Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/L9qLb3GezwTSpxk2mBY5gudx7T4.roa
File:                     L9qLb3GezwTSpxk2mBY5gudx7T4.roa (raw, json)
Hash identifier:          9IiBDKYYUm+IEawI6OQ+Iuvh2nJnWhdgeKpXQsHn+NI=
Subject key identifier:   2F:DA:8B:6F:71:9E:CF:04:D2:A7:19:36:98:16:39:82:E7:71:ED:3E
Certificate issuer:       /CN=73c69d04583500c5ef81136831237593e0bb86ce
Certificate serial:       018CC348981C26F1B86DECDB26E79D6237C3
Authority key identifier: 73:C6:9D:04:58:35:00:C5:EF:81:13:68:31:23:75:93:E0:BB:86:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/c8adBFg1AMXvgRNoMSN1k-C7hs4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/L9qLb3GezwTSpxk2mBY5gudx7T4.roa
Signing time:             Mon 01 Jan 2024 04:29:23 +0000
ROA not before:           Mon 01 Jan 2024 04:29:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211481
IP address blocks:        2a0d:2686::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/c8adBFg1AMXvgRNoMSN1k-C7hs4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/c8adBFg1AMXvgRNoMSN1k-C7hs4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/c8adBFg1AMXvgRNoMSN1k-C7hs4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 16 May 2024 11:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:98:1c:26:f1:b8:6d:ec:db:26:e7:9d:62:37:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=73c69d04583500c5ef81136831237593e0bb86ce
        Validity
            Not Before: Jan  1 04:29:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2fda8b6f719ecf04d2a7193698163982e771ed3e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:03:36:ef:00:fd:a0:18:79:0f:1c:a1:c9:82:
                    13:95:ec:4c:10:8e:9d:d1:89:7c:4b:b7:d0:dd:bc:
                    43:31:10:52:73:05:03:11:6e:d1:5c:e4:d5:9b:2e:
                    54:eb:ef:5d:9b:d9:ad:dd:32:ad:3d:3b:8f:43:3d:
                    d5:97:1a:e1:74:d1:1c:e3:e7:ec:b9:00:31:a2:53:
                    7f:42:63:c4:3a:26:11:b7:7d:21:c3:29:ad:b8:9f:
                    73:a5:84:3f:83:01:47:d6:eb:a3:bc:4f:4f:9f:45:
                    ea:01:eb:83:96:6a:2c:25:37:c6:bd:39:5a:a6:5b:
                    6f:ec:86:7d:c4:2d:6a:e6:12:77:8c:98:a5:d5:98:
                    42:e6:96:da:9b:e1:4c:fe:19:d5:cc:82:b9:c6:1b:
                    6e:a0:12:47:b9:a2:4c:1d:48:7c:70:66:e7:61:91:
                    06:db:37:0e:1e:43:1a:22:67:a5:f7:3f:75:e8:70:
                    71:9d:57:7b:64:c2:49:ce:a8:1f:5e:0b:06:03:0f:
                    95:b0:02:c1:6a:f0:c2:70:46:60:06:d3:4e:0e:69:
                    9d:49:b7:a1:9a:73:6b:95:ee:fc:e9:f0:1c:37:a8:
                    83:fd:df:8d:22:02:ca:33:51:2e:df:74:3d:ac:e8:
                    cc:61:a4:ee:a9:f5:10:82:72:fd:f2:5e:96:72:e5:
                    17:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:DA:8B:6F:71:9E:CF:04:D2:A7:19:36:98:16:39:82:E7:71:ED:3E
            X509v3 Authority Key Identifier:
