Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f5/0168ac-342c-4dd0-91a8-1b75867e8dff/1/u4earQZqT1hfpifdIo3Ea5i76Kw.roa
File:                     u4earQZqT1hfpifdIo3Ea5i76Kw.roa (raw, json)
Hash identifier:          HgNUliQu5lKGXyn/rqQZePAvUof71ifBRGdxjkB0yAk=
Subject key identifier:   BB:87:9A:AD:06:6A:4F:58:5F:A6:27:DD:22:8D:C4:6B:98:BB:E8:AC
Certificate issuer:       /CN=a566d8337776c98746bd231e69e185db2a9a5be2
Certificate serial:       018CC3492159B2D749519BF0B2A1B9A47D3C
Authority key identifier: A5:66:D8:33:77:76:C9:87:46:BD:23:1E:69:E1:85:DB:2A:9A:5B:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pWbYM3d2yYdGvSMeaeGF2yqaW-I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f5/0168ac-342c-4dd0-91a8-1b75867e8dff/1/u4earQZqT1hfpifdIo3Ea5i76Kw.roa
Signing time:             Mon 01 Jan 2024 04:29:58 +0000
ROA not before:           Mon 01 Jan 2024 04:29:58 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204982
IP address blocks:        2a0e:3bc0:fa00::/42 maxlen: 42

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f5/0168ac-342c-4dd0-91a8-1b75867e8dff/1/pWbYM3d2yYdGvSMeaeGF2yqaW-I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f5/0168ac-342c-4dd0-91a8-1b75867e8dff/1/pWbYM3d2yYdGvSMeaeGF2yqaW-I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pWbYM3d2yYdGvSMeaeGF2yqaW-I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 01 Jul 2024 05:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:21:59:b2:d7:49:51:9b:f0:b2:a1:b9:a4:7d:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a566d8337776c98746bd231e69e185db2a9a5be2
        Validity
            Not Before: Jan  1 04:29:58 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bb879aad066a4f585fa627dd228dc46b98bbe8ac
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:36:5f:d2:c8:80:bc:6e:26:40:2a:32:fd:7d:
                    d1:c4:07:59:4c:86:27:ae:86:a2:74:64:5f:59:42:
                    67:16:3c:e9:78:63:43:6d:82:81:f0:37:89:13:12:
                    0b:5b:71:d0:a1:50:27:f6:c8:e2:fd:f1:a1:c1:7e:
                    f2:c8:fa:47:0e:a3:2f:26:7c:85:7f:bd:c6:ac:90:
                    85:bf:33:54:4f:8b:68:ce:e4:06:8f:88:da:8e:ef:
                    a2:ed:d6:bf:43:1a:9e:75:80:84:d1:65:e1:42:d9:
                    ce:2d:35:8b:59:0d:be:27:0d:26:d0:33:ec:d4:08:
                    51:bf:e4:6d:be:de:18:6c:0b:8e:b0:d0:5e:ba:06:
                    07:96:46:4e:7e:b5:8e:50:a3:45:76:ff:53:78:83:
                    72:14:61:32:16:06:b8:a6:2d:ff:0b:f5:a7:93:31:
                    f9:ae:cd:77:e8:38:80:25:e5:64:b4:63:42:43:f4:
                    5b:cc:4a:0a:74:bc:0d:31:1f:35:80:7c:4f:68:d9:
                    cb:79:61:18:53:58:3a:01:54:30:90:29:e6:10:1b:
                    24:0f:25:86:9e:51:ef:c6:5f:8f:74:23:1a:5d:64:
                    ff:71:61:9e:da:c9:fb:b8:76:b4:7d:e6:0f:4e:aa:
                    4c:bb:15:42:0e:fb:77:86:51:2d:18:f4:de:d8:86:
                    a2:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:87:9A:AD:06:6A:4F:58:5F:A6:27:DD:22:8D:C4:6B:98:BB:E8:AC
            X509v3 Authority Key Identifier:
                keyid:A5:66:D8:33:77:76:C9:87:46:BD:23:1E:69:E1:85:DB:2A:9A:5B:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pWbYM3d2yYdGvSMeaeGF2yqaW-I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/0168ac-342c-4dd0-91a8-1b75867e8dff/1/u4earQZqT1hfpifdIo3Ea5i76Kw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/0168ac-342c-4dd0-91a8-1b75867e8dff/1/pWbYM3d2yYdGvSMeaeGF2yqaW-I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:3bc0:fa00::/42

    Signature Algorithm: sha256WithRSAEncryption
         92:fc:f2:66:cb:07:36:14:32:39:f3:17:1c:5c:34:ad:ad:78:
         e3:b9:c8:99:d2:20:cd:7b:1e:19:29:0b:9f:9d:30:3a:0a:58:
         f2:47:94:3c:47:da:ef:78:35:6f:d1:2c:02:24:0d:87:a6:85:
         25:43:bb:3e:42:4b:45:ef:c2:69:6d:98:01:72:40:b2:6c:24:
         3b:eb:7e:6b:78:71:fd:cc:0f:59:4c:2c:92:be:5a:9f:61:fb:
         c6:63:e6:89:fa:df:42:c0:72:ee:98:95:68:32:16:b9:60:39:
         c4:fd:aa:3e:56:3d:81:15:e9:82:21:54:42:97:12:a6:d6:f3:
         c6:88:df:eb:54:59:bb:5d:b5:67:12:1a:13:34:cc:d5:a5:4f:
         82:61:d1:14:e8:41:df:22:28:6c:b2:77:f8:da:6b:d2:c8:48:
         8a:21:01:c3:7a:82:d0:4b:74:e2:40:79:05:d9:34:4f:18:e7:
         83:79:c9:0d:2f:e8:2f:8e:57:45:d3:05:73:41:69:52:61:fc:
         bf:88:d0:90:cf:fa:1e:5c:50:d7:43:58:3d:77:09:e6:57:fb:
         ac:ef:f9:3b:09:f0:e7:5d:a7:cb:e4:6e:7a:e6:8a:a2:db:2b:
         25:da:60:2f:a8:70:a5:24:5c:b2:37:f6:4c:07:ef:d5:17:ae:
         70:81:ed:74
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzDSSFZstdJUZvwsqG5pH08MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE1NjZkODMzNzc3NmM5ODc0NmJkMjMxZTY5ZTE4NWRiMmE5
YTViZTIwHhcNMjQwMTAxMDQyOTU4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYjg3OWFhZDA2NmE0ZjU4NWZhNjI3ZGQyMjhkYzQ2Yjk4YmJlOGFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzjZf0siAvG4mQCoy/X3RxAdZTIYn
roaidGRfWUJnFjzpeGNDbYKB8DeJExILW3HQoVAn9sji/fGhwX7yyPpHDqMvJnyF
f73GrJCFvzNUT4tozuQGj4jaju+i7da/QxqedYCE0WXhQtnOLTWLWQ2+Jw0m0DPs
1AhRv+Rtvt4YbAuOsNBeugYHlkZOfrWOUKNFdv9TeINyFGEyFga4pi3/C/WnkzH5
rs136DiAJeVktGNCQ/RbzEoKdLwNMR81gHxPaNnLeWEYU1g6AVQwkCnmEBskDyWG
nlHvxl+PdCMaXWT/cWGe2sn7uHa0feYPTqpMuxVCDvt3hlEtGPTe2IaiaQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFLuHmq0Gak9YX6Yn3SKNxGuYu+isMB8GA1UdIwQY
MBaAFKVm2DN3dsmHRr0jHmnhhdsqmlviMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcFdiWU0zZDJ5WWRHdlNNZWFlR0YyeXFhVy1JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNS8wMTY4YWMtMzQyYy00ZGQwLTkxYTgt
MWI3NTg2N2U4ZGZmLzEvdTRlYXJRWnFUMWhmcGlmZElvM0VhNWk3Nkt3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNS8wMTY4YWMtMzQyYy00ZGQwLTkxYTgtMWI3NTg2N2U4ZGZm
LzEvcFdiWU0zZDJ5WWRHdlNNZWFlR0YyeXFhVy1JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcGKg47wPoA
MA0GCSqGSIb3DQEBCwUAA4IBAQCS/PJmywc2FDI58xccXDStrXjjuciZ0iDNex4Z
KQufnTA6CljyR5Q8R9rveDVv0SwCJA2HpoUlQ7s+QktF78JpbZgBckCybCQ7635r
eHH9zA9ZTCySvlqfYfvGY+aJ+t9CwHLumJVoMha5YDnE/ao+Vj2BFemCIVRClxKm
1vPGiN/rVFm7XbVnEhoTNMzVpU+CYdEU6EHfIihssnf42mvSyEiKIQHDeoLQS3Ti
QHkF2TRPGOeDeckNL+gvjldF0wVzQWlSYfy/iNCQz/oeXFDXQ1g9dwnmV/us7/k7
CfDnXafL5G565oqi2ysl2mAvqHClJFyyN/ZMB+/VF65wge10
-----END CERTIFICATE-----