Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/5cd884-79f5-483d-904a-96fe1911d0b3/1/_gZvgrcbhT7pqUSAMvWDfM4TZkw.roa
File:                     _gZvgrcbhT7pqUSAMvWDfM4TZkw.roa (raw, json)
Hash identifier:          llqkjTfU8W83oQVdNP1ncT8aKzB/HDokFpSJJVJxjyg=
Subject key identifier:   FE:06:6F:82:B7:1B:85:3E:E9:A9:44:80:32:F5:83:7C:CE:13:66:4C
Certificate issuer:       /CN=ecb612e1f6b4d83f8a5d552cf3b60edd23bfe9f4
Certificate serial:       018CC5DC4C9CCB29D4FF3801B4AA5CBDA283
Authority key identifier: EC:B6:12:E1:F6:B4:D8:3F:8A:5D:55:2C:F3:B6:0E:DD:23:BF:E9:F4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7LYS4fa02D-KXVUs87YO3SO_6fQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/5cd884-79f5-483d-904a-96fe1911d0b3/1/_gZvgrcbhT7pqUSAMvWDfM4TZkw.roa
Signing time:             Mon 01 Jan 2024 16:29:58 +0000
ROA not before:           Mon 01 Jan 2024 16:29:58 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201057
IP address blocks:        2a03:e581:4::/48 maxlen: 48
                          2a03:e581::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/5cd884-79f5-483d-904a-96fe1911d0b3/1/7LYS4fa02D-KXVUs87YO3SO_6fQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/5cd884-79f5-483d-904a-96fe1911d0b3/1/7LYS4fa02D-KXVUs87YO3SO_6fQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7LYS4fa02D-KXVUs87YO3SO_6fQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 24 Jun 2024 15:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:4c:9c:cb:29:d4:ff:38:01:b4:aa:5c:bd:a2:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ecb612e1f6b4d83f8a5d552cf3b60edd23bfe9f4
        Validity
            Not Before: Jan  1 16:29:58 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fe066f82b71b853ee9a9448032f5837cce13664c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:c6:d3:42:f4:a9:73:3a:cd:13:10:34:d7:62:
                    d9:cc:d8:5a:3a:b0:12:7f:98:cc:83:e2:c2:dd:98:
                    19:49:f0:36:4a:64:15:bc:54:b7:3c:d0:23:ef:1f:
                    a1:76:ca:0a:c9:a2:56:98:79:f4:8a:19:2e:27:28:
                    bd:f6:24:91:a0:83:c4:38:d4:29:cf:72:f0:f7:82:
                    0c:39:58:de:94:b1:4b:63:6d:4d:ea:b4:66:b4:23:
                    bd:c5:d1:ba:a5:66:26:52:4d:f2:22:2d:a7:3c:16:
                    af:86:8e:e8:b4:8f:83:1b:84:b4:08:e9:19:74:bd:
                    fc:72:4c:b3:0c:7b:46:bd:ea:b3:9e:75:cb:95:a8:
                    59:cc:93:43:b7:23:6d:af:3a:84:94:e2:df:cc:1d:
                    50:be:20:32:49:91:d0:39:cb:97:bc:72:7e:78:56:
                    be:5e:31:0a:70:a1:4f:2e:55:ea:89:09:a9:b2:87:
                    09:09:e0:41:e7:3e:a8:09:94:f3:d7:65:46:ff:8d:
                    6e:ec:e2:64:8d:09:5c:8d:c3:f3:53:9a:cc:8c:71:
                    18:0a:6e:3a:de:f8:fa:aa:cd:4b:f9:8e:2e:08:27:
                    ca:02:e3:95:af:9e:a4:5b:a2:77:0a:bf:b4:4d:b0:
                    2c:7a:53:7a:e6:41:dc:07:83:f7:d5:6b:80:e2:4d:
                    75:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FE:06:6F:82:B7:1B:85:3E:E9:A9:44:80:32:F5:83:7C:CE:13:66:4C
            X509v3 Authority Key Identifier:
