Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e4/b06956-e733-4564-9781-d0c4c86bb5fe/1/utentqqy5GUX6xjOO70Zx55fsK0.roa
File:                     utentqqy5GUX6xjOO70Zx55fsK0.roa (raw, json)
Hash identifier:          Z4JeWyzB0L9+u00qmx46AQ9h8ajUGAFCIAhK67ja97c=
Subject key identifier:   BA:D7:A7:B6:AA:B2:E4:65:17:EB:18:CE:3B:BD:19:C7:9E:5F:B0:AD
Certificate issuer:       /CN=b2df1c137d7894ccdba768ceb971c4d3df59fe96
Certificate serial:       0194228E19D27874990506E4D52DC87ECB94
Authority key identifier: B2:DF:1C:13:7D:78:94:CC:DB:A7:68:CE:B9:71:C4:D3:DF:59:FE:96
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/st8cE314lMzbp2jOuXHE099Z_pY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e4/b06956-e733-4564-9781-d0c4c86bb5fe/1/utentqqy5GUX6xjOO70Zx55fsK0.roa
Signing time:             Wed 01 Jan 2025 15:48:45 +0000
ROA not before:           Wed 01 Jan 2025 15:48:45 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     6766
IP address blocks:        2001:67c:2ed8::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e4/b06956-e733-4564-9781-d0c4c86bb5fe/1/st8cE314lMzbp2jOuXHE099Z_pY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e4/b06956-e733-4564-9781-d0c4c86bb5fe/1/st8cE314lMzbp2jOuXHE099Z_pY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/st8cE314lMzbp2jOuXHE099Z_pY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8e:19:d2:78:74:99:05:06:e4:d5:2d:c8:7e:cb:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b2df1c137d7894ccdba768ceb971c4d3df59fe96
        Validity
            Not Before: Jan  1 15:48:45 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=bad7a7b6aab2e46517eb18ce3bbd19c79e5fb0ad
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ef:7f:fe:c5:ed:92:48:36:b0:53:eb:6a:aa:a9:
                    28:2e:67:85:e7:9d:5e:42:f0:17:d2:a9:8a:bc:e4:
                    93:cb:98:eb:21:8f:fe:01:7d:c0:cf:b9:59:c3:15:
                    74:a7:62:2a:3b:f3:35:08:85:ec:ef:12:b6:35:fd:
                    eb:6e:c1:5c:dc:0e:22:23:75:04:59:24:3d:81:51:
                    30:61:3c:15:24:3e:fb:c3:2f:53:9b:0e:55:23:62:
                    3c:43:e1:ec:1a:b9:a4:db:59:32:17:12:fa:b2:dc:
                    d0:b5:aa:ba:aa:49:26:a2:28:7e:21:a6:0f:07:dc:
                    11:fa:93:cb:9c:c6:a3:e2:1b:bb:5b:b3:9d:e5:6a:
                    c0:e8:d2:21:c8:f6:5e:e4:65:47:6f:39:d8:96:68:
                    e7:cb:10:30:52:ae:ac:ae:ab:ff:ce:85:1d:d8:dd:
                    36:2c:c6:84:06:0b:79:51:f3:ef:7d:8c:21:9e:e7:
                    41:bb:47:94:3e:0e:ec:4a:0b:99:77:74:11:7f:fd:
                    23:55:c1:3b:f5:b2:78:25:37:ff:17:6f:b5:4c:aa:
                    a5:4d:fe:94:1d:d8:a3:c0:6e:e2:02:31:05:91:fa:
                    7d:0e:4f:ef:bb:65:14:47:f8:ba:f7:39:d6:12:60:
                    6c:5b:56:8d:a1:c8:56:00:f1:65:4e:3d:a7:25:a9:
                    a1:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:D7:A7:B6:AA:B2:E4:65:17:EB:18:CE:3B:BD:19:C7:9E:5F:B0:AD
            X509v3 Authority Key Identifier:
                keyid:B2:DF:1C:13:7D:78:94:CC:DB:A7:68:CE:B9:71:C4:D3:DF:59:FE:96

