Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0d/7583cb-d31e-4e03-b14b-b20e28f5188f/1/nTsUj7kifBjaOhZ7KP00q6rDg7k.roa
File:                     nTsUj7kifBjaOhZ7KP00q6rDg7k.roa (raw, json)
Hash identifier:          lz+vPetPmK6koFSS3ezJ61iozctQZOXK9IbQY4Nq8Qw=
Subject key identifier:   9D:3B:14:8F:B9:22:7C:18:DA:3A:16:7B:28:FD:34:AB:AA:C3:83:B9
Certificate issuer:       /CN=3a0b05f40a6916394782302d1b5660737257a48b
Certificate serial:       018CC50158A4875BF914DCDCB05379F73889
Authority key identifier: 3A:0B:05:F4:0A:69:16:39:47:82:30:2D:1B:56:60:73:72:57:A4:8B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OgsF9AppFjlHgjAtG1Zgc3JXpIs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0d/7583cb-d31e-4e03-b14b-b20e28f5188f/1/nTsUj7kifBjaOhZ7KP00q6rDg7k.roa
Signing time:             Mon 01 Jan 2024 12:30:48 +0000
ROA not before:           Mon 01 Jan 2024 12:30:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200334
IP address blocks:        2a0f:6580:104::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0d/7583cb-d31e-4e03-b14b-b20e28f5188f/1/OgsF9AppFjlHgjAtG1Zgc3JXpIs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0d/7583cb-d31e-4e03-b14b-b20e28f5188f/1/OgsF9AppFjlHgjAtG1Zgc3JXpIs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OgsF9AppFjlHgjAtG1Zgc3JXpIs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:58:a4:87:5b:f9:14:dc:dc:b0:53:79:f7:38:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3a0b05f40a6916394782302d1b5660737257a48b
        Validity
            Not Before: Jan  1 12:30:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9d3b148fb9227c18da3a167b28fd34abaac383b9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:5b:10:14:e9:f9:f3:d5:d5:c9:c2:34:2b:9d:
                    7b:7e:3d:3a:36:ea:e9:c2:a7:f7:53:d0:52:e3:c2:
                    78:16:ce:89:24:d0:ce:ef:ae:da:c3:ac:4b:36:40:
                    2f:ce:26:a5:1d:37:a2:3c:bd:39:ad:98:05:76:bb:
                    b7:31:6f:ec:38:46:08:5b:42:42:06:2f:8b:d5:78:
                    1d:6d:0a:2b:71:43:ab:55:e2:9d:81:b2:1e:35:2f:
                    2e:84:d2:ce:32:0b:22:47:2f:ab:96:39:99:15:ce:
                    49:98:4d:b0:7f:55:2b:2d:97:25:a6:80:a3:7a:ca:
                    67:a6:ae:7a:6f:8f:ec:48:9b:91:ac:64:85:a7:c0:
                    e3:89:6c:28:6d:a1:69:dc:9b:92:43:70:2d:38:36:
                    06:5f:ad:69:61:43:1f:fa:5a:3a:dc:9a:e4:f6:a1:
                    33:9b:08:1b:50:36:3c:90:5b:fb:66:01:8a:85:40:
                    e8:f8:cc:72:49:9d:27:50:ed:7d:15:41:2e:03:8f:
                    aa:6d:2b:bd:98:bc:3c:82:21:7a:6a:0f:12:0d:7d:
                    e3:75:c8:33:d5:8d:0b:aa:f6:85:8a:a1:a4:86:12:
                    30:2c:54:d9:a3:1a:ad:3a:4c:50:21:0f:ec:b4:ee:
                    d7:73:c1:ba:2f:fe:59:1e:27:78:65:99:51:f5:29:
                    22:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:3B:14:8F:B9:22:7C:18:DA:3A:16:7B:28:FD:34:AB:AA:C3:83:B9
            X509v3 Authority Key Identifier:
                keyid:3A:0B:05:F4:0A:69:16:39:47:82:30:2D:1B:56:60:73:72:57:A4:8B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OgsF9AppFjlHgjAtG1Zgc3JXpIs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/7583cb-d31e-4e03-b14b-b20e28f5188f/1/nTsUj7kifBjaOhZ7KP00q6rDg7k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/7583cb-d31e-4e03-b14b-b20e28f5188f/1/OgsF9AppFjlHgjAtG1Zgc3JXpIs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:6580:104::/48

    Signature Algorithm: sha256WithRSAEncryption
         61:93:b4:5f:c7:29:55:3a:79:f4:29:0a:eb:3f:2b:a0:76:f9:
         1c:54:a3:61:80:d1:50:ab:08:c7:5b:a2:2d:90:9f:08:99:67:
         46:12:fd:a3:3a:1c:fd:ca:c1:89:0e:6b:20:f9:49:23:18:92:
         41:3a:f2:31:3e:b5:38:66:64:49:0b:e1:a0:be:8c:53:ad:0c:
         e9:82:b3:8b:fb:22:20:6a:dc:4d:78:95:67:32:df:74:f8:42:
         0f:08:c2:d4:df:2e:8b:d2:40:3f:ec:3e:a8:aa:98:76:10:42:
         c6:dc:dc:d2:ba:4f:8d:ad:5c:8a:25:34:bb:93:3b:9f:54:83:
         d1:4b:f9:32:88:20:8b:e7:bd:4e:42:36:ca:14:55:8e:30:4a:
         75:08:43:20:c9:68:1a:9e:30:68:72:a6:ae:8c:30:c6:3f:23:
         89:1d:38:2d:94:ea:73:9f:36:90:00:17:c6:76:dd:99:51:1a:
         62:16:24:f7:06:dc:51:b3:b9:1b:ee:73:76:1a:99:32:fd:07:
         35:df:30:85:12:d5:9c:2d:92:95:b0:0d:45:b6:7b:bb:b8:28:
         b4:f5:7f:10:4a:d3:0a:f6:4e:8c:9e:f4:3d:71:16:66:61:d4:
         e6:d6:52:b5:16:39:d8:24:6f:cc:bb:c1:e9:42:65:0f:07:21:
         ac:b1:4a:82
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzFAVikh1v5FNzcsFN59ziJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhMGIwNWY0MGE2OTE2Mzk0NzgyMzAyZDFiNTY2MDczNzI1
N2E0OGIwHhcNMjQwMTAxMTIzMDQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZDNiMTQ4ZmI5MjI3YzE4ZGEzYTE2N2IyOGZkMzRhYmFhYzM4M2I5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkVsQFOn589XVycI0K517fj06Nurp
wqf3U9BS48J4Fs6JJNDO767aw6xLNkAvzialHTeiPL05rZgFdru3MW/sOEYIW0JC
Bi+L1XgdbQorcUOrVeKdgbIeNS8uhNLOMgsiRy+rljmZFc5JmE2wf1UrLZclpoCj
espnpq56b4/sSJuRrGSFp8DjiWwobaFp3JuSQ3AtODYGX61pYUMf+lo63Jrk9qEz
mwgbUDY8kFv7ZgGKhUDo+MxySZ0nUO19FUEuA4+qbSu9mLw8giF6ag8SDX3jdcgz
1Y0LqvaFiqGkhhIwLFTZoxqtOkxQIQ/stO7Xc8G6L/5ZHid4ZZlR9SkiWwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFJ07FI+5InwY2joWeyj9NKuqw4O5MB8GA1UdIwQY
MBaAFDoLBfQKaRY5R4IwLRtWYHNyV6SLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT2dzRjlBcHBGamxIZ2pBdEcxWmdjM0pYcElzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZC83NTgzY2ItZDMxZS00ZTAzLWIxNGIt
YjIwZTI4ZjUxODhmLzEvblRzVWo3a2lmQmphT2haN0tQMDBxNnJEZzdrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZC83NTgzY2ItZDMxZS00ZTAzLWIxNGItYjIwZTI4ZjUxODhm
LzEvT2dzRjlBcHBGamxIZ2pBdEcxWmdjM0pYcElzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg9lgAEE
MA0GCSqGSIb3DQEBCwUAA4IBAQBhk7RfxylVOnn0KQrrPyugdvkcVKNhgNFQqwjH
W6ItkJ8ImWdGEv2jOhz9ysGJDmsg+UkjGJJBOvIxPrU4ZmRJC+GgvoxTrQzpgrOL
+yIgatxNeJVnMt90+EIPCMLU3y6L0kA/7D6oqph2EELG3NzSuk+NrVyKJTS7kzuf
VIPRS/kyiCCL571OQjbKFFWOMEp1CEMgyWganjBocqaujDDGPyOJHTgtlOpznzaQ
ABfGdt2ZURpiFiT3BtxRs7kb7nN2Gpky/Qc13zCFEtWcLZKVsA1Ftnu7uCi09X8Q
StMK9k6MnvQ9cRZmYdTm1lK1FjnYJG/Mu8HpQmUPByGssUqC
-----END CERTIFICATE-----