Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c6/634890-8b48-49ae-b042-999cce4d4ad2/1/13OA8Kowa9u-F_7ZWwXTDMJLU0A.roa
File:                     13OA8Kowa9u-F_7ZWwXTDMJLU0A.roa (raw, json)
Hash identifier:          TLY9MKIWsbVqHZrgOnopJQQ8yZUjxig3a2ZRbtkH/Xw=
Subject key identifier:   D7:73:80:F0:AA:30:6B:DB:BE:17:FE:D9:5B:05:D3:0C:C2:4B:53:40
Certificate issuer:       /CN=8fdf87ca53065798447645255f829b53bc1da215
Certificate serial:       019427480C87EBDA2EDA8ADEE2756BB39F6E
Authority key identifier: 8F:DF:87:CA:53:06:57:98:44:76:45:25:5F:82:9B:53:BC:1D:A2:15
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/j9-HylMGV5hEdkUlX4KbU7wdohU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c6/634890-8b48-49ae-b042-999cce4d4ad2/1/13OA8Kowa9u-F_7ZWwXTDMJLU0A.roa
Signing time:             Thu 02 Jan 2025 13:50:20 +0000
ROA not before:           Thu 02 Jan 2025 13:50:20 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215359
IP address blocks:        2001:67c:1858::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c6/634890-8b48-49ae-b042-999cce4d4ad2/1/j9-HylMGV5hEdkUlX4KbU7wdohU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c6/634890-8b48-49ae-b042-999cce4d4ad2/1/j9-HylMGV5hEdkUlX4KbU7wdohU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/j9-HylMGV5hEdkUlX4KbU7wdohU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:48:0c:87:eb:da:2e:da:8a:de:e2:75:6b:b3:9f:6e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8fdf87ca53065798447645255f829b53bc1da215
        Validity
            Not Before: Jan  2 13:50:20 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d77380f0aa306bdbbe17fed95b05d30cc24b5340
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:a5:dd:d9:33:50:54:88:19:64:98:33:5e:a0:
                    26:e2:f2:98:26:1a:39:f2:cc:55:33:11:f4:c4:66:
                    ad:5f:51:72:1a:ff:99:93:f6:2d:af:b5:99:ad:4f:
                    75:15:16:d1:ad:4a:e5:a3:c1:60:30:d4:dc:05:46:
                    df:92:aa:a0:24:8a:69:22:f0:a0:ee:84:de:31:3a:
                    d4:82:20:c8:b8:21:ce:97:65:86:0c:1a:f3:70:85:
                    d8:8a:18:da:49:ce:c1:25:f6:7b:62:51:09:db:e1:
                    e9:a0:8b:0a:fe:8f:5b:53:98:c8:7d:d3:b7:22:02:
                    bc:8d:35:03:f9:53:2a:39:0e:0d:ba:56:15:6d:a8:
                    8b:70:5b:39:42:39:f5:63:ee:bc:94:2d:b8:47:93:
                    90:a6:5b:3a:4a:87:aa:fb:9b:a6:4d:ff:9c:65:71:
                    e6:c0:f6:2e:56:05:af:5a:c1:16:ff:9b:ac:6e:54:
                    a5:00:5e:a3:dc:10:af:b5:74:1c:4d:9d:04:33:15:
                    af:9b:42:52:1a:00:47:73:bb:14:7c:5d:4c:47:5a:
                    cb:b6:f0:2d:c5:fd:08:73:0b:45:3d:10:97:ba:65:
                    07:76:b9:6e:77:3c:7e:bc:84:6a:f4:27:75:95:7e:
                    11:38:d4:28:0b:80:81:7b:19:04:32:c7:68:da:a6:
                    e1:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:73:80:F0:AA:30:6B:DB:BE:17:FE:D9:5B:05:D3:0C:C2:4B:53:40
            X509v3 Authority Key Identifier:
                keyid:8F:DF:87:CA:53:06:57:98:44:76:45:25:5F:82:9B:53:BC:1D:A2:15

