Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/d09e34-cc11-4394-904d-840ccb34b3f5/1/AVTSw1OpEzzFj2jsQY2zD1kphRg.roa
File:                     AVTSw1OpEzzFj2jsQY2zD1kphRg.roa (raw, json)
Hash identifier:          uYqDqezrVRBI87pM9aMf3kyY88CYgwAkh6rV/ywThGA=
Subject key identifier:   01:54:D2:C3:53:A9:13:3C:C5:8F:68:EC:41:8D:B3:0F:59:29:85:18
Certificate issuer:       /CN=fe8199e8345567d8516b788fe2e1d397e27c73a4
Certificate serial:       01904A4416475C2AEBD8060C42836AC014A2
Authority key identifier: FE:81:99:E8:34:55:67:D8:51:6B:78:8F:E2:E1:D3:97:E2:7C:73:A4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_oGZ6DRVZ9hRa3iP4uHTl-J8c6Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/d09e34-cc11-4394-904d-840ccb34b3f5/1/AVTSw1OpEzzFj2jsQY2zD1kphRg.roa
Signing time:             Mon 24 Jun 2024 12:41:34 +0000
ROA not before:           Mon 24 Jun 2024 12:41:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212238
IP address blocks:        2a05:e9c0:4400::/40 maxlen: 40

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/db/d09e34-cc11-4394-904d-840ccb34b3f5/1/_oGZ6DRVZ9hRa3iP4uHTl-J8c6Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/db/d09e34-cc11-4394-904d-840ccb34b3f5/1/_oGZ6DRVZ9hRa3iP4uHTl-J8c6Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_oGZ6DRVZ9hRa3iP4uHTl-J8c6Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:4a:44:16:47:5c:2a:eb:d8:06:0c:42:83:6a:c0:14:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fe8199e8345567d8516b788fe2e1d397e27c73a4
        Validity
            Not Before: Jun 24 12:41:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0154d2c353a9133cc58f68ec418db30f59298518
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:60:5a:03:20:24:42:e9:e8:40:02:9d:3c:96:
                    d2:29:8b:10:e4:18:b3:75:8a:87:ea:73:85:c0:59:
                    67:42:3b:de:68:01:e9:d5:34:e1:4b:2b:d5:b3:c4:
                    40:6b:56:74:d6:98:24:b0:6d:14:25:42:e1:8c:00:
                    8c:65:ee:42:ff:a8:39:9d:eb:13:e0:99:c9:49:da:
                    06:17:a1:3d:7f:e4:6f:fd:c7:a6:95:88:b6:c6:d6:
                    f7:f7:19:d6:7f:4c:06:5d:00:36:b9:ca:fd:0f:b9:
                    ba:16:d3:14:4b:b3:88:7f:09:a2:b5:f0:d7:08:6f:
                    ca:4a:7d:90:11:31:7b:b8:8a:c4:ac:87:15:ea:a9:
                    19:d0:dd:3b:96:61:f1:26:09:6e:83:c8:4e:56:5e:
                    48:b1:e3:8e:b9:1c:eb:4c:ac:4f:c1:cb:20:ca:f6:
                    e3:c6:48:46:cd:b3:a5:b4:f7:f5:23:33:a1:fc:a1:
                    7b:ad:d9:7a:89:e3:31:30:99:f0:3c:8c:e6:58:ef:
                    ef:c7:e7:45:27:3e:a4:20:11:df:de:b7:eb:2f:7f:
                    eb:df:02:fd:b4:ce:33:3a:36:1a:e7:82:cc:16:7f:
                    c9:4f:fd:87:a0:45:73:86:96:48:d6:1c:3b:7d:03:
                    9b:9c:d3:b1:3b:bb:8f:6d:34:19:57:2f:b7:a9:f4:
                    af:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                01:54:D2:C3:53:A9:13:3C:C5:8F:68:EC:41:8D:B3:0F:59:29:85:18
            X509v3 Authority Key Identifier:
