Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/22/7bc3ab-d9b6-4ae4-bcd1-ce57150695a9/1/xE8eybApFqVSbYKrIDQy6BXD2ho.roa
File:                     xE8eybApFqVSbYKrIDQy6BXD2ho.roa (raw, json)
Hash identifier:          6JsTGB68xmzlh/fGKRVMVp79m97EJV+tsYBFQbB821o=
Subject key identifier:   C4:4F:1E:C9:B0:29:16:A5:52:6D:82:AB:20:34:32:E8:15:C3:DA:1A
Certificate issuer:       /CN=ec4fb061a9426e4fb2885d822867572a1b58a4c0
Certificate serial:       018CC86F9489EF1B8A723863764B486A459B
Authority key identifier: EC:4F:B0:61:A9:42:6E:4F:B2:88:5D:82:28:67:57:2A:1B:58:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7E-wYalCbk-yiF2CKGdXKhtYpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/22/7bc3ab-d9b6-4ae4-bcd1-ce57150695a9/1/xE8eybApFqVSbYKrIDQy6BXD2ho.roa
Signing time:             Tue 02 Jan 2024 04:30:04 +0000
ROA not before:           Tue 02 Jan 2024 04:30:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39753
IP address blocks:        2a0d:2406:400::/39 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/22/7bc3ab-d9b6-4ae4-bcd1-ce57150695a9/1/7E-wYalCbk-yiF2CKGdXKhtYpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/22/7bc3ab-d9b6-4ae4-bcd1-ce57150695a9/1/7E-wYalCbk-yiF2CKGdXKhtYpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7E-wYalCbk-yiF2CKGdXKhtYpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:94:89:ef:1b:8a:72:38:63:76:4b:48:6a:45:9b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ec4fb061a9426e4fb2885d822867572a1b58a4c0
        Validity
            Not Before: Jan  2 04:30:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c44f1ec9b02916a5526d82ab203432e815c3da1a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:a5:3f:7c:49:52:2c:61:eb:ac:fb:b1:14:cb:
                    1c:13:93:a4:32:68:fc:54:39:dc:b9:66:ba:6c:29:
                    30:df:5a:c5:ad:92:de:b7:9e:dd:93:30:8c:c8:98:
                    19:75:8d:52:0d:35:a8:59:3b:41:a3:16:a3:19:c2:
                    b9:89:aa:e6:ae:30:90:00:04:6f:ac:9b:fc:7b:72:
                    fa:83:d2:b4:46:69:39:de:96:d0:1d:36:c3:14:07:
                    b9:f4:82:4f:08:2c:e9:a3:57:55:63:c8:8d:d6:03:
                    b2:e8:8a:37:b0:64:98:92:19:7d:e4:91:d8:00:c1:
                    84:a8:97:dd:ba:b8:ec:d9:2e:87:b8:6f:43:d2:db:
                    29:25:3a:13:71:22:1b:82:75:e4:be:3c:6f:6b:ed:
                    7f:b5:2f:43:d4:93:5d:cf:ff:50:81:f5:a0:05:d5:
                    5d:d3:3b:c0:44:04:f0:1f:59:59:35:12:d1:f1:2e:
                    ce:f1:cd:08:74:0c:47:5c:11:06:9d:40:96:61:38:
                    75:fa:c1:77:a2:5d:25:68:2c:52:a1:40:93:3d:06:
                    56:9c:c5:17:70:a0:f3:d0:5a:96:96:9a:f6:20:45:
                    f0:1f:c3:76:4c:ca:6b:32:8f:b9:36:02:b8:f3:a4:
                    e4:4e:9d:ee:b9:1b:82:af:14:58:35:d1:f9:f2:12:
                    9c:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:4F:1E:C9:B0:29:16:A5:52:6D:82:AB:20:34:32:E8:15:C3:DA:1A
            X509v3 Authority Key Identifier:
