Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/6b1151-b05a-4a02-a883-0f5f09b2eb14/1/Y9xz12vPqVJigwWtagZPVAVVQLc.roa
File:                     Y9xz12vPqVJigwWtagZPVAVVQLc.roa (raw, json)
Hash identifier:          XDGsxhhSzIJRXvwF4UANSkBOst3vHGA1A/zXpUbTAoE=
Subject key identifier:   63:DC:73:D7:6B:CF:A9:52:62:83:05:AD:6A:06:4F:54:05:55:40:B7
Certificate issuer:       /CN=521a30077223c25c6f37dcf59480778c0b5b1068
Certificate serial:       01914DAA6AA3956A6E386370A298443A2538
Authority key identifier: 52:1A:30:07:72:23:C2:5C:6F:37:DC:F5:94:80:77:8C:0B:5B:10:68
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UhowB3IjwlxvN9z1lIB3jAtbEGg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/6b1151-b05a-4a02-a883-0f5f09b2eb14/1/Y9xz12vPqVJigwWtagZPVAVVQLc.roa
Signing time:             Tue 13 Aug 2024 21:34:59 +0000
ROA not before:           Tue 13 Aug 2024 21:34:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200280
IP address blocks:        2a0a:4a40:2270::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/6b1151-b05a-4a02-a883-0f5f09b2eb14/1/UhowB3IjwlxvN9z1lIB3jAtbEGg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/6b1151-b05a-4a02-a883-0f5f09b2eb14/1/UhowB3IjwlxvN9z1lIB3jAtbEGg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UhowB3IjwlxvN9z1lIB3jAtbEGg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 22 Sep 2024 01:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:4d:aa:6a:a3:95:6a:6e:38:63:70:a2:98:44:3a:25:38
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=521a30077223c25c6f37dcf59480778c0b5b1068
        Validity
            Not Before: Aug 13 21:34:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=63dc73d76bcfa952628305ad6a064f54055540b7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:e9:ab:71:12:78:74:4c:d1:75:c1:57:04:e2:
                    63:05:64:1f:81:7b:70:70:95:e5:02:90:ef:9e:f6:
                    58:aa:2f:58:08:e8:cb:bf:89:cc:d8:52:50:14:65:
                    41:eb:54:4a:38:08:0e:0e:a3:a6:f5:48:1e:02:f2:
                    c5:09:27:a6:6b:f7:5c:1c:d4:09:e4:78:7d:47:18:
                    65:70:cf:dd:49:e2:60:cc:25:60:da:4c:02:42:f6:
                    1d:0d:5e:2c:6c:68:47:29:e9:aa:38:50:5b:c6:3b:
                    0e:2b:56:1d:4e:08:0d:8a:8c:5c:63:85:69:56:22:
                    cb:bf:68:d2:99:25:34:d6:68:5a:64:24:ea:ef:57:
                    53:3b:d0:01:8d:69:8c:84:77:c9:5b:17:12:7c:c2:
                    97:55:80:a7:32:6e:7b:bb:a1:67:bb:fd:14:25:e3:
                    ba:1e:3c:68:b6:98:02:30:f5:30:40:60:04:19:05:
                    94:dc:72:d2:01:9a:77:7d:a4:c6:be:b8:b6:23:78:
                    65:54:6f:a5:eb:c7:be:7c:d7:a5:fd:06:99:c3:ba:
                    dd:2b:ff:7b:fb:74:16:4f:17:4d:a4:cd:25:d7:5b:
                    e3:e4:32:44:6f:cb:d3:79:fd:fb:d2:6f:17:01:e4:
                    33:6c:00:03:72:d8:eb:cd:3e:5d:fd:1b:d3:28:7d:
                    ee:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:DC:73:D7:6B:CF:A9:52:62:83:05:AD:6A:06:4F:54:05:55:40:B7
            X509v3 Authority Key Identifier:
                keyid:52:1A:30:07:72:23:C2:5C:6F:37:DC:F5:94:80:77:8C:0B:5B:10:68

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UhowB3IjwlxvN9z1lIB3jAtbEGg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/6b1151-b05a-4a02-a883-0f5f09b2eb14/1/Y9xz12vPqVJigwWtagZPVAVVQLc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/6b1151-b05a-4a02-a883-0f5f09b2eb14/1/UhowB3IjwlxvN9z1lIB3jAtbEGg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0a:4a40:2270::/44

    Signature Algorithm: sha256WithRSAEncryption
         a6:36:b9:bb:02:10:dc:da:56:5d:91:bc:6a:4d:ca:5c:90:3b:
         3a:14:a8:ec:fc:cd:2a:09:8a:4e:2f:d9:64:14:8e:b9:89:e9:
         57:c6:54:f3:45:26:a8:f2:c7:e0:f0:4a:99:a6:d3:48:b8:7e:
         8b:45:a8:d4:05:ff:ab:28:3a:08:73:a5:4a:37:73:5e:27:74:
         7f:71:dc:49:e4:da:78:83:32:3d:64:34:64:08:50:c7:40:3d:
         67:23:cb:f4:a8:8b:74:21:a7:fd:be:86:e0:9b:25:44:77:c5:
         51:6a:25:bf:60:a1:83:60:a0:a6:6e:15:7d:a8:0e:0c:dd:d3:
         28:ce:9d:86:3d:09:ea:3c:59:0e:c7:3c:fd:37:86:c6:25:c9:
         3a:75:15:be:0a:69:58:a3:3e:2a:28:38:64:7e:5a:e7:64:0f:
         96:cb:0e:0c:97:7e:b3:d1:33:44:99:15:8a:cf:f3:59:a8:e2:
         7c:bc:8c:c6:a4:aa:de:9c:40:1b:04:b8:f9:29:24:56:f7:ae:
         38:d3:c9:d1:1f:f6:56:f9:bd:fe:5b:fb:9e:f7:23:f5:ab:a3:
         d9:13:c1:6f:ef:31:5f:4f:28:e1:74:ba:5b:73:61:3b:71:82:
         1e:73:98:65:88:7a:8b:71:fb:c3:56:43:ba:6d:6b:2f:c9:01:
         d2:03:a9:d0
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZFNqmqjlWpuOGNwophEOiU4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyMWEzMDA3NzIyM2MyNWM2ZjM3ZGNmNTk0ODA3NzhjMGI1
YjEwNjgwHhcNMjQwODEzMjEzNDU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2M2RjNzNkNzZiY2ZhOTUyNjI4MzA1YWQ2YTA2NGY1NDA1NTU0MGI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArOmrcRJ4dEzRdcFXBOJjBWQfgXtw
cJXlApDvnvZYqi9YCOjLv4nM2FJQFGVB61RKOAgODqOm9UgeAvLFCSema/dcHNQJ
5Hh9RxhlcM/dSeJgzCVg2kwCQvYdDV4sbGhHKemqOFBbxjsOK1YdTggNioxcY4Vp
ViLLv2jSmSU01mhaZCTq71dTO9ABjWmMhHfJWxcSfMKXVYCnMm57u6Fnu/0UJeO6
HjxotpgCMPUwQGAEGQWU3HLSAZp3faTGvri2I3hlVG+l68e+fNel/QaZw7rdK/97
+3QWTxdNpM0l11vj5DJEb8vTef370m8XAeQzbAADctjrzT5d/RvTKH3uiwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFGPcc9drz6lSYoMFrWoGT1QFVUC3MB8GA1UdIwQY
MBaAFFIaMAdyI8Jcbzfc9ZSAd4wLWxBoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVWhvd0IzSWp3bHh2Tjl6MWxJQjNqQXRiRUdnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS82YjExNTEtYjA1YS00YTAyLWE4ODMt
MGY1ZjA5YjJlYjE0LzEvWTl4ejEydlBxVkppZ3dXdGFnWlBWQVZWUUxjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS82YjExNTEtYjA1YS00YTAyLWE4ODMtMGY1ZjA5YjJlYjE0
LzEvVWhvd0IzSWp3bHh2Tjl6MWxJQjNqQXRiRUdnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgpKQCJw
MA0GCSqGSIb3DQEBCwUAA4IBAQCmNrm7AhDc2lZdkbxqTcpckDs6FKjs/M0qCYpO
L9lkFI65ielXxlTzRSao8sfg8EqZptNIuH6LRajUBf+rKDoIc6VKN3NeJ3R/cdxJ
5Np4gzI9ZDRkCFDHQD1nI8v0qIt0Iaf9vobgmyVEd8VRaiW/YKGDYKCmbhV9qA4M
3dMozp2GPQnqPFkOxzz9N4bGJck6dRW+CmlYoz4qKDhkflrnZA+Wyw4Ml36z0TNE
mRWKz/NZqOJ8vIzGpKrenEAbBLj5KSRW964408nRH/ZW+b3+W/ue9yP1q6PZE8Fv
7zFfTyjhdLpbc2E7cYIec5hliHqLcfvDVkO6bWsvyQHSA6nQ
-----END CERTIFICATE-----