Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/01/a1a88f-1dff-4eff-826b-36de657232be/1/RLXPgvr_YfNoSre--anJfNFP5N4.roa
File:                     RLXPgvr_YfNoSre--anJfNFP5N4.roa (raw, json)
Hash identifier:          eFrq7H+oaQe+8zD352NQ/SWweAppo1ZPIXpinYOLdeQ=
Subject key identifier:   44:B5:CF:82:FA:FF:61:F3:68:4A:B7:BE:F9:A9:C9:7C:D1:4F:E4:DE
Certificate issuer:       /CN=6d20ddd398dac8f62cc12526325f1821fb724f75
Certificate serial:       018D6454B8DB51758BAD9E683FBEDB759AF9
Authority key identifier: 6D:20:DD:D3:98:DA:C8:F6:2C:C1:25:26:32:5F:18:21:FB:72:4F:75
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bSDd05jayPYswSUmMl8YIftyT3U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/01/a1a88f-1dff-4eff-826b-36de657232be/1/RLXPgvr_YfNoSre--anJfNFP5N4.roa
Signing time:             Thu 01 Feb 2024 11:01:30 +0000
ROA not before:           Thu 01 Feb 2024 11:01:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     53356
IP address blocks:        2a09:fb86::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/01/a1a88f-1dff-4eff-826b-36de657232be/1/bSDd05jayPYswSUmMl8YIftyT3U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/01/a1a88f-1dff-4eff-826b-36de657232be/1/bSDd05jayPYswSUmMl8YIftyT3U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bSDd05jayPYswSUmMl8YIftyT3U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:64:54:b8:db:51:75:8b:ad:9e:68:3f:be:db:75:9a:f9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6d20ddd398dac8f62cc12526325f1821fb724f75
        Validity
            Not Before: Feb  1 11:01:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=44b5cf82faff61f3684ab7bef9a9c97cd14fe4de
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:a0:41:22:62:49:61:63:e2:d5:7d:e5:8e:8b:
                    4a:9b:9e:2d:7d:ff:e3:4e:0b:b7:67:81:7d:7b:ff:
                    b0:8d:dd:ca:cd:92:2c:84:7e:0d:db:53:7b:5b:37:
                    67:84:f7:ab:55:87:17:26:a2:06:88:2f:57:e1:98:
                    b2:39:46:97:07:f6:86:78:ac:db:42:e9:d3:a3:ab:
                    7b:cc:fe:f0:40:06:2d:8c:db:75:4a:a1:f1:ad:97:
                    52:25:5a:a0:8d:4d:bd:da:14:6f:fb:32:89:51:c4:
                    81:08:01:3d:5f:e8:9c:ae:9c:63:07:07:50:4e:dd:
                    ef:4e:be:af:7e:54:0a:04:e0:65:4a:f2:e6:aa:24:
                    22:7b:55:fd:f8:db:80:cd:d0:1c:ac:0f:f9:54:d3:
                    8b:f1:59:82:82:5a:dd:99:67:7b:e6:ba:f1:c6:c9:
                    ca:de:11:03:89:dc:6a:ae:80:2d:ef:54:35:07:07:
                    e1:52:73:61:c4:b9:69:29:de:c0:5a:dc:5e:6d:6e:
                    6f:d7:70:17:7e:3d:ff:e7:50:1d:da:46:a0:56:0c:
                    49:af:82:70:7f:cc:28:1c:c5:ef:db:18:e5:06:9b:
                    66:85:6d:d0:7f:95:0d:66:4f:2a:a7:ee:48:13:1e:
                    a7:68:09:71:00:b5:57:a7:fb:33:a3:36:ae:e2:18:
                    c3:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:B5:CF:82:FA:FF:61:F3:68:4A:B7:BE:F9:A9:C9:7C:D1:4F:E4:DE
            X509v3 Authority Key Identifier:
                keyid:6D:20:DD:D3:98:DA:C8:F6:2C:C1:25:26:32:5F:18:21:FB:72:4F:75

