Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/4_rSaZbd4DOW460gkMG_o7Q62LA.roa
File:                     4_rSaZbd4DOW460gkMG_o7Q62LA.roa (raw, json)
Hash identifier:          WzFqZ2qdiNiZy0kj9nduoUZ9e/l6yGaRj97HwXY3x0M=
Subject key identifier:   E3:FA:D2:69:96:DD:E0:33:96:E3:AD:20:90:C1:BF:A3:B4:3A:D8:B0
Certificate issuer:       /CN=73c69d04583500c5ef81136831237593e0bb86ce
Certificate serial:       018CC34890E89A711A8B76C61D2731FC95B4
Authority key identifier: 73:C6:9D:04:58:35:00:C5:EF:81:13:68:31:23:75:93:E0:BB:86:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/c8adBFg1AMXvgRNoMSN1k-C7hs4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/4_rSaZbd4DOW460gkMG_o7Q62LA.roa
Signing time:             Mon 01 Jan 2024 04:29:21 +0000
ROA not before:           Mon 01 Jan 2024 04:29:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     142418
IP address blocks:        2a0d:2686::/32 maxlen: 48
                          2a0d:2586::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/c8adBFg1AMXvgRNoMSN1k-C7hs4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/c8adBFg1AMXvgRNoMSN1k-C7hs4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/c8adBFg1AMXvgRNoMSN1k-C7hs4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 16 May 2024 11:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:90:e8:9a:71:1a:8b:76:c6:1d:27:31:fc:95:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=73c69d04583500c5ef81136831237593e0bb86ce
        Validity
            Not Before: Jan  1 04:29:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e3fad26996dde03396e3ad2090c1bfa3b43ad8b0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:0f:e7:0d:b8:a5:f4:b0:58:0a:70:54:f0:d1:
                    e1:9d:ae:df:36:15:3c:22:06:6e:48:ae:fc:b1:9b:
                    04:22:2e:d7:02:48:7d:0a:27:bb:45:81:03:7a:fb:
                    73:85:2c:10:13:38:0f:fd:c5:e7:04:9f:a8:12:59:
                    05:f4:55:68:94:5a:62:7f:ec:c3:ff:f6:b9:e9:08:
                    93:d4:9b:bb:56:ed:99:3f:b4:a9:51:c3:f5:cb:2d:
                    72:47:b8:72:94:62:79:d5:62:c8:6c:bd:a6:1e:8c:
                    3b:12:c1:e0:3b:c5:c9:b4:01:9f:45:7e:ae:5b:a0:
                    12:4c:c1:19:dc:7b:1f:e8:ab:53:ab:7a:41:0b:67:
                    47:d1:de:e0:d9:27:8e:9d:c7:e5:2b:4a:fb:5b:d4:
                    a9:01:79:4c:7b:14:ee:8d:7d:be:7a:ea:ac:92:e2:
                    f5:7f:02:92:51:e9:91:db:76:5f:d7:a5:23:78:c3:
                    67:96:3c:65:7c:15:80:5d:77:61:c6:9f:81:f3:c4:
                    96:ca:4b:97:b4:c4:0b:d8:1e:e1:1c:3c:3f:58:40:
                    2b:f0:9a:dd:ec:79:46:51:a6:20:e0:76:e6:5b:76:
                    20:95:b5:12:19:61:63:c7:a3:c9:34:d8:c4:de:69:
                    f6:ee:2c:7b:52:98:f5:81:d8:4c:a5:b2:59:10:0e:
                    50:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:FA:D2:69:96:DD:E0:33:96:E3:AD:20:90:C1:BF:A3:B4:3A:D8:B0
            X509v3 Authority Key Identifier:
                keyid:73:C6:9D:04:58:35:00:C5:EF:81:13:68:31:23:75:93:E0:BB:86:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8adBFg1AMXvgRNoMSN1k-C7hs4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/4_rSaZbd4DOW460gkMG_o7Q62LA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/c8adBFg1AMXvgRNoMSN1k-C7hs4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0d:2586::/32
                  2a0d:2686::/32

    Signature Algorithm: sha256WithRSAEncryption
         a9:5e:24:73:77:6d:ed:58:5b:4b:8b:7e:d0:26:0e:55:0f:98:
         27:09:4b:d3:6d:dc:01:28:11:a8:11:41:ca:f5:a5:f7:37:34:
         4d:69:24:f5:8f:df:db:3d:76:2b:81:3e:31:5c:aa:40:2d:02:
         b9:3a:2a:8b:eb:1b:1f:ae:a0:a7:f2:2b:25:df:02:0d:f2:ea:
         06:6b:54:f4:df:08:0a:37:96:29:b4:f4:cb:67:14:ff:54:22:
         61:a1:ea:9a:63:e5:4c:df:1e:ef:c8:14:b5:2a:a1:3e:d7:8a:
         89:5d:98:91:4a:b8:66:38:1c:ac:b6:cf:68:5d:49:9b:34:15:
         85:03:ec:5d:bf:15:80:41:e6:ee:89:6a:f7:72:9d:f5:66:69:
         d5:67:8d:73:1c:7c:3e:50:cb:73:74:b6:84:46:e9:38:f9:9d:
         66:f9:d2:10:6f:ae:11:4e:ab:32:e3:5d:32:26:42:52:ff:74:
         26:ee:e2:a1:bf:ed:dd:43:22:af:47:7c:1a:d0:af:99:33:9b:
         39:70:74:67:cc:ea:8a:2a:6f:57:af:36:06:7c:ed:d3:53:25:
         9a:35:ae:de:9e:2a:a9:84:47:63:cc:b8:53:c8:b2:f2:9e:25:
         d5:e9:9e:a2:03:7a:ae:dc:dd:94:c7:15:d5:95:6f:8f:19:03:
         87:b7:06:f3
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzDSJDomnEai3bGHScx/JW0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDczYzY5ZDA0NTgzNTAwYzVlZjgxMTM2ODMxMjM3NTkzZTBi
Yjg2Y2UwHhcNMjQwMTAxMDQyOTIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlM2ZhZDI2OTk2ZGRlMDMzOTZlM2FkMjA5MGMxYmZhM2I0M2FkOGIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsQ/nDbil9LBYCnBU8NHhna7fNhU8
IgZuSK78sZsEIi7XAkh9Cie7RYEDevtzhSwQEzgP/cXnBJ+oElkF9FVolFpif+zD
//a56QiT1Ju7Vu2ZP7SpUcP1yy1yR7hylGJ51WLIbL2mHow7EsHgO8XJtAGfRX6u
W6ASTMEZ3Hsf6KtTq3pBC2dH0d7g2SeOncflK0r7W9SpAXlMexTujX2+euqskuL1
fwKSUemR23Zf16UjeMNnljxlfBWAXXdhxp+B88SWykuXtMQL2B7hHDw/WEAr8Jrd
7HlGUaYg4HbmW3YglbUSGWFjx6PJNNjE3mn27ix7Upj1gdhMpbJZEA5QNQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFOP60mmW3eAzluOtIJDBv6O0OtiwMB8GA1UdIwQY
MBaAFHPGnQRYNQDF74ETaDEjdZPgu4bOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYzhhZEJGZzFBTVh2Z1JOb01TTjFrLUM3aHM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OC82ZjZjZTItZTZlZS00ZTJhLTkwNWQt
ZjljYjBhN2IyMDZjLzEvNF9yU2FaYmQ0RE9XNDYwZ2tNR19vN1E2MkxBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OC82ZjZjZTItZTZlZS00ZTJhLTkwNWQtZjljYjBhN2IyMDZj
LzEvYzhhZEJGZzFBTVh2Z1JOb01TTjFrLUM3aHM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAAjAOAwUAKg0lhgMF
ACoNJoYwDQYJKoZIhvcNAQELBQADggEBAKleJHN3be1YW0uLftAmDlUPmCcJS9Nt
3AEoEagRQcr1pfc3NE1pJPWP39s9diuBPjFcqkAtArk6KovrGx+uoKfyKyXfAg3y
6gZrVPTfCAo3lim09MtnFP9UImGh6ppj5UzfHu/IFLUqoT7XioldmJFKuGY4HKy2
z2hdSZs0FYUD7F2/FYBB5u6JavdynfVmadVnjXMcfD5Qy3N0toRG6Tj5nWb50hBv
rhFOqzLjXTImQlL/dCbu4qG/7d1DIq9HfBrQr5kzmzlwdGfM6ooqb1evNgZ87dNT
JZo1rt6eKqmER2PMuFPIsvKeJdXpnqIDeq7c3ZTHFdWVb48ZA4e3BvM=
-----END CERTIFICATE-----