Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/45/802e9e-f982-449d-8b70-76c05cf5f2e6/1/RIfU9u01gTRMZ7umAvoC9iOkDe8.roa
File:                     RIfU9u01gTRMZ7umAvoC9iOkDe8.roa (raw, json)
Hash identifier:          QdMKWWiI30S/mUr/QgWaTxHydIHIPbJowsOkvr+IUoc=
Subject key identifier:   44:87:D4:F6:ED:35:81:34:4C:67:BB:A6:02:FA:02:F6:23:A4:0D:EF
Certificate issuer:       /CN=369c713c51987e1ffa5482277f5f1c8cb722f44b
Certificate serial:       018CC26D2198C6E363DC1A44CFD2AE71E4B9
Authority key identifier: 36:9C:71:3C:51:98:7E:1F:FA:54:82:27:7F:5F:1C:8C:B7:22:F4:4B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NpxxPFGYfh_6VIInf18cjLci9Es.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/45/802e9e-f982-449d-8b70-76c05cf5f2e6/1/RIfU9u01gTRMZ7umAvoC9iOkDe8.roa
Signing time:             Mon 01 Jan 2024 00:29:41 +0000
ROA not before:           Mon 01 Jan 2024 00:29:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15776
IP address blocks:        2001:15f8:1000::/40 maxlen: 40

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/45/802e9e-f982-449d-8b70-76c05cf5f2e6/1/NpxxPFGYfh_6VIInf18cjLci9Es.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/45/802e9e-f982-449d-8b70-76c05cf5f2e6/1/NpxxPFGYfh_6VIInf18cjLci9Es.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NpxxPFGYfh_6VIInf18cjLci9Es.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 24 Jun 2024 10:03:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:21:98:c6:e3:63:dc:1a:44:cf:d2:ae:71:e4:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=369c713c51987e1ffa5482277f5f1c8cb722f44b
        Validity
            Not Before: Jan  1 00:29:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4487d4f6ed3581344c67bba602fa02f623a40def
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:19:27:7a:be:2f:75:1d:fc:42:29:80:09:fc:
                    18:71:1f:b8:48:4f:de:50:a0:a5:b0:a0:0f:a3:ab:
                    dc:73:3c:81:2f:c7:dc:ab:72:e5:49:1e:d5:5a:54:
                    67:ed:33:29:86:e8:03:af:e0:7e:4c:30:8f:12:e2:
                    ca:b6:a7:75:79:b5:68:63:7d:b1:da:f1:8e:08:59:
                    a0:c7:a3:4b:eb:36:1f:a5:33:2c:ff:c0:d9:9b:2c:
                    3f:e7:28:0d:cd:e2:62:04:35:6e:13:e6:d4:63:e5:
                    33:5a:c3:73:00:b6:d6:be:61:2e:10:bd:e2:cd:3f:
                    4b:40:b3:b7:44:87:86:f9:d0:65:56:09:5f:45:b2:
                    31:3b:d9:4e:50:29:4d:53:87:84:7c:a3:47:20:70:
                    01:26:68:bf:db:85:e6:8f:a8:03:0a:2d:62:41:2d:
                    2f:78:15:e1:22:80:c5:9a:be:e6:aa:fe:b3:05:4e:
                    ca:84:14:cc:11:19:af:0a:5a:85:f7:fb:6c:f8:b9:
                    a0:40:87:fc:04:b3:b7:7e:ec:d1:d7:52:9d:9d:3b:
                    bf:dd:f0:20:a5:e5:2c:d7:01:69:b4:16:0a:dc:06:
                    52:d6:6a:d5:3f:b9:de:42:19:59:9f:2c:19:9b:78:
                    81:48:bc:50:0c:cb:9d:72:26:67:83:17:c7:43:7d:
                    91:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:87:D4:F6:ED:35:81:34:4C:67:BB:A6:02:FA:02:F6:23:A4:0D:EF
            X509v3 Authority Key Identifier:
                keyid:36:9C:71:3C:51:98:7E:1F:FA:54:82:27:7F:5F:1C:8C:B7:22:F4:4B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NpxxPFGYfh_6VIInf18cjLci9Es.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/45/802e9e-f982-449d-8b70-76c05cf5f2e6/1/RIfU9u01gTRMZ7umAvoC9iOkDe8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/45/802e9e-f982-449d-8b70-76c05cf5f2e6/1/NpxxPFGYfh_6VIInf18cjLci9Es.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:15f8:1000::/40

    Signature Algorithm: sha256WithRSAEncryption
         12:24:d9:34:41:d4:e5:64:42:10:ad:88:05:73:a0:58:22:13:
         9a:80:f5:45:ae:67:74:8d:65:9a:86:64:40:9e:06:a2:9e:77:
         60:0b:52:33:e1:18:31:86:a0:d3:26:64:3a:63:bf:28:ab:30:
         d9:33:09:a8:08:67:ac:94:5c:73:34:98:36:60:b5:0c:bf:05:
         d7:da:23:63:70:23:d2:55:69:7e:bf:ad:47:79:92:3e:40:e3:
         30:c3:e7:1e:fc:15:0b:ed:ae:ff:be:38:8a:7e:b7:7e:2c:86:
         1b:30:20:ab:3e:b5:cb:ed:57:c8:b0:df:3c:ae:9f:1e:5c:99:
         9b:46:98:31:ba:3c:a8:af:37:ea:07:b4:4e:dc:e1:9e:c1:47:
         4d:6c:29:57:f1:48:90:8e:59:57:dd:47:2e:2e:e1:c5:65:00:
         40:d4:e7:ab:2c:4e:c1:8c:b8:b2:b6:a9:2b:bb:0e:ed:7f:91:
         6a:a8:fe:88:de:a8:29:1d:94:3a:61:4c:d0:56:26:e0:a6:1c:
         1f:dc:aa:4c:7a:eb:4b:74:6a:b1:6f:55:e2:a0:ea:dd:df:7e:
         59:dd:ab:03:4d:3a:da:d7:09:36:60:19:ab:8e:31:fe:3c:15:
         80:ed:2b:3b:5d:98:e1:7a:c0:ad:8e:87:3d:c2:17:10:eb:9f:
         54:31:8e:2f
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzCbSGYxuNj3BpEz9KuceS5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2OWM3MTNjNTE5ODdlMWZmYTU0ODIyNzdmNWYxYzhjYjcy
MmY0NGIwHhcNMjQwMTAxMDAyOTQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NDg3ZDRmNmVkMzU4MTM0NGM2N2JiYTYwMmZhMDJmNjIzYTQwZGVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvRkner4vdR38QimACfwYcR+4SE/e
UKClsKAPo6vcczyBL8fcq3LlSR7VWlRn7TMphugDr+B+TDCPEuLKtqd1ebVoY32x
2vGOCFmgx6NL6zYfpTMs/8DZmyw/5ygNzeJiBDVuE+bUY+UzWsNzALbWvmEuEL3i
zT9LQLO3RIeG+dBlVglfRbIxO9lOUClNU4eEfKNHIHABJmi/24Xmj6gDCi1iQS0v
eBXhIoDFmr7mqv6zBU7KhBTMERmvClqF9/ts+LmgQIf8BLO3fuzR11KdnTu/3fAg
peUs1wFptBYK3AZS1mrVP7neQhlZnywZm3iBSLxQDMudciZngxfHQ32RfQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFESH1PbtNYE0TGe7pgL6AvYjpA3vMB8GA1UdIwQY
MBaAFDaccTxRmH4f+lSCJ39fHIy3IvRLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnB4eFBGR1lmaF82VklJbmYxOGNqTGNpOUVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NS84MDJlOWUtZjk4Mi00NDlkLThiNzAt
NzZjMDVjZjVmMmU2LzEvUklmVTl1MDFnVFJNWjd1bUF2b0M5aU9rRGU4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NS84MDJlOWUtZjk4Mi00NDlkLThiNzAtNzZjMDVjZjVmMmU2
LzEvTnB4eFBGR1lmaF82VklJbmYxOGNqTGNpOUVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAIAEV+BAw
DQYJKoZIhvcNAQELBQADggEBABIk2TRB1OVkQhCtiAVzoFgiE5qA9UWuZ3SNZZqG
ZECeBqKed2ALUjPhGDGGoNMmZDpjvyirMNkzCagIZ6yUXHM0mDZgtQy/BdfaI2Nw
I9JVaX6/rUd5kj5A4zDD5x78FQvtrv++OIp+t34shhswIKs+tcvtV8iw3zyunx5c
mZtGmDG6PKivN+oHtE7c4Z7BR01sKVfxSJCOWVfdRy4u4cVlAEDU56ssTsGMuLK2
qSu7Du1/kWqo/ojeqCkdlDphTNBWJuCmHB/cqkx660t0arFvVeKg6t3fflndqwNN
OtrXCTZgGauOMf48FYDtKztdmOF6wK2Ohz3CFxDrn1Qxji8=
-----END CERTIFICATE-----