Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e4/decb7d-0388-4e3c-8db4-a302f51d382c/1/KDMQDMSKvzkVFCIuQ1vi5IKxFqc.roa
File:                     KDMQDMSKvzkVFCIuQ1vi5IKxFqc.roa (raw, json)
Hash identifier:          W1z4PN9ehAB8VlW2fAtV3SogXVKZbFhw7EL82DUKuEY=
Subject key identifier:   28:33:10:0C:C4:8A:BF:39:15:14:22:2E:43:5B:E2:E4:82:B1:16:A7
Certificate issuer:       /CN=0b934c36b773008865b9c9fb0fd48669395ac730
Certificate serial:       0194236A0F14CB7087478F3AA8FEBA7536C3
Authority key identifier: 0B:93:4C:36:B7:73:00:88:65:B9:C9:FB:0F:D4:86:69:39:5A:C7:30
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/C5NMNrdzAIhlucn7D9SGaTlaxzA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e4/decb7d-0388-4e3c-8db4-a302f51d382c/1/KDMQDMSKvzkVFCIuQ1vi5IKxFqc.roa
Signing time:             Wed 01 Jan 2025 19:49:00 +0000
ROA not before:           Wed 01 Jan 2025 19:49:00 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     40027
IP address blocks:        2a00:86c0::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e4/decb7d-0388-4e3c-8db4-a302f51d382c/1/C5NMNrdzAIhlucn7D9SGaTlaxzA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e4/decb7d-0388-4e3c-8db4-a302f51d382c/1/C5NMNrdzAIhlucn7D9SGaTlaxzA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/C5NMNrdzAIhlucn7D9SGaTlaxzA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 19 Apr 2025 10:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:6a:0f:14:cb:70:87:47:8f:3a:a8:fe:ba:75:36:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0b934c36b773008865b9c9fb0fd48669395ac730
        Validity
            Not Before: Jan  1 19:49:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2833100cc48abf391514222e435be2e482b116a7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:2e:b7:d3:5e:e5:e3:4f:42:2b:aa:6a:13:03:
                    6c:75:29:c9:ca:14:7e:4e:0d:f5:15:8d:3b:c4:cb:
                    89:08:91:5a:97:ed:22:db:80:4e:7e:6c:b5:a6:81:
                    78:e7:b0:75:ac:12:c9:7e:e9:39:f6:16:6e:49:6a:
                    f5:fc:50:30:2a:93:90:d1:6d:d4:7c:5e:40:5d:40:
                    b4:3a:69:4b:c2:53:95:03:6d:28:ab:9a:21:2c:ba:
                    08:df:3e:fc:05:e3:f0:b5:8b:fa:c2:dc:3b:55:eb:
                    d8:93:a1:48:e2:c0:4e:fd:44:cf:fa:ca:14:a6:72:
                    69:a3:2f:dd:e5:6e:17:a7:0a:68:ab:91:2c:10:ec:
                    92:fe:b3:cb:7b:0a:68:fc:64:38:94:0e:6e:7c:86:
                    72:2b:c5:50:bf:c3:a5:3a:58:6a:3e:bd:78:96:87:
                    01:7d:3b:8e:57:9a:56:b4:24:90:e3:69:5d:2a:6e:
                    65:c2:88:f7:a9:dd:e1:45:c6:cb:0b:95:0d:7a:84:
                    89:db:80:89:96:ff:2e:59:b5:a4:79:66:31:b5:a8:
                    b2:a3:e1:a5:31:5c:34:85:f4:5b:12:fb:1f:05:c5:
                    24:1f:74:cf:4a:df:8a:b7:94:6b:1c:34:0d:9c:6b:
                    45:95:ff:af:4f:c3:09:1c:50:06:87:04:0a:80:a6:
                    40:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:33:10:0C:C4:8A:BF:39:15:14:22:2E:43:5B:E2:E4:82:B1:16:A7
            X509v3 Authority Key Identifier:
