Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/g0lD6suxTAhb_oZKcVOYpqRHsZo.roa
File:                     g0lD6suxTAhb_oZKcVOYpqRHsZo.roa (raw, json)
Hash identifier:          PNG2Z8h3icc8NmR4of2VZ5LOSk4WzH6UAMnQmQTYs1g=
Subject key identifier:   83:49:43:EA:CB:B1:4C:08:5B:FE:86:4A:71:53:98:A6:A4:47:B1:9A
Certificate issuer:       /CN=73c69d04583500c5ef81136831237593e0bb86ce
Certificate serial:       018CC348904218B25DEDA811F41DD518E72E
Authority key identifier: 73:C6:9D:04:58:35:00:C5:EF:81:13:68:31:23:75:93:E0:BB:86:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/c8adBFg1AMXvgRNoMSN1k-C7hs4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/g0lD6suxTAhb_oZKcVOYpqRHsZo.roa
Signing time:             Mon 01 Jan 2024 04:29:21 +0000
ROA not before:           Mon 01 Jan 2024 04:29:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     124345
IP address blocks:        2a0d:2685:a000::/36 maxlen: 36

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/c8adBFg1AMXvgRNoMSN1k-C7hs4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/c8adBFg1AMXvgRNoMSN1k-C7hs4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/c8adBFg1AMXvgRNoMSN1k-C7hs4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 16 May 2024 11:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:90:42:18:b2:5d:ed:a8:11:f4:1d:d5:18:e7:2e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=73c69d04583500c5ef81136831237593e0bb86ce
        Validity
            Not Before: Jan  1 04:29:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=834943eacbb14c085bfe864a715398a6a447b19a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:12:51:74:98:76:33:32:6c:58:a8:b1:c2:ae:
                    73:21:3c:4b:01:09:66:8b:0a:41:2b:b1:a0:68:1e:
                    f5:c9:1e:36:3f:c8:42:ec:5b:23:29:22:9d:87:8d:
                    ca:bf:93:e1:3e:2e:c9:d5:79:fa:e1:dc:26:92:25:
                    44:16:d3:04:7f:18:40:ce:d0:8a:c8:6b:d7:8a:3c:
                    15:6b:84:43:ed:f8:f7:e9:f0:bd:bf:0e:a5:da:57:
                    38:5c:b8:88:42:be:1f:0a:29:dc:02:c9:54:91:1d:
                    18:5a:36:d0:b1:f0:6e:71:82:b8:4d:d2:57:33:e4:
                    77:c8:a9:a6:dd:69:9f:b1:71:b4:cb:a2:5c:69:4d:
                    c6:12:91:b1:c2:8c:62:f2:6c:7c:0e:31:25:c5:d6:
                    83:75:24:a5:51:8c:a4:03:85:e3:42:2d:1c:d2:7b:
                    c4:15:3b:18:46:bb:9c:cb:bb:ec:e1:56:2b:95:58:
                    5c:e0:c2:d3:44:7d:e3:fe:27:9a:f4:10:f6:eb:fd:
                    1b:a2:cb:ee:5a:8c:0f:39:c0:97:12:cb:24:89:ff:
                    1a:8e:02:b3:47:88:90:4a:57:ef:a2:e4:10:7b:6f:
                    7f:b8:65:a5:bd:7b:ab:2c:ae:21:30:b1:ee:67:e6:
                    d3:a1:e5:56:c9:9d:e4:91:a0:e8:2f:bf:26:17:0a:
                    55:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:49:43:EA:CB:B1:4C:08:5B:FE:86:4A:71:53:98:A6:A4:47:B1:9A
            X509v3 Authority Key Identifier:
                keyid:73:C6:9D:04:58:35:00:C5:EF:81:13:68:31:23:75:93:E0:BB:86:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8adBFg1AMXvgRNoMSN1k-C7hs4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/g0lD6suxTAhb_oZKcVOYpqRHsZo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/c8adBFg1AMXvgRNoMSN1k-C7hs4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0d:2685:a000::/36

    Signature Algorithm: sha256WithRSAEncryption
         36:82:ca:13:28:28:aa:8d:eb:d3:c2:fe:4b:68:f2:04:1a:ce:
         af:2d:1e:b2:12:1c:0b:59:2b:6c:25:a9:e4:6f:85:8d:47:b0:
         ac:c8:b3:5c:40:3b:ad:d1:e2:ec:4c:9e:ae:3f:cc:c1:e8:a9:
         ff:3e:d9:4b:99:22:17:3b:9c:aa:a4:1f:3d:e6:e7:a2:ac:76:
         55:b1:fc:4a:a4:6c:5a:e7:d9:f8:70:35:1a:37:c9:a9:42:25:
         11:0f:41:6a:6e:38:a5:da:05:83:7e:4b:d2:27:6a:23:15:d3:
         6d:4f:ae:d4:56:da:e1:1c:31:e3:3c:8b:ed:de:b1:72:9c:a8:
         00:e4:29:9f:35:41:8c:b6:4c:1d:a6:30:ff:38:af:e6:e0:b6:
         db:3d:03:e5:57:84:40:f9:c3:85:5e:58:0d:06:e6:f0:cb:e3:
         58:86:cb:bc:f1:8f:66:23:e3:3a:03:a2:1b:1e:f7:8e:2b:dc:
         91:b4:d5:90:85:7d:c0:be:da:c1:8b:85:66:ce:f1:a5:3c:28:
         71:96:b4:0d:8f:87:4f:11:d6:36:46:fb:55:60:ef:69:d4:40:
         1b:3d:8a:fa:0d:4a:49:f4:0a:ba:11:a4:c4:12:2f:d8:a7:fd:
         66:d9:8a:68:19:19:ac:79:50:6e:ee:4e:e4:08:35:52:3f:2e:
         28:02:d1:f4
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzDSJBCGLJd7agR9B3VGOcuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDczYzY5ZDA0NTgzNTAwYzVlZjgxMTM2ODMxMjM3NTkzZTBi
Yjg2Y2UwHhcNMjQwMTAxMDQyOTIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MzQ5NDNlYWNiYjE0YzA4NWJmZTg2NGE3MTUzOThhNmE0NDdiMTlhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAghJRdJh2MzJsWKixwq5zITxLAQlm
iwpBK7GgaB71yR42P8hC7FsjKSKdh43Kv5PhPi7J1Xn64dwmkiVEFtMEfxhAztCK
yGvXijwVa4RD7fj36fC9vw6l2lc4XLiIQr4fCincAslUkR0YWjbQsfBucYK4TdJX
M+R3yKmm3WmfsXG0y6JcaU3GEpGxwoxi8mx8DjElxdaDdSSlUYykA4XjQi0c0nvE
FTsYRrucy7vs4VYrlVhc4MLTRH3j/iea9BD26/0bosvuWowPOcCXEsskif8ajgKz
R4iQSlfvouQQe29/uGWlvXurLK4hMLHuZ+bToeVWyZ3kkaDoL78mFwpVUQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFINJQ+rLsUwIW/6GSnFTmKakR7GaMB8GA1UdIwQY
MBaAFHPGnQRYNQDF74ETaDEjdZPgu4bOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYzhhZEJGZzFBTVh2Z1JOb01TTjFrLUM3aHM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OC82ZjZjZTItZTZlZS00ZTJhLTkwNWQt
ZjljYjBhN2IyMDZjLzEvZzBsRDZzdXhUQWhiX29aS2NWT1lwcVJIc1pvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OC82ZjZjZTItZTZlZS00ZTJhLTkwNWQtZjljYjBhN2IyMDZj
LzEvYzhhZEJGZzFBTVh2Z1JOb01TTjFrLUM3aHM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYEKg0mhaAw
DQYJKoZIhvcNAQELBQADggEBADaCyhMoKKqN69PC/kto8gQazq8tHrISHAtZK2wl
qeRvhY1HsKzIs1xAO63R4uxMnq4/zMHoqf8+2UuZIhc7nKqkHz3m56KsdlWx/Eqk
bFrn2fhwNRo3yalCJREPQWpuOKXaBYN+S9InaiMV021PrtRW2uEcMeM8i+3esXKc
qADkKZ81QYy2TB2mMP84r+bgtts9A+VXhED5w4VeWA0G5vDL41iGy7zxj2Yj4zoD
ohse944r3JG01ZCFfcC+2sGLhWbO8aU8KHGWtA2Ph08R1jZG+1Vg72nUQBs9ivoN
Skn0CroRpMQSL9in/WbZimgZGax5UG7uTuQINVI/LigC0fQ=
-----END CERTIFICATE-----