Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/cnYAXVB3gTNCnX006YiU2yCl_3U.roa
File:                     cnYAXVB3gTNCnX006YiU2yCl_3U.roa (raw, json)
Hash identifier:          IqaWX3TDwYgroL+5Gx/SFHfdTyF7yCqQueq4DZWe31M=
Subject key identifier:   72:76:00:5D:50:77:81:33:42:9D:7D:34:E9:88:94:DB:20:A5:FF:75
Certificate issuer:       /CN=9e95a361fe2b2c5292626ba4c56a65a814e48008
Certificate serial:       018CC6B8DD52EB172E9158A7CEC2F39317F4
Authority key identifier: 9E:95:A3:61:FE:2B:2C:52:92:62:6B:A4:C5:6A:65:A8:14:E4:80:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/cnYAXVB3gTNCnX006YiU2yCl_3U.roa
Signing time:             Mon 01 Jan 2024 20:30:53 +0000
ROA not before:           Mon 01 Jan 2024 20:30:53 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197951
IP address blocks:        2a0c:9a40:8cb0::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 15:00:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:dd:52:eb:17:2e:91:58:a7:ce:c2:f3:93:17:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9e95a361fe2b2c5292626ba4c56a65a814e48008
        Validity
            Not Before: Jan  1 20:30:53 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7276005d50778133429d7d34e98894db20a5ff75
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:be:4d:61:13:73:e1:3a:23:4a:38:c2:76:41:
                    06:a7:cf:eb:91:56:93:9b:b6:c1:af:5d:7d:31:3d:
                    3d:4c:74:88:cf:4d:c0:29:38:9d:47:75:68:60:1b:
                    23:1a:a1:c2:9c:00:86:96:e8:2d:00:8e:01:52:70:
                    fc:95:fc:39:9f:1f:b4:ac:a0:89:bb:6e:8f:ef:44:
                    5e:cb:2e:a2:c9:db:4a:b8:f8:96:9d:a6:f7:2e:3f:
                    6f:ba:33:12:96:41:40:0d:c8:24:b2:e7:81:14:28:
                    00:55:76:0c:88:39:1c:09:06:2e:38:43:be:5f:4f:
                    bd:d8:b6:9d:95:b5:84:09:35:cb:97:bc:9b:c5:9c:
                    6b:c9:cb:72:05:a5:9b:91:50:1c:4d:cd:ef:67:7a:
                    6e:eb:53:e1:06:4b:8f:8f:76:0a:bb:75:a8:e1:00:
                    15:15:6b:2e:5b:f5:fb:3f:12:d1:0d:b1:71:61:fc:
                    15:dd:1e:14:df:1d:8d:d3:5a:0c:58:5b:61:fe:83:
                    6b:0e:6a:40:70:31:b3:8b:b2:9d:86:72:36:46:5a:
                    82:d6:6c:fd:62:26:0c:e4:b6:28:ac:30:8c:7f:d6:
                    77:b3:28:67:82:ca:a3:10:63:19:67:7e:07:14:4d:
                    59:43:10:c1:a6:a0:91:dc:64:7d:78:d1:26:8d:d6:
                    eb:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:76:00:5D:50:77:81:33:42:9D:7D:34:E9:88:94:DB:20:A5:FF:75
            X509v3 Authority Key Identifier:
                keyid:9E:95:A3:61:FE:2B:2C:52:92:62:6B:A4:C5:6A:65:A8:14:E4:80:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/cnYAXVB3gTNCnX006YiU2yCl_3U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:9a40:8cb0::/44