                keyid:EC:4F:B0:61:A9:42:6E:4F:B2:88:5D:82:28:67:57:2A:1B:58:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7E-wYalCbk-yiF2CKGdXKhtYpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/22/7bc3ab-d9b6-4ae4-bcd1-ce57150695a9/1/xE8eybApFqVSbYKrIDQy6BXD2ho.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/22/7bc3ab-d9b6-4ae4-bcd1-ce57150695a9/1/7E-wYalCbk-yiF2CKGdXKhtYpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0d:2406:400::/39

    Signature Algorithm: sha256WithRSAEncryption
         80:d7:2d:a7:87:0a:75:6f:75:b9:0f:56:a0:ce:a6:d3:76:77:
         23:e8:73:fc:0c:26:c5:b4:81:c0:3c:08:0f:25:e3:c2:04:08:
         46:e6:f3:13:36:ea:c5:be:33:a6:49:11:6c:6a:b4:6c:d4:43:
         fb:5c:1d:15:c5:a3:fe:14:b9:de:bd:2e:50:8d:3c:bc:5d:39:
         98:2c:a7:d7:4b:14:d3:e5:9d:f8:63:91:16:85:9d:b2:4c:e6:
         71:aa:d6:92:34:6e:e9:bd:a0:69:03:a9:5b:cb:9b:65:5d:91:
         bd:ff:45:53:e8:33:5e:c1:8e:29:24:99:22:b0:13:0d:f9:6b:
         64:3f:1d:e5:32:3d:c8:4e:42:a8:dd:a9:0d:c7:9b:c5:61:12:
         2a:a5:01:ed:2f:d1:51:da:0e:13:f9:16:75:a2:f7:da:a8:f0:
         15:79:16:96:59:18:ec:d9:56:89:67:b0:d2:81:14:8a:26:1e:
         61:c0:90:5b:fc:23:0e:a9:2e:65:12:a1:aa:73:8f:42:fa:3a:
         1b:e5:08:b5:2e:77:11:83:42:14:dd:e4:a3:2e:ee:72:cf:05:
         da:fb:62:6e:bb:d9:d2:2b:19:1a:9f:3d:cd:c7:f5:1e:05:f6:
         e6:d4:4d:37:b2:c9:25:3f:03:4b:12:2d:c1:9f:91:23:a8:27:
         a0:8c:23:90
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzIb5SJ7xuKcjhjdktIakWbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVjNGZiMDYxYTk0MjZlNGZiMjg4NWQ4MjI4Njc1NzJhMWI1
OGE0YzAwHhcNMjQwMTAyMDQzMDA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNDRmMWVjOWIwMjkxNmE1NTI2ZDgyYWIyMDM0MzJlODE1YzNkYTFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAraU/fElSLGHrrPuxFMscE5OkMmj8
VDncuWa6bCkw31rFrZLet57dkzCMyJgZdY1SDTWoWTtBoxajGcK5iarmrjCQAARv
rJv8e3L6g9K0Rmk53pbQHTbDFAe59IJPCCzpo1dVY8iN1gOy6Io3sGSYkhl95JHY
AMGEqJfdurjs2S6HuG9D0tspJToTcSIbgnXkvjxva+1/tS9D1JNdz/9QgfWgBdVd
0zvARATwH1lZNRLR8S7O8c0IdAxHXBEGnUCWYTh1+sF3ol0laCxSoUCTPQZWnMUX
cKDz0FqWlpr2IEXwH8N2TMprMo+5NgK486TkTp3uuRuCrxRYNdH58hKcHwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFMRPHsmwKRalUm2CqyA0MugVw9oaMB8GA1UdIwQY
MBaAFOxPsGGpQm5PsohdgihnVyobWKTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN0Utd1lhbENiay15aUYyQ0tHZFhLaHRZcE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMi83YmMzYWItZDliNi00YWU0LWJjZDEt
Y2U1NzE1MDY5NWE5LzEveEU4ZXliQXBGcVZTYllLcklEUXk2QlhEMmhvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMi83YmMzYWItZDliNi00YWU0LWJjZDEtY2U1NzE1MDY5NWE5
LzEvN0Utd1lhbENiay15aUYyQ0tHZFhLaHRZcE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYBKg0kBgQw
DQYJKoZIhvcNAQELBQADggEBAIDXLaeHCnVvdbkPVqDOptN2dyPoc/wMJsW0gcA8
CA8l48IECEbm8xM26sW+M6ZJEWxqtGzUQ/tcHRXFo/4Uud69LlCNPLxdOZgsp9dL
FNPlnfhjkRaFnbJM5nGq1pI0bum9oGkDqVvLm2Vdkb3/RVPoM17BjikkmSKwEw35
a2Q/HeUyPchOQqjdqQ3Hm8VhEiqlAe0v0VHaDhP5FnWi99qo8BV5FpZZGOzZVoln
sNKBFIomHmHAkFv8Iw6pLmUSoapzj0L6OhvlCLUudxGDQhTd5KMu7nLPBdr7Ym67
2dIrGRqfPc3H9R4F9ubUTTeyySU/A0sSLcGfkSOoJ6CMI5A=
-----END CERTIFICATE-----