5:22:4A:E6:D9:A9:2E:47:E6:56:DD:80:1B:10:FF:B9:07:2B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gwelIkrm2akuR-ZW3YAbEP-5Bys.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/a3d9a6-34b7-4f38-a9a5-8bfacae464f9/1/11vNr-R9Lg6knfO_JfFfT9W1Y3c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/a3d9a6-34b7-4f38-a9a5-8bfacae464f9/1/gwelIkrm2akuR-ZW3YAbEP-5Bys.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:3040::/48

    Signature Algorithm: sha256WithRSAEncryption
         5f:4f:45:3f:80:2c:4a:f8:25:df:fa:e7:16:d1:a9:c5:98:8a:
         c1:40:dd:fa:a6:38:53:ea:7d:fa:37:7e:5a:38:7b:e9:3c:6f:
         41:aa:12:58:6b:80:f1:19:5f:6c:b6:51:34:31:4d:d7:36:85:
         06:bb:11:db:2a:59:d8:2f:c8:5e:21:45:a7:e7:37:8c:f6:4f:
         2a:a0:c4:c9:6b:a5:73:58:66:8e:9b:43:2f:0b:40:95:5a:ee:
         87:4b:5d:6c:9b:93:2e:c8:00:07:db:36:01:a4:b3:7d:89:e3:
         fe:f9:c9:c9:a4:ca:87:b7:7d:dd:61:53:38:e9:05:5f:c7:95:
         a2:cf:3c:0f:3f:6f:3f:ed:11:b4:a8:fe:9b:85:10:0c:e0:8a:
         3a:f7:45:c0:98:40:30:5c:24:86:f2:d8:69:4d:48:f3:ca:db:
         3f:9a:ac:8f:be:45:4d:5a:71:16:2e:7f:14:0a:cf:72:47:3a:
         00:74:ac:34:b6:f7:62:71:be:60:d7:17:8f:a1:1c:ed:92:b7:
         22:e9:72:c3:ff:28:83:36:8c:28:86:b8:e6:b1:83:47:c9:c9:
         e1:aa:93:71:d9:9e:e4:ab:1b:ee:c4:c8:5e:79:38:7d:a5:eb:
         fa:12:97:1d:10:ee:c1:00:59:11:c8:a1:84:54:c8:cd:03:97:
         01:50:55:cc
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZL2n8/zlVGJdWeJ8bb4lQtzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzMDdhNTIyNGFlNmQ5YTkyZTQ3ZTY1NmRkODAxYjEwZmZi
OTA3MmIwHhcNMjQxMTA0MTAwMjAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNzViY2RhZmU0N2QyZTBlYTQ5ZGYzYmYyNWYxNWY0ZmQ1YjU2Mzc3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk1VHCl1pXuB72gdfNxcLH4pdDEts
TGGvrS6HH0RMiF2VyEg/XxuIrvH0tvWjWfkzHSkJizZvg/N08xEluAhQ5F2VdZi0
r6ocijGXQPxftlRgdSDIZy4efg5npwZIe58zpVApJfB9qn9gnA5pQJKHHclyv7SJ
9gSvke7ZRtdXBt7MEu7sAwSJdOyzSfr4tQd89Z0PvtHNaE3k/+D99eS1FXwUreFm
wdqgPBW2SqW3AC7G1XunVVrHd0mpEDf1tGLhVpXf/Q/XzXguSDQHGCd+H1JubCez
Um57wYKWET76VctGWqt7q7gO7XKG/zmAFudK0bYLKJj98e3Fa4etailfJwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFNdbza/kfS4OpJ3zvyXxX0/VtWN3MB8GA1UdIwQY
MBaAFIMHpSJK5tmpLkfmVt2AGxD/uQcrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ3dlbElrcm0yYWt1Ui1aVzNZQWJFUC01QnlzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYS9hM2Q5YTYtMzRiNy00ZjM4LWE5YTUt
OGJmYWNhZTQ2NGY5LzEvMTF2TnItUjlMZzZrbmZPX0pmRmZUOVcxWTNjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYS9hM2Q5YTYtMzRiNy00ZjM4LWE5YTUtOGJmYWNhZTQ2NGY5
LzEvZ3dlbElrcm0yYWt1Ui1aVzNZQWJFUC01QnlzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEwQAAA
MA0GCSqGSIb3DQEBCwUAA4IBAQBfT0U/gCxK+CXf+ucW0anFmIrBQN36pjhT6n36
N35aOHvpPG9BqhJYa4DxGV9stlE0MU3XNoUGuxHbKlnYL8heIUWn5zeM9k8qoMTJ
a6VzWGaOm0MvC0CVWu6HS11sm5MuyAAH2zYBpLN9ieP++cnJpMqHt33dYVM46QVf
x5WizzwPP28/7RG0qP6bhRAM4Io690XAmEAwXCSG8thpTUjzyts/mqyPvkVNWnEW
Ln8UCs9yRzoAdKw0tvdicb5g1xePoRztkrci6XLD/yiDNowohrjmsYNHycnhqpNx
2Z7kqxvuxMheeTh9pev6EpcdEO7BAFkRyKGEVMjNA5cBUFXM
-----END CERTIFICATE-----