                keyid:73:C6:9D:04:58:35:00:C5:EF:81:13:68:31:23:75:93:E0:BB:86:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8adBFg1AMXvgRNoMSN1k-C7hs4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/L9qLb3GezwTSpxk2mBY5gudx7T4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/c8adBFg1AMXvgRNoMSN1k-C7hs4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0d:2686::/32

    Signature Algorithm: sha256WithRSAEncryption
         2a:e2:a1:85:5d:54:3d:a6:e5:a5:f4:42:a5:9c:55:d0:f8:ad:
         75:fe:68:ea:e4:6f:b7:27:d2:25:b6:ae:a7:25:9c:02:fa:87:
         b0:8d:46:46:7d:18:de:b7:f3:15:89:b5:05:e5:06:47:c1:17:
         25:ea:a7:dd:b8:29:f8:d8:91:e4:10:95:64:34:bc:00:6c:fe:
         42:ba:e6:39:e0:95:5f:74:2b:98:66:43:94:17:a1:36:d6:2b:
         91:28:47:73:5d:8b:1b:74:9d:17:b4:30:b2:17:6b:0e:42:d2:
         2a:c4:3f:7d:d0:03:ab:77:11:3b:d0:d6:17:0c:71:c6:7c:4e:
         a6:b9:27:f5:cf:0e:75:dd:cc:0c:94:aa:f0:a3:94:38:ce:d3:
         1b:67:93:4f:1d:c4:d7:51:66:89:ee:3b:a9:89:bd:7d:23:27:
         4a:cf:1a:db:d8:7d:b5:d5:52:2a:5f:58:c5:3f:e7:aa:b6:68:
         00:c5:d3:fd:79:38:2c:5f:62:64:3f:e4:0c:96:5e:11:cf:dd:
         bf:23:73:92:83:d9:73:d0:5d:1a:73:33:33:8d:00:dd:67:ba:
         c2:c9:02:29:d4:91:73:59:03:52:2f:ab:fd:c2:91:05:a5:8c:
         dd:59:5e:36:ef:ae:76:54:2d:f7:35:0e:72:4b:74:ad:d1:26:
         5d:15:6b:82
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzDSJgcJvG4bezbJuedYjfDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDczYzY5ZDA0NTgzNTAwYzVlZjgxMTM2ODMxMjM3NTkzZTBi
Yjg2Y2UwHhcNMjQwMTAxMDQyOTIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZmRhOGI2ZjcxOWVjZjA0ZDJhNzE5MzY5ODE2Mzk4MmU3NzFlZDNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmgM27wD9oBh5DxyhyYITlexMEI6d
0Yl8S7fQ3bxDMRBScwUDEW7RXOTVmy5U6+9dm9mt3TKtPTuPQz3VlxrhdNEc4+fs
uQAxolN/QmPEOiYRt30hwymtuJ9zpYQ/gwFH1uujvE9Pn0XqAeuDlmosJTfGvTla
pltv7IZ9xC1q5hJ3jJil1ZhC5pbam+FM/hnVzIK5xhtuoBJHuaJMHUh8cGbnYZEG
2zcOHkMaImel9z916HBxnVd7ZMJJzqgfXgsGAw+VsALBavDCcEZgBtNODmmdSbeh
mnNrle786fAcN6iD/d+NIgLKM1Eu33Q9rOjMYaTuqfUQgnL98l6WcuUXbQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFC/ai29xns8E0qcZNpgWOYLnce0+MB8GA1UdIwQY
MBaAFHPGnQRYNQDF74ETaDEjdZPgu4bOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYzhhZEJGZzFBTVh2Z1JOb01TTjFrLUM3aHM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OC82ZjZjZTItZTZlZS00ZTJhLTkwNWQt
ZjljYjBhN2IyMDZjLzEvTDlxTGIzR2V6d1RTcHhrMm1CWTVndWR4N1Q0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OC82ZjZjZTItZTZlZS00ZTJhLTkwNWQtZjljYjBhN2IyMDZj
LzEvYzhhZEJGZzFBTVh2Z1JOb01TTjFrLUM3aHM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKg0mhjAN
BgkqhkiG9w0BAQsFAAOCAQEAKuKhhV1UPablpfRCpZxV0Pitdf5o6uRvtyfSJbau
pyWcAvqHsI1GRn0Y3rfzFYm1BeUGR8EXJeqn3bgp+NiR5BCVZDS8AGz+QrrmOeCV
X3QrmGZDlBehNtYrkShHc12LG3SdF7QwshdrDkLSKsQ/fdADq3cRO9DWFwxxxnxO
prkn9c8Odd3MDJSq8KOUOM7TG2eTTx3E11Fmie47qYm9fSMnSs8a29h9tdVSKl9Y
xT/nqrZoAMXT/Xk4LF9iZD/kDJZeEc/dvyNzkoPZc9BdGnMzM40A3We6wskCKdSR
c1kDUi+r/cKRBaWM3VleNu+udlQt9zUOckt0rdEmXRVrgg==
-----END CERTIFICATE-----