Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ec/c4dada-1a29-449a-9ac6-b12ebf345bc3/1/KcYP1NGg-r2e41FID4YKU7WnffM.roa
File:                     KcYP1NGg-r2e41FID4YKU7WnffM.roa (raw, json)
Hash identifier:          ivnGXMhmrmEUrR+fQYp2OnC6ZqYVMLcDdqzbAZ4DlOg=
Subject key identifier:   29:C6:0F:D4:D1:A0:FA:BD:9E:E3:51:48:0F:86:0A:53:B5:A7:7D:F3
Certificate issuer:       /CN=a5a8a69009ad2e890986bdd76c633c1b31f06f3a
Certificate serial:       018F0C4041928E339003D3009D64CB3893BA
Authority key identifier: A5:A8:A6:90:09:AD:2E:89:09:86:BD:D7:6C:63:3C:1B:31:F0:6F:3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/paimkAmtLokJhr3XbGM8GzHwbzo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ec/c4dada-1a29-449a-9ac6-b12ebf345bc3/1/KcYP1NGg-r2e41FID4YKU7WnffM.roa
Signing time:             Tue 23 Apr 2024 18:38:08 +0000
ROA not before:           Tue 23 Apr 2024 18:38:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216219
IP address blocks:        2a13:f740::/48 maxlen: 48
                          2a13:f740:1::/48 maxlen: 48
                          2a13:f740:2::/48 maxlen: 48
                          2a13:f740:3::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ec/c4dada-1a29-449a-9ac6-b12ebf345bc3/1/paimkAmtLokJhr3XbGM8GzHwbzo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ec/c4dada-1a29-449a-9ac6-b12ebf345bc3/1/paimkAmtLokJhr3XbGM8GzHwbzo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/paimkAmtLokJhr3XbGM8GzHwbzo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:0c:40:41:92:8e:33:90:03:d3:00:9d:64:cb:38:93:ba
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a5a8a69009ad2e890986bdd76c633c1b31f06f3a
        Validity
            Not Before: Apr 23 18:38:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=29c60fd4d1a0fabd9ee351480f860a53b5a77df3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:ec:b5:6d:83:38:a9:b0:a9:77:83:04:cc:74:
                    72:7f:8c:c2:f8:64:17:6c:65:b9:a2:0e:4e:e9:79:
                    88:60:19:7c:1a:de:b2:50:ec:b4:42:b4:b5:d4:a8:
                    d2:2b:2a:4f:d5:a1:7f:7e:93:0b:c5:b4:31:70:df:
                    79:59:c0:41:50:bf:95:90:a2:97:08:2d:52:0d:a0:
                    34:9f:b3:bc:3f:ee:f4:f5:0e:99:ae:13:d1:d6:9b:
                    09:b8:53:08:ce:6b:77:3f:22:8c:09:03:3c:96:a8:
                    e3:f0:88:da:88:f4:de:f2:49:f1:ca:32:a3:47:51:
                    d7:09:5c:48:8b:04:a0:48:82:77:01:ac:ed:fe:53:
                    a1:4d:98:f5:69:84:28:44:77:3f:ca:62:34:54:f4:
                    90:c8:67:6f:17:b9:9f:8f:1b:01:f1:1a:a0:a8:65:
                    2a:78:24:ce:3c:a2:80:4d:90:d3:4b:19:e4:19:76:
                    40:12:da:d2:6b:02:01:8b:6c:93:b1:a3:88:ef:b9:
                    61:19:7b:12:9d:af:89:9b:4e:29:23:cb:33:30:80:
                    17:dc:3c:92:90:01:5d:11:89:83:4c:93:6d:94:78:
                    30:d5:91:44:c2:95:d9:9b:44:24:c1:81:b6:cb:0c:
                    20:be:05:90:1b:d2:e0:33:a5:84:d4:ff:19:a9:87:
                    ff:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:C6:0F:D4:D1:A0:FA:BD:9E:E3:51:48:0F:86:0A:53:B5:A7:7D:F3
            X509v3 Authority Key Identifier:
                keyid:A5:A8:A6:90:09:AD:2E:89:09:86:BD:D7:6C:63:3C:1B:31:F0:6F:3A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/paimkAmtLokJhr3XbGM8GzHwbzo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/c4dada-1a29-449a-9ac6-b12ebf345bc3/1/KcYP1NGg-r2e41FID4YKU7WnffM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/c4dada-1a29-449a-9ac6-b12ebf345bc3/1/paimkAmtLokJhr3XbGM8GzHwbzo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:f740::/46

    Signature Algorithm: sha256WithRSAEncryption
         46:dc:15:40:64:65:b2:7d:28:61:71:47:e7:f0:0d:92:28:b0:
         88:18:32:01:2b:04:9c:e9:3e:3e:aa:4b:27:f0:99:13:bc:43:
         6e:03:64:9b:eb:f5:49:73:7d:41:68:91:c9:a8:21:df:96:a0:
         88:2f:9b:0b:8d:b0:b2:4d:c4:3f:c8:1d:4c:58:f9:ad:73:ca:
         e9:55:6d:c0:7d:b9:37:ad:7d:d0:dd:c8:3b:8d:8b:31:fd:9c:
         74:51:ed:f4:9c:3d:df:f7:e1:0d:a7:c4:32:af:6e:24:50:32:
         f6:fc:3b:20:87:28:d8:9d:69:b4:c2:91:2b:3e:d0:c4:13:5e:
         88:e4:9a:42:d7:0b:c5:45:0d:8c:20:f9:3c:ab:f4:0f:dc:91:
         5b:dd:a9:9c:63:b8:5d:78:d9:b6:96:46:35:2d:09:25:e8:cb:
         a4:9b:cd:91:d6:01:fa:ee:a4:64:1f:8b:b2:54:4a:4d:78:04:
         51:c7:45:a9:fe:32:97:86:58:ab:22:63:1f:7a:8b:0c:82:0c:
         b7:ce:40:f2:15:34:f9:c7:e6:4d:f0:37:90:6d:22:32:3b:1b:
         a7:ea:cf:bb:c2:e0:c6:f0:29:89:8e:02:16:09:da:86:b7:91:
         62:41:3d:46:47:64:e2:27:13:0d:41:7d:3a:47:c5:0b:c4:75:
         8b:dd:b6:ca
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY8MQEGSjjOQA9MAnWTLOJO6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE1YThhNjkwMDlhZDJlODkwOTg2YmRkNzZjNjMzYzFiMzFm
MDZmM2EwHhcNMjQwNDIzMTgzODA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOWM2MGZkNGQxYTBmYWJkOWVlMzUxNDgwZjg2MGE1M2I1YTc3ZGYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmey1bYM4qbCpd4MEzHRyf4zC+GQX
bGW5og5O6XmIYBl8Gt6yUOy0QrS11KjSKypP1aF/fpMLxbQxcN95WcBBUL+VkKKX
CC1SDaA0n7O8P+709Q6ZrhPR1psJuFMIzmt3PyKMCQM8lqjj8IjaiPTe8knxyjKj
R1HXCVxIiwSgSIJ3Aazt/lOhTZj1aYQoRHc/ymI0VPSQyGdvF7mfjxsB8RqgqGUq
eCTOPKKATZDTSxnkGXZAEtrSawIBi2yTsaOI77lhGXsSna+Jm04pI8szMIAX3DyS
kAFdEYmDTJNtlHgw1ZFEwpXZm0QkwYG2ywwgvgWQG9LgM6WE1P8ZqYf/XQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFCnGD9TRoPq9nuNRSA+GClO1p33zMB8GA1UdIwQY
MBaAFKWoppAJrS6JCYa912xjPBsx8G86MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcGFpbWtBbXRMb2tKaHIzWGJHTThHekh3YnpvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYy9jNGRhZGEtMWEyOS00NDlhLTlhYzYt
YjEyZWJmMzQ1YmMzLzEvS2NZUDFOR2ctcjJlNDFGSUQ0WUtVN1duZmZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYy9jNGRhZGEtMWEyOS00NDlhLTlhYzYtYjEyZWJmMzQ1YmMz
LzEvcGFpbWtBbXRMb2tKaHIzWGJHTThHekh3YnpvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcCKhP3QAAA
MA0GCSqGSIb3DQEBCwUAA4IBAQBG3BVAZGWyfShhcUfn8A2SKLCIGDIBKwSc6T4+
qksn8JkTvENuA2Sb6/VJc31BaJHJqCHflqCIL5sLjbCyTcQ/yB1MWPmtc8rpVW3A
fbk3rX3Q3cg7jYsx/Zx0Ue30nD3f9+ENp8Qyr24kUDL2/DsghyjYnWm0wpErPtDE
E16I5JpC1wvFRQ2MIPk8q/QP3JFb3amcY7hdeNm2lkY1LQkl6Mukm82R1gH67qRk
H4uyVEpNeARRx0Wp/jKXhlirImMfeosMggy3zkDyFTT5x+ZN8DeQbSIyOxun6s+7
wuDG8CmJjgIWCdqGt5FiQT1GR2TiJxMNQX06R8ULxHWL3bbK
-----END CERTIFICATE-----