Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/226f04-f7db-491a-bafb-ee435d3cd585/1/A9cfoTj5scl1-L1zv7ze_uLr7jc.roa
File:                     A9cfoTj5scl1-L1zv7ze_uLr7jc.roa (raw, json)
Hash identifier:          RIOgl9XoMQ0TY81LjpTT29K7Jn7mAOs+YULH/9fHdGk=
Subject key identifier:   03:D7:1F:A1:38:F9:B1:C9:75:F8:BD:73:BF:BC:DE:FE:E2:EB:EE:37
Certificate issuer:       /CN=0ef5cb2f590d041654f4dfdb60a28f9a1544f444
Certificate serial:       018CC79339BC663E077C458775A516F7D1AB
Authority key identifier: 0E:F5:CB:2F:59:0D:04:16:54:F4:DF:DB:60:A2:8F:9A:15:44:F4:44
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DvXLL1kNBBZU9N_bYKKPmhVE9EQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/226f04-f7db-491a-bafb-ee435d3cd585/1/A9cfoTj5scl1-L1zv7ze_uLr7jc.roa
Signing time:             Tue 02 Jan 2024 00:29:23 +0000
ROA not before:           Tue 02 Jan 2024 00:29:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     10929
IP address blocks:        2a02:c6c1:1::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/226f04-f7db-491a-bafb-ee435d3cd585/1/DvXLL1kNBBZU9N_bYKKPmhVE9EQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/226f04-f7db-491a-bafb-ee435d3cd585/1/DvXLL1kNBBZU9N_bYKKPmhVE9EQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DvXLL1kNBBZU9N_bYKKPmhVE9EQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 May 2024 08:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:93:39:bc:66:3e:07:7c:45:87:75:a5:16:f7:d1:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ef5cb2f590d041654f4dfdb60a28f9a1544f444
        Validity
            Not Before: Jan  2 00:29:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=03d71fa138f9b1c975f8bd73bfbcdefee2ebee37
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:21:be:9f:57:6c:77:0c:f4:3b:59:8f:3a:18:
                    b2:a7:3e:0e:0c:c9:55:84:97:92:16:43:f3:64:3e:
                    f8:63:83:72:4c:2b:45:c8:37:81:fb:dc:f0:f9:1c:
                    2c:3b:43:6f:fb:7b:dd:69:ac:af:6f:d3:1c:4b:d0:
                    cd:19:04:86:c7:2c:79:c1:9b:0b:fd:90:7d:23:16:
                    40:a2:77:fa:c5:6e:d3:c0:a7:4f:f2:a8:0c:d6:12:
                    3f:59:68:25:fa:a5:e4:82:97:99:1e:fa:f1:12:c8:
                    0b:88:5c:9c:b8:be:e6:ac:b4:f7:ab:5c:92:39:57:
                    5b:d8:06:67:1f:2f:4f:59:3b:20:13:1e:bf:e7:51:
                    af:2c:76:f9:51:b9:90:82:f3:cb:98:c1:f7:dc:1f:
                    02:8f:2c:4c:fc:da:a8:dc:4f:ac:51:76:9d:55:63:
                    4b:2e:d8:cb:84:45:03:66:4e:00:6e:6f:ff:b7:fb:
                    de:5c:69:02:a5:fc:1d:ac:21:cf:d5:62:19:07:3f:
                    90:4f:1d:99:a9:b0:ff:a4:2c:16:dc:c1:82:45:23:
                    c2:06:97:24:e3:72:b9:10:f2:45:90:d3:6d:a1:60:
                    cc:48:99:03:2a:9b:db:f1:19:ea:27:ee:3d:8a:61:
                    30:1c:0e:2d:85:4d:2c:5f:23:5e:a4:af:1b:dc:3e:
                    63:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:D7:1F:A1:38:F9:B1:C9:75:F8:BD:73:BF:BC:DE:FE:E2:EB:EE:37
            X509v3 Authority Key Identifier:
                keyid:0E:F5:CB:2F:59:0D:04:16:54:F4:DF:DB:60:A2:8F:9A:15:44:F4:44

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DvXLL1kNBBZU9N_bYKKPmhVE9EQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/226f04-f7db-491a-bafb-ee435d3cd585/1/A9cfoTj5scl1-L1zv7ze_uLr7jc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/226f04-f7db-491a-bafb-ee435d3cd585/1/DvXLL1kNBBZU9N_bYKKPmhVE9EQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a02:c6c1:1::/48

    Signature Algorithm: sha256WithRSAEncryption
         94:c7:94:c0:b1:4c:a9:a9:07:df:b1:a0:7b:de:ef:6c:7e:b0:
         57:b4:fd:eb:fd:50:f3:bf:a9:d4:b1:87:70:eb:49:75:b0:83:
         0b:b8:c8:39:27:9d:9d:b8:5a:ef:1a:1d:27:23:72:51:84:f6:
         af:f6:2f:4f:52:72:3f:2c:ac:ea:4d:9b:7c:45:1c:61:d7:a8:
         d0:d6:d8:37:e8:2a:e4:e7:b8:89:49:2c:8b:30:a6:04:bd:03:
         2d:bc:c9:71:b6:f3:8c:c7:0b:ad:8c:ad:54:4d:b6:a1:04:7d:
         10:14:39:9e:2b:c1:66:ef:ff:c0:35:ed:4b:71:01:9f:f5:d3:
         39:ca:e4:79:eb:d9:aa:b4:3a:a8:13:19:cf:c7:12:9d:63:04:
         7e:92:d2:ec:62:a1:95:b5:8b:bc:36:c7:cd:9a:ab:16:44:61:
         d3:80:d7:ef:6c:19:da:9b:a1:1d:32:ea:c9:e6:88:35:3c:54:
         ea:dd:48:e6:db:01:f6:15:d9:e3:51:ec:26:6e:0d:3d:c9:c4:
         c5:2a:cc:a1:f0:a0:54:8d:d4:5e:a1:2a:ac:57:0e:f1:a1:ed:
         d2:4a:52:65:c7:5b:04:7b:63:18:a5:87:eb:72:d8:6b:07:73:
         9c:f0:8c:f9:91:5f:57:36:70:d0:46:65:00:4f:4f:4d:df:c7:
         fa:b9:14:df
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzHkzm8Zj4HfEWHdaUW99GrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBlZjVjYjJmNTkwZDA0MTY1NGY0ZGZkYjYwYTI4ZjlhMTU0
NGY0NDQwHhcNMjQwMTAyMDAyOTIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwM2Q3MWZhMTM4ZjliMWM5NzVmOGJkNzNiZmJjZGVmZWUyZWJlZTM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkiG+n1dsdwz0O1mPOhiypz4ODMlV
hJeSFkPzZD74Y4NyTCtFyDeB+9zw+RwsO0Nv+3vdaayvb9McS9DNGQSGxyx5wZsL
/ZB9IxZAonf6xW7TwKdP8qgM1hI/WWgl+qXkgpeZHvrxEsgLiFycuL7mrLT3q1yS
OVdb2AZnHy9PWTsgEx6/51GvLHb5UbmQgvPLmMH33B8CjyxM/Nqo3E+sUXadVWNL
LtjLhEUDZk4Abm//t/veXGkCpfwdrCHP1WIZBz+QTx2ZqbD/pCwW3MGCRSPCBpck
43K5EPJFkNNtoWDMSJkDKpvb8RnqJ+49imEwHA4thU0sXyNepK8b3D5jxwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFAPXH6E4+bHJdfi9c7+83v7i6+43MB8GA1UdIwQY
MBaAFA71yy9ZDQQWVPTf22Cij5oVRPREMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRHZYTEwxa05CQlpVOU5fYllLS1BtaFZFOUVRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny8yMjZmMDQtZjdkYi00OTFhLWJhZmIt
ZWU0MzVkM2NkNTg1LzEvQTljZm9UajVzY2wxLUwxenY3emVfdUxyN2pjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny8yMjZmMDQtZjdkYi00OTFhLWJhZmItZWU0MzVkM2NkNTg1
LzEvRHZYTEwxa05CQlpVOU5fYllLS1BtaFZFOUVRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgLGwQAB
MA0GCSqGSIb3DQEBCwUAA4IBAQCUx5TAsUypqQffsaB73u9sfrBXtP3r/VDzv6nU
sYdw60l1sIMLuMg5J52duFrvGh0nI3JRhPav9i9PUnI/LKzqTZt8RRxh16jQ1tg3
6Crk57iJSSyLMKYEvQMtvMlxtvOMxwutjK1UTbahBH0QFDmeK8Fm7//ANe1LcQGf
9dM5yuR569mqtDqoExnPxxKdYwR+ktLsYqGVtYu8NsfNmqsWRGHTgNfvbBnam6Ed
MurJ5og1PFTq3Ujm2wH2FdnjUewmbg09ycTFKsyh8KBUjdReoSqsVw7xoe3SSlJl
x1sEe2MYpYfrcthrB3Oc8Iz5kV9XNnDQRmUAT09N38f6uRTf
-----END CERTIFICATE-----