Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d4/ccc94b-c287-4e5f-8604-7e594f2494cc/1/frmeFN5SzMGHkMj6nlfmoINWELU.roa
File:                     frmeFN5SzMGHkMj6nlfmoINWELU.roa (raw, json)
Hash identifier:          M26YEjOAHkTDzDxfIEiEzGBLTbzMHl7eulw1jakTjqw=
Subject key identifier:   7E:B9:9E:14:DE:52:CC:C1:87:90:C8:FA:9E:57:E6:A0:83:56:10:B5
Certificate issuer:       /CN=763d457e5d3cc0acd8a74f8b10e2686bfbc496cb
Certificate serial:       0192BAF2A4C007E094C595F8D89A5D4562D9
Authority key identifier: 76:3D:45:7E:5D:3C:C0:AC:D8:A7:4F:8B:10:E2:68:6B:FB:C4:96:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dj1Ffl08wKzYp0-LEOJoa_vElss.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d4/ccc94b-c287-4e5f-8604-7e594f2494cc/1/frmeFN5SzMGHkMj6nlfmoINWELU.roa
Signing time:             Wed 23 Oct 2024 19:55:16 +0000
ROA not before:           Wed 23 Oct 2024 19:55:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57487
IP address blocks:        2a11:8445::/32 maxlen: 32
                          2a11:cd05::/32 maxlen: 32
                          2a12:4c02::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d4/ccc94b-c287-4e5f-8604-7e594f2494cc/1/dj1Ffl08wKzYp0-LEOJoa_vElss.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d4/ccc94b-c287-4e5f-8604-7e594f2494cc/1/dj1Ffl08wKzYp0-LEOJoa_vElss.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dj1Ffl08wKzYp0-LEOJoa_vElss.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:ba:f2:a4:c0:07:e0:94:c5:95:f8:d8:9a:5d:45:62:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=763d457e5d3cc0acd8a74f8b10e2686bfbc496cb
        Validity
            Not Before: Oct 23 19:55:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7eb99e14de52ccc18790c8fa9e57e6a0835610b5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:07:63:e3:26:76:a0:d4:5a:33:57:c9:70:20:
                    ed:d0:73:a6:cb:84:87:e5:12:c5:c3:79:7f:c4:f9:
                    e4:51:47:27:36:48:28:98:a5:cf:0f:1e:32:b2:d9:
                    b9:e0:6b:1c:36:ff:b0:3d:14:b5:70:31:58:3d:77:
                    5b:19:29:b6:46:34:8a:c4:ce:a8:c5:f5:98:e8:c8:
                    e0:a4:32:8a:d4:5c:1f:1e:e4:d9:6d:64:aa:67:c6:
                    3a:ec:bf:9f:76:20:d2:10:5d:b2:86:3b:4e:79:7d:
                    e1:5b:38:32:d3:3a:27:7b:a0:1d:d6:7f:17:bb:43:
                    0e:f3:4e:83:27:93:96:78:58:73:db:d7:9d:c4:21:
                    ca:01:b3:8a:89:bd:ba:6f:02:24:1f:34:a0:fc:60:
                    99:17:29:22:95:fe:f0:a8:1d:49:54:4a:56:86:9a:
                    1f:d2:c7:89:1b:40:6b:cd:60:2b:f0:c9:b5:94:2f:
                    6f:01:e6:8b:1f:f6:9d:27:f8:49:e4:05:78:db:f4:
                    42:db:4b:c4:b8:05:84:d3:75:90:46:63:24:3f:9f:
                    13:e2:e3:18:43:31:fb:e1:0c:0e:ba:fe:24:e2:a6:
                    35:1c:19:34:6b:66:1d:bf:03:31:6d:27:13:ad:07:
                    95:a7:6e:ea:7d:f4:d1:6e:d2:3b:9a:9d:63:36:0d:
                    58:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:B9:9E:14:DE:52:CC:C1:87:90:C8:FA:9E:57:E6:A0:83:56:10:B5
            X509v3 Authority Key Identifier:
