Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/e5556c-cfea-4972-aaf8-17a1dcdcc6e0/1/mStKCbco3r4AzhrwvQMenhyF68I.roa
File:                     mStKCbco3r4AzhrwvQMenhyF68I.roa (raw, json)
Hash identifier:          DnhCnaHkJAvrd3xjWo0uI1p14O8VodCKhtcgSlVFarI=
Subject key identifier:   99:2B:4A:09:B7:28:DE:BE:00:CE:1A:F0:BD:03:1E:9E:1C:85:EB:C2
Certificate issuer:       /CN=74b42a6de4e01fc31250d1bbe322281046ee61aa
Certificate serial:       018CC56EC9C082E16F5D7A985FAC94D1011A
Authority key identifier: 74:B4:2A:6D:E4:E0:1F:C3:12:50:D1:BB:E3:22:28:10:46:EE:61:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dLQqbeTgH8MSUNG74yIoEEbuYao.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/40/e5556c-cfea-4972-aaf8-17a1dcdcc6e0/1/mStKCbco3r4AzhrwvQMenhyF68I.roa
Signing time:             Mon 01 Jan 2024 14:30:21 +0000
ROA not before:           Mon 01 Jan 2024 14:30:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     1136
IP address blocks:        2a10:dac0:101::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/40/e5556c-cfea-4972-aaf8-17a1dcdcc6e0/1/dLQqbeTgH8MSUNG74yIoEEbuYao.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/40/e5556c-cfea-4972-aaf8-17a1dcdcc6e0/1/dLQqbeTgH8MSUNG74yIoEEbuYao.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dLQqbeTgH8MSUNG74yIoEEbuYao.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 28 Jun 2024 08:00:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:c9:c0:82:e1:6f:5d:7a:98:5f:ac:94:d1:01:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=74b42a6de4e01fc31250d1bbe322281046ee61aa
        Validity
            Not Before: Jan  1 14:30:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=992b4a09b728debe00ce1af0bd031e9e1c85ebc2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:3a:6e:35:e9:9c:a7:fc:12:eb:43:2f:80:ed:
                    25:96:55:71:e3:9c:8f:96:4b:e5:72:dc:c5:89:6d:
                    fa:88:69:c4:5b:5f:84:bc:86:bb:a3:72:d5:85:d5:
                    8a:4d:ad:5a:e1:4c:1d:ac:4a:cc:3b:e9:c7:4e:82:
                    83:0c:84:2a:65:6e:22:c5:7e:04:d5:82:27:5a:5d:
                    c4:08:70:02:e4:13:c3:2d:f5:7d:bf:8a:79:c5:e7:
                    76:7c:24:eb:f1:f6:91:aa:0f:df:4a:b3:3b:7d:67:
                    32:80:0a:38:b7:b6:9d:be:fb:f5:04:81:d3:d8:fe:
                    74:4a:54:a6:11:77:0f:1a:fa:7a:83:ee:ab:98:92:
                    1e:30:da:81:eb:69:89:4e:62:b8:8b:71:a7:fc:8e:
                    c4:28:7a:02:aa:43:91:74:8b:e4:68:4e:06:e1:61:
                    16:5d:ba:66:97:ee:2f:ee:e7:67:96:4b:6a:5f:79:
                    85:2b:9e:54:77:af:1c:5d:0a:07:9b:d5:23:60:76:
                    26:f9:52:3f:ae:5f:c9:a0:f2:47:dd:1a:4e:ac:ee:
                    7a:dd:99:a6:77:b9:6a:ad:bf:22:49:db:c4:ef:00:
                    0a:09:9b:28:cc:f3:9b:22:47:cd:5e:44:54:b7:ef:
                    97:dd:f1:8c:6c:d2:b3:95:6e:df:6d:5f:fa:41:6f:
                    10:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:2B:4A:09:B7:28:DE:BE:00:CE:1A:F0:BD:03:1E:9E:1C:85:EB:C2
            X509v3 Authority Key Identifier:
                keyid:74:B4:2A:6D:E4:E0:1F:C3:12:50:D1:BB:E3:22:28:10:46:EE:61:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dLQqbeTgH8MSUNG74yIoEEbuYao.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/e5556c-cfea-4972-aaf8-17a1dcdcc6e0/1/mStKCbco3r4AzhrwvQMenhyF68I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/40/e5556c-cfea-4972-aaf8-17a1dcdcc6e0/1/dLQqbeTgH8MSUNG74yIoEEbuYao.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:dac0:101::/48

    Signature Algorithm: sha256WithRSAEncryption
         48:68:ad:8e:6f:f8:03:f1:e7:80:7a:40:fe:70:5d:5e:21:46:
         bf:80:5d:97:cb:b0:5f:05:6c:96:e5:b7:7f:47:b2:f1:fc:1c:
         ac:a7:c5:24:30:32:fd:59:13:1d:25:84:c4:eb:7d:88:32:3a:
         31:ae:e7:ec:40:85:ff:42:5c:aa:ef:27:52:a8:11:21:38:ec:
         e0:9c:a2:9a:39:2a:55:d7:29:17:6c:27:57:c4:08:26:d1:ec:
         8a:fd:d0:82:10:f0:6f:79:c2:c3:3d:d8:3c:1f:ae:82:08:84:
         e0:4a:6a:48:a5:55:ba:60:74:ac:63:36:6a:4b:85:0a:24:5d:
         88:63:a4:e4:75:33:a9:f7:97:a2:e5:c4:f6:8e:50:72:0a:92:
         f1:fc:a4:fe:e5:6e:b9:52:8a:ce:ac:fd:00:78:4a:6b:9a:7b:
         a5:2c:5f:1f:05:1f:c3:ef:11:5a:e4:4f:e6:3a:b2:05:19:7a:
         fd:80:45:81:cc:4d:e8:ba:56:8c:b2:2b:03:a8:72:7d:7a:02:
         69:e3:ff:df:89:70:42:9f:6a:03:dd:e8:2f:b9:b0:eb:48:36:
         e6:71:81:6c:cd:10:8c:40:51:72:b1:7f:b6:df:c4:06:ef:17:
         a7:34:99:45:f3:cf:41:6d:7b:9a:ea:b9:eb:b0:3d:23:e4:61:
         68:27:c6:24
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzFbsnAguFvXXqYX6yU0QEaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0YjQyYTZkZTRlMDFmYzMxMjUwZDFiYmUzMjIyODEwNDZl
ZTYxYWEwHhcNMjQwMTAxMTQzMDIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OTJiNGEwOWI3MjhkZWJlMDBjZTFhZjBiZDAzMWU5ZTFjODVlYmMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqjpuNemcp/wS60MvgO0lllVx45yP
lkvlctzFiW36iGnEW1+EvIa7o3LVhdWKTa1a4UwdrErMO+nHToKDDIQqZW4ixX4E
1YInWl3ECHAC5BPDLfV9v4p5xed2fCTr8faRqg/fSrM7fWcygAo4t7advvv1BIHT
2P50SlSmEXcPGvp6g+6rmJIeMNqB62mJTmK4i3Gn/I7EKHoCqkORdIvkaE4G4WEW
Xbpml+4v7udnlktqX3mFK55Ud68cXQoHm9UjYHYm+VI/rl/JoPJH3RpOrO563Zmm
d7lqrb8iSdvE7wAKCZsozPObIkfNXkRUt++X3fGMbNKzlW7fbV/6QW8QlwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFJkrSgm3KN6+AM4a8L0DHp4chevCMB8GA1UdIwQY
MBaAFHS0Km3k4B/DElDRu+MiKBBG7mGqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZExRcWJlVGdIOE1TVU5HNzR5SW9FRWJ1WWFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC9lNTU1NmMtY2ZlYS00OTcyLWFhZjgt
MTdhMWRjZGNjNmUwLzEvbVN0S0NiY28zcjRBemhyd3ZRTWVuaHlGNjhJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC9lNTU1NmMtY2ZlYS00OTcyLWFhZjgtMTdhMWRjZGNjNmUw
LzEvZExRcWJlVGdIOE1TVU5HNzR5SW9FRWJ1WWFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhDawAEB
MA0GCSqGSIb3DQEBCwUAA4IBAQBIaK2Ob/gD8eeAekD+cF1eIUa/gF2Xy7BfBWyW
5bd/R7Lx/Bysp8UkMDL9WRMdJYTE632IMjoxrufsQIX/Qlyq7ydSqBEhOOzgnKKa
OSpV1ykXbCdXxAgm0eyK/dCCEPBvecLDPdg8H66CCITgSmpIpVW6YHSsYzZqS4UK
JF2IY6TkdTOp95ei5cT2jlByCpLx/KT+5W65UorOrP0AeEprmnulLF8fBR/D7xFa
5E/mOrIFGXr9gEWBzE3oulaMsisDqHJ9egJp4//fiXBCn2oD3egvubDrSDbmcYFs
zRCMQFFysX+238QG7xenNJlF889BbXua6rnrsD0j5GFoJ8Yk
-----END CERTIFICATE-----