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/st8cE314lMzbp2jOuXHE099Z_pY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/b06956-e733-4564-9781-d0c4c86bb5fe/1/utentqqy5GUX6xjOO70Zx55fsK0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/b06956-e733-4564-9781-d0c4c86bb5fe/1/st8cE314lMzbp2jOuXHE099Z_pY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:2ed8::/48

    Signature Algorithm: sha256WithRSAEncryption
         98:8a:7c:35:9d:b9:dd:fe:78:28:50:9f:b9:71:ba:e5:b8:ff:
         12:f9:dc:df:04:52:16:6f:2d:4c:b4:56:b5:e5:92:48:48:e1:
         dd:46:db:28:05:28:f7:eb:59:c9:f2:e5:be:88:64:c4:f7:20:
         36:08:3f:86:bf:07:72:d4:3b:20:40:ff:20:1a:0b:08:fe:1a:
         3b:5e:66:6c:47:13:89:10:57:28:21:1d:85:c4:e3:00:45:a6:
         49:7c:f8:aa:da:71:6a:77:d4:ac:c1:d6:fd:9d:71:37:f8:cd:
         29:85:4d:a8:d3:96:19:db:11:39:fe:38:cf:fa:64:3c:87:da:
         0d:d2:16:52:c9:13:c8:5f:a7:4e:a7:19:ad:44:7d:ae:38:f7:
         f4:a3:54:55:99:7a:ee:5f:4b:a5:3a:55:7a:1f:82:1d:f4:24:
         76:bc:c7:23:65:25:74:f7:50:2a:04:35:d1:88:ab:bf:d8:a6:
         36:c6:05:d4:bc:08:ed:f3:df:0f:8e:7b:78:55:4c:25:3e:78:
         72:78:f6:56:21:e3:04:2f:49:c8:b9:86:57:a6:53:4f:9f:35:
         3b:96:16:16:69:71:82:74:3a:c0:4c:90:d0:e0:14:9b:87:e0:
         aa:42:91:10:a5:06:38:41:e3:b4:f5:89:5f:bf:64:69:a1:fd:
         18:bb:4d:e3
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQijhnSeHSZBQbk1S3IfsuUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIyZGYxYzEzN2Q3ODk0Y2NkYmE3NjhjZWI5NzFjNGQzZGY1
OWZlOTYwHhcNMjUwMTAxMTU0ODQ1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYWQ3YTdiNmFhYjJlNDY1MTdlYjE4Y2UzYmJkMTljNzllNWZiMGFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA73/+xe2SSDawU+tqqqkoLmeF551e
QvAX0qmKvOSTy5jrIY/+AX3Az7lZwxV0p2IqO/M1CIXs7xK2Nf3rbsFc3A4iI3UE
WSQ9gVEwYTwVJD77wy9Tmw5VI2I8Q+HsGrmk21kyFxL6stzQtaq6qkkmoih+IaYP
B9wR+pPLnMaj4hu7W7Od5WrA6NIhyPZe5GVHbznYlmjnyxAwUq6srqv/zoUd2N02
LMaEBgt5UfPvfYwhnudBu0eUPg7sSguZd3QRf/0jVcE79bJ4JTf/F2+1TKqlTf6U
HdijwG7iAjEFkfp9Dk/vu2UUR/i69znWEmBsW1aNochWAPFlTj2nJamhfwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFLrXp7aqsuRlF+sYzju9GceeX7CtMB8GA1UdIwQY
MBaAFLLfHBN9eJTM26dozrlxxNPfWf6WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc3Q4Y0UzMTRsTXpicDJqT3VYSEUwOTlaX3BZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNC9iMDY5NTYtZTczMy00NTY0LTk3ODEt
ZDBjNGM4NmJiNWZlLzEvdXRlbnRxcXk1R1VYNnhqT083MFp4NTVmc0swLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNC9iMDY5NTYtZTczMy00NTY0LTk3ODEtZDBjNGM4NmJiNWZl
LzEvc3Q4Y0UzMTRsTXpicDJqT3VYSEUwOTlaX3BZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfC7Y
MA0GCSqGSIb3DQEBCwUAA4IBAQCYinw1nbnd/ngoUJ+5cbrluP8S+dzfBFIWby1M
tFa15ZJISOHdRtsoBSj361nJ8uW+iGTE9yA2CD+Gvwdy1DsgQP8gGgsI/ho7XmZs
RxOJEFcoIR2FxOMARaZJfPiq2nFqd9Sswdb9nXE3+M0phU2o05YZ2xE5/jjP+mQ8
h9oN0hZSyRPIX6dOpxmtRH2uOPf0o1RVmXruX0ulOlV6H4Id9CR2vMcjZSV091Aq
BDXRiKu/2KY2xgXUvAjt898Pjnt4VUwlPnhyePZWIeMEL0nIuYZXplNPnzU7lhYW
aXGCdDrATJDQ4BSbh+CqQpEQpQY4QeO09Ylfv2Rpof0Yu03j
-----END CERTIFICATE-----