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bSDd05jayPYswSUmMl8YIftyT3U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/a1a88f-1dff-4eff-826b-36de657232be/1/RLXPgvr_YfNoSre--anJfNFP5N4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/01/a1a88f-1dff-4eff-826b-36de657232be/1/bSDd05jayPYswSUmMl8YIftyT3U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a09:fb86::/32

    Signature Algorithm: sha256WithRSAEncryption
         1d:14:61:f7:48:c3:1d:3e:75:72:49:49:a6:49:45:ff:40:cb:
         fc:59:e5:33:f0:3a:70:72:a1:49:d4:ac:af:75:f4:ac:14:18:
         84:79:44:5c:73:96:c9:81:13:2f:4a:80:78:6e:0e:2c:59:fa:
         92:9d:2f:77:65:3f:37:1a:43:a0:05:11:d3:fd:25:a2:13:cc:
         90:a4:16:15:69:8c:74:00:91:ee:e6:5a:05:14:bb:69:5d:61:
         52:80:c1:4c:92:f9:75:c2:a0:25:ea:e3:79:8b:8e:a1:04:4d:
         ab:3f:a7:1d:59:d9:c7:d4:b3:23:7b:df:e1:b6:cd:f3:db:16:
         03:29:f9:7d:d9:36:4d:cb:37:22:9a:10:4d:75:fc:3d:8e:b7:
         52:f3:f2:14:3f:a4:3c:52:da:e2:71:fe:45:c5:0f:3d:06:db:
         6c:63:43:d7:0c:40:f6:7d:54:c8:b8:19:7b:0d:42:57:25:e9:
         8a:cc:58:82:9b:4c:2a:04:80:6f:59:9d:4b:31:6d:b2:f2:12:
         2b:88:c7:8e:b8:d8:f6:93:06:bc:84:76:58:e1:16:f5:c5:3f:
         a2:43:dd:f8:bf:2b:6b:f5:26:5f:6f:39:a3:56:13:c3:d3:cc:
         64:82:2d:fe:7b:41:a0:cf:55:67:c4:6e:eb:24:af:8d:00:5f:
         62:a2:b7:de
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAY1kVLjbUXWLrZ5oP77bdZr5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkMjBkZGQzOThkYWM4ZjYyY2MxMjUyNjMyNWYxODIxZmI3
MjRmNzUwHhcNMjQwMjAxMTEwMTMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NGI1Y2Y4MmZhZmY2MWYzNjg0YWI3YmVmOWE5Yzk3Y2QxNGZlNGRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx6BBImJJYWPi1X3ljotKm54tff/j
Tgu3Z4F9e/+wjd3KzZIshH4N21N7WzdnhPerVYcXJqIGiC9X4ZiyOUaXB/aGeKzb
QunTo6t7zP7wQAYtjNt1SqHxrZdSJVqgjU292hRv+zKJUcSBCAE9X+icrpxjBwdQ
Tt3vTr6vflQKBOBlSvLmqiQie1X9+NuAzdAcrA/5VNOL8VmCglrdmWd75rrxxsnK
3hEDidxqroAt71Q1BwfhUnNhxLlpKd7AWtxebW5v13AXfj3/51Ad2kagVgxJr4Jw
f8woHMXv2xjlBptmhW3Qf5UNZk8qp+5IEx6naAlxALVXp/szozau4hjD2QIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFES1z4L6/2HzaEq3vvmpyXzRT+TeMB8GA1UdIwQY
MBaAFG0g3dOY2sj2LMElJjJfGCH7ck91MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYlNEZDA1amF5UFlzd1NVbU1sOFlJZnR5VDNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMS9hMWE4OGYtMWRmZi00ZWZmLTgyNmIt
MzZkZTY1NzIzMmJlLzEvUkxYUGd2cl9ZZk5vU3JlLS1hbkpmTkZQNU40LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMS9hMWE4OGYtMWRmZi00ZWZmLTgyNmItMzZkZTY1NzIzMmJl
LzEvYlNEZDA1amF5UFlzd1NVbU1sOFlJZnR5VDNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgn7hjAN
BgkqhkiG9w0BAQsFAAOCAQEAHRRh90jDHT51cklJpklF/0DL/FnlM/A6cHKhSdSs
r3X0rBQYhHlEXHOWyYETL0qAeG4OLFn6kp0vd2U/NxpDoAUR0/0lohPMkKQWFWmM
dACR7uZaBRS7aV1hUoDBTJL5dcKgJerjeYuOoQRNqz+nHVnZx9SzI3vf4bbN89sW
Ayn5fdk2Tcs3IpoQTXX8PY63UvPyFD+kPFLa4nH+RcUPPQbbbGND1wxA9n1UyLgZ
ew1CVyXpisxYgptMKgSAb1mdSzFtsvISK4jHjrjY9pMGvIR2WOEW9cU/okPd+L8r
a/UmX285o1YTw9PMZIIt/ntBoM9VZ8Ru6ySvjQBfYqK33g==
-----END CERTIFICATE-----