Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e4/15cc52-51ee-460e-9aeb-ee5559b3658b/1/Cgt_gy7EMOYMV19k2tz2rtLd7TU.roa
File:                     Cgt_gy7EMOYMV19k2tz2rtLd7TU.roa (raw, json)
Hash identifier:          j2CPj0aVUdndtIwS2SsvRubF8DiJi7ArwXEuxy5F6uI=
Subject key identifier:   0A:0B:7F:83:2E:C4:30:E6:0C:57:5F:64:DA:DC:F6:AE:D2:DD:ED:35
Certificate issuer:       /CN=91a071508338260551a55f01fd0708fdf5e08287
Certificate serial:       019424B3ADA2DAB70810329E561A9B3EF305
Authority key identifier: 91:A0:71:50:83:38:26:05:51:A5:5F:01:FD:07:08:FD:F5:E0:82:87
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kaBxUIM4JgVRpV8B_QcI_fXggoc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e4/15cc52-51ee-460e-9aeb-ee5559b3658b/1/Cgt_gy7EMOYMV19k2tz2rtLd7TU.roa
Signing time:             Thu 02 Jan 2025 01:49:02 +0000
ROA not before:           Thu 02 Jan 2025 01:49:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8466
IP address blocks:        2a05:9ec0::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e4/15cc52-51ee-460e-9aeb-ee5559b3658b/1/kaBxUIM4JgVRpV8B_QcI_fXggoc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e4/15cc52-51ee-460e-9aeb-ee5559b3658b/1/kaBxUIM4JgVRpV8B_QcI_fXggoc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kaBxUIM4JgVRpV8B_QcI_fXggoc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:ad:a2:da:b7:08:10:32:9e:56:1a:9b:3e:f3:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=91a071508338260551a55f01fd0708fdf5e08287
        Validity
            Not Before: Jan  2 01:49:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0a0b7f832ec430e60c575f64dadcf6aed2dded35
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:57:60:35:df:dd:92:2c:3e:70:9b:45:fa:3c:
                    33:78:a6:65:23:6e:d7:3f:66:39:99:0a:80:d0:6b:
                    e6:da:6d:3a:02:6d:ea:64:24:2c:50:62:d7:d7:53:
                    5e:f3:ce:05:2f:e4:00:dd:12:20:fb:55:c7:f9:0c:
                    0d:44:56:42:1e:d8:c3:46:bd:16:d1:a8:cd:b1:b7:
                    7e:aa:8d:3a:0c:7c:b1:8b:df:02:6b:21:16:68:fe:
                    71:8c:1e:b4:7f:51:64:c9:b2:48:9b:bd:59:b5:64:
                    a3:0b:8c:23:2f:b0:a7:1e:20:ce:42:41:f3:fb:8d:
                    2b:c2:96:c6:d1:45:a9:83:f4:2d:68:54:a3:86:b8:
                    5e:b0:17:d4:f1:c4:ca:d7:f1:0a:7f:fe:5c:7d:44:
                    98:de:2e:41:72:ba:3b:c1:48:d7:66:ff:bb:49:a7:
                    f0:ea:d1:c6:2b:76:bb:aa:db:a4:33:f1:44:fe:88:
                    b4:e7:a3:90:19:19:00:70:5f:13:88:65:31:3d:ac:
                    01:fb:75:9d:63:4d:47:7c:e1:7e:e9:fe:66:7a:05:
                    3e:36:44:3b:49:a8:16:6f:ea:e2:50:8b:f2:4f:44:
                    26:ca:d4:37:50:bc:dd:b9:27:e2:0d:c2:59:5b:aa:
                    15:b9:e8:69:4c:3c:67:79:b3:c2:20:7d:63:5e:ed:
                    d0:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:0B:7F:83:2E:C4:30:E6:0C:57:5F:64:DA:DC:F6:AE:D2:DD:ED:35
            X509v3 Authority Key Identifier:
                keyid:91:A0:71:50:83:38:26:05:51:A5:5F:01:FD:07:08:FD:F5:E0:82:87

