Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d1/bd0384-805d-48a1-bf09-3c14621ecfc5/1/TA1ykCMkpL9NOPOUqSpjcW4rM-M.roa
File:                     TA1ykCMkpL9NOPOUqSpjcW4rM-M.roa (raw, json)
Hash identifier:          OiHhF31WKjvUZXM1pWY4+d6bE06K0QzrASr/f68M9Ng=
Subject key identifier:   4C:0D:72:90:23:24:A4:BF:4D:38:F3:94:A9:2A:63:71:6E:2B:33:E3
Certificate issuer:       /CN=e81393bdff601462a55591d26acb3d8c923ff26d
Certificate serial:       01927AB6C8FBF8C1C6FBF1F1FF62906A57C0
Authority key identifier: E8:13:93:BD:FF:60:14:62:A5:55:91:D2:6A:CB:3D:8C:92:3F:F2:6D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6BOTvf9gFGKlVZHSass9jJI_8m0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d1/bd0384-805d-48a1-bf09-3c14621ecfc5/1/TA1ykCMkpL9NOPOUqSpjcW4rM-M.roa
Signing time:             Fri 11 Oct 2024 08:34:12 +0000
ROA not before:           Fri 11 Oct 2024 08:34:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211922
IP address blocks:        2a10:5fc7::/48 maxlen: 48
                          2a10:5fc7:1::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d1/bd0384-805d-48a1-bf09-3c14621ecfc5/1/6BOTvf9gFGKlVZHSass9jJI_8m0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d1/bd0384-805d-48a1-bf09-3c14621ecfc5/1/6BOTvf9gFGKlVZHSass9jJI_8m0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6BOTvf9gFGKlVZHSass9jJI_8m0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:7a:b6:c8:fb:f8:c1:c6:fb:f1:f1:ff:62:90:6a:57:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e81393bdff601462a55591d26acb3d8c923ff26d
        Validity
            Not Before: Oct 11 08:34:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4c0d72902324a4bf4d38f394a92a63716e2b33e3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:bc:b3:99:f0:60:80:b8:0b:82:41:34:10:d5:
                    58:0a:2c:80:62:61:fb:c2:a8:28:6e:25:ab:d6:52:
                    88:d1:e1:10:d3:94:67:94:d1:25:be:cd:e1:5a:11:
                    a2:f0:b8:fc:05:a1:46:bb:eb:eb:7a:9c:a7:ee:97:
                    03:31:90:2b:38:ef:9d:76:2b:ed:64:95:88:53:dc:
                    11:1d:cb:67:c1:86:f2:d8:f4:a0:c4:f2:30:cb:1a:
                    88:a0:34:b1:40:20:69:59:be:0f:b3:28:d6:77:1b:
                    90:0b:5a:4b:82:0e:ba:91:07:62:50:e4:68:67:c9:
                    73:70:67:98:78:e6:8e:e7:3a:50:af:ff:9b:30:61:
                    38:5a:93:00:39:c4:d2:86:22:bd:05:cc:8e:1f:29:
                    7d:08:2f:11:42:00:0a:92:66:cd:81:43:d1:ae:1c:
                    6a:7a:17:7b:c6:6f:64:1c:a4:d0:47:bf:7f:4b:25:
                    b4:4a:4b:92:ab:9d:50:19:76:e0:22:6d:06:fb:af:
                    38:6b:4e:a5:51:d3:3a:86:3a:8c:cf:a1:00:6e:11:
                    d0:97:f8:60:7c:70:86:8e:7e:e1:41:5e:4b:29:a6:
                    8a:f7:aa:60:09:83:dd:6f:c9:d0:bb:dc:7c:7d:27:
                    8d:95:23:ee:58:23:38:d2:45:3b:ab:b0:b4:42:af:
                    cd:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:0D:72:90:23:24:A4:BF:4D:38:F3:94:A9:2A:63:71:6E:2B:33:E3
            X509v3 Authority Key Identifier:
                keyid:E8:13:93:BD:FF:60:14:62:A5:55:91:D2:6A:CB:3D:8C:92:3F:F2:6D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6BOTvf9gFGKlVZHSass9jJI_8m0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/bd0384-805d-48a1-bf09-3c14621ecfc5/1/TA1ykCMkpL9NOPOUqSpjcW4rM-M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/bd0384-805d-48a1-bf09-3c14621ecfc5/1/6BOTvf9gFGKlVZHSass9jJI_8m0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:5fc7::/47

    Signature Algorithm: sha256WithRSAEncryption
         91:ea:42:55:1d:0a:26:82:e7:4a:d1:e5:22:72:0d:7f:bb:0e:
         ab:4b:6c:57:ae:b3:8a:ed:94:f6:98:7b:c6:46:63:d4:68:d3:
         96:00:07:95:25:6e:38:88:22:1c:83:de:85:fc:3a:35:57:96:
         55:1c:c9:d1:d8:47:19:3a:3b:0b:cf:9e:6c:29:06:b2:13:e4:
         6c:6d:09:84:59:f0:21:98:d7:c2:bc:dc:1a:fa:2d:e8:23:a0:
         3d:3e:d3:e7:31:4c:a7:ad:04:3c:e7:8e:92:0f:90:c1:1c:1b:
         0d:79:b2:75:ea:b8:56:2d:e3:60:66:00:01:2f:5d:c2:df:67:
         20:29:5a:19:1b:ea:c0:9b:8f:60:70:85:a8:cb:14:4c:57:3f:
         1c:49:c0:10:ad:88:07:af:cd:72:ee:c4:e7:ec:0f:81:d1:17:
         81:92:2b:ce:b4:73:c5:cd:4e:1e:61:16:5f:04:aa:2b:44:dc:
         51:37:a8:28:33:93:24:00:22:21:4c:d4:09:3f:22:6d:d4:4d:
         90:8f:ed:0b:4d:66:42:0a:1a:22:5d:17:c6:96:0a:06:d0:75:
         b7:12:b2:d3:cc:07:6f:00:72:c5:92:79:7c:25:e9:d6:85:13:
         e0:8b:6b:16:d9:fa:30:29:30:f2:74:28:94:a1:b7:23:06:59:
         1c:96:e3:21
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZJ6tsj7+MHG+/Hx/2KQalfAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU4MTM5M2JkZmY2MDE0NjJhNTU1OTFkMjZhY2IzZDhjOTIz
ZmYyNmQwHhcNMjQxMDExMDgzNDEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YzBkNzI5MDIzMjRhNGJmNGQzOGYzOTRhOTJhNjM3MTZlMmIzM2UzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA57yzmfBggLgLgkE0ENVYCiyAYmH7
wqgobiWr1lKI0eEQ05RnlNElvs3hWhGi8Lj8BaFGu+vrepyn7pcDMZArOO+ddivt
ZJWIU9wRHctnwYby2PSgxPIwyxqIoDSxQCBpWb4PsyjWdxuQC1pLgg66kQdiUORo
Z8lzcGeYeOaO5zpQr/+bMGE4WpMAOcTShiK9BcyOHyl9CC8RQgAKkmbNgUPRrhxq
ehd7xm9kHKTQR79/SyW0SkuSq51QGXbgIm0G+684a06lUdM6hjqMz6EAbhHQl/hg
fHCGjn7hQV5LKaaK96pgCYPdb8nQu9x8fSeNlSPuWCM40kU7q7C0Qq/NVwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFEwNcpAjJKS/TTjzlKkqY3FuKzPjMB8GA1UdIwQY
MBaAFOgTk73/YBRipVWR0mrLPYySP/JtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNkJPVHZmOWdGR0tsVlpIU2FzczlqSklfOG0wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMS9iZDAzODQtODA1ZC00OGExLWJmMDkt
M2MxNDYyMWVjZmM1LzEvVEExeWtDTWtwTDlOT1BPVXFTcGpjVzRyTS1NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMS9iZDAzODQtODA1ZC00OGExLWJmMDktM2MxNDYyMWVjZmM1
LzEvNkJPVHZmOWdGR0tsVlpIU2FzczlqSklfOG0wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcBKhBfxwAA
MA0GCSqGSIb3DQEBCwUAA4IBAQCR6kJVHQomgudK0eUicg1/uw6rS2xXrrOK7ZT2
mHvGRmPUaNOWAAeVJW44iCIcg96F/Do1V5ZVHMnR2EcZOjsLz55sKQayE+RsbQmE
WfAhmNfCvNwa+i3oI6A9PtPnMUynrQQ8546SD5DBHBsNebJ16rhWLeNgZgABL13C
32cgKVoZG+rAm49gcIWoyxRMVz8cScAQrYgHr81y7sTn7A+B0ReBkivOtHPFzU4e
YRZfBKorRNxRN6goM5MkACIhTNQJPyJt1E2Qj+0LTWZCChoiXRfGlgoG0HW3ErLT
zAdvAHLFknl8JenWhRPgi2sW2fowKTDydCiUobcjBlkcluMh
-----END CERTIFICATE-----