                keyid:0B:93:4C:36:B7:73:00:88:65:B9:C9:FB:0F:D4:86:69:39:5A:C7:30

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/C5NMNrdzAIhlucn7D9SGaTlaxzA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/decb7d-0388-4e3c-8db4-a302f51d382c/1/KDMQDMSKvzkVFCIuQ1vi5IKxFqc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/decb7d-0388-4e3c-8db4-a302f51d382c/1/C5NMNrdzAIhlucn7D9SGaTlaxzA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a00:86c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         41:fb:0e:fb:ec:b6:85:17:93:f2:0c:1c:d3:f6:88:d3:3c:01:
         03:a2:37:da:cf:8c:e7:78:66:38:09:ca:ee:82:45:49:a7:c3:
         ff:96:55:0e:34:a9:bf:ea:64:b5:e1:17:3c:b2:b7:fa:2b:c8:
         fd:86:50:c5:55:db:e3:99:4c:50:33:a8:61:a4:f1:7f:c0:d3:
         5a:a7:83:75:82:0c:a7:cc:71:cf:65:a2:ba:1f:e3:6a:5a:1b:
         d8:97:a1:97:fb:16:04:fb:b8:a1:49:7d:a3:7f:c2:01:2e:b1:
         57:4a:10:d5:c8:14:1d:4b:9c:b6:5c:3d:ef:02:c2:51:c5:56:
         9a:67:93:cd:13:6c:af:e0:22:a6:9a:fe:79:88:ad:14:c4:8e:
         32:ea:4f:ea:1b:1e:a0:3d:76:78:28:42:d9:77:21:ca:c7:d9:
         c5:ea:96:81:d2:c7:db:6d:f1:42:72:d1:b9:a1:31:18:e0:ec:
         72:3d:91:17:cb:56:88:30:14:d3:df:e2:6a:00:a7:8f:d5:98:
         51:1c:1a:61:ee:d6:a7:8a:2a:fa:d2:06:62:8b:36:ae:68:36:
         ee:ce:9a:ad:69:cc:7e:4e:38:f8:14:0b:5d:5e:0d:92:2a:6e:
         ea:64:08:f2:86:e9:1d:c3:e8:e6:da:21:50:93:cb:eb:38:c1:
         09:4c:3e:f6
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQjag8Uy3CHR486qP66dTbDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBiOTM0YzM2Yjc3MzAwODg2NWI5YzlmYjBmZDQ4NjY5Mzk1
YWM3MzAwHhcNMjUwMTAxMTk0OTAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyODMzMTAwY2M0OGFiZjM5MTUxNDIyMmU0MzViZTJlNDgyYjExNmE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsi63017l409CK6pqEwNsdSnJyhR+
Tg31FY07xMuJCJFal+0i24BOfmy1poF457B1rBLJfuk59hZuSWr1/FAwKpOQ0W3U
fF5AXUC0OmlLwlOVA20oq5ohLLoI3z78BePwtYv6wtw7VevYk6FI4sBO/UTP+soU
pnJpoy/d5W4Xpwpoq5EsEOyS/rPLewpo/GQ4lA5ufIZyK8VQv8OlOlhqPr14locB
fTuOV5pWtCSQ42ldKm5lwoj3qd3hRcbLC5UNeoSJ24CJlv8uWbWkeWYxtaiyo+Gl
MVw0hfRbEvsfBcUkH3TPSt+Kt5RrHDQNnGtFlf+vT8MJHFAGhwQKgKZAlwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFCgzEAzEir85FRQiLkNb4uSCsRanMB8GA1UdIwQY
MBaAFAuTTDa3cwCIZbnJ+w/Uhmk5WscwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQzVOTU5yZHpBSWhsdWNuN0Q5U0dhVGxheHpBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNC9kZWNiN2QtMDM4OC00ZTNjLThkYjQt
YTMwMmY1MWQzODJjLzEvS0RNUURNU0t2emtWRkNJdVExdmk1SUt4RnFjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNC9kZWNiN2QtMDM4OC00ZTNjLThkYjQtYTMwMmY1MWQzODJj
LzEvQzVOTU5yZHpBSWhsdWNuN0Q5U0dhVGxheHpBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgCGwDAN
BgkqhkiG9w0BAQsFAAOCAQEAQfsO++y2hReT8gwc0/aI0zwBA6I32s+M53hmOAnK
7oJFSafD/5ZVDjSpv+pkteEXPLK3+ivI/YZQxVXb45lMUDOoYaTxf8DTWqeDdYIM
p8xxz2Wiuh/jalob2Jehl/sWBPu4oUl9o3/CAS6xV0oQ1cgUHUuctlw97wLCUcVW
mmeTzRNsr+Aippr+eYitFMSOMupP6hseoD12eChC2XchysfZxeqWgdLH223xQnLR
uaExGODscj2RF8tWiDAU09/iagCnj9WYURwaYe7Wp4oq+tIGYos2rmg27s6arWnM
fk44+BQLXV4Nkipu6mQI8obpHcPo5tohUJPL6zjBCUw+9g==
-----END CERTIFICATE-----