Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/6b1151-b05a-4a02-a883-0f5f09b2eb14/1/hEeJf4mqGC80Gj5rjCurUlFZE-o.roa
File:                     hEeJf4mqGC80Gj5rjCurUlFZE-o.roa (raw, json)
Hash identifier:          pz8zOorLARGxfUuVQMg+/4TRrQ0MSpeMRWIfYAmBIVM=
Subject key identifier:   84:47:89:7F:89:AA:18:2F:34:1A:3E:6B:8C:2B:AB:52:51:59:13:EA
Certificate issuer:       /CN=521a30077223c25c6f37dcf59480778c0b5b1068
Certificate serial:       0191EBD3721D950DE0CC67A0136DCE23D213
Authority key identifier: 52:1A:30:07:72:23:C2:5C:6F:37:DC:F5:94:80:77:8C:0B:5B:10:68
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UhowB3IjwlxvN9z1lIB3jAtbEGg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/6b1151-b05a-4a02-a883-0f5f09b2eb14/1/hEeJf4mqGC80Gj5rjCurUlFZE-o.roa
Signing time:             Fri 13 Sep 2024 14:39:48 +0000
ROA not before:           Fri 13 Sep 2024 14:39:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     399135
IP address blocks:        2a0a:4a41::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/6b1151-b05a-4a02-a883-0f5f09b2eb14/1/UhowB3IjwlxvN9z1lIB3jAtbEGg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/6b1151-b05a-4a02-a883-0f5f09b2eb14/1/UhowB3IjwlxvN9z1lIB3jAtbEGg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UhowB3IjwlxvN9z1lIB3jAtbEGg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 22 Sep 2024 01:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:eb:d3:72:1d:95:0d:e0:cc:67:a0:13:6d:ce:23:d2:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=521a30077223c25c6f37dcf59480778c0b5b1068
        Validity
            Not Before: Sep 13 14:39:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8447897f89aa182f341a3e6b8c2bab52515913ea
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:bf:51:77:e1:0c:ae:f1:eb:68:9c:43:95:66:
                    85:9e:99:10:fc:bf:5f:ed:b2:6d:a6:f7:84:c9:bd:
                    99:97:cf:b6:ee:aa:59:fb:f0:fe:4b:ac:b2:06:1f:
                    94:56:b8:a2:12:9c:94:c3:3f:02:9c:5e:a1:5a:f5:
                    43:03:c9:4d:b5:02:07:8f:0e:2f:b0:9a:4c:2e:ed:
                    2d:05:37:33:82:44:77:e7:a0:2a:9d:e7:ae:fe:49:
                    4d:b8:76:44:dd:d6:10:3a:86:4b:09:54:88:22:5a:
                    d8:eb:69:d8:07:0f:e5:bb:17:84:d9:6d:b9:98:e6:
                    21:e7:da:ae:fc:5d:11:d0:89:92:b8:ca:8a:79:11:
                    4c:37:90:3a:56:27:32:ad:44:19:67:7b:b1:60:f1:
                    7d:72:4d:3a:fe:58:55:a4:41:c4:eb:3c:da:cc:3f:
                    48:7c:54:05:48:91:87:10:59:fe:26:24:c9:a6:95:
                    ef:67:ba:b7:cd:4c:48:49:f0:3b:9f:c8:5e:f7:68:
                    17:cc:62:48:03:8d:fe:2a:00:ea:e9:c7:fb:85:fc:
                    a1:22:e4:f8:60:ba:39:9b:6a:76:8f:20:b2:f1:52:
                    06:a4:6f:3b:9d:e6:ef:84:81:b8:fd:9c:c5:ed:73:
                    ab:59:83:b3:4e:c2:b2:1e:60:24:f2:6b:2e:2f:fb:
                    ae:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:47:89:7F:89:AA:18:2F:34:1A:3E:6B:8C:2B:AB:52:51:59:13:EA
            X509v3 Authority Key Identifier:
