Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/cjaEZN9lSYmmhEbXEAnK-htXmhk.roa
File:                     cjaEZN9lSYmmhEbXEAnK-htXmhk.roa (raw, json)
Hash identifier:          tf9IcUJG4QPdi1x49xwCmraje6dOd9tNmSUKTZBLCuo=
Subject key identifier:   72:36:84:64:DF:65:49:89:A6:84:46:D7:10:09:CA:FA:1B:57:9A:19
Certificate issuer:       /CN=b155009c3de421cc4e67b9a9ae423bb35de0b926
Certificate serial:       018CC86FA4084AA04BE1BF0F102265CF0C4E
Authority key identifier: B1:55:00:9C:3D:E4:21:CC:4E:67:B9:A9:AE:42:3B:B3:5D:E0:B9:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sVUAnD3kIcxOZ7mprkI7s13guSY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/cjaEZN9lSYmmhEbXEAnK-htXmhk.roa
Signing time:             Tue 02 Jan 2024 04:30:08 +0000
ROA not before:           Tue 02 Jan 2024 04:30:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20473
IP address blocks:        2a0f:f42::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/sVUAnD3kIcxOZ7mprkI7s13guSY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/sVUAnD3kIcxOZ7mprkI7s13guSY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sVUAnD3kIcxOZ7mprkI7s13guSY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 08 May 2024 11:00:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:a4:08:4a:a0:4b:e1:bf:0f:10:22:65:cf:0c:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b155009c3de421cc4e67b9a9ae423bb35de0b926
        Validity
            Not Before: Jan  2 04:30:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=72368464df654989a68446d71009cafa1b579a19
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:e0:ef:05:11:9f:a1:45:ca:a6:10:dc:fd:93:
                    ff:2c:42:9f:b8:96:59:45:b5:4d:5e:73:d6:55:0a:
                    62:83:2d:b6:64:d2:ce:29:a7:b0:41:64:88:dd:c0:
                    06:05:4a:ec:98:92:48:45:de:ba:a6:33:1c:13:cb:
                    4d:f9:91:b6:10:1e:b4:d8:6e:4a:57:9e:50:e1:89:
                    b3:33:87:35:a4:4b:b3:d5:40:d7:5e:a2:1a:84:d8:
                    42:5b:e4:a8:8c:bf:ff:15:d5:87:c2:ef:cd:5d:37:
                    55:7f:c6:cc:64:5d:ab:32:04:1e:ff:70:41:7f:fe:
                    9c:c5:a3:9f:e5:87:2b:e3:a3:9f:16:a0:ca:f9:2a:
                    bc:48:14:2e:42:90:c3:b5:18:d4:d4:67:6e:cb:b6:
                    d1:9c:3d:73:0a:3a:76:9f:6c:5a:35:4a:ef:4f:b4:
                    ba:25:7e:75:83:56:74:ef:87:4f:8f:d1:7e:59:de:
                    be:eb:4c:61:b1:a7:b7:63:82:92:d3:e4:c8:79:98:
                    7c:86:28:29:85:cd:3b:49:57:3b:2a:21:0e:e8:25:
                    71:ef:d5:ac:67:f6:93:60:d7:26:5e:81:59:52:95:
                    1d:fc:73:b4:14:71:0f:dc:27:e8:16:ed:17:92:4c:
                    1b:11:dc:0f:ef:0a:b1:db:53:61:e6:f6:73:89:e2:
                    75:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:36:84:64:DF:65:49:89:A6:84:46:D7:10:09:CA:FA:1B:57:9A:19
            X509v3 Authority Key Identifier:
                keyid:B1:55:00:9C:3D:E4:21:CC:4E:67:B9:A9:AE:42:3B:B3:5D:E0:B9:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sVUAnD3kIcxOZ7mprkI7s13guSY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/cjaEZN9lSYmmhEbXEAnK-htXmhk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/sVUAnD3kIcxOZ7mprkI7s13guSY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:f42::/32

    Signature Algorithm: sha256WithRSAEncryption
         9d:d2:98:46:e8:75:f0:25:eb:c6:79:d0:72:02:de:b6:30:f1:
         62:dd:40:8f:bd:8c:cf:60:bf:51:45:cd:b8:bd:6d:06:a1:ed:
         05:a5:12:4d:88:60:9f:12:6e:aa:53:56:da:2c:04:8c:69:f7:
         97:37:7c:35:e3:31:ef:ee:f5:6d:1a:e4:f2:2e:d6:ae:14:17:
         dd:ab:07:69:1c:6c:ab:01:7e:8e:4d:96:19:95:d0:12:25:17:
         31:fd:9e:a4:62:34:40:ee:3c:00:f0:48:92:39:4d:31:04:10:
         8c:9e:50:7e:f0:63:a1:fb:1d:e3:1a:1c:62:b3:b9:35:53:22:
         2b:79:95:26:0f:ac:36:e1:0c:a4:6e:03:8f:ae:14:5d:96:7d:
         86:9d:a3:15:d6:f5:60:3e:ba:55:9c:f6:53:6e:89:d6:34:ac:
         52:e7:25:44:9b:a1:ce:2a:fe:d0:c6:bf:6d:89:ce:b2:1a:6f:
         2c:ad:54:d5:15:ce:db:4e:90:d8:c5:a8:ef:26:5d:55:39:08:
         40:f3:ee:a4:55:f8:5f:a5:2d:25:86:a8:7e:b2:20:44:2e:c8:
         87:ed:5c:c8:bf:a1:30:4b:de:05:f3:cf:1b:67:83:3d:ac:8f:
         8b:10:72:f9:29:f1:77:11:f8:02:29:35:ad:29:a9:44:3b:89:
         35:38:44:f2
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzIb6QISqBL4b8PECJlzwxOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxNTUwMDljM2RlNDIxY2M0ZTY3YjlhOWFlNDIzYmIzNWRl
MGI5MjYwHhcNMjQwMTAyMDQzMDA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MjM2ODQ2NGRmNjU0OTg5YTY4NDQ2ZDcxMDA5Y2FmYTFiNTc5YTE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAluDvBRGfoUXKphDc/ZP/LEKfuJZZ
RbVNXnPWVQpigy22ZNLOKaewQWSI3cAGBUrsmJJIRd66pjMcE8tN+ZG2EB602G5K
V55Q4YmzM4c1pEuz1UDXXqIahNhCW+SojL//FdWHwu/NXTdVf8bMZF2rMgQe/3BB
f/6cxaOf5Ycr46OfFqDK+Sq8SBQuQpDDtRjU1Gduy7bRnD1zCjp2n2xaNUrvT7S6
JX51g1Z074dPj9F+Wd6+60xhsae3Y4KS0+TIeZh8higphc07SVc7KiEO6CVx79Ws
Z/aTYNcmXoFZUpUd/HO0FHEP3CfoFu0XkkwbEdwP7wqx21Nh5vZzieJ13wIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFHI2hGTfZUmJpoRG1xAJyvobV5oZMB8GA1UdIwQY
MBaAFLFVAJw95CHMTme5qa5CO7Nd4LkmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc1ZVQW5EM2tJY3hPWjdtcHJrSTdzMTNndVNZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMC9kZTkwMmMtM2QxMy00N2QxLWE1ZTYt
NzM4NTZhZjQ5ZjNlLzEvY2phRVpOOWxTWW1taEViWEVBbkstaHRYbWhrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMC9kZTkwMmMtM2QxMy00N2QxLWE1ZTYtNzM4NTZhZjQ5ZjNl
LzEvc1ZVQW5EM2tJY3hPWjdtcHJrSTdzMTNndVNZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKg8PQjAN
BgkqhkiG9w0BAQsFAAOCAQEAndKYRuh18CXrxnnQcgLetjDxYt1Aj72Mz2C/UUXN
uL1tBqHtBaUSTYhgnxJuqlNW2iwEjGn3lzd8NeMx7+71bRrk8i7WrhQX3asHaRxs
qwF+jk2WGZXQEiUXMf2epGI0QO48APBIkjlNMQQQjJ5QfvBjofsd4xocYrO5NVMi
K3mVJg+sNuEMpG4Dj64UXZZ9hp2jFdb1YD66VZz2U26J1jSsUuclRJuhzir+0Ma/
bYnOshpvLK1U1RXO206Q2MWo7yZdVTkIQPPupFX4X6UtJYaofrIgRC7Ih+1cyL+h
MEveBfPPG2eDPayPixBy+SnxdxH4Aik1rSmpRDuJNThE8g==
-----END CERTIFICATE-----