Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f5/af96df-a4d5-48f9-ac0c-24d8e747c38f/1/mEwJRgFjg9GszhL0vzblyi42F80.roa
File:                     mEwJRgFjg9GszhL0vzblyi42F80.roa (raw, json)
Hash identifier:          Ro1fm89N9gOjoLiY0gt1XzjCFWB50WzZ9bOT4yCdMco=
Subject key identifier:   98:4C:09:46:01:63:83:D1:AC:CE:12:F4:BF:36:E5:CA:2E:36:17:CD
Certificate issuer:       /CN=12fd558a64e97586a43dc7ee50a8d6b292365b60
Certificate serial:       018F9653CA01CD6E596E21431E5430AA2455
Authority key identifier: 12:FD:55:8A:64:E9:75:86:A4:3D:C7:EE:50:A8:D6:B2:92:36:5B:60
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ev1VimTpdYakPcfuUKjWspI2W2A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f5/af96df-a4d5-48f9-ac0c-24d8e747c38f/1/mEwJRgFjg9GszhL0vzblyi42F80.roa
Signing time:             Mon 20 May 2024 14:07:04 +0000
ROA not before:           Mon 20 May 2024 14:07:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     53356
IP address blocks:        2a0e:5bc0::/29 maxlen: 29
                          2a0e:a800::/29 maxlen: 29
                          2a0f:780::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f5/af96df-a4d5-48f9-ac0c-24d8e747c38f/1/Ev1VimTpdYakPcfuUKjWspI2W2A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f5/af96df-a4d5-48f9-ac0c-24d8e747c38f/1/Ev1VimTpdYakPcfuUKjWspI2W2A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ev1VimTpdYakPcfuUKjWspI2W2A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:96:53:ca:01:cd:6e:59:6e:21:43:1e:54:30:aa:24:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=12fd558a64e97586a43dc7ee50a8d6b292365b60
        Validity
            Not Before: May 20 14:07:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=984c0946016383d1acce12f4bf36e5ca2e3617cd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:d7:1e:6a:38:59:72:ea:23:b2:59:b0:31:ac:
                    c5:30:7f:e2:2d:e6:48:16:ca:48:d8:0e:1a:26:b0:
                    2e:ff:1c:9b:fd:e2:a1:32:2d:21:1c:d4:db:de:9d:
                    5f:9f:2d:3a:84:f1:67:de:e6:f3:2b:6d:b0:70:47:
                    94:8f:a1:6f:6f:0e:3e:3d:1b:26:ae:a7:87:db:1f:
                    04:c6:8d:33:50:01:06:8b:75:01:52:e5:56:78:cf:
                    b5:9e:2d:30:1e:f7:f2:99:39:22:dd:a0:88:05:0d:
                    a4:1f:29:3f:fc:c3:d4:26:54:1c:ca:c5:2e:53:12:
                    19:75:ba:cb:bb:53:85:88:cf:27:a1:73:f4:4c:50:
                    c3:88:b0:10:f2:7f:dd:ca:d9:6a:ac:f3:01:4b:dc:
                    7f:43:8f:d0:ce:cb:de:b2:f7:e9:f8:0e:94:9c:fc:
                    22:e7:99:5d:0c:c8:89:15:4a:60:c6:50:4d:1e:d1:
                    9c:a5:b6:42:0d:18:43:3d:31:28:ed:42:59:eb:34:
                    82:dc:20:0e:b7:ec:9e:df:df:6f:62:1c:a9:a6:a1:
                    78:23:a1:83:9d:a9:62:1e:4f:2e:d8:1c:eb:c5:7c:
                    b0:50:78:89:b4:05:2f:5d:fd:e6:79:1f:25:93:d4:
                    0a:30:38:6a:19:b5:fb:e6:13:17:a8:34:07:1d:d6:
                    d7:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:4C:09:46:01:63:83:D1:AC:CE:12:F4:BF:36:E5:CA:2E:36:17:CD
            X509v3 Authority Key Identifier:
                keyid:12:FD:55:8A:64:E9:75:86:A4:3D:C7:EE:50:A8:D6:B2:92:36:5B:60

