Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d6/a8dadc-611b-4063-adb6-55b659cd82bb/1/nBJnCjb07SiLfyU-5Le2Qt5OZRg.roa
File:                     nBJnCjb07SiLfyU-5Le2Qt5OZRg.roa (raw, json)
Hash identifier:          aRBKEcYDkCTClqUioLLJzALVwX0+5wv4FLfe61OcUFQ=
Subject key identifier:   9C:12:67:0A:36:F4:ED:28:8B:7F:25:3E:E4:B7:B6:42:DE:4E:65:18
Certificate issuer:       /CN=217b7ab062bc828b348d05306e65354748b9d6d6
Certificate serial:       018CC9BC13358AAD93E186E9CD6FEE3C7027
Authority key identifier: 21:7B:7A:B0:62:BC:82:8B:34:8D:05:30:6E:65:35:47:48:B9:D6:D6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IXt6sGK8gos0jQUwbmU1R0i51tY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d6/a8dadc-611b-4063-adb6-55b659cd82bb/1/nBJnCjb07SiLfyU-5Le2Qt5OZRg.roa
Signing time:             Tue 02 Jan 2024 10:33:15 +0000
ROA not before:           Tue 02 Jan 2024 10:33:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43641
IP address blocks:        2a13:7e00::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d6/a8dadc-611b-4063-adb6-55b659cd82bb/1/IXt6sGK8gos0jQUwbmU1R0i51tY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d6/a8dadc-611b-4063-adb6-55b659cd82bb/1/IXt6sGK8gos0jQUwbmU1R0i51tY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IXt6sGK8gos0jQUwbmU1R0i51tY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 09:00:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:13:35:8a:ad:93:e1:86:e9:cd:6f:ee:3c:70:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=217b7ab062bc828b348d05306e65354748b9d6d6
        Validity
            Not Before: Jan  2 10:33:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9c12670a36f4ed288b7f253ee4b7b642de4e6518
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:0e:c1:5f:61:dd:ad:f9:bb:87:34:9f:cb:5a:
                    eb:9f:83:85:d5:fb:43:51:1c:aa:5a:40:15:ab:e9:
                    25:48:a8:91:e3:72:8f:c9:e5:0e:a0:0c:1b:ae:f6:
                    b9:72:63:3e:1c:7f:60:a1:79:4f:54:3f:af:74:b5:
                    d5:9d:f5:d1:e7:75:eb:3f:cb:1d:aa:df:25:71:9b:
                    e3:e9:1c:e0:b1:ba:55:ff:1c:50:ed:7e:43:d5:a1:
                    b4:27:a4:98:1a:4f:27:ba:eb:f6:ff:37:6a:09:20:
                    96:8d:56:2d:85:7a:b7:35:5a:50:dd:80:e6:f9:67:
                    01:a6:5e:09:c3:92:17:95:99:03:78:1c:8c:53:e9:
                    a7:f3:57:62:e8:a3:60:2f:b7:08:b4:0e:f2:a6:e3:
                    97:7c:47:b7:1e:dd:06:f1:c9:f4:a9:de:22:8a:a4:
                    16:05:dc:a7:64:eb:50:0e:e2:09:dc:ea:b3:0d:2b:
                    d6:09:1e:1a:65:ab:f0:87:e5:83:7d:1f:07:ca:7c:
                    69:67:2e:d5:fa:d9:e0:bb:65:1c:ad:b1:fa:8e:37:
                    5f:7c:21:ac:55:57:ea:35:1a:9f:5a:c1:65:1e:5c:
                    7b:58:5f:0a:bd:1d:3c:83:29:7b:14:7b:13:f0:d7:
                    20:47:22:09:58:fc:61:62:f6:01:c1:8c:32:c2:75:
                    2b:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:12:67:0A:36:F4:ED:28:8B:7F:25:3E:E4:B7:B6:42:DE:4E:65:18
            X509v3 Authority Key Identifier:
                keyid:21:7B:7A:B0:62:BC:82:8B:34:8D:05:30:6E:65:35:47:48:B9:D6:D6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IXt6sGK8gos0jQUwbmU1R0i51tY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d6/a8dadc-611b-4063-adb6-55b659cd82bb/1/nBJnCjb07SiLfyU-5Le2Qt5OZRg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d6/a8dadc-611b-4063-adb6-55b659cd82bb/1/IXt6sGK8gos0jQUwbmU1R0i51tY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:7e00::/29

    Signature Algorithm: sha256WithRSAEncryption
         37:cc:bb:97:17:e9:cc:9b:b0:a0:e5:fd:c0:65:ad:6a:85:57:
         a6:a3:7a:04:0d:0f:0c:38:aa:ab:ee:41:94:ed:dd:9b:77:82:
         ad:d1:dc:a9:d7:a3:15:f6:fd:a9:fa:05:21:49:0f:14:37:5f:
         33:42:61:90:71:74:fa:01:bb:fc:bf:94:3a:4e:13:89:7f:2b:
         0b:52:c1:c3:4b:e1:29:bf:82:cf:6b:3a:b3:46:cc:fd:05:6b:
         b6:25:da:81:39:24:ba:08:fe:06:47:ec:c8:fc:d6:6c:da:98:
         22:77:07:59:d1:22:84:72:50:ed:07:26:a7:ff:33:6f:50:65:
         57:1b:a9:8d:66:e6:21:8e:0e:7e:92:70:87:3a:0f:fa:e9:a8:
         2e:bb:a8:79:89:b6:6c:38:36:3a:f8:ee:9c:ce:00:5c:6d:94:
         dd:dd:40:09:ed:5d:8a:68:bc:f0:9a:b2:d6:3e:24:8c:30:78:
         cb:4f:53:51:68:45:a9:7d:77:68:c2:dc:70:f7:af:56:a7:3f:
         c6:1f:dd:e8:8d:c4:21:a0:47:27:a2:f8:6b:c4:ef:10:81:7d:
         15:26:5f:61:a5:f6:ec:74:0c:dd:18:21:07:69:29:a1:e8:29:
         bb:32:ed:62:a6:74:7b:56:56:c8:18:b5:60:90:6f:54:32:0b:
         f7:e6:a2:22
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzJvBM1iq2T4YbpzW/uPHAnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxN2I3YWIwNjJiYzgyOGIzNDhkMDUzMDZlNjUzNTQ3NDhi
OWQ2ZDYwHhcNMjQwMTAyMTAzMzE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YzEyNjcwYTM2ZjRlZDI4OGI3ZjI1M2VlNGI3YjY0MmRlNGU2NTE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyw7BX2Hdrfm7hzSfy1rrn4OF1ftD
URyqWkAVq+klSKiR43KPyeUOoAwbrva5cmM+HH9goXlPVD+vdLXVnfXR53XrP8sd
qt8lcZvj6RzgsbpV/xxQ7X5D1aG0J6SYGk8nuuv2/zdqCSCWjVYthXq3NVpQ3YDm
+WcBpl4Jw5IXlZkDeByMU+mn81di6KNgL7cItA7ypuOXfEe3Ht0G8cn0qd4iiqQW
BdynZOtQDuIJ3OqzDSvWCR4aZavwh+WDfR8HynxpZy7V+tngu2UcrbH6jjdffCGs
VVfqNRqfWsFlHlx7WF8KvR08gyl7FHsT8NcgRyIJWPxhYvYBwYwywnUrHwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFJwSZwo29O0oi38lPuS3tkLeTmUYMB8GA1UdIwQY
MBaAFCF7erBivIKLNI0FMG5lNUdIudbWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVh0NnNHSzhnb3MwalFVd2JtVTFSMGk1MXRZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNi9hOGRhZGMtNjExYi00MDYzLWFkYjYt
NTViNjU5Y2Q4MmJiLzEvbkJKbkNqYjA3U2lMZnlVLTVMZTJRdDVPWlJnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNi9hOGRhZGMtNjExYi00MDYzLWFkYjYtNTViNjU5Y2Q4MmJi
LzEvSVh0NnNHSzhnb3MwalFVd2JtVTFSMGk1MXRZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhN+ADAN
BgkqhkiG9w0BAQsFAAOCAQEAN8y7lxfpzJuwoOX9wGWtaoVXpqN6BA0PDDiqq+5B
lO3dm3eCrdHcqdejFfb9qfoFIUkPFDdfM0JhkHF0+gG7/L+UOk4TiX8rC1LBw0vh
Kb+Cz2s6s0bM/QVrtiXagTkkugj+BkfsyPzWbNqYIncHWdEihHJQ7Qcmp/8zb1Bl
VxupjWbmIY4OfpJwhzoP+umoLruoeYm2bDg2OvjunM4AXG2U3d1ACe1dimi88Jqy
1j4kjDB4y09TUWhFqX13aMLccPevVqc/xh/d6I3EIaBHJ6L4a8TvEIF9FSZfYaX2
7HQM3RghB2kpoegpuzLtYqZ0e1ZWyBi1YJBvVDIL9+aiIg==
-----END CERTIFICATE-----