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/j9-HylMGV5hEdkUlX4KbU7wdohU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c6/634890-8b48-49ae-b042-999cce4d4ad2/1/13OA8Kowa9u-F_7ZWwXTDMJLU0A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c6/634890-8b48-49ae-b042-999cce4d4ad2/1/j9-HylMGV5hEdkUlX4KbU7wdohU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:1858::/48

    Signature Algorithm: sha256WithRSAEncryption
         5f:db:3c:58:6d:d1:84:d5:7c:40:a8:e5:15:de:20:10:f2:2d:
         dd:95:ff:0d:34:dd:12:fc:e9:83:20:99:d1:76:7f:9c:d1:a8:
         cd:98:6f:f5:90:17:87:91:45:85:0d:fb:e8:50:9d:d3:28:ca:
         b9:f1:44:10:c1:1b:2a:26:9b:57:4f:d0:94:7a:db:8a:15:1e:
         f9:f4:79:dc:c2:51:45:ec:50:7c:48:54:36:a0:c4:1c:58:30:
         15:7a:1a:2f:bf:be:c2:9e:97:b5:2f:52:d4:d7:ba:b9:e0:ec:
         57:c8:a0:4b:cd:e8:8b:4a:6d:7e:1a:a2:9a:e8:42:68:ac:b9:
         08:6e:cf:b9:90:09:0c:7b:a5:db:fc:6b:bf:d2:13:f1:13:2e:
         f1:b6:56:5e:12:f5:b0:07:4c:14:86:d2:a1:7d:ee:ed:a1:e9:
         14:dd:76:51:a2:61:bb:aa:65:df:bf:a3:97:8b:98:55:8a:a0:
         98:88:3f:d1:fe:ea:19:2c:37:fc:06:6c:c4:d4:a9:cc:a1:24:
         0b:53:c4:21:71:33:a3:a2:8b:9a:77:79:71:ca:ad:4c:ff:76:
         7d:f3:a7:7c:6a:6b:8f:4a:6c:89:ce:3b:6c:70:db:be:37:ee:
         5d:39:4e:59:8c:77:d6:bd:81:37:12:d3:fb:d4:09:31:8f:34:
         5a:15:b5:37
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQnSAyH69ou2ore4nVrs59uMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhmZGY4N2NhNTMwNjU3OTg0NDc2NDUyNTVmODI5YjUzYmMx
ZGEyMTUwHhcNMjUwMTAyMTM1MDIwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNzczODBmMGFhMzA2YmRiYmUxN2ZlZDk1YjA1ZDMwY2MyNGI1MzQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyaXd2TNQVIgZZJgzXqAm4vKYJho5
8sxVMxH0xGatX1FyGv+Zk/Ytr7WZrU91FRbRrUrlo8FgMNTcBUbfkqqgJIppIvCg
7oTeMTrUgiDIuCHOl2WGDBrzcIXYihjaSc7BJfZ7YlEJ2+HpoIsK/o9bU5jIfdO3
IgK8jTUD+VMqOQ4NulYVbaiLcFs5Qjn1Y+68lC24R5OQpls6Soeq+5umTf+cZXHm
wPYuVgWvWsEW/5usblSlAF6j3BCvtXQcTZ0EMxWvm0JSGgBHc7sUfF1MR1rLtvAt
xf0IcwtFPRCXumUHdrludzx+vIRq9Cd1lX4RONQoC4CBexkEMsdo2qbhxwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFNdzgPCqMGvbvhf+2VsF0wzCS1NAMB8GA1UdIwQY
MBaAFI/fh8pTBleYRHZFJV+Cm1O8HaIVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvajktSHlsTUdWNWhFZGtVbFg0S2JVN3dkb2hVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNi82MzQ4OTAtOGI0OC00OWFlLWIwNDIt
OTk5Y2NlNGQ0YWQyLzEvMTNPQThLb3dhOXUtRl83Wld3WFRETUpMVTBBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNi82MzQ4OTAtOGI0OC00OWFlLWIwNDItOTk5Y2NlNGQ0YWQy
LzEvajktSHlsTUdWNWhFZGtVbFg0S2JVN3dkb2hVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfBhY
MA0GCSqGSIb3DQEBCwUAA4IBAQBf2zxYbdGE1XxAqOUV3iAQ8i3dlf8NNN0S/OmD
IJnRdn+c0ajNmG/1kBeHkUWFDfvoUJ3TKMq58UQQwRsqJptXT9CUetuKFR759Hnc
wlFF7FB8SFQ2oMQcWDAVehovv77Cnpe1L1LU17q54OxXyKBLzeiLSm1+GqKa6EJo
rLkIbs+5kAkMe6Xb/Gu/0hPxEy7xtlZeEvWwB0wUhtKhfe7toekU3XZRomG7qmXf
v6OXi5hViqCYiD/R/uoZLDf8BmzE1KnMoSQLU8QhcTOjoouad3lxyq1M/3Z986d8
amuPSmyJzjtscNu+N+5dOU5ZjHfWvYE3EtP71AkxjzRaFbU3
-----END CERTIFICATE-----