Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/df/29af59-0b7b-4d80-8f9f-14d02e30d227/1/KtrUSAgiNYb2IeeGk0wHBUrZaWU.roa
File:                     KtrUSAgiNYb2IeeGk0wHBUrZaWU.roa (raw, json)
Hash identifier:          +DDgtIjiHkO+qpsFqiUWM8fI2+9NI4tXpdtSK7ud1BE=
Subject key identifier:   2A:DA:D4:48:08:22:35:86:F6:21:E7:86:93:4C:07:05:4A:D9:69:65
Certificate issuer:       /CN=e87cc680c85983e7bf74498d0e6be800f86451c3
Certificate serial:       018E3006A32A668148A8FF64149FB7D12B25
Authority key identifier: E8:7C:C6:80:C8:59:83:E7:BF:74:49:8D:0E:6B:E8:00:F8:64:51:C3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6HzGgMhZg-e_dEmNDmvoAPhkUcM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/df/29af59-0b7b-4d80-8f9f-14d02e30d227/1/KtrUSAgiNYb2IeeGk0wHBUrZaWU.roa
Signing time:             Tue 12 Mar 2024 00:18:45 +0000
ROA not before:           Tue 12 Mar 2024 00:18:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     19905
IP address blocks:        64.253.32.0/19 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/df/29af59-0b7b-4d80-8f9f-14d02e30d227/1/6HzGgMhZg-e_dEmNDmvoAPhkUcM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/df/29af59-0b7b-4d80-8f9f-14d02e30d227/1/6HzGgMhZg-e_dEmNDmvoAPhkUcM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6HzGgMhZg-e_dEmNDmvoAPhkUcM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:30:06:a3:2a:66:81:48:a8:ff:64:14:9f:b7:d1:2b:25
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e87cc680c85983e7bf74498d0e6be800f86451c3
        Validity
            Not Before: Mar 12 00:18:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2adad44808223586f621e786934c07054ad96965
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:d2:24:20:e5:dc:2b:37:ac:6e:8b:5a:8e:81:
                    42:68:48:31:f9:34:2a:a9:65:60:f3:fe:b7:b2:20:
                    c1:e3:5e:04:9c:fa:af:ba:06:be:a1:52:fd:bd:1d:
                    9b:57:66:e6:44:bb:c2:75:53:53:25:43:cd:e0:84:
                    af:37:c3:40:c2:2a:84:77:1a:e1:b0:61:ad:12:88:
                    37:83:41:06:4b:28:ee:4f:ce:b2:5c:29:41:41:a6:
                    93:40:79:b1:b1:12:e8:a5:55:99:62:03:76:dd:d2:
                    7b:ea:21:24:a6:11:84:e8:ac:18:8a:d9:51:a0:f7:
                    ce:2f:0e:cc:cd:52:45:9f:fa:f0:6f:b0:1e:72:af:
                    00:fc:f8:70:46:49:9e:50:4e:f5:af:e9:c1:e9:53:
                    8b:15:7b:ae:5d:8b:66:f0:55:69:2f:09:7c:bd:d1:
                    28:aa:d0:02:41:b5:91:60:8a:e9:95:c7:a1:cb:5f:
                    41:02:13:9c:0d:bd:02:4c:43:28:7e:a5:69:9b:f7:
                    76:92:cf:11:3c:b1:90:72:f5:fc:38:a1:ef:9d:c4:
                    21:93:bd:95:96:5a:52:3e:e6:14:cb:d1:40:58:1f:
                    55:d4:a4:3d:1e:7a:72:5c:88:36:32:4b:c0:f1:bd:
                    47:90:17:a9:8c:16:fb:82:f9:23:36:7e:10:9e:b1:
                    b0:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:DA:D4:48:08:22:35:86:F6:21:E7:86:93:4C:07:05:4A:D9:69:65
            X509v3 Authority Key Identifier:
                keyid:E8:7C:C6:80:C8:59:83:E7:BF:74:49:8D:0E:6B:E8:00:F8:64:51:C3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6HzGgMhZg-e_dEmNDmvoAPhkUcM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/df/29af59-0b7b-4d80-8f9f-14d02e30d227/1/KtrUSAgiNYb2IeeGk0wHBUrZaWU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/df/29af59-0b7b-4d80-8f9f-14d02e30d227/1/6HzGgMhZg-e_dEmNDmvoAPhkUcM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  64.253.32.0/19

    Signature Algorithm: sha256WithRSAEncryption
         6f:37:69:99:d2:95:d9:15:d0:89:d5:51:1e:df:81:ff:44:9f:
         48:96:07:c9:63:8d:23:0f:3d:7f:d8:ce:2a:02:bb:ab:52:6a:
         09:6f:ae:5e:62:a9:fc:01:06:62:5e:2b:94:7f:1d:2b:52:05:
         56:bc:02:aa:90:06:43:42:82:c1:49:86:16:22:33:04:45:c5:
         46:88:5c:f1:2f:8c:8e:54:8e:46:a9:9a:e6:8c:87:b8:ef:4f:
         52:4e:c8:8b:d5:37:5f:e1:0e:45:89:bd:fe:92:7d:3f:00:63:
         9f:45:c6:f7:a7:d2:29:e1:a6:89:54:e5:eb:7b:44:c9:85:35:
         7e:bb:85:c2:47:b1:47:ce:78:91:c4:d2:57:fc:16:4d:d3:cb:
         ca:e4:7c:37:0d:f9:77:e4:e4:be:6f:75:dd:93:87:61:7d:5c:
         2c:36:82:ec:ef:5c:f0:f3:34:3f:e4:91:a8:fd:cd:26:97:d5:
         93:ae:3a:be:08:3b:0b:63:57:56:ed:46:df:28:68:98:64:43:
         f8:82:c6:34:40:fc:39:f4:8a:e7:d7:62:44:ab:80:cd:e7:cd:
         e8:2a:31:f7:84:26:28:1e:c8:d5:c0:f3:ad:9b:24:63:f6:07:
         3c:e2:5c:21:0f:d4:97:20:8b:9e:be:37:82:50:e1:7e:7f:a8:
         1f:18:96:4e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY4wBqMqZoFIqP9kFJ+30SslMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU4N2NjNjgwYzg1OTgzZTdiZjc0NDk4ZDBlNmJlODAwZjg2
NDUxYzMwHhcNMjQwMzEyMDAxODQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYWRhZDQ0ODA4MjIzNTg2ZjYyMWU3ODY5MzRjMDcwNTRhZDk2OTY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqtIkIOXcKzesbotajoFCaEgx+TQq
qWVg8/63siDB414EnPqvuga+oVL9vR2bV2bmRLvCdVNTJUPN4ISvN8NAwiqEdxrh
sGGtEog3g0EGSyjuT86yXClBQaaTQHmxsRLopVWZYgN23dJ76iEkphGE6KwYitlR
oPfOLw7MzVJFn/rwb7Aecq8A/PhwRkmeUE71r+nB6VOLFXuuXYtm8FVpLwl8vdEo
qtACQbWRYIrplcehy19BAhOcDb0CTEMofqVpm/d2ks8RPLGQcvX8OKHvncQhk72V
llpSPuYUy9FAWB9V1KQ9HnpyXIg2MkvA8b1HkBepjBb7gvkjNn4QnrGwWQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCra1EgIIjWG9iHnhpNMBwVK2WllMB8GA1UdIwQY
MBaAFOh8xoDIWYPnv3RJjQ5r6AD4ZFHDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNkh6R2dNaFpnLWVfZEVtTkRtdm9BUGhrVWNNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZi8yOWFmNTktMGI3Yi00ZDgwLThmOWYt
MTRkMDJlMzBkMjI3LzEvS3RyVVNBZ2lOWWIySWVlR2swd0hCVXJaYVdVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZi8yOWFmNTktMGI3Yi00ZDgwLThmOWYtMTRkMDJlMzBkMjI3
LzEvNkh6R2dNaFpnLWVfZEVtTkRtdm9BUGhrVWNNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQFQP0gMA0G
CSqGSIb3DQEBCwUAA4IBAQBvN2mZ0pXZFdCJ1VEe34H/RJ9IlgfJY40jDz1/2M4q
ArurUmoJb65eYqn8AQZiXiuUfx0rUgVWvAKqkAZDQoLBSYYWIjMERcVGiFzxL4yO
VI5GqZrmjIe4709STsiL1Tdf4Q5Fib3+kn0/AGOfRcb3p9Ip4aaJVOXre0TJhTV+
u4XCR7FHzniRxNJX/BZN08vK5Hw3Dfl35OS+b3Xdk4dhfVwsNoLs71zw8zQ/5JGo
/c0ml9WTrjq+CDsLY1dW7UbfKGiYZEP4gsY0QPw59Irn12JEq4DN583oKjH3hCYo
HsjVwPOtmyRj9gc84lwhD9SXIIuevjeCUOF+f6gfGJZO
-----END CERTIFICATE-----