                keyid:EC:B6:12:E1:F6:B4:D8:3F:8A:5D:55:2C:F3:B6:0E:DD:23:BF:E9:F4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7LYS4fa02D-KXVUs87YO3SO_6fQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/5cd884-79f5-483d-904a-96fe1911d0b3/1/_gZvgrcbhT7pqUSAMvWDfM4TZkw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/5cd884-79f5-483d-904a-96fe1911d0b3/1/7LYS4fa02D-KXVUs87YO3SO_6fQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a03:e581::/48
                  2a03:e581:4::/48

    Signature Algorithm: sha256WithRSAEncryption
         8e:55:65:43:92:2a:b6:d6:38:9f:e5:67:35:e3:30:ac:37:de:
         5a:b6:49:b8:23:5b:80:ef:7a:83:ea:02:14:ae:40:8f:f8:74:
         97:96:5c:a2:10:df:05:0d:a5:d0:bd:8c:e8:2f:47:a2:47:b2:
         e9:ed:ec:dc:f7:e1:55:3d:02:25:b1:cc:b4:32:b4:9e:a5:7a:
         77:c3:f7:1e:fe:38:46:d0:4c:dc:b4:f2:2e:ce:f8:17:d4:38:
         e9:c1:3b:c8:10:81:bf:3d:84:90:27:ce:3c:29:af:4a:25:cf:
         10:fb:52:d3:cd:c1:3d:c5:fe:93:89:d2:ac:5c:9c:c8:9d:9c:
         0b:1f:7c:ec:f1:ea:a6:33:f9:d0:16:fa:91:8b:10:14:9d:f3:
         64:43:e6:c8:64:6b:36:37:80:cf:ac:85:f9:bd:82:58:50:43:
         50:cc:bc:a6:4f:e5:e3:bf:7c:7b:8f:0e:a7:55:7a:f7:4d:69:
         03:80:d9:61:65:2b:84:e1:72:1a:28:62:61:57:88:a5:8e:ab:
         bf:dd:5e:1a:2d:04:80:c6:19:97:68:30:a4:c9:48:1e:1e:c8:
         28:65:3b:53:6f:c6:89:80:a7:3d:bb:76:3b:7f:92:28:9e:b7:
         ca:a5:f8:7d:e4:5c:a8:c6:32:92:4b:a1:79:af:ca:65:83:ad:
         a2:23:1d:4a
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzF3EycyynU/zgBtKpcvaKDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVjYjYxMmUxZjZiNGQ4M2Y4YTVkNTUyY2YzYjYwZWRkMjNi
ZmU5ZjQwHhcNMjQwMTAxMTYyOTU4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZTA2NmY4MmI3MWI4NTNlZTlhOTQ0ODAzMmY1ODM3Y2NlMTM2NjRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvcbTQvSpczrNExA012LZzNhaOrAS
f5jMg+LC3ZgZSfA2SmQVvFS3PNAj7x+hdsoKyaJWmHn0ihkuJyi99iSRoIPEONQp
z3Lw94IMOVjelLFLY21N6rRmtCO9xdG6pWYmUk3yIi2nPBavho7otI+DG4S0COkZ
dL38ckyzDHtGveqznnXLlahZzJNDtyNtrzqElOLfzB1QviAySZHQOcuXvHJ+eFa+
XjEKcKFPLlXqiQmpsocJCeBB5z6oCZTz12VG/41u7OJkjQlcjcPzU5rMjHEYCm46
3vj6qs1L+Y4uCCfKAuOVr56kW6J3Cr+0TbAselN65kHcB4P31WuA4k116wIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFP4Gb4K3G4U+6alEgDL1g3zOE2ZMMB8GA1UdIwQY
MBaAFOy2EuH2tNg/il1VLPO2Dt0jv+n0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN0xZUzRmYTAyRC1LWFZVczg3WU8zU09fNmZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS81Y2Q4ODQtNzlmNS00ODNkLTkwNGEt
OTZmZTE5MTFkMGIzLzEvX2dadmdyY2JoVDdwcVVTQU12V0RmTTRUWmt3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS81Y2Q4ODQtNzlmNS00ODNkLTkwNGEtOTZmZTE5MTFkMGIz
LzEvN0xZUzRmYTAyRC1LWFZVczg3WU8zU09fNmZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcAKgPlgQAA
AwcAKgPlgQAEMA0GCSqGSIb3DQEBCwUAA4IBAQCOVWVDkiq21jif5Wc14zCsN95a
tkm4I1uA73qD6gIUrkCP+HSXllyiEN8FDaXQvYzoL0eiR7Lp7ezc9+FVPQIlscy0
MrSepXp3w/ce/jhG0EzctPIuzvgX1DjpwTvIEIG/PYSQJ848Ka9KJc8Q+1LTzcE9
xf6TidKsXJzInZwLH3zs8eqmM/nQFvqRixAUnfNkQ+bIZGs2N4DPrIX5vYJYUENQ
zLymT+Xjv3x7jw6nVXr3TWkDgNlhZSuE4XIaKGJhV4iljqu/3V4aLQSAxhmXaDCk
yUgeHsgoZTtTb8aJgKc9u3Y7f5IonrfKpfh95FyoxjKSS6F5r8plg62iIx1K
-----END CERTIFICATE-----