Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ee/f2478f-c503-42c2-94b2-b166ae2ef287/1/4gNRqA6ayijX61zcJRr85Fqsf6w.roa
File:                     4gNRqA6ayijX61zcJRr85Fqsf6w.roa (raw, json)
Hash identifier:          YlK7lh0FITBKBq9EDPUwPAH9QN4l0wCISzIsomDHf0o=
Subject key identifier:   E2:03:51:A8:0E:9A:CA:28:D7:EB:5C:DC:25:1A:FC:E4:5A:AC:7F:AC
Certificate issuer:       /CN=d31dd1a514d3a7e3dfdb8bfb75d7d24ed98d479f
Certificate serial:       019006C6410B41F8DBB442C18F14F37C33DC
Authority key identifier: D3:1D:D1:A5:14:D3:A7:E3:DF:DB:8B:FB:75:D7:D2:4E:D9:8D:47:9F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0x3RpRTTp-Pf24v7ddfSTtmNR58.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ee/f2478f-c503-42c2-94b2-b166ae2ef287/1/4gNRqA6ayijX61zcJRr85Fqsf6w.roa
Signing time:             Tue 11 Jun 2024 10:09:34 +0000
ROA not before:           Tue 11 Jun 2024 10:09:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8075
IP address blocks:        2a01:6f8:c2e0::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ee/f2478f-c503-42c2-94b2-b166ae2ef287/1/0x3RpRTTp-Pf24v7ddfSTtmNR58.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ee/f2478f-c503-42c2-94b2-b166ae2ef287/1/0x3RpRTTp-Pf24v7ddfSTtmNR58.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0x3RpRTTp-Pf24v7ddfSTtmNR58.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 24 Jun 2024 06:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:06:c6:41:0b:41:f8:db:b4:42:c1:8f:14:f3:7c:33:dc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d31dd1a514d3a7e3dfdb8bfb75d7d24ed98d479f
        Validity
            Not Before: Jun 11 10:09:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e20351a80e9aca28d7eb5cdc251afce45aac7fac
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:cf:48:0b:60:ff:9d:f7:55:de:6a:28:cb:34:
                    43:68:23:73:ad:a4:05:a5:2a:01:3c:af:d9:a3:27:
                    f8:06:e0:98:36:e3:5b:2e:3b:db:a7:67:2f:5d:d3:
                    41:95:b5:a9:98:17:06:e8:bf:b4:66:95:6b:4f:f8:
                    be:37:62:4e:9f:a4:ec:27:bb:9e:fa:d9:02:e9:71:
                    4d:26:2c:15:7c:e6:09:13:64:ba:ce:ab:78:d7:51:
                    3e:af:7f:12:73:77:c0:e5:fb:18:c5:41:1b:f2:e7:
                    4f:0c:61:64:6c:10:9a:7b:d9:60:41:95:66:a8:0f:
                    0d:78:ef:6d:28:93:ce:f3:4e:e7:6c:7b:3d:d9:dc:
                    57:45:17:32:fa:f4:71:25:32:78:4d:cd:ce:7a:82:
                    f2:ab:33:09:74:53:90:0c:81:89:e4:9a:c1:88:ef:
                    62:98:00:16:dc:35:1e:a1:64:87:70:08:f7:09:ea:
                    24:9f:6c:10:64:f4:bb:b9:3d:d7:09:2d:d1:44:11:
                    b4:46:58:d6:fa:4e:50:f5:3f:4a:c9:42:e2:d0:67:
                    c0:76:23:35:95:6c:b0:a7:b2:67:2a:da:3e:8f:2e:
                    22:fa:eb:31:3e:ca:56:d4:84:b0:ec:60:48:79:0f:
                    6a:88:15:50:d3:4f:3c:d0:4b:5e:d0:11:5d:8a:86:
                    5b:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:03:51:A8:0E:9A:CA:28:D7:EB:5C:DC:25:1A:FC:E4:5A:AC:7F:AC
            X509v3 Authority Key Identifier:
                keyid:D3:1D:D1:A5:14:D3:A7:E3:DF:DB:8B:FB:75:D7:D2:4E:D9:8D:47:9F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0x3RpRTTp-Pf24v7ddfSTtmNR58.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/f2478f-c503-42c2-94b2-b166ae2ef287/1/4gNRqA6ayijX61zcJRr85Fqsf6w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/f2478f-c503-42c2-94b2-b166ae2ef287/1/0x3RpRTTp-Pf24v7ddfSTtmNR58.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:6f8:c2e0::/48

    Signature Algorithm: sha256WithRSAEncryption
         b4:c5:10:3e:e1:b3:46:04:0d:d2:a5:46:00:b5:d8:dc:ec:93:
         4f:13:34:45:40:1f:be:32:c4:cf:b2:2a:dd:86:58:fd:a7:0c:
         9b:1c:08:12:7c:da:02:a9:6d:d1:2a:ba:cb:33:25:fa:3f:82:
         1a:3a:74:2a:c6:70:3c:6f:f1:45:a9:40:5f:56:07:92:41:0f:
         34:06:6c:2a:85:39:91:c0:25:8a:80:38:0e:7a:0a:99:70:28:
         de:24:73:01:c9:6b:72:b1:cc:96:80:4e:1a:d8:ed:29:48:23:
         80:f5:0e:89:77:57:3d:43:8e:8b:a6:6a:7c:3d:55:9f:b4:4c:
         84:57:11:f3:05:5a:e0:e5:7b:3f:a7:78:11:73:fb:81:0f:2c:
         13:9c:f0:4c:be:fa:bf:e7:8b:bc:e0:bc:df:13:31:4f:e3:10:
         69:d3:db:16:74:3d:e5:3f:62:03:e8:f4:c9:be:f2:5d:0a:0e:
         66:b6:56:72:ee:bd:73:a5:98:fc:57:23:32:ec:45:d4:d3:60:
         59:82:98:0a:fe:86:8d:2c:5c:2e:96:3e:22:c4:ce:a3:8c:a7:
         2a:b3:20:ef:eb:57:01:ce:b6:34:ad:99:f5:4d:0e:be:a6:da:
         34:47:35:a9:0c:91:98:0a:63:16:58:bd:0e:17:0c:2f:70:e9:
         70:9b:35:38
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZAGxkELQfjbtELBjxTzfDPcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzMWRkMWE1MTRkM2E3ZTNkZmRiOGJmYjc1ZDdkMjRlZDk4
ZDQ3OWYwHhcNMjQwNjExMTAwOTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMjAzNTFhODBlOWFjYTI4ZDdlYjVjZGMyNTFhZmNlNDVhYWM3ZmFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtM9IC2D/nfdV3mooyzRDaCNzraQF
pSoBPK/Zoyf4BuCYNuNbLjvbp2cvXdNBlbWpmBcG6L+0ZpVrT/i+N2JOn6TsJ7ue
+tkC6XFNJiwVfOYJE2S6zqt411E+r38Sc3fA5fsYxUEb8udPDGFkbBCae9lgQZVm
qA8NeO9tKJPO807nbHs92dxXRRcy+vRxJTJ4Tc3OeoLyqzMJdFOQDIGJ5JrBiO9i
mAAW3DUeoWSHcAj3Ceokn2wQZPS7uT3XCS3RRBG0RljW+k5Q9T9KyULi0GfAdiM1
lWywp7JnKto+jy4i+usxPspW1ISw7GBIeQ9qiBVQ00880Ete0BFdioZbRQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFOIDUagOmsoo1+tc3CUa/ORarH+sMB8GA1UdIwQY
MBaAFNMd0aUU06fj39uL+3XX0k7ZjUefMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMHgzUnBSVFRwLVBmMjR2N2RkZlNUdG1OUjU4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZS9mMjQ3OGYtYzUwMy00MmMyLTk0YjIt
YjE2NmFlMmVmMjg3LzEvNGdOUnFBNmF5aWpYNjF6Y0pScjg1RnFzZjZ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZS9mMjQ3OGYtYzUwMy00MmMyLTk0YjItYjE2NmFlMmVmMjg3
LzEvMHgzUnBSVFRwLVBmMjR2N2RkZlNUdG1OUjU4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgEG+MLg
MA0GCSqGSIb3DQEBCwUAA4IBAQC0xRA+4bNGBA3SpUYAtdjc7JNPEzRFQB++MsTP
sirdhlj9pwybHAgSfNoCqW3RKrrLMyX6P4IaOnQqxnA8b/FFqUBfVgeSQQ80Bmwq
hTmRwCWKgDgOegqZcCjeJHMByWtyscyWgE4a2O0pSCOA9Q6Jd1c9Q46Lpmp8PVWf
tEyEVxHzBVrg5Xs/p3gRc/uBDywTnPBMvvq/54u84LzfEzFP4xBp09sWdD3lP2ID
6PTJvvJdCg5mtlZy7r1zpZj8VyMy7EXU02BZgpgK/oaNLFwulj4ixM6jjKcqsyDv
61cBzrY0rZn1TQ6+pto0RzWpDJGYCmMWWL0OFwwvcOlwmzU4
-----END CERTIFICATE-----