Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/KqZtW2yW91J2eXJ-cJl8qtbiV_E.roa
File:                     KqZtW2yW91J2eXJ-cJl8qtbiV_E.roa (raw, json)
Hash identifier:          nOq86RF/O8jD8n+rWbuOZax11O+ExBHtZjUIqW1L3oI=
Subject key identifier:   2A:A6:6D:5B:6C:96:F7:52:76:79:72:7E:70:99:7C:AA:D6:E2:57:F1
Certificate issuer:       /CN=cfcead390625edba1408108df57cea47160d70e5
Certificate serial:       01942369FCBAA62D362F1FA9D3E9C053700C
Authority key identifier: CF:CE:AD:39:06:25:ED:BA:14:08:10:8D:F5:7C:EA:47:16:0D:70:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/z86tOQYl7boUCBCN9XzqRxYNcOU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/KqZtW2yW91J2eXJ-cJl8qtbiV_E.roa
Signing time:             Wed 01 Jan 2025 19:48:56 +0000
ROA not before:           Wed 01 Jan 2025 19:48:56 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215829
IP address blocks:        2a0f:7803:fe20::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/z86tOQYl7boUCBCN9XzqRxYNcOU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/z86tOQYl7boUCBCN9XzqRxYNcOU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/z86tOQYl7boUCBCN9XzqRxYNcOU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:69:fc:ba:a6:2d:36:2f:1f:a9:d3:e9:c0:53:70:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cfcead390625edba1408108df57cea47160d70e5
        Validity
            Not Before: Jan  1 19:48:56 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2aa66d5b6c96f7527679727e70997caad6e257f1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:14:da:3f:29:a3:25:d3:85:2d:c0:a1:30:a1:
                    88:74:25:4b:72:b3:69:7d:b6:ea:be:e8:a1:96:fa:
                    7b:cd:ea:0a:3e:a2:aa:b5:ef:4b:84:24:b5:88:bb:
                    77:ba:c6:cd:e7:47:bf:16:31:73:f6:cf:7b:5a:f3:
                    45:3e:ce:18:ee:ad:32:9b:69:a0:2e:80:17:cf:8d:
                    98:c4:93:4f:f7:d2:87:c5:7b:76:cf:0b:94:a2:4c:
                    2b:f2:e2:a1:bc:d0:68:85:a5:35:55:17:b1:a2:b7:
                    1f:8f:df:3e:d5:77:13:3e:b0:98:6b:b3:20:56:d1:
                    70:74:30:82:25:43:e1:08:cc:37:bb:12:32:01:10:
                    07:f5:2c:96:ae:8f:1b:51:6a:d5:a9:7f:f1:ad:5f:
                    ab:7a:24:f2:f1:87:f2:c4:b1:42:7d:84:6f:14:9b:
                    2a:a0:47:d5:0a:93:c4:ef:57:2c:a8:89:51:34:d9:
                    61:8d:09:a8:af:d5:12:54:5e:da:e9:08:d4:a6:f1:
                    aa:46:b2:5b:b1:37:ff:3f:9d:f9:10:ad:e5:34:cb:
                    18:b6:af:76:75:fe:05:92:ec:25:f2:a6:a9:be:38:
                    0d:7f:a3:e9:27:b9:42:5d:ce:f2:d3:11:4a:6d:d8:
                    58:b9:06:aa:86:0b:25:c6:5d:f3:88:d2:8e:2f:c7:
                    4a:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:A6:6D:5B:6C:96:F7:52:76:79:72:7E:70:99:7C:AA:D6:E2:57:F1
            X509v3 Authority Key Identifier:
                keyid:CF:CE:AD:39:06:25:ED:BA:14:08:10:8D:F5:7C:EA:47:16:0D:70:E5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/z86tOQYl7boUCBCN9XzqRxYNcOU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/KqZtW2yW91J2eXJ-cJl8qtbiV_E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/z86tOQYl7boUCBCN9XzqRxYNcOU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:7803:fe20::/44

    Signature Algorithm: sha256WithRSAEncryption
         7e:c6:8b:1e:f2:99:26:3a:f7:56:2a:27:ae:ca:79:f4:4b:d7:
         65:b4:e9:b2:f9:c8:f9:08:24:4a:0f:d0:69:cc:f1:a5:ad:c5:
         1e:54:64:a0:25:d0:e7:ee:2c:80:29:d3:d3:3f:57:76:6b:cc:
         75:77:c6:f4:7a:5c:92:25:61:47:11:0d:12:33:62:ef:42:ab:
         64:47:b5:a3:ba:9e:13:93:ec:91:f7:71:82:0c:6d:a9:de:65:
         6a:6d:1c:14:37:62:33:59:e0:5f:0c:7c:ea:80:f9:99:79:f8:
         f0:e2:a6:16:21:f1:52:38:48:de:99:6e:95:80:4a:ac:36:ab:
         0b:e4:18:fb:88:f8:c9:9e:87:a9:b6:46:45:3e:ed:1d:13:90:
         a4:93:7d:77:14:26:ab:c8:73:a5:8f:77:61:37:a5:1a:cb:67:
         63:3b:12:3b:c9:a0:78:f7:ad:98:a8:1e:e5:48:92:4e:1c:b3:
         e0:7f:0a:0d:27:7f:3c:14:10:6f:88:64:d6:ca:7d:b3:9a:3b:
         df:cc:7d:ab:b5:90:f2:f5:77:ab:64:f0:6c:a6:fc:3c:28:d3:
         44:51:f7:b0:c9:e0:94:cf:d9:e7:aa:13:96:83:5a:d1:11:5e:
         52:55:03:37:60:89:4d:94:1e:72:0b:d4:0a:68:b7:a1:d5:fe:
         c7:86:f8:96
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQjafy6pi02Lx+p0+nAU3AMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmY2VhZDM5MDYyNWVkYmExNDA4MTA4ZGY1N2NlYTQ3MTYw
ZDcwZTUwHhcNMjUwMTAxMTk0ODU2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYWE2NmQ1YjZjOTZmNzUyNzY3OTcyN2U3MDk5N2NhYWQ2ZTI1N2YxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxxTaPymjJdOFLcChMKGIdCVLcrNp
fbbqvuihlvp7zeoKPqKqte9LhCS1iLt3usbN50e/FjFz9s97WvNFPs4Y7q0ym2mg
LoAXz42YxJNP99KHxXt2zwuUokwr8uKhvNBohaU1VRexorcfj98+1XcTPrCYa7Mg
VtFwdDCCJUPhCMw3uxIyARAH9SyWro8bUWrVqX/xrV+reiTy8YfyxLFCfYRvFJsq
oEfVCpPE71csqIlRNNlhjQmor9USVF7a6QjUpvGqRrJbsTf/P535EK3lNMsYtq92
df4Fkuwl8qapvjgNf6PpJ7lCXc7y0xFKbdhYuQaqhgslxl3ziNKOL8dKUwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFCqmbVtslvdSdnlyfnCZfKrW4lfxMB8GA1UdIwQY
MBaAFM/OrTkGJe26FAgQjfV86kcWDXDlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvejg2dE9RWWw3Ym9VQ0JDTjlYenFSeFlOY09VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNS9jNDY0N2EtNjA0Mi00ZmU4LWEyNzYt
ZjViNmE3MThmNGI1LzEvS3FadFcyeVc5MUoyZVhKLWNKbDhxdGJpVl9FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNS9jNDY0N2EtNjA0Mi00ZmU4LWEyNzYtZjViNmE3MThmNGI1
LzEvejg2dE9RWWw3Ym9VQ0JDTjlYenFSeFlOY09VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg94A/4g
MA0GCSqGSIb3DQEBCwUAA4IBAQB+xose8pkmOvdWKieuynn0S9dltOmy+cj5CCRK
D9BpzPGlrcUeVGSgJdDn7iyAKdPTP1d2a8x1d8b0elySJWFHEQ0SM2LvQqtkR7Wj
up4Tk+yR93GCDG2p3mVqbRwUN2IzWeBfDHzqgPmZefjw4qYWIfFSOEjemW6VgEqs
NqsL5Bj7iPjJnoeptkZFPu0dE5Ckk313FCaryHOlj3dhN6Uay2djOxI7yaB4962Y
qB7lSJJOHLPgfwoNJ388FBBviGTWyn2zmjvfzH2rtZDy9XerZPBspvw8KNNEUfew
yeCUz9nnqhOWg1rREV5SVQM3YIlNlB5yC9QKaLeh1f7HhviW
-----END CERTIFICATE-----