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kaBxUIM4JgVRpV8B_QcI_fXggoc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/15cc52-51ee-460e-9aeb-ee5559b3658b/1/Cgt_gy7EMOYMV19k2tz2rtLd7TU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/15cc52-51ee-460e-9aeb-ee5559b3658b/1/kaBxUIM4JgVRpV8B_QcI_fXggoc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:9ec0::/29

    Signature Algorithm: sha256WithRSAEncryption
         26:16:b0:2d:cf:c2:be:fa:4e:5b:1a:6e:e6:ad:8a:03:33:03:
         19:42:79:35:d6:21:91:ea:20:b0:ff:18:d4:dd:9d:35:ec:df:
         92:2e:a3:83:8d:cc:ba:ae:05:54:f0:cd:b5:66:03:a4:1e:86:
         ec:d3:66:77:58:41:62:2b:82:79:e8:46:6d:f0:9d:cd:c8:c1:
         a9:af:a2:21:ec:30:9a:b3:ec:0c:86:c4:23:0a:ef:db:32:a8:
         19:26:c1:73:f1:6c:ee:1c:69:68:8b:64:53:6d:42:a6:36:ad:
         a1:e5:b6:ff:bf:d5:5c:03:6f:a9:41:9f:76:15:c9:b4:2d:fc:
         fa:8b:51:b3:9c:63:b2:b4:0f:e5:c1:55:fd:b0:a8:e0:e2:90:
         23:bf:e8:d8:11:88:77:3f:7e:fa:5b:49:4d:1e:71:8b:26:7b:
         8c:94:29:55:e8:a4:ec:f9:c4:8a:7a:86:8e:44:fc:86:cf:64:
         e1:f8:91:b4:0d:85:3f:68:fc:99:d0:0a:ca:6a:8c:17:35:d5:
         cf:e0:c9:4f:ae:75:2d:e2:67:bf:58:c5:fa:e2:63:31:61:17:
         ed:0d:6d:6a:49:50:be:57:6a:eb:69:46:3c:16:64:3b:95:3e:
         99:d3:fb:6b:03:24:33:0e:23:1a:15:02:1f:f1:b2:cd:c5:b6:
         79:2c:fe:38
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQks62i2rcIEDKeVhqbPvMFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkxYTA3MTUwODMzODI2MDU1MWE1NWYwMWZkMDcwOGZkZjVl
MDgyODcwHhcNMjUwMTAyMDE0OTAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYTBiN2Y4MzJlYzQzMGU2MGM1NzVmNjRkYWRjZjZhZWQyZGRlZDM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhldgNd/dkiw+cJtF+jwzeKZlI27X
P2Y5mQqA0Gvm2m06Am3qZCQsUGLX11Ne884FL+QA3RIg+1XH+QwNRFZCHtjDRr0W
0ajNsbd+qo06DHyxi98CayEWaP5xjB60f1FkybJIm71ZtWSjC4wjL7CnHiDOQkHz
+40rwpbG0UWpg/QtaFSjhrhesBfU8cTK1/EKf/5cfUSY3i5Bcro7wUjXZv+7Safw
6tHGK3a7qtukM/FE/oi056OQGRkAcF8TiGUxPawB+3WdY01HfOF+6f5megU+NkQ7
SagWb+riUIvyT0QmytQ3ULzduSfiDcJZW6oVuehpTDxnebPCIH1jXu3QVwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFAoLf4MuxDDmDFdfZNrc9q7S3e01MB8GA1UdIwQY
MBaAFJGgcVCDOCYFUaVfAf0HCP314IKHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva2FCeFVJTTRKZ1ZScFY4Ql9RY0lfZlhnZ29jLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNC8xNWNjNTItNTFlZS00NjBlLTlhZWIt
ZWU1NTU5YjM2NThiLzEvQ2d0X2d5N0VNT1lNVjE5azJ0ejJydExkN1RVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNC8xNWNjNTItNTFlZS00NjBlLTlhZWItZWU1NTU5YjM2NThi
LzEva2FCeFVJTTRKZ1ZScFY4Ql9RY0lfZlhnZ29jLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKgWewDAN
BgkqhkiG9w0BAQsFAAOCAQEAJhawLc/CvvpOWxpu5q2KAzMDGUJ5NdYhkeogsP8Y
1N2dNezfki6jg43Muq4FVPDNtWYDpB6G7NNmd1hBYiuCeehGbfCdzcjBqa+iIeww
mrPsDIbEIwrv2zKoGSbBc/Fs7hxpaItkU21CpjatoeW2/7/VXANvqUGfdhXJtC38
+otRs5xjsrQP5cFV/bCo4OKQI7/o2BGIdz9++ltJTR5xiyZ7jJQpVeik7PnEinqG
jkT8hs9k4fiRtA2FP2j8mdAKymqMFzXVz+DJT651LeJnv1jF+uJjMWEX7Q1taklQ
vldq62lGPBZkO5U+mdP7awMkMw4jGhUCH/GyzcW2eSz+OA==
-----END CERTIFICATE-----