Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f9/143392-d868-4a26-8543-3aa2227badfe/1/al3sVmLza1lSWMNmX1wAnE6di0g.roa
File:                     al3sVmLza1lSWMNmX1wAnE6di0g.roa (raw, json)
Hash identifier:          QViBGQ++sKC9WspIzy9uy1czwUBc30L4ut/rMlvD+hk=
Subject key identifier:   6A:5D:EC:56:62:F3:6B:59:52:58:C3:66:5F:5C:00:9C:4E:9D:8B:48
Certificate issuer:       /CN=5524b2e26dd3afcc5c1eac01f90263d201fbe099
Certificate serial:       019520307996A4D2AFFAC365C4640A9579C4
Authority key identifier: 55:24:B2:E2:6D:D3:AF:CC:5C:1E:AC:01:F9:02:63:D2:01:FB:E0:99
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VSSy4m3Tr8xcHqwB-QJj0gH74Jk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f9/143392-d868-4a26-8543-3aa2227badfe/1/al3sVmLza1lSWMNmX1wAnE6di0g.roa
Signing time:             Wed 19 Feb 2025 21:50:02 +0000
ROA not before:           Wed 19 Feb 2025 21:50:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     199052
IP address blocks:        2a13:4a80::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f9/143392-d868-4a26-8543-3aa2227badfe/1/VSSy4m3Tr8xcHqwB-QJj0gH74Jk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f9/143392-d868-4a26-8543-3aa2227badfe/1/VSSy4m3Tr8xcHqwB-QJj0gH74Jk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VSSy4m3Tr8xcHqwB-QJj0gH74Jk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 23:34:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:20:30:79:96:a4:d2:af:fa:c3:65:c4:64:0a:95:79:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5524b2e26dd3afcc5c1eac01f90263d201fbe099
        Validity
            Not Before: Feb 19 21:50:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6a5dec5662f36b595258c3665f5c009c4e9d8b48
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:d5:60:cd:0b:6a:ee:09:97:20:4b:f0:81:dd:
                    ff:e0:10:b6:18:1d:88:9e:fd:41:50:76:a5:26:67:
                    ee:42:d9:d9:44:14:29:4a:e6:b0:1d:93:06:41:a3:
                    78:23:7b:ff:bf:6e:ae:bc:fb:66:ae:88:6f:35:92:
                    03:2c:54:b7:1f:56:ab:08:80:6b:cd:6a:47:b6:a4:
                    13:65:ee:91:81:d5:46:02:97:8f:7e:21:93:71:8b:
                    7e:80:a7:d9:fc:e8:84:33:02:78:58:41:3c:05:6a:
                    24:24:6d:52:74:ab:0f:4b:f2:1d:fe:6e:53:f2:9d:
                    3e:b7:02:b4:37:d3:9f:6b:ca:f9:aa:1d:37:1d:c6:
                    f8:6b:00:9d:3e:58:89:f9:65:36:1d:3a:3b:cf:28:
                    6b:f4:7c:16:c9:28:ab:95:e8:fe:c8:d4:8c:dd:60:
                    42:c7:e2:84:3f:07:55:29:d9:a8:cd:3e:34:1a:00:
                    f1:e3:e2:85:36:57:66:dc:15:7d:18:d0:dd:f9:6c:
                    73:84:0e:62:8e:95:fb:53:57:f4:68:57:d0:a6:2d:
                    d6:05:5b:9b:87:98:41:9f:94:7f:07:c0:9d:ef:9e:
                    83:97:cc:2d:48:20:65:0f:01:60:91:7d:b3:9c:a0:
                    bc:e8:74:b5:1c:1a:75:51:b2:14:c1:53:53:94:05:
                    4a:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:5D:EC:56:62:F3:6B:59:52:58:C3:66:5F:5C:00:9C:4E:9D:8B:48
            X509v3 Authority Key Identifier:
                keyid:55:24:B2:E2:6D:D3:AF:CC:5C:1E:AC:01:F9:02:63:D2:01:FB:E0:99

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VSSy4m3Tr8xcHqwB-QJj0gH74Jk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/143392-d868-4a26-8543-3aa2227badfe/1/al3sVmLza1lSWMNmX1wAnE6di0g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/143392-d868-4a26-8543-3aa2227badfe/1/VSSy4m3Tr8xcHqwB-QJj0gH74Jk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:4a80::/29

    Signature Algorithm: sha256WithRSAEncryption
         b6:37:b2:21:d2:2e:44:6e:9b:a1:00:d3:aa:79:44:f6:44:1d:
         33:55:73:34:1f:98:3e:22:55:f6:c1:fe:6e:0d:32:95:b5:05:
         b5:7d:52:b6:51:e1:80:0f:2c:7e:27:7a:60:94:7f:7d:a7:fc:
         a6:e5:b3:04:04:5f:72:8d:55:fe:e8:59:9a:d8:0c:5e:38:81:
         98:7d:d7:d8:05:e6:7c:b4:1d:7b:61:62:27:c3:1c:d0:70:ba:
         23:39:9e:4c:03:d9:0a:87:17:fc:98:03:f6:9c:cf:43:c6:eb:
         87:18:00:18:f8:85:e3:f7:90:11:c3:c4:18:31:d7:62:72:9f:
         98:3d:65:61:80:5c:82:d7:67:56:c1:1a:48:4a:39:5f:bc:f6:
         9d:e1:01:98:1a:b4:62:ad:c7:32:8f:d8:55:4f:5a:87:e5:57:
         9b:7e:1d:06:ef:c8:d6:2d:fc:aa:01:8a:0b:e5:60:d8:1a:62:
         1f:e6:c0:0f:0e:e9:32:a4:36:46:4c:90:6b:b1:9c:2c:a4:34:
         0b:a0:5e:28:36:a6:2a:3c:2c:33:39:d0:e3:a0:32:66:99:21:
         e5:17:5a:67:68:9d:bc:4e:7d:d4:29:53:6d:37:fc:30:00:43:
         ee:8a:1a:b5:da:bf:20:1d:f4:31:ad:a5:6d:a4:8a:aa:37:f1:
         f8:6f:7a:5a
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZUgMHmWpNKv+sNlxGQKlXnEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU1MjRiMmUyNmRkM2FmY2M1YzFlYWMwMWY5MDI2M2QyMDFm
YmUwOTkwHhcNMjUwMjE5MjE1MDAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YTVkZWM1NjYyZjM2YjU5NTI1OGMzNjY1ZjVjMDA5YzRlOWQ4YjQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmdVgzQtq7gmXIEvwgd3/4BC2GB2I
nv1BUHalJmfuQtnZRBQpSuawHZMGQaN4I3v/v26uvPtmrohvNZIDLFS3H1arCIBr
zWpHtqQTZe6RgdVGApePfiGTcYt+gKfZ/OiEMwJ4WEE8BWokJG1SdKsPS/Id/m5T
8p0+twK0N9Ofa8r5qh03Hcb4awCdPliJ+WU2HTo7zyhr9HwWySirlej+yNSM3WBC
x+KEPwdVKdmozT40GgDx4+KFNldm3BV9GNDd+WxzhA5ijpX7U1f0aFfQpi3WBVub
h5hBn5R/B8Cd756Dl8wtSCBlDwFgkX2znKC86HS1HBp1UbIUwVNTlAVK6wIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFGpd7FZi82tZUljDZl9cAJxOnYtIMB8GA1UdIwQY
MBaAFFUksuJt06/MXB6sAfkCY9IB++CZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVlNTeTRtM1RyOHhjSHF3Qi1RSmowZ0g3NEprLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOS8xNDMzOTItZDg2OC00YTI2LTg1NDMt
M2FhMjIyN2JhZGZlLzEvYWwzc1ZtTHphMWxTV01ObVgxd0FuRTZkaTBnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOS8xNDMzOTItZDg2OC00YTI2LTg1NDMtM2FhMjIyN2JhZGZl
LzEvVlNTeTRtM1RyOHhjSHF3Qi1RSmowZ0g3NEprLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhNKgDAN
BgkqhkiG9w0BAQsFAAOCAQEAtjeyIdIuRG6boQDTqnlE9kQdM1VzNB+YPiJV9sH+
bg0ylbUFtX1StlHhgA8sfid6YJR/faf8puWzBARfco1V/uhZmtgMXjiBmH3X2AXm
fLQde2FiJ8Mc0HC6IzmeTAPZCocX/JgD9pzPQ8brhxgAGPiF4/eQEcPEGDHXYnKf
mD1lYYBcgtdnVsEaSEo5X7z2neEBmBq0Yq3HMo/YVU9ah+VXm34dBu/I1i38qgGK
C+Vg2BpiH+bADw7pMqQ2RkyQa7GcLKQ0C6BeKDamKjwsMznQ46AyZpkh5RdaZ2id
vE591ClTbTf8MABD7ooatdq/IB30Ma2lbaSKqjfx+G96Wg==
-----END CERTIFICATE-----