Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/ec44ea-ef43-4b3a-a69a-b4cb637da8c3/1/oylhCGOREsIo8jHEk5gk_LxHAhI.roa
File:                     oylhCGOREsIo8jHEk5gk_LxHAhI.roa (raw, json)
Hash identifier:          qkFmAooASJ9WLJEN+aOvuiiI6R3sk1+rQ1mYQ/xPAKM=
Subject key identifier:   A3:29:61:08:63:91:12:C2:28:F2:31:C4:93:98:24:FC:BC:47:02:12
Certificate issuer:       /CN=a2b12e8df3abd5559f9cf9680af65dd16589de86
Certificate serial:       018CC5DCEEB8A706F450013C0425ECE9D5AC
Authority key identifier: A2:B1:2E:8D:F3:AB:D5:55:9F:9C:F9:68:0A:F6:5D:D1:65:89:DE:86
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/orEujfOr1VWfnPloCvZd0WWJ3oY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/ec44ea-ef43-4b3a-a69a-b4cb637da8c3/1/oylhCGOREsIo8jHEk5gk_LxHAhI.roa
Signing time:             Mon 01 Jan 2024 16:30:39 +0000
ROA not before:           Mon 01 Jan 2024 16:30:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208545
IP address blocks:        2a01:170:1050::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/ec44ea-ef43-4b3a-a69a-b4cb637da8c3/1/orEujfOr1VWfnPloCvZd0WWJ3oY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/ec44ea-ef43-4b3a-a69a-b4cb637da8c3/1/orEujfOr1VWfnPloCvZd0WWJ3oY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/orEujfOr1VWfnPloCvZd0WWJ3oY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 22 Jun 2024 09:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:ee:b8:a7:06:f4:50:01:3c:04:25:ec:e9:d5:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a2b12e8df3abd5559f9cf9680af65dd16589de86
        Validity
            Not Before: Jan  1 16:30:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a3296108639112c228f231c4939824fcbc470212
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:0f:d3:c5:53:3f:9d:58:12:51:94:12:d6:bc:
                    c5:1b:5b:44:29:a2:84:48:27:7a:43:21:57:fd:61:
                    79:23:0a:8c:61:76:4e:b5:35:f8:66:da:73:87:fa:
                    36:83:63:d8:66:f5:2f:e8:9d:cb:ae:ed:f1:5b:38:
                    d4:de:4c:6b:71:0d:20:fb:84:19:70:c8:ec:53:3d:
                    76:1a:c6:ff:ea:ca:63:4c:34:41:77:a9:7b:e9:34:
                    0b:73:4e:1d:a3:94:cb:ca:fc:3c:23:85:cc:61:62:
                    94:7c:b6:2d:7f:a6:09:59:8a:b8:2f:2a:6d:f6:86:
                    0b:8f:e2:b5:82:9a:fd:ef:d0:58:67:12:18:9b:d4:
                    4b:20:85:15:ec:a5:fa:0f:e0:12:27:6a:8f:ca:a4:
                    21:59:42:7a:16:4d:7e:fa:ad:20:ad:0f:cc:f6:5b:
                    9f:4b:61:8f:49:b0:88:d8:a9:49:f9:e3:0a:c1:30:
                    a5:95:61:6d:3e:4a:3a:d1:11:f1:e7:9e:9b:25:32:
                    54:f1:4a:16:4e:9f:c1:12:51:92:c0:88:9c:5f:7f:
                    aa:0f:08:ff:21:50:30:5f:2b:d4:23:7c:1a:ac:32:
                    a0:80:61:07:10:a0:17:c0:25:ef:5c:12:aa:04:0d:
                    c2:88:fb:27:da:e9:67:1c:09:32:4d:22:2f:56:06:
                    4a:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:29:61:08:63:91:12:C2:28:F2:31:C4:93:98:24:FC:BC:47:02:12
            X509v3 Authority Key Identifier:
                keyid:A2:B1:2E:8D:F3:AB:D5:55:9F:9C:F9:68:0A:F6:5D:D1:65:89:DE:86

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/orEujfOr1VWfnPloCvZd0WWJ3oY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ec44ea-ef43-4b3a-a69a-b4cb637da8c3/1/oylhCGOREsIo8jHEk5gk_LxHAhI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ec44ea-ef43-4b3a-a69a-b4cb637da8c3/1/orEujfOr1VWfnPloCvZd0WWJ3oY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:170:1050::/48

    Signature Algorithm: sha256WithRSAEncryption
         ab:19:c6:4f:c8:15:35:0a:2b:c1:26:0a:47:bd:3b:26:55:d0:
         73:da:50:cd:eb:3f:53:aa:77:1f:bf:a7:11:37:8c:7c:c5:4d:
         c6:6e:f9:7e:db:6c:83:35:ac:d3:c1:32:be:96:15:c0:fe:24:
         28:22:2a:e3:03:28:63:aa:54:ec:5b:6d:1a:d3:da:db:ce:9f:
         0e:e2:ae:ed:72:05:14:e5:36:32:62:17:83:f1:c1:a8:2a:c5:
         d2:a8:6a:d3:9c:00:03:56:03:62:e5:5f:8c:14:ce:17:e7:e0:
         1a:f2:ff:5c:c0:80:45:a7:d7:1f:b1:18:a7:fd:a8:99:7c:dc:
         92:23:51:0f:e3:67:5f:96:3c:75:14:8a:91:64:89:8b:9a:4e:
         1b:b8:6f:c2:6b:d0:61:a9:98:39:0f:28:bd:0e:5d:c7:34:7f:
         a5:9f:9d:10:bc:d0:e7:89:06:9d:86:d9:13:7f:6f:3d:d7:9e:
         9d:8a:a0:55:a7:a6:95:78:98:6d:95:df:ed:8f:d5:d5:77:95:
         35:ce:66:59:e8:00:a4:ea:ab:34:09:f4:f0:2c:b8:0c:5a:de:
         58:9d:0c:1b:c0:11:4e:7c:e6:b3:00:1f:ae:2e:e7:30:59:78:
         61:9c:24:35:e2:1b:2e:de:4a:55:46:a6:f5:20:84:c5:36:ef:
         f7:4f:2a:69
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzF3O64pwb0UAE8BCXs6dWsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEyYjEyZThkZjNhYmQ1NTU5ZjljZjk2ODBhZjY1ZGQxNjU4
OWRlODYwHhcNMjQwMTAxMTYzMDM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMzI5NjEwODYzOTExMmMyMjhmMjMxYzQ5Mzk4MjRmY2JjNDcwMjEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjA/TxVM/nVgSUZQS1rzFG1tEKaKE
SCd6QyFX/WF5IwqMYXZOtTX4Ztpzh/o2g2PYZvUv6J3Lru3xWzjU3kxrcQ0g+4QZ
cMjsUz12Gsb/6spjTDRBd6l76TQLc04do5TLyvw8I4XMYWKUfLYtf6YJWYq4Lypt
9oYLj+K1gpr979BYZxIYm9RLIIUV7KX6D+ASJ2qPyqQhWUJ6Fk1++q0grQ/M9luf
S2GPSbCI2KlJ+eMKwTCllWFtPko60RHx556bJTJU8UoWTp/BElGSwIicX3+qDwj/
IVAwXyvUI3warDKggGEHEKAXwCXvXBKqBA3CiPsn2ulnHAkyTSIvVgZKDwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFKMpYQhjkRLCKPIxxJOYJPy8RwISMB8GA1UdIwQY
MBaAFKKxLo3zq9VVn5z5aAr2XdFlid6GMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb3JFdWpmT3IxVldmblBsb0N2WmQwV1dKM29ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9lYzQ0ZWEtZWY0My00YjNhLWE2OWEt
YjRjYjYzN2RhOGMzLzEvb3lsaENHT1JFc0lvOGpIRWs1Z2tfTHhIQWhJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9lYzQ0ZWEtZWY0My00YjNhLWE2OWEtYjRjYjYzN2RhOGMz
LzEvb3JFdWpmT3IxVldmblBsb0N2WmQwV1dKM29ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgEBcBBQ
MA0GCSqGSIb3DQEBCwUAA4IBAQCrGcZPyBU1CivBJgpHvTsmVdBz2lDN6z9Tqncf
v6cRN4x8xU3Gbvl+22yDNazTwTK+lhXA/iQoIirjAyhjqlTsW20a09rbzp8O4q7t
cgUU5TYyYheD8cGoKsXSqGrTnAADVgNi5V+MFM4X5+Aa8v9cwIBFp9cfsRin/aiZ
fNySI1EP42dfljx1FIqRZImLmk4buG/Ca9BhqZg5Dyi9Dl3HNH+ln50QvNDniQad
htkTf289156diqBVp6aVeJhtld/tj9XVd5U1zmZZ6ACk6qs0CfTwLLgMWt5YnQwb
wBFOfOazAB+uLucwWXhhnCQ14hsu3kpVRqb1IITFNu/3Typp
-----END CERTIFICATE-----