Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/9ab42a-df92-4e42-9e33-5c5892afa487/1/KuzmOknbrD4Lg71OoDCO-y0GoDQ.roa
File:                     KuzmOknbrD4Lg71OoDCO-y0GoDQ.roa (raw, json)
Hash identifier:          L4TpWALjC8fwxZDKVNiQiJm1WAVC/DpX7t4BNMww1vk=
Subject key identifier:   2A:EC:E6:3A:49:DB:AC:3E:0B:83:BD:4E:A0:30:8E:FB:2D:06:A0:34
Certificate issuer:       /CN=f04eb204f358004788224e2fb18e4d5e74bebf8d
Certificate serial:       019425221E3B01CC53C9F83C084A9517456C
Authority key identifier: F0:4E:B2:04:F3:58:00:47:88:22:4E:2F:B1:8E:4D:5E:74:BE:BF:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8E6yBPNYAEeIIk4vsY5NXnS-v40.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/9ab42a-df92-4e42-9e33-5c5892afa487/1/KuzmOknbrD4Lg71OoDCO-y0GoDQ.roa
Signing time:             Thu 02 Jan 2025 03:49:40 +0000
ROA not before:           Thu 02 Jan 2025 03:49:40 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207613
IP address blocks:        2a09:11c0:200::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c5/9ab42a-df92-4e42-9e33-5c5892afa487/1/8E6yBPNYAEeIIk4vsY5NXnS-v40.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c5/9ab42a-df92-4e42-9e33-5c5892afa487/1/8E6yBPNYAEeIIk4vsY5NXnS-v40.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8E6yBPNYAEeIIk4vsY5NXnS-v40.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 00:01:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:22:1e:3b:01:cc:53:c9:f8:3c:08:4a:95:17:45:6c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f04eb204f358004788224e2fb18e4d5e74bebf8d
        Validity
            Not Before: Jan  2 03:49:40 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2aece63a49dbac3e0b83bd4ea0308efb2d06a034
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:86:05:17:a9:bf:4e:ab:5a:79:8d:a9:59:0f:
                    09:57:05:cb:d5:34:4f:49:64:b4:2c:8b:29:f2:2d:
                    a2:41:2f:39:32:dd:48:ba:be:c8:05:68:11:65:ff:
                    5e:df:ca:39:00:ea:83:df:81:37:ae:9a:bd:31:66:
                    8c:1c:1e:c6:f6:41:72:bc:7d:d9:9c:8e:47:f2:a7:
                    22:dd:c8:f0:e0:1c:d2:33:ff:60:a3:09:65:09:fa:
                    b4:f6:db:10:de:d9:13:5c:32:ae:be:07:16:9f:c6:
                    8b:b4:b0:57:d1:d2:d2:2f:7b:78:3f:f1:3b:2a:d8:
                    a5:e2:e5:79:71:01:d6:f1:22:e9:d8:bc:cd:dd:20:
                    46:5a:c7:5e:17:af:88:f8:6f:96:1a:62:eb:02:2e:
                    e8:a6:59:d7:e2:6e:c5:78:4b:b7:94:ca:41:71:37:
                    a4:f3:bf:65:31:79:3f:51:bb:5a:ff:ad:38:2a:b1:
                    7d:d0:34:af:fb:7e:a1:bf:42:2b:be:9a:be:b9:8d:
                    bc:c3:26:f1:c5:13:e7:9c:3f:9e:e2:34:e9:e0:0a:
                    bd:30:b5:2f:bd:bd:b8:4c:8d:09:d1:49:a3:69:93:
                    bf:72:5d:90:c4:1e:ca:6a:81:57:d6:71:f0:fa:ab:
                    e1:43:d2:f1:fd:25:3d:35:cb:40:9d:b2:9f:0d:1c:
                    f1:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:EC:E6:3A:49:DB:AC:3E:0B:83:BD:4E:A0:30:8E:FB:2D:06:A0:34
            X509v3 Authority Key Identifier:
                keyid:F0:4E:B2:04:F3:58:00:47:88:22:4E:2F:B1:8E:4D:5E:74:BE:BF:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8E6yBPNYAEeIIk4vsY5NXnS-v40.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/9ab42a-df92-4e42-9e33-5c5892afa487/1/KuzmOknbrD4Lg71OoDCO-y0GoDQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/9ab42a-df92-4e42-9e33-5c5892afa487/1/8E6yBPNYAEeIIk4vsY5NXnS-v40.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a09:11c0:200::/44

    Signature Algorithm: sha256WithRSAEncryption
         12:56:48:55:4f:55:87:87:7d:99:74:6b:8b:a6:73:8e:3c:cd:
         f4:36:bf:29:d5:2a:f5:18:fa:3c:23:64:db:cb:77:3f:58:ec:
         49:66:49:0e:2a:38:48:2a:a6:3a:34:fc:87:8f:25:4e:0a:ed:
         b6:9e:1c:43:b7:44:20:8a:df:43:b7:20:90:1d:16:dd:52:0b:
         9e:62:8d:cc:6b:bf:4c:a3:15:c1:e3:1b:02:62:4a:f9:37:64:
         71:0c:55:4e:53:a9:53:3f:e1:5c:f5:1f:f4:1c:1c:a3:6e:35:
         45:c2:37:26:5d:17:72:e4:82:3c:37:cf:68:6e:fa:7b:a6:d3:
         55:05:ca:dc:31:88:5e:80:3b:3c:72:ef:09:7b:02:87:29:c6:
         3a:06:24:fa:99:cc:e2:71:fe:58:07:7c:ff:5b:20:03:bd:8f:
         03:a3:41:57:9e:9b:e5:06:a6:4f:96:11:f1:9e:aa:d2:1e:6a:
         a1:bc:fe:fc:fb:80:fc:16:af:bb:62:88:19:99:8d:9c:79:ce:
         db:72:57:61:ce:5d:01:70:85:56:b6:38:28:cd:0b:a4:52:50:
         fd:e2:5b:43:e8:58:15:cc:29:80:e2:09:ee:3f:2f:c9:73:4a:
         57:e9:e5:7b:f6:63:f3:e2:1a:32:95:bd:b2:b0:e3:15:03:31:
         f3:01:05:69
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQlIh47AcxTyfg8CEqVF0VsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwNGViMjA0ZjM1ODAwNDc4ODIyNGUyZmIxOGU0ZDVlNzRi
ZWJmOGQwHhcNMjUwMTAyMDM0OTQwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYWVjZTYzYTQ5ZGJhYzNlMGI4M2JkNGVhMDMwOGVmYjJkMDZhMDM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnIYFF6m/TqtaeY2pWQ8JVwXL1TRP
SWS0LIsp8i2iQS85Mt1Iur7IBWgRZf9e38o5AOqD34E3rpq9MWaMHB7G9kFyvH3Z
nI5H8qci3cjw4BzSM/9gowllCfq09tsQ3tkTXDKuvgcWn8aLtLBX0dLSL3t4P/E7
Ktil4uV5cQHW8SLp2LzN3SBGWsdeF6+I+G+WGmLrAi7oplnX4m7FeEu3lMpBcTek
879lMXk/Ubta/604KrF90DSv+36hv0Irvpq+uY28wybxxRPnnD+e4jTp4Aq9MLUv
vb24TI0J0UmjaZO/cl2QxB7KaoFX1nHw+qvhQ9Lx/SU9NctAnbKfDRzxkwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFCrs5jpJ26w+C4O9TqAwjvstBqA0MB8GA1UdIwQY
MBaAFPBOsgTzWABHiCJOL7GOTV50vr+NMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEU2eUJQTllBRWVJSWs0dnNZNU5YblMtdjQwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS85YWI0MmEtZGY5Mi00ZTQyLTllMzMt
NWM1ODkyYWZhNDg3LzEvS3V6bU9rbmJyRDRMZzcxT29EQ08teTBHb0RRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS85YWI0MmEtZGY5Mi00ZTQyLTllMzMtNWM1ODkyYWZhNDg3
LzEvOEU2eUJQTllBRWVJSWs0dnNZNU5YblMtdjQwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgkRwAIA
MA0GCSqGSIb3DQEBCwUAA4IBAQASVkhVT1WHh32ZdGuLpnOOPM30Nr8p1Sr1GPo8
I2Tby3c/WOxJZkkOKjhIKqY6NPyHjyVOCu22nhxDt0Qgit9DtyCQHRbdUgueYo3M
a79MoxXB4xsCYkr5N2RxDFVOU6lTP+Fc9R/0HByjbjVFwjcmXRdy5II8N89obvp7
ptNVBcrcMYhegDs8cu8JewKHKcY6BiT6mczicf5YB3z/WyADvY8Do0FXnpvlBqZP
lhHxnqrSHmqhvP78+4D8Fq+7YogZmY2cec7bcldhzl0BcIVWtjgozQukUlD94ltD
6FgVzCmA4gnuPy/Jc0pX6eV79mPz4hoylb2ysOMVAzHzAQVp
-----END CERTIFICATE-----