    Signature Algorithm: sha256WithRSAEncryption
         6a:9b:a3:98:38:c1:16:25:39:79:68:e8:39:93:21:4b:79:12:
         7c:72:50:9d:6c:87:12:ea:34:9c:8d:dd:14:1a:3f:04:db:61:
         20:16:36:d3:f5:bb:c8:5a:6f:7f:d5:73:b6:6d:ea:34:21:b7:
         f4:0a:f1:df:51:df:5b:3c:05:64:c8:3c:ce:8c:1f:10:58:da:
         e0:80:e7:21:3b:aa:3e:8f:8f:62:cf:56:7a:5f:ed:43:e2:76:
         2f:05:40:8e:21:b3:d6:dc:e3:d9:fb:40:74:d1:14:51:d7:5c:
         78:38:41:3c:39:81:57:c4:02:3d:06:c7:f3:cc:52:1c:3e:62:
         c8:3d:61:48:21:c5:9c:00:22:de:2c:50:3c:a3:86:da:13:8c:
         82:64:dc:fd:7e:e2:ba:7a:c5:03:51:bb:d1:4f:d5:06:04:fb:
         65:de:bf:2f:1d:9b:c5:00:31:c7:a3:65:7a:ee:63:2d:f4:d9:
         81:a9:1a:ca:aa:bc:c4:af:b5:1a:f9:a8:d1:80:c3:38:7e:fd:
         55:b5:c9:b3:9b:81:bd:37:10:35:52:c0:00:52:db:d8:e2:db:
         9a:6c:36:bf:8c:4c:77:d0:57:00:81:d4:a4:36:ad:c6:b2:c5:
         8e:5b:1d:f7:91:ab:b4:bf:7a:94:70:1e:52:ff:b2:6e:af:7f:
         95:52:f0:6a
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzGuN1S6xcukVinzsLzkxf0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllOTVhMzYxZmUyYjJjNTI5MjYyNmJhNGM1NmE2NWE4MTRl
NDgwMDgwHhcNMjQwMTAxMjAzMDUzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3Mjc2MDA1ZDUwNzc4MTMzNDI5ZDdkMzRlOTg4OTRkYjIwYTVmZjc1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqL5NYRNz4TojSjjCdkEGp8/rkVaT
m7bBr119MT09THSIz03AKTidR3VoYBsjGqHCnACGlugtAI4BUnD8lfw5nx+0rKCJ
u26P70Reyy6iydtKuPiWnab3Lj9vujMSlkFADcgksueBFCgAVXYMiDkcCQYuOEO+
X0+92LadlbWECTXLl7ybxZxryctyBaWbkVAcTc3vZ3pu61PhBkuPj3YKu3Wo4QAV
FWsuW/X7PxLRDbFxYfwV3R4U3x2N01oMWFth/oNrDmpAcDGzi7KdhnI2RlqC1mz9
YiYM5LYorDCMf9Z3syhngsqjEGMZZ34HFE1ZQxDBpqCR3GR9eNEmjdbrdQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFHJ2AF1Qd4EzQp19NOmIlNsgpf91MB8GA1UdIwQY
MBaAFJ6Vo2H+KyxSkmJrpMVqZagU5IAIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbnBXallmNHJMRktTWW11a3hXcGxxQlRrZ0FnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi9mOTZmNzMtNjY4Ni00MTY0LWIyM2Yt
YmY0ZTUyN2I5ZmE4LzEvY25ZQVhWQjNnVE5DblgwMDZZaVUyeUNsXzNVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMi9mOTZmNzMtNjY4Ni00MTY0LWIyM2YtYmY0ZTUyN2I5ZmE4
LzEvbnBXallmNHJMRktTWW11a3hXcGxxQlRrZ0FnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgyaQIyw
MA0GCSqGSIb3DQEBCwUAA4IBAQBqm6OYOMEWJTl5aOg5kyFLeRJ8clCdbIcS6jSc
jd0UGj8E22EgFjbT9bvIWm9/1XO2beo0Ibf0CvHfUd9bPAVkyDzOjB8QWNrggOch
O6o+j49iz1Z6X+1D4nYvBUCOIbPW3OPZ+0B00RRR11x4OEE8OYFXxAI9BsfzzFIc
PmLIPWFIIcWcACLeLFA8o4baE4yCZNz9fuK6esUDUbvRT9UGBPtl3r8vHZvFADHH
o2V67mMt9NmBqRrKqrzEr7Ua+ajRgMM4fv1Vtcmzm4G9NxA1UsAAUtvY4tuabDa/
jEx30FcAgdSkNq3GssWOWx33kau0v3qUcB5S/7Jur3+VUvBq
-----END CERTIFICATE-----