Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bd/69409e-1ec4-489d-b61f-a19cc8a76d04/1/ckwioh44ceUM5wSLZG1B7Q-i4G0.roa
File:                     ckwioh44ceUM5wSLZG1B7Q-i4G0.roa (raw, json)
Hash identifier:          QKBgRLJMlZOG6wwzJf3Ysm8H333U5XOsNhnGfJRqn4A=
Subject key identifier:   72:4C:22:A2:1E:38:71:E5:0C:E7:04:8B:64:6D:41:ED:0F:A2:E0:6D
Certificate issuer:       /CN=b0b56d10ccad9d69c01856be0afaa17ec682acbf
Certificate serial:       0191E6FBD32838CF69D99D6EA3686DBBDE8E
Authority key identifier: B0:B5:6D:10:CC:AD:9D:69:C0:18:56:BE:0A:FA:A1:7E:C6:82:AC:BF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sLVtEMytnWnAGFa-CvqhfsaCrL8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bd/69409e-1ec4-489d-b61f-a19cc8a76d04/1/ckwioh44ceUM5wSLZG1B7Q-i4G0.roa
Signing time:             Thu 12 Sep 2024 16:05:48 +0000
ROA not before:           Thu 12 Sep 2024 16:05:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214304
IP address blocks:        2a01:f900:100::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bd/69409e-1ec4-489d-b61f-a19cc8a76d04/1/sLVtEMytnWnAGFa-CvqhfsaCrL8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bd/69409e-1ec4-489d-b61f-a19cc8a76d04/1/sLVtEMytnWnAGFa-CvqhfsaCrL8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sLVtEMytnWnAGFa-CvqhfsaCrL8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 04 Dec 2024 06:00:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:e6:fb:d3:28:38:cf:69:d9:9d:6e:a3:68:6d:bb:de:8e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b0b56d10ccad9d69c01856be0afaa17ec682acbf
        Validity
            Not Before: Sep 12 16:05:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=724c22a21e3871e50ce7048b646d41ed0fa2e06d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:ca:68:25:85:3d:6f:a0:b0:b6:3f:db:ce:e6:
                    53:ec:33:f2:93:44:59:d8:e1:a2:07:11:0a:6d:84:
                    e6:02:cb:7d:dd:2a:a3:9a:10:d5:16:c1:4c:8c:63:
                    c3:50:f8:1f:73:0d:24:90:0e:d0:68:f8:84:d5:d8:
                    ee:4c:72:03:5c:ee:e2:78:0f:b7:56:91:09:fb:a8:
                    ba:ad:79:68:8b:ec:4b:1b:e2:2f:1c:5b:42:eb:69:
                    48:43:8d:c0:2b:76:42:c6:85:a9:96:2f:d2:81:3f:
                    19:7e:10:8a:49:33:59:5d:eb:a3:64:0f:bd:81:b1:
                    87:85:6a:d8:fa:26:d0:90:07:95:29:fe:13:38:14:
                    ad:f3:64:38:33:b4:46:87:f9:3a:8e:27:76:a7:97:
                    ac:06:0a:51:46:39:c9:8e:52:32:b5:a0:06:7a:db:
                    b6:35:2f:26:10:76:35:86:b8:39:c0:ef:f7:74:dc:
                    07:6b:2d:49:fb:23:08:6c:3a:be:04:f3:fe:a3:58:
                    ef:db:81:08:f1:40:10:5b:44:b0:07:1b:04:e8:7c:
                    5f:00:d8:75:fc:c5:bd:bb:d2:85:66:47:50:02:20:
                    1c:f8:76:fa:7e:4f:4c:02:ce:6f:41:92:97:60:09:
                    db:bb:c3:dd:c4:03:90:13:84:70:fd:67:89:1f:d1:
                    ce:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:4C:22:A2:1E:38:71:E5:0C:E7:04:8B:64:6D:41:ED:0F:A2:E0:6D
            X509v3 Authority Key Identifier:
                keyid:B0:B5:6D:10:CC:AD:9D:69:C0:18:56:BE:0A:FA:A1:7E:C6:82:AC:BF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sLVtEMytnWnAGFa-CvqhfsaCrL8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/69409e-1ec4-489d-b61f-a19cc8a76d04/1/ckwioh44ceUM5wSLZG1B7Q-i4G0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/69409e-1ec4-489d-b61f-a19cc8a76d04/1/sLVtEMytnWnAGFa-CvqhfsaCrL8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:f900:100::/48

    Signature Algorithm: sha256WithRSAEncryption
         7c:49:4c:79:36:62:ce:60:f8:83:17:50:31:e6:9d:cc:a8:7a:
         67:f8:35:40:8c:05:33:82:3d:65:c9:05:b0:e4:4c:26:e1:bf:
         b5:ee:a4:02:ac:fb:07:58:40:76:6d:47:39:1e:99:03:a3:28:
         ca:e5:ee:15:c1:da:b0:bf:60:b3:68:ec:8b:df:d9:62:4c:f4:
         dc:fb:79:fa:a0:ad:1f:b1:e3:45:67:b9:41:d0:a6:7a:13:e3:
         cd:36:eb:83:b6:81:0b:5e:ef:0f:33:96:f5:63:10:5a:e3:94:
         4a:ba:8c:0b:88:95:6b:e5:08:2e:3e:4f:77:04:c7:93:0b:a6:
         3c:1a:ef:6f:d3:ff:44:c8:34:8c:f6:66:01:ba:54:7e:de:af:
         a8:05:f4:3e:bd:7d:e8:4f:f4:ab:48:cb:51:fc:04:34:c0:ea:
         4c:88:d6:73:ef:c9:21:8c:fa:e0:4f:35:17:fa:53:48:d6:36:
         84:76:fc:f2:cd:ff:e5:b1:3a:07:75:05:2b:03:b6:ac:0e:e0:
         04:40:e2:15:67:39:11:83:3c:80:a6:13:fa:77:75:15:c5:61:
         f8:0c:57:8f:bc:16:0e:17:bb:88:24:af:cf:cf:78:b7:e0:b5:
         88:5b:bb:8c:98:c0:0c:fa:40:0d:cd:0c:62:5e:45:66:02:d4:
         4d:85:2f:ce
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZHm+9MoOM9p2Z1uo2htu96OMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIwYjU2ZDEwY2NhZDlkNjljMDE4NTZiZTBhZmFhMTdlYzY4
MmFjYmYwHhcNMjQwOTEyMTYwNTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MjRjMjJhMjFlMzg3MWU1MGNlNzA0OGI2NDZkNDFlZDBmYTJlMDZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqMpoJYU9b6Cwtj/bzuZT7DPyk0RZ
2OGiBxEKbYTmAst93SqjmhDVFsFMjGPDUPgfcw0kkA7QaPiE1djuTHIDXO7ieA+3
VpEJ+6i6rXloi+xLG+IvHFtC62lIQ43AK3ZCxoWpli/SgT8ZfhCKSTNZXeujZA+9
gbGHhWrY+ibQkAeVKf4TOBSt82Q4M7RGh/k6jid2p5esBgpRRjnJjlIytaAGetu2
NS8mEHY1hrg5wO/3dNwHay1J+yMIbDq+BPP+o1jv24EI8UAQW0SwBxsE6HxfANh1
/MW9u9KFZkdQAiAc+Hb6fk9MAs5vQZKXYAnbu8PdxAOQE4Rw/WeJH9HO7wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFHJMIqIeOHHlDOcEi2RtQe0PouBtMB8GA1UdIwQY
MBaAFLC1bRDMrZ1pwBhWvgr6oX7Ggqy/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc0xWdEVNeXRuV25BR0ZhLUN2cWhmc2FDckw4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZC82OTQwOWUtMWVjNC00ODlkLWI2MWYt
YTE5Y2M4YTc2ZDA0LzEvY2t3aW9oNDRjZVVNNXdTTFpHMUI3US1pNEcwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZC82OTQwOWUtMWVjNC00ODlkLWI2MWYtYTE5Y2M4YTc2ZDA0
LzEvc0xWdEVNeXRuV25BR0ZhLUN2cWhmc2FDckw4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgH5AAEA
MA0GCSqGSIb3DQEBCwUAA4IBAQB8SUx5NmLOYPiDF1Ax5p3MqHpn+DVAjAUzgj1l
yQWw5Ewm4b+17qQCrPsHWEB2bUc5HpkDoyjK5e4Vwdqwv2CzaOyL39liTPTc+3n6
oK0fseNFZ7lB0KZ6E+PNNuuDtoELXu8PM5b1YxBa45RKuowLiJVr5QguPk93BMeT
C6Y8Gu9v0/9EyDSM9mYBulR+3q+oBfQ+vX3oT/SrSMtR/AQ0wOpMiNZz78khjPrg
TzUX+lNI1jaEdvzyzf/lsToHdQUrA7asDuAEQOIVZzkRgzyAphP6d3UVxWH4DFeP
vBYOF7uIJK/Pz3i34LWIW7uMmMAM+kANzQxiXkVmAtRNhS/O
-----END CERTIFICATE-----