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ev1VimTpdYakPcfuUKjWspI2W2A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/af96df-a4d5-48f9-ac0c-24d8e747c38f/1/mEwJRgFjg9GszhL0vzblyi42F80.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/af96df-a4d5-48f9-ac0c-24d8e747c38f/1/Ev1VimTpdYakPcfuUKjWspI2W2A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:5bc0::/29
                  2a0e:a800::/29
                  2a0f:780::/29

    Signature Algorithm: sha256WithRSAEncryption
         32:cd:95:a4:15:5e:8a:35:ad:8a:2b:4c:93:0b:6f:ad:44:1d:
         a7:56:a6:51:c6:52:b7:ae:1c:02:77:7c:3b:d1:d8:fb:5f:24:
         28:0f:30:b5:45:fe:a5:9d:b7:9c:d2:ae:cc:8e:bc:bc:92:b6:
         54:f9:bb:5a:4f:74:58:ce:f2:84:67:3f:b6:72:26:4b:ea:c8:
         38:b9:57:9b:0c:2b:23:47:f2:ed:28:7f:85:48:2b:bc:00:77:
         1f:a0:ae:7c:b3:76:4c:fe:f6:7d:1b:6a:b6:1e:c8:f7:e4:92:
         17:ad:fc:ce:85:4e:71:f7:44:e5:19:0c:a5:ab:f5:07:6d:df:
         6a:ce:fc:29:68:84:df:46:78:19:de:aa:e6:f8:5d:5e:7f:9d:
         70:27:a7:63:63:af:04:72:c2:9c:ea:b5:bd:5d:ee:0a:47:67:
         40:63:71:01:25:67:1e:36:f3:0e:3c:ea:36:5e:f6:14:03:c9:
         4a:d7:7e:20:d7:f8:c3:f3:ce:97:e3:bd:77:0d:bb:8b:09:a4:
         48:cb:dc:01:f7:92:b5:b6:a7:54:ae:4f:09:5a:a2:73:65:86:
         d7:8e:ed:33:e0:7d:e7:6b:03:3c:10:61:91:dd:8d:6e:67:83:
         c5:7d:43:11:04:2d:02:6c:68:46:75:a5:7c:91:c5:0e:45:56:
         14:ae:e3:d7
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAY+WU8oBzW5ZbiFDHlQwqiRVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEyZmQ1NThhNjRlOTc1ODZhNDNkYzdlZTUwYThkNmIyOTIz
NjViNjAwHhcNMjQwNTIwMTQwNzA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ODRjMDk0NjAxNjM4M2QxYWNjZTEyZjRiZjM2ZTVjYTJlMzYxN2NkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoNceajhZcuojslmwMazFMH/iLeZI
FspI2A4aJrAu/xyb/eKhMi0hHNTb3p1fny06hPFn3ubzK22wcEeUj6Fvbw4+PRsm
rqeH2x8Exo0zUAEGi3UBUuVWeM+1ni0wHvfymTki3aCIBQ2kHyk//MPUJlQcysUu
UxIZdbrLu1OFiM8noXP0TFDDiLAQ8n/dytlqrPMBS9x/Q4/Qzsvesvfp+A6UnPwi
55ldDMiJFUpgxlBNHtGcpbZCDRhDPTEo7UJZ6zSC3CAOt+ye399vYhyppqF4I6GD
naliHk8u2BzrxXywUHiJtAUvXf3meR8lk9QKMDhqGbX75hMXqDQHHdbXxwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFJhMCUYBY4PRrM4S9L825couNhfNMB8GA1UdIwQY
MBaAFBL9VYpk6XWGpD3H7lCo1rKSNltgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRXYxVmltVHBkWWFrUGNmdVVLaldzcEkyVzJBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNS9hZjk2ZGYtYTRkNS00OGY5LWFjMGMt
MjRkOGU3NDdjMzhmLzEvbUV3SlJnRmpnOUdzemhMMHZ6Ymx5aTQyRjgwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNS9hZjk2ZGYtYTRkNS00OGY5LWFjMGMtMjRkOGU3NDdjMzhm
LzEvRXYxVmltVHBkWWFrUGNmdVVLaldzcEkyVzJBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAbBAIAAjAVAwUDKg5bwAMF
AyoOqAADBQMqDweAMA0GCSqGSIb3DQEBCwUAA4IBAQAyzZWkFV6KNa2KK0yTC2+t
RB2nVqZRxlK3rhwCd3w70dj7XyQoDzC1Rf6lnbec0q7Mjry8krZU+btaT3RYzvKE
Zz+2ciZL6sg4uVebDCsjR/LtKH+FSCu8AHcfoK58s3ZM/vZ9G2q2Hsj35JIXrfzO
hU5x90TlGQylq/UHbd9qzvwpaITfRngZ3qrm+F1ef51wJ6djY68EcsKc6rW9Xe4K
R2dAY3EBJWceNvMOPOo2XvYUA8lK134g1/jD886X4713DbuLCaRIy9wB95K1tqdU
rk8JWqJzZYbXju0z4H3nawM8EGGR3Y1uZ4PFfUMRBC0CbGhGdaV8kcUORVYUruPX
-----END CERTIFICATE-----