Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/01/ee8b98-7240-4b62-acc5-780a25cd0dd9/1/26EmO6uBiHYXV62aFpjdchtmSMA.roa
File:                     26EmO6uBiHYXV62aFpjdchtmSMA.roa (raw, json)
Hash identifier:          UJkC5XOjBrepJgcTv6AolPWYcIPAR8vx4EgCQ/0zz54=
Subject key identifier:   DB:A1:26:3B:AB:81:88:76:17:57:AD:9A:16:98:DD:72:1B:66:48:C0
Certificate issuer:       /CN=4d5a2921fbeb8a448e7ae1ec5a11b8ab898d22fd
Certificate serial:       018CC9BC8DE098E1E4952CE717548006010A
Authority key identifier: 4D:5A:29:21:FB:EB:8A:44:8E:7A:E1:EC:5A:11:B8:AB:89:8D:22:FD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TVopIfvrikSOeuHsWhG4q4mNIv0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/01/ee8b98-7240-4b62-acc5-780a25cd0dd9/1/26EmO6uBiHYXV62aFpjdchtmSMA.roa
Signing time:             Tue 02 Jan 2024 10:33:46 +0000
ROA not before:           Tue 02 Jan 2024 10:33:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15562
IP address blocks:        2001:728:1808::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/01/ee8b98-7240-4b62-acc5-780a25cd0dd9/1/TVopIfvrikSOeuHsWhG4q4mNIv0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/01/ee8b98-7240-4b62-acc5-780a25cd0dd9/1/TVopIfvrikSOeuHsWhG4q4mNIv0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TVopIfvrikSOeuHsWhG4q4mNIv0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 20:58:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:8d:e0:98:e1:e4:95:2c:e7:17:54:80:06:01:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4d5a2921fbeb8a448e7ae1ec5a11b8ab898d22fd
        Validity
            Not Before: Jan  2 10:33:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dba1263bab8188761757ad9a1698dd721b6648c0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:93:79:d7:50:04:17:b9:8f:86:d8:ce:52:ec:
                    0f:c7:71:74:68:b7:92:0a:e8:a3:be:34:d1:7e:79:
                    19:05:af:48:07:f6:fe:af:9d:8e:f1:33:9c:af:34:
                    88:90:f8:83:29:9d:00:10:75:83:6e:db:44:13:69:
                    f1:71:94:58:d4:ba:c1:01:b5:87:01:04:33:a8:f4:
                    48:12:9b:c4:5c:56:1b:52:66:f5:2b:a7:a8:d5:40:
                    81:00:7b:a5:df:ac:d7:9c:c7:b6:7d:a0:fd:37:b0:
                    83:61:08:4a:65:0d:16:37:31:d1:bd:2e:ca:3b:ee:
                    ec:c2:7d:93:5c:8c:52:6a:27:bf:b2:d6:3b:1b:01:
                    ed:97:d9:11:85:dc:58:55:4f:c6:30:21:62:4e:a5:
                    6d:a7:5e:b9:35:cb:51:e6:87:a6:e0:48:c0:93:8f:
                    8d:cc:15:42:c6:13:1c:6a:d9:d5:17:c9:48:d4:af:
                    72:f8:9e:f1:99:c0:2e:c0:ac:af:11:1b:88:ec:58:
                    ec:87:a4:03:c3:71:99:fc:fd:34:dd:39:19:db:46:
                    47:53:67:db:cd:d8:a7:84:89:c0:4a:64:ff:f8:df:
                    5f:5d:d3:5f:80:e8:a0:23:f9:97:04:af:c9:38:60:
                    41:0a:00:1e:d1:b9:68:2a:ef:bb:04:aa:16:ae:22:
                    37:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:A1:26:3B:AB:81:88:76:17:57:AD:9A:16:98:DD:72:1B:66:48:C0
            X509v3 Authority Key Identifier:
