Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/9EhYDLYPuhSDO68pPMqEAcubwS8.roa
File:                     9EhYDLYPuhSDO68pPMqEAcubwS8.roa (raw, json)
Hash identifier:          MJMTKC7QIyopuek49NtpnDlBRdcAeWgAJmWK3ZyJtNQ=
Subject key identifier:   F4:48:58:0C:B6:0F:BA:14:83:3B:AF:29:3C:CA:84:01:CB:9B:C1:2F
Certificate issuer:       /CN=73c69d04583500c5ef81136831237593e0bb86ce
Certificate serial:       018CC348943312C70940DEBCE312F0D9A54A
Authority key identifier: 73:C6:9D:04:58:35:00:C5:EF:81:13:68:31:23:75:93:E0:BB:86:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/c8adBFg1AMXvgRNoMSN1k-C7hs4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/9EhYDLYPuhSDO68pPMqEAcubwS8.roa
Signing time:             Mon 01 Jan 2024 04:29:22 +0000
ROA not before:           Mon 01 Jan 2024 04:29:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205092
IP address blocks:        2a0d:2682:8000::/36 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/c8adBFg1AMXvgRNoMSN1k-C7hs4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/c8adBFg1AMXvgRNoMSN1k-C7hs4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/c8adBFg1AMXvgRNoMSN1k-C7hs4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 16 May 2024 11:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:94:33:12:c7:09:40:de:bc:e3:12:f0:d9:a5:4a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=73c69d04583500c5ef81136831237593e0bb86ce
        Validity
            Not Before: Jan  1 04:29:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f448580cb60fba14833baf293cca8401cb9bc12f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:35:8f:77:b3:62:e0:0d:55:6a:9e:18:5b:41:
                    7a:4a:60:aa:0e:1c:72:92:54:8e:93:82:bf:40:85:
                    6d:f0:8b:7a:4d:75:62:f2:a5:ea:40:f4:88:22:7f:
                    03:1f:4b:ed:68:91:b2:44:b9:12:6a:6c:e8:a2:cb:
                    7b:67:75:84:a8:7d:a3:eb:96:48:bc:4c:0d:87:00:
                    49:2d:43:72:fc:ff:f4:9b:40:6c:e2:db:f4:75:0d:
                    77:3f:63:b5:10:d1:59:24:29:5e:ac:71:fd:91:03:
                    4e:60:1a:2a:83:f1:1a:5f:38:25:74:26:0d:da:24:
                    50:7e:5e:28:3e:34:35:0c:52:ec:46:4a:95:6d:8b:
                    95:31:8d:c1:17:4b:e9:9a:f6:f0:11:f3:b5:d2:8e:
                    5b:eb:2e:45:97:d1:78:f3:04:8f:59:08:75:3f:24:
                    54:84:b6:86:5a:50:9a:7d:b1:e7:c3:66:5e:e8:99:
                    59:9e:98:2a:9e:de:99:a1:e6:8c:ef:b3:3e:29:81:
                    90:a5:04:4c:54:17:89:03:21:c2:9c:51:49:39:dc:
                    e1:ab:46:d6:0b:12:1f:a0:ca:ec:67:03:bb:6d:53:
                    46:04:63:65:04:8a:1a:7f:d1:46:8b:95:4b:ce:5e:
                    51:0e:86:e8:83:b1:e1:3a:81:6a:12:9b:0b:3d:37:
                    86:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:48:58:0C:B6:0F:BA:14:83:3B:AF:29:3C:CA:84:01:CB:9B:C1:2F
            X509v3 Authority Key Identifier:
