Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d5/a8ecfb-7355-4cfe-84bf-b776a220456b/1/mKj7VCU5no5LHtut8FCNTeMgxrs.roa
File:                     mKj7VCU5no5LHtut8FCNTeMgxrs.roa (raw, json)
Hash identifier:          07We1y7VE9nXCcX30DqvaFWOJDVjyaLC5AtO5yEYVdI=
Subject key identifier:   98:A8:FB:54:25:39:9E:8E:4B:1E:DB:AD:F0:50:8D:4D:E3:20:C6:BB
Certificate issuer:       /CN=2ff6182beb7b82c8573df8b6d51044d6c6724e82
Certificate serial:       01944813687CC336A3E37D3C8C6E7306CD39
Authority key identifier: 2F:F6:18:2B:EB:7B:82:C8:57:3D:F8:B6:D5:10:44:D6:C6:72:4E:82
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/L_YYK-t7gshXPfi21RBE1sZyToI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d5/a8ecfb-7355-4cfe-84bf-b776a220456b/1/mKj7VCU5no5LHtut8FCNTeMgxrs.roa
Signing time:             Wed 08 Jan 2025 22:40:18 +0000
ROA not before:           Wed 08 Jan 2025 22:40:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215568
IP address blocks:        2a01:f540::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d5/a8ecfb-7355-4cfe-84bf-b776a220456b/1/L_YYK-t7gshXPfi21RBE1sZyToI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d5/a8ecfb-7355-4cfe-84bf-b776a220456b/1/L_YYK-t7gshXPfi21RBE1sZyToI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/L_YYK-t7gshXPfi21RBE1sZyToI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:48:13:68:7c:c3:36:a3:e3:7d:3c:8c:6e:73:06:cd:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2ff6182beb7b82c8573df8b6d51044d6c6724e82
        Validity
            Not Before: Jan  8 22:40:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=98a8fb5425399e8e4b1edbadf0508d4de320c6bb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:f1:32:1f:d9:e9:14:d5:91:65:63:f4:73:de:
                    d1:82:90:6b:f0:4a:aa:aa:74:51:b8:f0:2b:cf:28:
                    48:09:8f:ec:b1:2e:0a:a4:42:38:fa:e2:11:a8:f5:
                    9e:e2:98:fa:74:4a:14:ea:44:d8:16:8b:5d:30:1a:
                    a4:b4:e0:4f:71:5a:e0:39:c6:a0:0e:9a:a9:97:04:
                    59:31:8e:b1:d1:ed:62:d4:1a:dd:7a:9e:3b:56:4d:
                    10:c2:a1:82:86:00:6c:67:b4:60:72:3c:a1:85:d9:
                    ff:83:d5:5f:c5:a7:f4:3d:86:d5:fe:8c:61:39:3d:
                    b1:2a:10:fb:8b:d6:52:e1:c5:76:97:de:e7:3b:a7:
                    1e:45:99:7f:54:e8:cf:3e:a8:3c:64:97:48:d5:86:
                    e9:5f:43:fb:a2:45:d5:92:29:26:e7:09:08:29:96:
                    3b:72:5c:2e:9a:53:8f:64:51:80:8a:b7:4e:78:1a:
                    b8:a0:bf:8b:c9:ac:16:98:ca:85:e2:2a:0b:ba:fc:
                    40:56:ef:bf:c5:ed:b4:08:da:c8:92:28:b0:0b:66:
                    11:c1:11:18:c1:3d:d8:8c:ed:05:cf:66:ed:5c:56:
                    a0:56:9f:f1:e6:c1:8f:55:9f:be:af:b0:0e:6e:b0:
                    2d:73:56:2b:3a:02:2f:9d:93:48:e2:1a:8e:e6:e3:
                    d6:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:A8:FB:54:25:39:9E:8E:4B:1E:DB:AD:F0:50:8D:4D:E3:20:C6:BB
            X509v3 Authority Key Identifier:
                keyid:2F:F6:18:2B:EB:7B:82:C8:57:3D:F8:B6:D5:10:44:D6:C6:72:4E:82