                keyid:4D:5A:29:21:FB:EB:8A:44:8E:7A:E1:EC:5A:11:B8:AB:89:8D:22:FD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TVopIfvrikSOeuHsWhG4q4mNIv0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/ee8b98-7240-4b62-acc5-780a25cd0dd9/1/26EmO6uBiHYXV62aFpjdchtmSMA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/01/ee8b98-7240-4b62-acc5-780a25cd0dd9/1/TVopIfvrikSOeuHsWhG4q4mNIv0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:728:1808::/48

    Signature Algorithm: sha256WithRSAEncryption
         5a:de:d9:3c:53:44:29:13:ed:48:dd:49:b3:97:e2:08:d8:af:
         1e:1d:ec:b2:e6:0e:c9:fc:b7:b5:ff:bc:2b:a3:47:07:74:3f:
         cc:a7:36:46:95:f5:24:c6:93:d1:ae:ad:b6:bc:26:ce:e6:9d:
         59:3d:e6:3c:85:ae:3b:52:a5:93:6f:61:ff:97:1a:ce:66:b8:
         41:e3:02:81:86:84:bf:79:e7:c3:fa:ff:32:3b:02:e4:c6:25:
         ce:f6:54:ff:aa:96:15:ce:b4:e5:ae:af:0b:0b:ba:71:3c:0c:
         c9:2a:6b:b3:91:54:91:a9:5f:7f:6f:52:9d:3c:8a:a4:93:f6:
         a7:14:e6:e3:19:29:c0:88:76:09:36:23:a8:c1:b5:62:23:95:
         69:47:b6:c5:4b:84:da:1f:69:72:20:e8:a2:31:ca:d3:7b:84:
         95:14:88:64:6c:00:55:e0:58:39:3c:30:58:9f:61:0b:d7:80:
         9f:f9:67:16:f7:4a:59:af:52:0b:8c:02:ee:69:8d:b3:e2:8b:
         8f:52:56:5c:dd:0b:13:2c:7b:66:52:4e:91:d3:34:40:d7:9a:
         27:ec:47:b2:5e:46:d6:f6:71:d3:3f:fe:dc:10:7b:52:b5:e0:
         cd:b1:dc:0e:be:a8:a9:31:3b:c7:40:b9:01:78:b1:5c:f2:88:
         cb:24:72:b6
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzJvI3gmOHklSznF1SABgEKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRkNWEyOTIxZmJlYjhhNDQ4ZTdhZTFlYzVhMTFiOGFiODk4
ZDIyZmQwHhcNMjQwMTAyMTAzMzQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYmExMjYzYmFiODE4ODc2MTc1N2FkOWExNjk4ZGQ3MjFiNjY0OGMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAppN511AEF7mPhtjOUuwPx3F0aLeS
CuijvjTRfnkZBa9IB/b+r52O8TOcrzSIkPiDKZ0AEHWDbttEE2nxcZRY1LrBAbWH
AQQzqPRIEpvEXFYbUmb1K6eo1UCBAHul36zXnMe2faD9N7CDYQhKZQ0WNzHRvS7K
O+7swn2TXIxSaie/stY7GwHtl9kRhdxYVU/GMCFiTqVtp165NctR5oem4EjAk4+N
zBVCxhMcatnVF8lI1K9y+J7xmcAuwKyvERuI7Fjsh6QDw3GZ/P003TkZ20ZHU2fb
zdinhInASmT/+N9fXdNfgOigI/mXBK/JOGBBCgAe0bloKu+7BKoWriI3ZwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFNuhJjurgYh2F1etmhaY3XIbZkjAMB8GA1UdIwQY
MBaAFE1aKSH764pEjnrh7FoRuKuJjSL9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVFZvcElmdnJpa1NPZXVIc1doRzRxNG1OSXYwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMS9lZThiOTgtNzI0MC00YjYyLWFjYzUt
NzgwYTI1Y2QwZGQ5LzEvMjZFbU82dUJpSFlYVjYyYUZwamRjaHRtU01BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMS9lZThiOTgtNzI0MC00YjYyLWFjYzUtNzgwYTI1Y2QwZGQ5
LzEvVFZvcElmdnJpa1NPZXVIc1doRzRxNG1OSXYwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEHKBgI
MA0GCSqGSIb3DQEBCwUAA4IBAQBa3tk8U0QpE+1I3Umzl+II2K8eHeyy5g7J/Le1
/7wro0cHdD/MpzZGlfUkxpPRrq22vCbO5p1ZPeY8ha47UqWTb2H/lxrOZrhB4wKB
hoS/eefD+v8yOwLkxiXO9lT/qpYVzrTlrq8LC7pxPAzJKmuzkVSRqV9/b1KdPIqk
k/anFObjGSnAiHYJNiOowbViI5VpR7bFS4TaH2lyIOiiMcrTe4SVFIhkbABV4Fg5
PDBYn2EL14Cf+WcW90pZr1ILjALuaY2z4ouPUlZc3QsTLHtmUk6R0zRA15on7Eey
XkbW9nHTP/7cEHtSteDNsdwOvqipMTvHQLkBeLFc8ojLJHK2
-----END CERTIFICATE-----