                keyid:76:3D:45:7E:5D:3C:C0:AC:D8:A7:4F:8B:10:E2:68:6B:FB:C4:96:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dj1Ffl08wKzYp0-LEOJoa_vElss.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/ccc94b-c287-4e5f-8604-7e594f2494cc/1/frmeFN5SzMGHkMj6nlfmoINWELU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/ccc94b-c287-4e5f-8604-7e594f2494cc/1/dj1Ffl08wKzYp0-LEOJoa_vElss.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a11:8445::/32
                  2a11:cd05::/32
                  2a12:4c02::/32

    Signature Algorithm: sha256WithRSAEncryption
         be:ca:de:94:f2:97:b2:5b:5f:9f:ec:21:55:98:2b:b5:b8:86:
         ca:40:a8:92:04:e9:20:52:86:05:ca:52:2a:8e:34:37:53:f4:
         1b:c6:61:8b:21:71:49:fa:bc:c0:f1:80:37:58:9d:21:dd:d1:
         69:4a:47:6f:d3:1c:1a:0a:b8:4c:d8:dc:70:ff:9f:94:61:94:
         b0:34:fb:68:1d:28:d5:ab:50:b8:9b:d2:2a:30:84:97:de:a8:
         e8:27:02:bf:bb:46:a0:e0:61:83:03:19:c5:a1:58:5e:0c:3f:
         8e:94:7c:f6:6a:61:1c:86:54:a2:13:23:2b:13:bd:4d:9e:da:
         3d:c8:20:64:e9:0d:6a:2e:9f:15:51:34:1b:15:59:5a:15:c9:
         17:41:94:d2:50:80:c8:42:b8:38:0f:64:83:1c:30:58:69:61:
         77:15:23:77:9e:6f:e1:d4:b7:66:f2:55:4b:b7:41:9c:b7:06:
         10:95:5c:9b:c2:e6:5c:ab:6d:a5:39:13:11:56:16:29:e4:be:
         7f:fe:f9:8c:5c:2e:d1:70:ac:3f:71:dd:a3:fb:72:58:f7:94:
         57:76:12:c5:d2:51:44:20:f3:d8:64:79:21:b7:85:bb:69:d0:
         2a:16:89:d4:dc:29:8a:d6:fd:98:98:25:60:e6:09:47:2d:bb:
         3c:10:0e:3a
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZK68qTAB+CUxZX42JpdRWLZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc2M2Q0NTdlNWQzY2MwYWNkOGE3NGY4YjEwZTI2ODZiZmJj
NDk2Y2IwHhcNMjQxMDIzMTk1NTE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZWI5OWUxNGRlNTJjY2MxODc5MGM4ZmE5ZTU3ZTZhMDgzNTYxMGI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0Adj4yZ2oNRaM1fJcCDt0HOmy4SH
5RLFw3l/xPnkUUcnNkgomKXPDx4ystm54GscNv+wPRS1cDFYPXdbGSm2RjSKxM6o
xfWY6MjgpDKK1FwfHuTZbWSqZ8Y67L+fdiDSEF2yhjtOeX3hWzgy0zone6Ad1n8X
u0MO806DJ5OWeFhz29edxCHKAbOKib26bwIkHzSg/GCZFykilf7wqB1JVEpWhpof
0seJG0BrzWAr8Mm1lC9vAeaLH/adJ/hJ5AV42/RC20vEuAWE03WQRmMkP58T4uMY
QzH74QwOuv4k4qY1HBk0a2YdvwMxbScTrQeVp27qffTRbtI7mp1jNg1YSQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFH65nhTeUszBh5DI+p5X5qCDVhC1MB8GA1UdIwQY
MBaAFHY9RX5dPMCs2KdPixDiaGv7xJbLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZGoxRmZsMDh3S3pZcDAtTEVPSm9hX3ZFbHNzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNC9jY2M5NGItYzI4Ny00ZTVmLTg2MDQt
N2U1OTRmMjQ5NGNjLzEvZnJtZUZONVN6TUdIa01qNm5sZm1vSU5XRUxVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNC9jY2M5NGItYzI4Ny00ZTVmLTg2MDQtN2U1OTRmMjQ5NGNj
LzEvZGoxRmZsMDh3S3pZcDAtTEVPSm9hX3ZFbHNzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAbBAIAAjAVAwUAKhGERQMF
ACoRzQUDBQAqEkwCMA0GCSqGSIb3DQEBCwUAA4IBAQC+yt6U8peyW1+f7CFVmCu1
uIbKQKiSBOkgUoYFylIqjjQ3U/QbxmGLIXFJ+rzA8YA3WJ0h3dFpSkdv0xwaCrhM
2Nxw/5+UYZSwNPtoHSjVq1C4m9IqMISX3qjoJwK/u0ag4GGDAxnFoVheDD+OlHz2
amEchlSiEyMrE71Nnto9yCBk6Q1qLp8VUTQbFVlaFckXQZTSUIDIQrg4D2SDHDBY
aWF3FSN3nm/h1Ldm8lVLt0GctwYQlVybwuZcq22lORMRVhYp5L5//vmMXC7RcKw/
cd2j+3JY95RXdhLF0lFEIPPYZHkht4W7adAqFonU3CmK1v2YmCVg5glHLbs8EA46
-----END CERTIFICATE-----