Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/d4a89c-54b2-445b-bb7c-609a48b2b14d/1/Fo1e7Vz2i_vB7MwT4G1DyduBxFg.roa
File:                     Fo1e7Vz2i_vB7MwT4G1DyduBxFg.roa (raw, json)
Hash identifier:          Y+YYCTa/FuNm15qHMpcHf3haMADvy/vXftlayHGdCrE=
Subject key identifier:   16:8D:5E:ED:5C:F6:8B:FB:C1:EC:CC:13:E0:6D:43:C9:DB:81:C4:58
Certificate issuer:       /CN=387d6df7eb7542e0333aeedd14adff8f51f8cbd8
Certificate serial:       018D642B0599E29BC583C5849FEA5391608E
Authority key identifier: 38:7D:6D:F7:EB:75:42:E0:33:3A:EE:DD:14:AD:FF:8F:51:F8:CB:D8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OH1t9-t1QuAzOu7dFK3_j1H4y9g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/d4a89c-54b2-445b-bb7c-609a48b2b14d/1/Fo1e7Vz2i_vB7MwT4G1DyduBxFg.roa
Signing time:             Thu 01 Feb 2024 10:15:57 +0000
ROA not before:           Thu 01 Feb 2024 10:15:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51658
IP address blocks:        2a0a:d6c0:1::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/d4a89c-54b2-445b-bb7c-609a48b2b14d/1/OH1t9-t1QuAzOu7dFK3_j1H4y9g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/d4a89c-54b2-445b-bb7c-609a48b2b14d/1/OH1t9-t1QuAzOu7dFK3_j1H4y9g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OH1t9-t1QuAzOu7dFK3_j1H4y9g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 05 Jul 2024 08:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:64:2b:05:99:e2:9b:c5:83:c5:84:9f:ea:53:91:60:8e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=387d6df7eb7542e0333aeedd14adff8f51f8cbd8
        Validity
            Not Before: Feb  1 10:15:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=168d5eed5cf68bfbc1eccc13e06d43c9db81c458
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:f9:55:a6:fb:ae:23:c9:fd:b5:9f:ac:76:81:
                    25:77:9a:29:61:1b:e4:f9:cf:d3:7b:73:a1:a8:ef:
                    c9:ac:6c:41:e4:d8:b3:ba:ff:c2:a3:fb:75:56:64:
                    38:dd:6a:7a:ce:e4:e8:f1:16:02:20:13:f4:74:53:
                    2e:d1:85:4e:d5:56:cb:01:aa:b6:b3:d1:5a:03:5b:
                    74:31:32:9f:02:c0:81:68:50:33:9f:55:55:d3:b8:
                    06:8b:05:c1:3a:94:db:7a:dd:e1:7f:88:0a:61:dc:
                    e4:f6:e8:b2:23:cd:97:96:90:a2:ef:8a:b0:77:6c:
                    7b:46:f0:2e:bb:65:0b:62:cf:9d:f9:92:5a:0b:e1:
                    43:64:40:31:78:8a:1d:0b:55:ec:ba:34:64:cd:d0:
                    7e:ff:a2:e9:93:a5:ee:02:40:38:a0:3b:53:37:2a:
                    4e:54:ff:44:19:f2:97:73:7b:b3:85:f3:cf:d1:00:
                    9f:31:2b:b0:d3:89:0c:a4:6c:2b:d5:4f:90:9b:52:
                    58:8c:aa:c1:b2:ff:c6:b8:cd:25:88:38:f0:48:43:
                    32:6b:d8:85:f4:be:cb:be:fb:48:b9:4f:d7:43:83:
                    32:52:34:21:6a:07:fe:59:31:cc:30:53:18:55:e5:
                    6e:e2:18:98:65:42:a5:54:fe:ad:1c:dd:8c:ea:23:
                    a7:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:8D:5E:ED:5C:F6:8B:FB:C1:EC:CC:13:E0:6D:43:C9:DB:81:C4:58
            X509v3 Authority Key Identifier:
                keyid:38:7D:6D:F7:EB:75:42:E0:33:3A:EE:DD:14:AD:FF:8F:51:F8:CB:D8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OH1t9-t1QuAzOu7dFK3_j1H4y9g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/d4a89c-54b2-445b-bb7c-609a48b2b14d/1/Fo1e7Vz2i_vB7MwT4G1DyduBxFg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/d4a89c-54b2-445b-bb7c-609a48b2b14d/1/OH1t9-t1QuAzOu7dFK3_j1H4y9g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0a:d6c0:1::/48

    Signature Algorithm: sha256WithRSAEncryption
         00:45:b7:7f:09:03:77:4b:02:b9:97:c4:e3:94:eb:e7:ce:7e:
         b2:29:94:a6:db:53:04:aa:f6:27:65:16:42:78:a7:36:d0:0b:
         2f:3d:d8:3a:31:15:98:7e:b2:6b:1f:30:6a:63:18:bd:ca:7d:
         10:ab:fc:7c:e8:21:8b:50:aa:ff:ac:0c:19:16:3e:7a:bf:12:
         49:cb:fe:1a:7d:3c:0f:69:52:23:36:5e:d5:cc:14:77:5f:69:
         6a:88:c0:85:5e:50:67:fc:fa:1a:0b:13:2e:65:88:4f:9d:28:
         be:0f:08:d4:eb:4f:a5:86:f6:a5:6e:4e:b8:b8:23:e9:22:63:
         06:a4:07:2a:93:f6:f6:93:a5:74:a7:f0:4a:8e:1b:0a:af:f9:
         d8:8e:76:bf:af:3d:ab:8d:9e:98:be:a7:1a:e6:1a:c4:7d:cd:
         5b:d5:3d:da:ef:13:60:6f:ff:57:53:2c:56:15:72:37:89:e8:
         21:8d:e0:21:aa:73:e0:48:b7:f3:0c:fd:1c:10:f9:8d:cf:9b:
         b4:8b:52:e1:b9:ad:09:ed:b7:d3:95:d6:34:55:0e:17:dd:eb:
         ca:3a:60:0f:e8:bc:67:be:56:f0:7f:11:60:1e:d9:ce:1c:be:
         6c:09:f8:76:92:e8:30:f4:1c:cd:dc:99:be:50:2e:cb:fd:67:
         a6:15:1f:19
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY1kKwWZ4pvFg8WEn+pTkWCOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM4N2Q2ZGY3ZWI3NTQyZTAzMzNhZWVkZDE0YWRmZjhmNTFm
OGNiZDgwHhcNMjQwMjAxMTAxNTU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNjhkNWVlZDVjZjY4YmZiYzFlY2NjMTNlMDZkNDNjOWRiODFjNDU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoPlVpvuuI8n9tZ+sdoEld5opYRvk
+c/Te3OhqO/JrGxB5Nizuv/Co/t1VmQ43Wp6zuTo8RYCIBP0dFMu0YVO1VbLAaq2
s9FaA1t0MTKfAsCBaFAzn1VV07gGiwXBOpTbet3hf4gKYdzk9uiyI82XlpCi74qw
d2x7RvAuu2ULYs+d+ZJaC+FDZEAxeIodC1XsujRkzdB+/6Lpk6XuAkA4oDtTNypO
VP9EGfKXc3uzhfPP0QCfMSuw04kMpGwr1U+Qm1JYjKrBsv/GuM0liDjwSEMya9iF
9L7LvvtIuU/XQ4MyUjQhagf+WTHMMFMYVeVu4hiYZUKlVP6tHN2M6iOnFQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFBaNXu1c9ov7wezME+BtQ8nbgcRYMB8GA1UdIwQY
MBaAFDh9bffrdULgMzru3RSt/49R+MvYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT0gxdDktdDFRdUF6T3U3ZEZLM19qMUg0eTlnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9kNGE4OWMtNTRiMi00NDViLWJiN2Mt
NjA5YTQ4YjJiMTRkLzEvRm8xZTdWejJpX3ZCN013VDRHMUR5ZHVCeEZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9kNGE4OWMtNTRiMi00NDViLWJiN2MtNjA5YTQ4YjJiMTRk
LzEvT0gxdDktdDFRdUF6T3U3ZEZLM19qMUg0eTlnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgrWwAAB
MA0GCSqGSIb3DQEBCwUAA4IBAQAARbd/CQN3SwK5l8TjlOvnzn6yKZSm21MEqvYn
ZRZCeKc20AsvPdg6MRWYfrJrHzBqYxi9yn0Qq/x86CGLUKr/rAwZFj56vxJJy/4a
fTwPaVIjNl7VzBR3X2lqiMCFXlBn/PoaCxMuZYhPnSi+DwjU60+lhvalbk64uCPp
ImMGpAcqk/b2k6V0p/BKjhsKr/nYjna/rz2rjZ6Yvqca5hrEfc1b1T3a7xNgb/9X
UyxWFXI3ieghjeAhqnPgSLfzDP0cEPmNz5u0i1Lhua0J7bfTldY0VQ4X3evKOmAP
6LxnvlbwfxFgHtnOHL5sCfh2kugw9BzN3Jm+UC7L/WemFR8Z
-----END CERTIFICATE-----