Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f9/143392-d868-4a26-8543-3aa2227badfe/1/KWTgRyK6JpAIWb0WvB_PSOMrVuk.roa
File:                     KWTgRyK6JpAIWb0WvB_PSOMrVuk.roa (raw, json)
Hash identifier:          f71QPd1W6/phYxy2IiNBRnGrJ/mQmEmHBezRjbFzY5s=
Subject key identifier:   29:64:E0:47:22:BA:26:90:08:59:BD:16:BC:1F:CF:48:E3:2B:56:E9
Certificate issuer:       /CN=5524b2e26dd3afcc5c1eac01f90263d201fbe099
Certificate serial:       018F78AE65DBCD4CF8797815ABF08C1D5E2D
Authority key identifier: 55:24:B2:E2:6D:D3:AF:CC:5C:1E:AC:01:F9:02:63:D2:01:FB:E0:99
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VSSy4m3Tr8xcHqwB-QJj0gH74Jk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f9/143392-d868-4a26-8543-3aa2227badfe/1/KWTgRyK6JpAIWb0WvB_PSOMrVuk.roa
Signing time:             Tue 14 May 2024 19:57:26 +0000
ROA not before:           Tue 14 May 2024 19:57:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216213
IP address blocks:        2a13:4a80::/29 maxlen: 29
                          2a13:e0c0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f9/143392-d868-4a26-8543-3aa2227badfe/1/VSSy4m3Tr8xcHqwB-QJj0gH74Jk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f9/143392-d868-4a26-8543-3aa2227badfe/1/VSSy4m3Tr8xcHqwB-QJj0gH74Jk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VSSy4m3Tr8xcHqwB-QJj0gH74Jk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:78:ae:65:db:cd:4c:f8:79:78:15:ab:f0:8c:1d:5e:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5524b2e26dd3afcc5c1eac01f90263d201fbe099
        Validity
            Not Before: May 14 19:57:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2964e04722ba26900859bd16bc1fcf48e32b56e9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:43:29:78:1a:3a:15:93:f3:86:00:14:2b:1f:
                    a3:f4:ea:6d:a4:65:38:18:8f:fe:88:1e:c3:5e:40:
                    53:1f:f9:b3:25:7b:9a:8e:7b:02:71:f6:44:c5:12:
                    fd:2a:0b:49:53:f0:52:24:a3:cf:e3:68:7a:2b:f2:
                    36:28:71:66:fa:bb:8f:65:5c:68:2f:2e:83:d1:9b:
                    79:bb:74:47:6c:1f:4e:6e:dc:ae:30:47:ea:95:37:
                    b9:38:8e:e5:88:32:87:2d:d2:71:7a:02:ed:1f:41:
                    d8:ca:94:00:cd:52:4d:43:25:94:02:26:f8:59:31:
                    eb:f3:a7:96:f0:1f:06:72:9e:93:64:83:e1:15:13:
                    8b:17:cb:20:47:b4:93:cb:90:e2:1e:4d:f7:38:08:
                    74:fb:2c:13:8b:bd:9f:50:94:d6:33:e6:41:6c:e1:
                    09:03:7c:d6:81:16:08:59:8c:83:a4:fc:ea:0e:e4:
                    61:55:fa:35:67:b3:8d:4b:a1:79:c9:39:5d:8e:b6:
                    4b:74:f6:42:ae:84:00:ff:be:a7:96:c5:a0:e7:8e:
                    09:dc:e5:d0:ae:34:da:21:9c:13:dc:62:98:e3:9f:
                    4a:0e:1b:3b:15:20:3f:a1:eb:06:58:76:ae:6f:2b:
                    f4:5a:70:09:c5:3c:d9:ed:42:58:be:69:f8:25:99:
                    90:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:64:E0:47:22:BA:26:90:08:59:BD:16:BC:1F:CF:48:E3:2B:56:E9
            X509v3 Authority Key Identifier:
                keyid:55:24:B2:E2:6D:D3:AF:CC:5C:1E:AC:01:F9:02:63:D2:01:FB:E0:99

