Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/1HMgOei6noM7bjeFR5uLIaYEcBo.roa
File:                     1HMgOei6noM7bjeFR5uLIaYEcBo.roa (raw, json)
Hash identifier:          rDcyDUu/5+GY8nd9Wp0KPdvGyteMWNMTOBQP+GbWG90=
Subject key identifier:   D4:73:20:39:E8:BA:9E:83:3B:6E:37:85:47:9B:8B:21:A6:04:70:1A
Certificate issuer:       /CN=73c69d04583500c5ef81136831237593e0bb86ce
Certificate serial:       018CC3489456E614406E7FB8AFCD6B746B1B
Authority key identifier: 73:C6:9D:04:58:35:00:C5:EF:81:13:68:31:23:75:93:E0:BB:86:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/c8adBFg1AMXvgRNoMSN1k-C7hs4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/1HMgOei6noM7bjeFR5uLIaYEcBo.roa
Signing time:             Mon 01 Jan 2024 04:29:22 +0000
ROA not before:           Mon 01 Jan 2024 04:29:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207252
IP address blocks:        2a0d:2682:9000::/36 maxlen: 36

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/c8adBFg1AMXvgRNoMSN1k-C7hs4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/c8adBFg1AMXvgRNoMSN1k-C7hs4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/c8adBFg1AMXvgRNoMSN1k-C7hs4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 16 May 2024 11:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:94:56:e6:14:40:6e:7f:b8:af:cd:6b:74:6b:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=73c69d04583500c5ef81136831237593e0bb86ce
        Validity
            Not Before: Jan  1 04:29:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d4732039e8ba9e833b6e3785479b8b21a604701a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:f7:8b:17:28:85:ad:18:b9:4d:a7:c2:79:6a:
                    49:72:da:4d:4a:64:1e:84:bb:58:36:9d:50:5b:44:
                    22:e0:a9:a1:d8:cc:af:da:f1:55:02:0c:56:85:99:
                    51:4c:d0:d9:cb:48:e3:0c:01:97:29:8a:e0:8e:59:
                    cb:32:63:9b:30:6c:18:66:67:e5:c7:4c:3d:e5:f8:
                    8d:5a:a0:3d:0e:94:c3:26:68:99:c0:51:a5:03:82:
                    ae:6b:d4:93:56:c3:5f:6d:76:a5:de:4c:1e:71:76:
                    ca:4c:40:a1:d7:36:76:29:b2:c4:0d:99:e7:03:ba:
                    e9:27:47:2a:59:61:8a:04:da:70:92:64:70:d5:c1:
                    ad:d1:55:d2:e9:48:5f:b6:1d:bd:3e:c0:d3:6e:97:
                    a4:69:4c:ec:53:42:3e:a6:d0:20:96:b2:18:b8:b0:
                    5b:c0:f5:1d:c7:c8:f7:20:65:c1:cc:bc:56:32:04:
                    ce:3b:33:87:5e:a8:ae:b9:ec:bc:0c:c3:cd:96:53:
                    71:05:40:40:fa:07:3b:3f:66:23:e7:b6:10:42:48:
                    1e:76:81:86:03:0b:63:4f:d6:88:6b:3e:0e:bc:8b:
                    6b:cd:03:d7:82:27:11:49:64:79:c9:cc:25:c3:5e:
                    c1:fa:99:ee:56:f8:e4:0c:29:93:8e:a1:91:e6:86:
                    a1:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:73:20:39:E8:BA:9E:83:3B:6E:37:85:47:9B:8B:21:A6:04:70:1A
            X509v3 Authority Key Identifier:
                keyid:73:C6:9D:04:58:35:00:C5:EF:81:13:68:31:23:75:93:E0:BB:86:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8adBFg1AMXvgRNoMSN1k-C7hs4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/1HMgOei6noM7bjeFR5uLIaYEcBo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/c8adBFg1AMXvgRNoMSN1k-C7hs4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0d:2682:9000::/36

    Signature Algorithm: sha256WithRSAEncryption
         3e:e9:e0:b4:e5:c5:66:4b:7b:67:cf:90:fe:fd:1f:38:e7:1a:
         7b:73:f4:e4:6f:26:d5:56:bd:56:1f:ad:2d:88:b0:6c:3e:f3:
         b5:8b:c5:a1:ff:9d:f4:0b:e6:ef:04:70:9a:86:a2:ef:3c:93:
         44:cb:a6:61:be:0b:54:b5:62:67:73:de:87:ae:30:48:91:99:
         4b:79:99:00:ee:b3:1c:c7:d2:5d:c7:ae:8b:2b:de:eb:2c:e6:
         4a:74:32:31:a9:26:4c:53:2e:f2:ec:93:97:35:67:47:fc:05:
         a3:eb:eb:94:6c:1b:4d:db:62:b9:19:f5:f7:c7:78:e7:2a:5c:
         9d:01:80:6d:39:eb:7d:0c:ef:60:93:71:ec:ef:57:42:e3:47:
         63:36:94:6a:40:fb:5c:87:b7:91:2f:3e:9b:a9:20:1c:a9:75:
         e0:17:c2:8e:9b:84:f8:80:1d:2a:dc:12:72:f7:36:00:0c:89:
         fd:4b:12:a5:54:99:9f:76:7c:87:cc:49:89:8e:aa:e0:f0:05:
         c3:ff:b5:b3:95:b5:49:4e:0e:5b:e7:f6:d5:83:08:e5:73:c8:
         01:69:c2:60:41:d0:cd:c0:29:0a:9e:5a:5f:64:4c:da:a4:5e:
         17:da:d0:32:89:7a:c1:17:dc:ff:68:e0:fc:0a:b2:7d:d1:3c:
         0b:02:7d:c6
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzDSJRW5hRAbn+4r81rdGsbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDczYzY5ZDA0NTgzNTAwYzVlZjgxMTM2ODMxMjM3NTkzZTBi
Yjg2Y2UwHhcNMjQwMTAxMDQyOTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNDczMjAzOWU4YmE5ZTgzM2I2ZTM3ODU0NzliOGIyMWE2MDQ3MDFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk/eLFyiFrRi5TafCeWpJctpNSmQe
hLtYNp1QW0Qi4Kmh2Myv2vFVAgxWhZlRTNDZy0jjDAGXKYrgjlnLMmObMGwYZmfl
x0w95fiNWqA9DpTDJmiZwFGlA4Kua9STVsNfbXal3kwecXbKTECh1zZ2KbLEDZnn
A7rpJ0cqWWGKBNpwkmRw1cGt0VXS6Uhfth29PsDTbpekaUzsU0I+ptAglrIYuLBb
wPUdx8j3IGXBzLxWMgTOOzOHXqiuuey8DMPNllNxBUBA+gc7P2Yj57YQQkgedoGG
AwtjT9aIaz4OvItrzQPXgicRSWR5ycwlw17B+pnuVvjkDCmTjqGR5oahvQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFNRzIDnoup6DO243hUebiyGmBHAaMB8GA1UdIwQY
MBaAFHPGnQRYNQDF74ETaDEjdZPgu4bOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYzhhZEJGZzFBTVh2Z1JOb01TTjFrLUM3aHM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OC82ZjZjZTItZTZlZS00ZTJhLTkwNWQt
ZjljYjBhN2IyMDZjLzEvMUhNZ09laTZub003YmplRlI1dUxJYVlFY0JvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OC82ZjZjZTItZTZlZS00ZTJhLTkwNWQtZjljYjBhN2IyMDZj
LzEvYzhhZEJGZzFBTVh2Z1JOb01TTjFrLUM3aHM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYEKg0mgpAw
DQYJKoZIhvcNAQELBQADggEBAD7p4LTlxWZLe2fPkP79HzjnGntz9ORvJtVWvVYf
rS2IsGw+87WLxaH/nfQL5u8EcJqGou88k0TLpmG+C1S1Ymdz3oeuMEiRmUt5mQDu
sxzH0l3Hrosr3uss5kp0MjGpJkxTLvLsk5c1Z0f8BaPr65RsG03bYrkZ9ffHeOcq
XJ0BgG05630M72CTcezvV0LjR2M2lGpA+1yHt5EvPpupIBypdeAXwo6bhPiAHSrc
EnL3NgAMif1LEqVUmZ92fIfMSYmOquDwBcP/tbOVtUlODlvn9tWDCOVzyAFpwmBB
0M3AKQqeWl9kTNqkXhfa0DKJesEX3P9o4PwKsn3RPAsCfcY=
-----END CERTIFICATE-----