                keyid:FE:81:99:E8:34:55:67:D8:51:6B:78:8F:E2:E1:D3:97:E2:7C:73:A4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_oGZ6DRVZ9hRa3iP4uHTl-J8c6Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/d09e34-cc11-4394-904d-840ccb34b3f5/1/AVTSw1OpEzzFj2jsQY2zD1kphRg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/d09e34-cc11-4394-904d-840ccb34b3f5/1/_oGZ6DRVZ9hRa3iP4uHTl-J8c6Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:e9c0:4400::/40

    Signature Algorithm: sha256WithRSAEncryption
         62:32:9e:cc:72:5f:7a:d4:93:a5:c9:18:74:2d:39:8e:97:4d:
         c9:7f:58:92:d0:c1:2c:72:32:e8:0a:85:82:e4:ae:41:19:8d:
         ba:83:bb:4f:07:d9:15:ea:99:c2:f8:d7:80:ed:3a:a7:72:17:
         68:7a:f1:32:3d:7d:50:bb:80:09:5a:38:e0:02:86:06:1b:c8:
         2b:70:9b:f9:1b:ca:32:5c:0d:c7:ff:27:f6:c4:3a:79:6b:c2:
         0e:79:5d:61:4a:e5:b6:0c:52:af:fe:b4:03:4e:ee:de:6f:08:
         30:79:90:9a:8c:9b:4d:29:e2:79:ef:13:bf:9c:77:1d:52:40:
         a5:7e:bb:82:58:8f:17:57:5f:0e:f3:35:68:69:f7:2e:39:c0:
         df:17:2e:f6:24:91:bb:8c:ca:77:5f:a7:b4:bc:9b:74:b6:77:
         c9:6f:3c:9d:39:b2:16:aa:a0:f8:4c:2b:04:50:88:0f:64:f2:
         23:48:71:64:46:78:b1:21:72:90:eb:eb:36:87:ec:51:61:a6:
         ab:a7:73:99:b0:44:63:b6:a7:9c:f3:0b:47:6f:7b:ba:5e:c5:
         12:4f:84:81:db:da:df:be:fb:ea:2a:d9:5f:3f:0e:26:fe:31:
         f7:4b:6b:81:5e:c5:d5:d3:1e:4f:a8:ed:78:42:b5:67:da:18:
         53:59:1b:cc
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZBKRBZHXCrr2AYMQoNqwBSiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZlODE5OWU4MzQ1NTY3ZDg1MTZiNzg4ZmUyZTFkMzk3ZTI3
YzczYTQwHhcNMjQwNjI0MTI0MTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMTU0ZDJjMzUzYTkxMzNjYzU4ZjY4ZWM0MThkYjMwZjU5Mjk4NTE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj2BaAyAkQunoQAKdPJbSKYsQ5Biz
dYqH6nOFwFlnQjveaAHp1TThSyvVs8RAa1Z01pgksG0UJULhjACMZe5C/6g5nesT
4JnJSdoGF6E9f+Rv/cemlYi2xtb39xnWf0wGXQA2ucr9D7m6FtMUS7OIfwmitfDX
CG/KSn2QETF7uIrErIcV6qkZ0N07lmHxJglug8hOVl5IseOOuRzrTKxPwcsgyvbj
xkhGzbOltPf1IzOh/KF7rdl6ieMxMJnwPIzmWO/vx+dFJz6kIBHf3rfrL3/r3wL9
tM4zOjYa54LMFn/JT/2HoEVzhpZI1hw7fQObnNOxO7uPbTQZVy+3qfSveQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFAFU0sNTqRM8xY9o7EGNsw9ZKYUYMB8GA1UdIwQY
MBaAFP6Bmeg0VWfYUWt4j+Lh05fifHOkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX29HWjZEUlZaOWhSYTNpUDR1SFRsLUo4YzZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi9kMDllMzQtY2MxMS00Mzk0LTkwNGQt
ODQwY2NiMzRiM2Y1LzEvQVZUU3cxT3BFenpGajJqc1FZMnpEMWtwaFJnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi9kMDllMzQtY2MxMS00Mzk0LTkwNGQtODQwY2NiMzRiM2Y1
LzEvX29HWjZEUlZaOWhSYTNpUDR1SFRsLUo4YzZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKgXpwEQw
DQYJKoZIhvcNAQELBQADggEBAGIynsxyX3rUk6XJGHQtOY6XTcl/WJLQwSxyMugK
hYLkrkEZjbqDu08H2RXqmcL414DtOqdyF2h68TI9fVC7gAlaOOAChgYbyCtwm/kb
yjJcDcf/J/bEOnlrwg55XWFK5bYMUq/+tANO7t5vCDB5kJqMm00p4nnvE7+cdx1S
QKV+u4JYjxdXXw7zNWhp9y45wN8XLvYkkbuMyndfp7S8m3S2d8lvPJ05shaqoPhM
KwRQiA9k8iNIcWRGeLEhcpDr6zaH7FFhpqunc5mwRGO2p5zzC0dve7pexRJPhIHb
2t++++oq2V8/Dib+MfdLa4FexdXTHk+o7XhCtWfaGFNZG8w=
-----END CERTIFICATE-----