Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/YI3Mqi-UTKYVrqKLNMbP-kigZmc.roa
File:                     YI3Mqi-UTKYVrqKLNMbP-kigZmc.roa (raw, json)
Hash identifier:          KfSa5rPnIZBWEWSUlN5ik0PkWD6K/ofZK+ORAzaJBWo=
Subject key identifier:   60:8D:CC:AA:2F:94:4C:A6:15:AE:A2:8B:34:C6:CF:FA:48:A0:66:67
Certificate issuer:       /CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Certificate serial:       01934ED115515B1C6000ABE531E5142BDC63
Authority key identifier: 7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/YI3Mqi-UTKYVrqKLNMbP-kigZmc.roa
Signing time:             Thu 21 Nov 2024 13:02:25 +0000
ROA not before:           Thu 21 Nov 2024 13:02:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198571
IP address blocks:        2a0d:8f80::/29 maxlen: 29
                          2a0e:f500::/29 maxlen: 29
                          2a10:37c0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:12:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:4e:d1:15:51:5b:1c:60:00:ab:e5:31:e5:14:2b:dc:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
        Validity
            Not Before: Nov 21 13:02:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=608dccaa2f944ca615aea28b34c6cffa48a06667
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ec:b0:c4:27:78:ce:10:90:48:1a:f9:d5:f2:29:
                    5b:08:ce:fd:6e:49:c7:81:b6:e2:ba:d5:c7:6d:3a:
                    69:bb:0e:29:fc:1a:60:ac:69:21:55:da:c2:12:1d:
                    22:81:82:aa:20:0f:77:2d:f1:f4:dc:dc:40:fd:e6:
                    ca:cc:ac:79:7f:f7:74:14:6b:f3:23:c8:0a:d2:e0:
                    41:3e:9e:73:a5:8e:6a:07:5e:f5:79:5b:2d:4e:49:
                    05:d2:7a:38:40:00:a6:22:2b:46:33:f1:6b:8e:2b:
                    c9:e0:0f:0f:3f:21:e9:bb:6b:98:b1:2a:03:ff:c8:
                    8a:e9:7c:a4:fb:23:4c:58:0e:26:65:f0:d0:83:1b:
                    48:1d:b3:0c:cc:a6:32:f2:cd:b8:76:1c:33:b5:93:
                    44:0c:72:1a:a4:d2:18:75:b7:4e:b4:cf:7b:32:fe:
                    c8:8f:41:69:b5:a3:ce:4e:40:39:be:b4:ce:b1:5d:
                    c4:8d:fd:8f:29:9e:d5:dc:ef:4c:3b:71:32:f9:fd:
                    01:2c:44:c4:4e:a9:dd:d1:5a:da:e5:05:88:9a:8d:
                    54:25:44:7c:0a:a4:15:3e:42:dc:60:4a:1c:20:1a:
                    2e:80:05:42:dc:95:15:e7:d2:10:c2:a4:5a:05:c3:
                    6d:bb:85:43:54:39:64:42:56:c7:e6:2b:1b:10:7f:
                    e0:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:8D:CC:AA:2F:94:4C:A6:15:AE:A2:8B:34:C6:CF:FA:48:A0:66:67
            X509v3 Authority Key Identifier:
                keyid:7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/YI3Mqi-UTKYVrqKLNMbP-kigZmc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0d:8f80::/29
                  2a0e:f500::/29
                  2a10:37c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         b0:4c:e8:df:3c:0a:4d:7d:dd:19:4d:62:57:e0:49:6d:43:2e:
         44:c9:7d:ed:cf:0d:65:c8:60:cd:33:24:40:fc:0c:58:43:c5:
         74:35:6c:2a:0a:4e:0a:91:1e:d4:d7:36:50:41:1a:77:9b:f9:
         4b:f7:4b:7e:ff:13:a8:8a:70:4d:e7:7f:ad:7e:d4:56:12:15:
         40:9a:98:8a:20:0e:9b:a2:9e:be:d7:46:2c:c8:94:99:4b:aa:
         d5:0c:9d:67:40:7d:18:24:7e:2d:21:1b:18:9b:63:52:fc:29:
         fa:e2:72:23:58:a3:7d:5d:c5:74:ec:b7:06:c8:7e:8f:83:f2:
         d8:c7:57:a7:9f:6a:fa:e8:d0:3d:01:02:26:8b:06:44:da:7c:
         c5:e3:cf:21:7b:76:8f:30:f1:fb:f8:6a:72:08:e1:67:a8:28:
         e9:bf:b8:ed:8a:e9:fb:3d:c6:1b:aa:b2:f9:e1:1a:51:0a:7a:
         2c:5f:da:2c:92:dd:20:47:95:68:c6:71:3a:a4:c8:38:d9:4a:
         24:d5:00:31:f9:84:10:06:eb:35:76:4f:18:75:cb:2c:6d:c4:
         94:3d:51:7c:a1:7c:51:97:2f:d3:55:5f:e4:b5:e0:9e:84:0f:
         dc:96:32:45:26:c6:eb:d3:f0:25:02:be:07:f4:9f:31:fc:1e:
         60:6a:b1:d2
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZNO0RVRWxxgAKvlMeUUK9xjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTU5YWFmYmZjMDkzMTI0MmUxZDYzNzI5OGNmMWRkMjIz
ZTRjMjYwHhcNMjQxMTIxMTMwMjI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MDhkY2NhYTJmOTQ0Y2E2MTVhZWEyOGIzNGM2Y2ZmYTQ4YTA2NjY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7LDEJ3jOEJBIGvnV8ilbCM79bknH
gbbiutXHbTppuw4p/BpgrGkhVdrCEh0igYKqIA93LfH03NxA/ebKzKx5f/d0FGvz
I8gK0uBBPp5zpY5qB171eVstTkkF0no4QACmIitGM/FrjivJ4A8PPyHpu2uYsSoD
/8iK6Xyk+yNMWA4mZfDQgxtIHbMMzKYy8s24dhwztZNEDHIapNIYdbdOtM97Mv7I
j0FptaPOTkA5vrTOsV3Ejf2PKZ7V3O9MO3Ey+f0BLETETqnd0Vra5QWImo1UJUR8
CqQVPkLcYEocIBougAVC3JUV59IQwqRaBcNtu4VDVDlkQlbH5isbEH/glQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFGCNzKovlEymFa6iizTGz/pIoGZnMB8GA1UdIwQY
MBaAFH1Vmq+/wJMSQuHWNymM8d0iPkwmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTkt
OGM1MDA3YzJhNGI2LzEvWUkzTXFpLVVUS1lWcnFLTE5NYlAta2lnWm1jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTktOGM1MDA3YzJhNGI2
LzEvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAbBAIAAjAVAwUDKg2PgAMF
AyoO9QADBQMqEDfAMA0GCSqGSIb3DQEBCwUAA4IBAQCwTOjfPApNfd0ZTWJX4Elt
Qy5EyX3tzw1lyGDNMyRA/AxYQ8V0NWwqCk4KkR7U1zZQQRp3m/lL90t+/xOoinBN
53+tftRWEhVAmpiKIA6bop6+10YsyJSZS6rVDJ1nQH0YJH4tIRsYm2NS/Cn64nIj
WKN9XcV07LcGyH6Pg/LYx1enn2r66NA9AQImiwZE2nzF488he3aPMPH7+GpyCOFn
qCjpv7jtiun7PcYbqrL54RpRCnosX9oskt0gR5VoxnE6pMg42Uok1QAx+YQQBus1
dk8YdcssbcSUPVF8oXxRly/TVV/kteCehA/cljJFJsbr0/AlAr4H9J8x/B5garHS
-----END CERTIFICATE-----