                keyid:52:1A:30:07:72:23:C2:5C:6F:37:DC:F5:94:80:77:8C:0B:5B:10:68

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UhowB3IjwlxvN9z1lIB3jAtbEGg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/6b1151-b05a-4a02-a883-0f5f09b2eb14/1/hEeJf4mqGC80Gj5rjCurUlFZE-o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/6b1151-b05a-4a02-a883-0f5f09b2eb14/1/UhowB3IjwlxvN9z1lIB3jAtbEGg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0a:4a41::/32

    Signature Algorithm: sha256WithRSAEncryption
         71:a7:74:e0:74:b3:2a:01:e0:45:97:d6:43:f0:bc:21:d1:f7:
         4d:be:cc:00:34:52:51:43:1e:e2:6f:1c:6b:40:f0:aa:53:8b:
         e1:64:94:73:42:d2:dd:3f:fc:a0:59:53:53:df:92:0e:9e:ca:
         88:71:e7:b6:3c:5c:f0:90:73:f3:93:60:1e:f9:51:b2:e7:21:
         f6:76:22:61:96:b9:97:62:37:30:cf:b9:44:29:f0:3a:74:66:
         83:96:52:c7:6d:f0:a9:00:9d:3e:60:04:7d:8f:63:f8:8e:0a:
         77:cf:56:28:0c:4a:1a:5a:f3:45:bf:f4:c9:d6:a8:53:c4:c6:
         34:0a:e5:c9:d4:31:37:4a:ec:f0:98:14:fa:16:f9:ab:24:e0:
         70:50:b9:ab:dc:ad:44:c4:d8:e7:36:3b:82:d4:1f:5d:c4:0f:
         8b:dd:a6:d7:90:41:7a:c4:6e:f0:b1:a9:9a:54:6e:b6:e3:d7:
         a8:fb:82:67:e4:4b:c2:1c:50:9c:f6:86:cb:4f:b7:c6:01:1a:
         46:45:c8:1d:58:fa:ba:c7:74:d9:fb:2b:f5:04:d5:61:4d:9c:
         7a:a7:54:00:1c:4e:77:31:83:26:ba:4e:9b:ec:80:b9:b4:d7:
         e9:5d:b1:d3:56:1a:25:31:5c:ac:10:29:1b:59:41:a7:7e:3d:
         c7:20:33:eb
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZHr03IdlQ3gzGegE23OI9ITMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyMWEzMDA3NzIyM2MyNWM2ZjM3ZGNmNTk0ODA3NzhjMGI1
YjEwNjgwHhcNMjQwOTEzMTQzOTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NDQ3ODk3Zjg5YWExODJmMzQxYTNlNmI4YzJiYWI1MjUxNTkxM2VhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt79Rd+EMrvHraJxDlWaFnpkQ/L9f
7bJtpveEyb2Zl8+27qpZ+/D+S6yyBh+UVriiEpyUwz8CnF6hWvVDA8lNtQIHjw4v
sJpMLu0tBTczgkR356Aqneeu/klNuHZE3dYQOoZLCVSIIlrY62nYBw/luxeE2W25
mOYh59qu/F0R0ImSuMqKeRFMN5A6VicyrUQZZ3uxYPF9ck06/lhVpEHE6zzazD9I
fFQFSJGHEFn+JiTJppXvZ7q3zUxISfA7n8he92gXzGJIA43+KgDq6cf7hfyhIuT4
YLo5m2p2jyCy8VIGpG87nebvhIG4/ZzF7XOrWYOzTsKyHmAk8msuL/uuxQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFIRHiX+JqhgvNBo+a4wrq1JRWRPqMB8GA1UdIwQY
MBaAFFIaMAdyI8Jcbzfc9ZSAd4wLWxBoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVWhvd0IzSWp3bHh2Tjl6MWxJQjNqQXRiRUdnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS82YjExNTEtYjA1YS00YTAyLWE4ODMt
MGY1ZjA5YjJlYjE0LzEvaEVlSmY0bXFHQzgwR2o1cmpDdXJVbEZaRS1vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS82YjExNTEtYjA1YS00YTAyLWE4ODMtMGY1ZjA5YjJlYjE0
LzEvVWhvd0IzSWp3bHh2Tjl6MWxJQjNqQXRiRUdnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgpKQTAN
BgkqhkiG9w0BAQsFAAOCAQEAcad04HSzKgHgRZfWQ/C8IdH3Tb7MADRSUUMe4m8c
a0DwqlOL4WSUc0LS3T/8oFlTU9+SDp7KiHHntjxc8JBz85NgHvlRsuch9nYiYZa5
l2I3MM+5RCnwOnRmg5ZSx23wqQCdPmAEfY9j+I4Kd89WKAxKGlrzRb/0ydaoU8TG
NArlydQxN0rs8JgU+hb5qyTgcFC5q9ytRMTY5zY7gtQfXcQPi92m15BBesRu8LGp
mlRutuPXqPuCZ+RLwhxQnPaGy0+3xgEaRkXIHVj6usd02fsr9QTVYU2ceqdUABxO
dzGDJrpOm+yAubTX6V2x01YaJTFcrBApG1lBp349xyAz6w==
-----END CERTIFICATE-----