Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/aea36d-babf-4474-a78b-6a4ecaf8b3b1/1/ocChZoHpZumQ0sIabJMHuMzVOB4.roa
File:                     ocChZoHpZumQ0sIabJMHuMzVOB4.roa (raw, json)
Hash identifier:          IyQkFnsPyPRge3dy0PJKLxbOkOZuhBZaA4ecbQ/YayE=
Subject key identifier:   A1:C0:A1:66:81:E9:66:E9:90:D2:C2:1A:6C:93:07:B8:CC:D5:38:1E
Certificate issuer:       /CN=746365355b665564a210c358c68a0117b7fbeb9a
Certificate serial:       018CC5DCBDBF2849712DC9070160D30BC147
Authority key identifier: 74:63:65:35:5B:66:55:64:A2:10:C3:58:C6:8A:01:17:B7:FB:EB:9A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dGNlNVtmVWSiEMNYxooBF7f765o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/62/aea36d-babf-4474-a78b-6a4ecaf8b3b1/1/ocChZoHpZumQ0sIabJMHuMzVOB4.roa
Signing time:             Mon 01 Jan 2024 16:30:27 +0000
ROA not before:           Mon 01 Jan 2024 16:30:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47692
IP address blocks:        2a06:c3c0:5::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/62/aea36d-babf-4474-a78b-6a4ecaf8b3b1/1/dGNlNVtmVWSiEMNYxooBF7f765o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/62/aea36d-babf-4474-a78b-6a4ecaf8b3b1/1/dGNlNVtmVWSiEMNYxooBF7f765o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dGNlNVtmVWSiEMNYxooBF7f765o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 14:00:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:bd:bf:28:49:71:2d:c9:07:01:60:d3:0b:c1:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=746365355b665564a210c358c68a0117b7fbeb9a
        Validity
            Not Before: Jan  1 16:30:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a1c0a16681e966e990d2c21a6c9307b8ccd5381e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:e5:b2:65:dd:70:9c:44:aa:05:f9:06:b4:87:
                    1b:ab:bb:ac:19:dd:e4:4d:be:6f:bb:46:31:16:16:
                    be:7a:e6:0f:2a:85:f0:5d:e2:d4:48:f0:f1:89:e7:
                    6f:40:5b:72:32:31:d5:12:8f:29:26:d2:6b:50:74:
                    fc:c1:a1:47:51:84:47:10:63:3a:80:7a:7c:c8:fb:
                    29:85:17:77:34:fb:e8:4d:fc:4f:5b:6a:63:b5:6d:
                    fe:a7:a7:e7:b8:eb:96:59:75:07:f6:90:ef:d7:b3:
                    5a:4b:02:6b:89:c1:0a:15:37:3c:9d:f2:3c:c6:51:
                    26:72:91:19:ee:9a:cf:05:ba:b5:1b:57:a6:43:5a:
                    15:18:fb:96:01:1d:7f:b8:b7:2c:9b:73:e8:eb:b6:
                    62:2f:a8:da:24:8f:42:05:bc:d5:31:d4:57:b3:08:
                    77:b2:b7:9a:a2:12:e6:f5:0e:b5:01:25:6f:1d:ea:
                    03:8f:29:3c:40:07:ad:46:60:b9:d8:55:4b:8f:59:
                    1b:29:9d:6c:cc:90:5c:d3:c3:f6:f4:f1:fb:c5:00:
                    f2:01:bb:a3:45:9a:21:6b:f7:65:06:fc:19:6c:35:
                    ee:3a:54:9a:5d:2b:07:c3:2c:c4:e5:55:51:f1:f7:
                    42:68:79:38:b5:d4:94:04:ef:68:ae:d2:79:3e:4c:
                    38:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:C0:A1:66:81:E9:66:E9:90:D2:C2:1A:6C:93:07:B8:CC:D5:38:1E
            X509v3 Authority Key Identifier:
                keyid:74:63:65:35:5B:66:55:64:A2:10:C3:58:C6:8A:01:17:B7:FB:EB:9A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dGNlNVtmVWSiEMNYxooBF7f765o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/aea36d-babf-4474-a78b-6a4ecaf8b3b1/1/ocChZoHpZumQ0sIabJMHuMzVOB4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/62/aea36d-babf-4474-a78b-6a4ecaf8b3b1/1/dGNlNVtmVWSiEMNYxooBF7f765o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:c3c0:5::/48

    Signature Algorithm: sha256WithRSAEncryption
         a9:53:5b:a8:46:7d:61:86:4d:8c:e6:b5:66:a6:09:70:87:0f:
         63:a1:35:08:01:d8:7e:bc:96:e9:65:b5:74:11:25:8d:aa:9b:
         bc:c9:1a:ec:90:eb:84:1f:d8:da:18:25:37:4c:69:26:50:e6:
         c0:51:9b:6f:e4:27:7d:09:3c:ec:78:dd:bc:54:c8:4e:08:09:
         81:8a:90:56:a7:59:3a:1c:2f:51:74:17:b9:3c:a2:4e:cb:c8:
         bb:4f:2f:de:bc:36:a2:20:a7:2b:a7:63:68:d5:1a:5b:fb:28:
         d0:1b:55:8a:5c:88:78:7d:e1:ed:26:e7:94:e4:f4:83:f3:7b:
         d8:44:4a:c9:30:fc:58:7e:15:eb:a2:e1:78:0e:3f:36:e3:45:
         63:0d:f4:1c:70:6f:c6:56:1d:72:c4:f8:01:28:18:10:96:75:
         4e:db:c0:45:ca:a1:b8:99:a1:58:23:f9:59:00:03:b0:63:27:
         7f:3c:11:17:4f:06:48:3b:fe:2e:ee:97:8c:3f:8b:7b:5b:f5:
         be:ac:07:10:dc:fd:6b:77:6e:f8:3e:ee:ef:e2:7c:24:b0:d6:
         62:93:62:78:ab:27:55:05:62:b5:df:5b:6c:b5:d2:0a:7a:08:
         cd:13:bd:25:84:17:fc:0e:90:96:11:44:be:09:bf:53:75:c9:
         10:4f:ae:72
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzF3L2/KElxLckHAWDTC8FHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0NjM2NTM1NWI2NjU1NjRhMjEwYzM1OGM2OGEwMTE3Yjdm
YmViOWEwHhcNMjQwMTAxMTYzMDI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMWMwYTE2NjgxZTk2NmU5OTBkMmMyMWE2YzkzMDdiOGNjZDUzODFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgeWyZd1wnESqBfkGtIcbq7usGd3k
Tb5vu0YxFha+euYPKoXwXeLUSPDxiedvQFtyMjHVEo8pJtJrUHT8waFHUYRHEGM6
gHp8yPsphRd3NPvoTfxPW2pjtW3+p6fnuOuWWXUH9pDv17NaSwJricEKFTc8nfI8
xlEmcpEZ7prPBbq1G1emQ1oVGPuWAR1/uLcsm3Po67ZiL6jaJI9CBbzVMdRXswh3
sreaohLm9Q61ASVvHeoDjyk8QAetRmC52FVLj1kbKZ1szJBc08P29PH7xQDyAbuj
RZoha/dlBvwZbDXuOlSaXSsHwyzE5VVR8fdCaHk4tdSUBO9ortJ5Pkw4IwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFKHAoWaB6WbpkNLCGmyTB7jM1TgeMB8GA1UdIwQY
MBaAFHRjZTVbZlVkohDDWMaKARe3++uaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEdObE5WdG1WV1NpRU1OWXhvb0JGN2Y3NjVvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi9hZWEzNmQtYmFiZi00NDc0LWE3OGIt
NmE0ZWNhZjhiM2IxLzEvb2NDaFpvSHBadW1RMHNJYWJKTUh1TXpWT0I0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi9hZWEzNmQtYmFiZi00NDc0LWE3OGItNmE0ZWNhZjhiM2Ix
LzEvZEdObE5WdG1WV1NpRU1OWXhvb0JGN2Y3NjVvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgbDwAAF
MA0GCSqGSIb3DQEBCwUAA4IBAQCpU1uoRn1hhk2M5rVmpglwhw9joTUIAdh+vJbp
ZbV0ESWNqpu8yRrskOuEH9jaGCU3TGkmUObAUZtv5Cd9CTzseN28VMhOCAmBipBW
p1k6HC9RdBe5PKJOy8i7Ty/evDaiIKcrp2No1Rpb+yjQG1WKXIh4feHtJueU5PSD
83vYRErJMPxYfhXrouF4Dj8240VjDfQccG/GVh1yxPgBKBgQlnVO28BFyqG4maFY
I/lZAAOwYyd/PBEXTwZIO/4u7peMP4t7W/W+rAcQ3P1rd274Pu7v4nwksNZik2J4
qydVBWK131tstdIKegjNE70lhBf8DpCWEUS+Cb9TdckQT65y
-----END CERTIFICATE-----