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VSSy4m3Tr8xcHqwB-QJj0gH74Jk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/143392-d868-4a26-8543-3aa2227badfe/1/KWTgRyK6JpAIWb0WvB_PSOMrVuk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/143392-d868-4a26-8543-3aa2227badfe/1/VSSy4m3Tr8xcHqwB-QJj0gH74Jk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:4a80::/29
                  2a13:e0c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         18:f0:b6:a2:4f:1a:05:0f:d6:cc:3a:9d:b4:71:16:a0:25:c8:
         f1:25:5d:74:24:33:6c:29:fc:3e:5a:a7:dd:74:da:ce:1b:9c:
         47:04:63:71:66:60:1b:d1:c0:c6:fe:8d:9b:0a:66:e0:e7:b7:
         3d:4f:ee:10:2c:05:71:06:92:a6:98:e0:f0:f1:a2:06:c6:c4:
         04:d8:f2:e8:13:ac:18:8c:2e:5e:c7:42:e0:ba:1f:b8:4d:5d:
         56:a0:b7:a9:38:b4:16:db:64:bd:62:19:bb:c9:91:f0:7e:72:
         7a:1f:4b:8c:4f:f8:2b:dd:09:d2:6f:bc:a6:8a:7f:34:ef:4f:
         aa:31:c5:1b:df:03:fc:c5:9a:8d:63:79:83:69:61:f8:6c:32:
         47:15:62:8a:a5:1d:e9:62:ff:04:b2:90:2a:51:d8:6e:ad:aa:
         89:65:59:a5:0f:da:0b:d5:b3:56:03:4e:5a:7d:cf:97:37:ec:
         a4:fb:56:7d:5c:92:76:c7:15:c9:3b:64:fc:ea:90:ff:8a:72:
         ec:c3:22:d4:2f:a4:ad:54:45:9b:73:95:ad:ac:09:8d:6e:7f:
         64:28:50:f3:f4:d1:8a:23:32:42:50:23:2f:cd:c5:82:95:fd:
         32:c2:d1:ba:4e:6e:f8:23:ca:38:42:68:92:04:39:66:5d:1b:
         f1:11:9b:92
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAY94rmXbzUz4eXgVq/CMHV4tMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU1MjRiMmUyNmRkM2FmY2M1YzFlYWMwMWY5MDI2M2QyMDFm
YmUwOTkwHhcNMjQwNTE0MTk1NzI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOTY0ZTA0NzIyYmEyNjkwMDg1OWJkMTZiYzFmY2Y0OGUzMmI1NmU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlkMpeBo6FZPzhgAUKx+j9OptpGU4
GI/+iB7DXkBTH/mzJXuajnsCcfZExRL9KgtJU/BSJKPP42h6K/I2KHFm+ruPZVxo
Ly6D0Zt5u3RHbB9ObtyuMEfqlTe5OI7liDKHLdJxegLtH0HYypQAzVJNQyWUAib4
WTHr86eW8B8Gcp6TZIPhFROLF8sgR7STy5DiHk33OAh0+ywTi72fUJTWM+ZBbOEJ
A3zWgRYIWYyDpPzqDuRhVfo1Z7ONS6F5yTldjrZLdPZCroQA/76nlsWg544J3OXQ
rjTaIZwT3GKY459KDhs7FSA/oesGWHaubyv0WnAJxTzZ7UJYvmn4JZmQbQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFClk4EciuiaQCFm9Frwfz0jjK1bpMB8GA1UdIwQY
MBaAFFUksuJt06/MXB6sAfkCY9IB++CZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVlNTeTRtM1RyOHhjSHF3Qi1RSmowZ0g3NEprLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOS8xNDMzOTItZDg2OC00YTI2LTg1NDMt
M2FhMjIyN2JhZGZlLzEvS1dUZ1J5SzZKcEFJV2IwV3ZCX1BTT01yVnVrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOS8xNDMzOTItZDg2OC00YTI2LTg1NDMtM2FhMjIyN2JhZGZl
LzEvVlNTeTRtM1RyOHhjSHF3Qi1RSmowZ0g3NEprLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAAjAOAwUDKhNKgAMF
AyoT4MAwDQYJKoZIhvcNAQELBQADggEBABjwtqJPGgUP1sw6nbRxFqAlyPElXXQk
M2wp/D5ap9102s4bnEcEY3FmYBvRwMb+jZsKZuDntz1P7hAsBXEGkqaY4PDxogbG
xATY8ugTrBiMLl7HQuC6H7hNXVagt6k4tBbbZL1iGbvJkfB+cnofS4xP+CvdCdJv
vKaKfzTvT6oxxRvfA/zFmo1jeYNpYfhsMkcVYoqlHeli/wSykCpR2G6tqollWaUP
2gvVs1YDTlp9z5c37KT7Vn1cknbHFck7ZPzqkP+KcuzDItQvpK1URZtzla2sCY1u
f2QoUPP00YojMkJQIy/NxYKV/TLC0bpObvgjyjhCaJIEOWZdG/ERm5I=
-----END CERTIFICATE-----