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/L_YYK-t7gshXPfi21RBE1sZyToI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/a8ecfb-7355-4cfe-84bf-b776a220456b/1/mKj7VCU5no5LHtut8FCNTeMgxrs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/a8ecfb-7355-4cfe-84bf-b776a220456b/1/L_YYK-t7gshXPfi21RBE1sZyToI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:f540::/29

    Signature Algorithm: sha256WithRSAEncryption
         13:01:95:6b:4d:e8:12:22:22:fc:76:62:8f:1b:a2:a5:e0:1d:
         c4:ac:d8:aa:8d:81:0f:37:63:f8:99:98:3d:17:d8:88:9d:a0:
         57:e1:a7:0b:82:ad:64:cf:fb:1c:02:b3:0a:2a:fa:24:f2:7e:
         d1:57:72:97:de:96:9e:fe:cc:3b:3c:49:c7:33:89:fb:43:49:
         57:d1:12:9c:68:f7:23:ae:1e:5a:90:46:01:a6:af:46:e4:70:
         a3:28:7c:56:de:32:7f:28:fe:29:f3:a5:44:4c:2a:c0:aa:e3:
         f2:d0:03:8f:b6:58:d5:12:43:6c:22:b2:3c:4f:c4:47:2a:5f:
         27:f2:fc:d2:d3:05:e7:ca:be:cc:1b:a1:74:cc:55:f5:46:0f:
         9b:81:8b:a9:c5:62:35:ff:8f:1a:af:57:31:f5:46:20:94:cb:
         ce:9e:9b:24:ee:b9:a2:b6:f7:a5:32:64:df:ec:0f:40:3a:bd:
         6f:bd:e4:c1:da:42:16:ee:0e:93:9f:ec:de:1b:25:d2:30:ce:
         c8:ee:ad:20:f7:5a:21:22:25:66:bc:f6:f4:de:66:89:c0:fa:
         f5:d6:62:3a:44:78:5e:5d:73:6a:7c:6d:c9:1f:79:f5:91:89:
         65:aa:63:c8:98:9a:04:50:06:68:36:db:c9:7f:1b:d7:f2:33:
         0b:e2:f8:96
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZRIE2h8wzaj4308jG5zBs05MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJmZjYxODJiZWI3YjgyYzg1NzNkZjhiNmQ1MTA0NGQ2YzY3
MjRlODIwHhcNMjUwMTA4MjI0MDE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OGE4ZmI1NDI1Mzk5ZThlNGIxZWRiYWRmMDUwOGQ0ZGUzMjBjNmJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1PEyH9npFNWRZWP0c97RgpBr8Eqq
qnRRuPArzyhICY/ssS4KpEI4+uIRqPWe4pj6dEoU6kTYFotdMBqktOBPcVrgOcag
DpqplwRZMY6x0e1i1Brdep47Vk0QwqGChgBsZ7Rgcjyhhdn/g9Vfxaf0PYbV/oxh
OT2xKhD7i9ZS4cV2l97nO6ceRZl/VOjPPqg8ZJdI1YbpX0P7okXVkikm5wkIKZY7
clwumlOPZFGAirdOeBq4oL+LyawWmMqF4ioLuvxAVu+/xe20CNrIkiiwC2YRwREY
wT3YjO0Fz2btXFagVp/x5sGPVZ++r7AObrAtc1YrOgIvnZNI4hqO5uPWbwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFJio+1QlOZ6OSx7brfBQjU3jIMa7MB8GA1UdIwQY
MBaAFC/2GCvre4LIVz34ttUQRNbGck6CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTF9ZWUstdDdnc2hYUGZpMjFSQkUxc1p5VG9JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNS9hOGVjZmItNzM1NS00Y2ZlLTg0YmYt
Yjc3NmEyMjA0NTZiLzEvbUtqN1ZDVTVubzVMSHR1dDhGQ05UZU1neHJzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNS9hOGVjZmItNzM1NS00Y2ZlLTg0YmYtYjc3NmEyMjA0NTZi
LzEvTF9ZWUstdDdnc2hYUGZpMjFSQkUxc1p5VG9JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKgH1QDAN
BgkqhkiG9w0BAQsFAAOCAQEAEwGVa03oEiIi/HZijxuipeAdxKzYqo2BDzdj+JmY
PRfYiJ2gV+GnC4KtZM/7HAKzCir6JPJ+0Vdyl96Wnv7MOzxJxzOJ+0NJV9ESnGj3
I64eWpBGAaavRuRwoyh8Vt4yfyj+KfOlREwqwKrj8tADj7ZY1RJDbCKyPE/ERypf
J/L80tMF58q+zBuhdMxV9UYPm4GLqcViNf+PGq9XMfVGIJTLzp6bJO65orb3pTJk
3+wPQDq9b73kwdpCFu4Ok5/s3hsl0jDOyO6tIPdaISIlZrz29N5micD69dZiOkR4
Xl1zanxtyR959ZGJZapjyJiaBFAGaDbbyX8b1/IzC+L4lg==
-----END CERTIFICATE-----