                keyid:73:C6:9D:04:58:35:00:C5:EF:81:13:68:31:23:75:93:E0:BB:86:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8adBFg1AMXvgRNoMSN1k-C7hs4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/9EhYDLYPuhSDO68pPMqEAcubwS8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/c8adBFg1AMXvgRNoMSN1k-C7hs4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0d:2682:8000::/36

    Signature Algorithm: sha256WithRSAEncryption
         69:d8:71:92:88:87:dc:61:8f:32:52:1c:e9:d2:d8:91:21:41:
         58:b4:37:ba:02:f9:62:44:dc:34:25:6b:01:82:ac:86:b1:5a:
         51:f8:9a:e9:43:d3:bb:44:a5:ce:b8:6c:66:fe:9e:ca:b7:6b:
         9e:32:13:ff:7f:24:14:e8:94:c8:11:6d:5f:9a:0c:40:6f:32:
         d5:05:13:f8:2e:3f:1e:b4:95:f8:aa:b4:63:75:73:1d:21:fe:
         86:ca:25:bf:80:de:17:8d:ed:0b:66:a7:48:3f:bf:22:aa:35:
         c7:89:77:62:27:54:1e:8f:67:c9:f9:7b:9d:d5:8b:6b:72:00:
         e0:cd:8e:cc:6d:9b:87:26:b5:b7:53:dd:e6:00:6c:0b:d5:39:
         92:16:38:36:1b:bd:60:e8:a6:f3:59:de:67:38:83:74:b1:f7:
         9a:dd:d2:18:a9:ef:85:ca:51:a6:f5:d7:69:41:34:9e:3b:ee:
         6d:4f:85:4d:0c:15:68:24:a7:4a:6a:c0:de:01:27:d4:ab:00:
         6e:61:18:47:1e:c2:31:6e:2b:fe:1d:36:bd:fc:68:14:b8:d3:
         69:b6:b0:76:75:aa:83:69:ff:3c:f1:d8:af:47:99:4a:8d:b6:
         de:a2:51:9a:7e:23:06:07:ee:83:e8:02:c8:3f:f4:0a:39:43:
         49:a5:3f:b8
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzDSJQzEscJQN684xLw2aVKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDczYzY5ZDA0NTgzNTAwYzVlZjgxMTM2ODMxMjM3NTkzZTBi
Yjg2Y2UwHhcNMjQwMTAxMDQyOTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNDQ4NTgwY2I2MGZiYTE0ODMzYmFmMjkzY2NhODQwMWNiOWJjMTJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5TWPd7Ni4A1Vap4YW0F6SmCqDhxy
klSOk4K/QIVt8It6TXVi8qXqQPSIIn8DH0vtaJGyRLkSamzoost7Z3WEqH2j65ZI
vEwNhwBJLUNy/P/0m0Bs4tv0dQ13P2O1ENFZJClerHH9kQNOYBoqg/EaXzgldCYN
2iRQfl4oPjQ1DFLsRkqVbYuVMY3BF0vpmvbwEfO10o5b6y5Fl9F48wSPWQh1PyRU
hLaGWlCafbHnw2Ze6JlZnpgqnt6ZoeaM77M+KYGQpQRMVBeJAyHCnFFJOdzhq0bW
CxIfoMrsZwO7bVNGBGNlBIoaf9FGi5VLzl5RDobog7HhOoFqEpsLPTeGtQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFPRIWAy2D7oUgzuvKTzKhAHLm8EvMB8GA1UdIwQY
MBaAFHPGnQRYNQDF74ETaDEjdZPgu4bOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYzhhZEJGZzFBTVh2Z1JOb01TTjFrLUM3aHM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OC82ZjZjZTItZTZlZS00ZTJhLTkwNWQt
ZjljYjBhN2IyMDZjLzEvOUVoWURMWVB1aFNETzY4cFBNcUVBY3Vid1M4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OC82ZjZjZTItZTZlZS00ZTJhLTkwNWQtZjljYjBhN2IyMDZj
LzEvYzhhZEJGZzFBTVh2Z1JOb01TTjFrLUM3aHM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYEKg0mgoAw
DQYJKoZIhvcNAQELBQADggEBAGnYcZKIh9xhjzJSHOnS2JEhQVi0N7oC+WJE3DQl
awGCrIaxWlH4mulD07tEpc64bGb+nsq3a54yE/9/JBTolMgRbV+aDEBvMtUFE/gu
Px60lfiqtGN1cx0h/obKJb+A3heN7Qtmp0g/vyKqNceJd2InVB6PZ8n5e53Vi2ty
AODNjsxtm4cmtbdT3eYAbAvVOZIWODYbvWDopvNZ3mc4g3Sx95rd0hip74XKUab1
12lBNJ477m1PhU0MFWgkp0pqwN4BJ9SrAG5hGEcewjFuK/4dNr38aBS402m2sHZ1
qoNp/zzx2K9HmUqNtt6iUZp+IwYH7oPoAsg/9Ao5Q0mlP7g=
-----END CERTIFICATE-----