Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/pty03p3w9uRyMbGa926QtUCrp7s.roa
File:                     pty03p3w9uRyMbGa926QtUCrp7s.roa (raw, json)
Hash identifier:          sEN+fQOGpHhdLrN9pBN1oJ2kU6rg/AyFOF3Urks4ecw=
Subject key identifier:   A6:DC:B4:DE:9D:F0:F6:E4:72:31:B1:9A:F7:6E:90:B5:40:AB:A7:BB
Certificate issuer:       /CN=9e95a361fe2b2c5292626ba4c56a65a814e48008
Certificate serial:       018CC6B8D1CC38737C3D74FD8A9EB66C7752
Authority key identifier: 9E:95:A3:61:FE:2B:2C:52:92:62:6B:A4:C5:6A:65:A8:14:E4:80:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/pty03p3w9uRyMbGa926QtUCrp7s.roa
Signing time:             Mon 01 Jan 2024 20:30:50 +0000
ROA not before:           Mon 01 Jan 2024 20:30:50 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     7489
IP address blocks:        2a0c:9a40:8085::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 20:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:d1:cc:38:73:7c:3d:74:fd:8a:9e:b6:6c:77:52
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9e95a361fe2b2c5292626ba4c56a65a814e48008
        Validity
            Not Before: Jan  1 20:30:50 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a6dcb4de9df0f6e47231b19af76e90b540aba7bb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:ed:0f:7b:7f:b9:3f:55:e4:89:c1:50:78:6d:
                    f7:e2:67:9f:6b:b2:2e:0c:7c:a1:2f:d1:99:9d:8d:
                    2d:ae:98:4b:9a:ec:6f:95:f6:15:89:ce:bb:54:c4:
                    37:68:40:1c:d6:a4:38:1a:90:92:89:a0:f3:88:51:
                    42:e1:bf:52:ae:6a:b6:73:a1:b2:f3:3a:98:00:75:
                    c2:b9:dd:79:05:5b:79:37:da:43:b6:ef:8d:e9:db:
                    8b:23:45:d2:e2:f1:af:d9:ec:b9:2a:81:84:cd:2f:
                    d3:9f:0d:51:99:32:8c:04:8e:ae:09:37:f8:95:16:
                    aa:df:6a:0d:46:1e:66:2e:3f:ca:3b:ee:42:46:ce:
                    4e:d3:0b:db:3f:81:3c:7d:04:93:37:18:49:63:34:
                    71:76:30:ae:d9:ee:7a:4d:08:a1:09:42:29:f1:e8:
                    1b:0b:f9:c3:19:de:82:df:41:7e:c6:54:9c:fe:b3:
                    9a:a2:0b:f2:df:a0:af:8e:a2:e2:f0:75:f3:97:01:
                    15:26:c3:2c:29:c0:2c:4b:5d:4e:40:c9:e5:bd:2a:
                    6d:a4:4b:57:bf:71:60:01:9f:f1:77:04:75:8f:b9:
                    76:e5:91:2d:69:f0:b8:db:70:cf:90:cd:c7:11:aa:
                    5e:c1:cb:43:c0:a5:5f:18:f3:54:18:77:37:d4:ad:
                    33:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A6:DC:B4:DE:9D:F0:F6:E4:72:31:B1:9A:F7:6E:90:B5:40:AB:A7:BB
            X509v3 Authority Key Identifier:
                keyid:9E:95:A3:61:FE:2B:2C:52:92:62:6B:A4:C5:6A:65:A8:14:E4:80:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/pty03p3w9uRyMbGa926QtUCrp7s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:9a40:8085::/48

    Signature Algorithm: sha256WithRSAEncryption
         2c:48:2c:b3:29:e5:3d:e8:92:e2:4f:81:9d:5c:70:91:a4:51:
         07:b2:c4:33:b5:50:2f:79:36:5d:73:4e:7c:08:00:a1:5d:8e:
         65:04:cf:53:0f:96:10:b4:34:6c:63:ab:3c:93:e6:20:14:2b:
         85:e4:6c:25:32:8e:76:56:f2:6b:96:52:03:35:ea:49:5c:6c:
         e8:fc:03:fd:ad:69:b4:a6:84:f8:95:a0:31:d3:2c:37:a6:49:
         1b:91:ee:1b:34:67:32:73:c4:fd:b1:d6:62:f9:fb:82:2c:f1:
         0f:e8:ed:f1:ef:b1:dd:35:6c:f3:e6:f0:fe:13:bc:91:b2:27:
         d4:a5:be:71:4b:d9:ab:7d:53:b8:ad:d6:2c:ab:5d:41:10:1e:
         9a:9e:3c:51:c3:d6:7a:ae:e5:a3:c5:1a:ec:50:4f:4a:69:df:
         0c:ff:2a:de:da:76:ad:53:a8:56:77:2f:4c:9a:87:d8:f5:51:
         fa:45:fc:4d:af:ba:28:50:ca:77:60:16:c5:93:98:cf:b3:af:
         12:eb:49:1a:34:0a:27:fd:0b:c6:39:c8:98:e1:a8:c0:50:e8:
         b5:0a:81:16:61:26:eb:84:bd:56:b9:9f:7d:04:1f:6c:2f:56:
         ce:a9:b3:75:a7:6e:e5:b5:ac:64:77:6e:3e:4c:6e:70:f2:2d:
         ae:fd:80:96
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzGuNHMOHN8PXT9ip62bHdSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllOTVhMzYxZmUyYjJjNTI5MjYyNmJhNGM1NmE2NWE4MTRl
NDgwMDgwHhcNMjQwMTAxMjAzMDUwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNmRjYjRkZTlkZjBmNmU0NzIzMWIxOWFmNzZlOTBiNTQwYWJhN2JiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhu0Pe3+5P1XkicFQeG334mefa7Iu
DHyhL9GZnY0trphLmuxvlfYVic67VMQ3aEAc1qQ4GpCSiaDziFFC4b9Srmq2c6Gy
8zqYAHXCud15BVt5N9pDtu+N6duLI0XS4vGv2ey5KoGEzS/Tnw1RmTKMBI6uCTf4
lRaq32oNRh5mLj/KO+5CRs5O0wvbP4E8fQSTNxhJYzRxdjCu2e56TQihCUIp8egb
C/nDGd6C30F+xlSc/rOaogvy36CvjqLi8HXzlwEVJsMsKcAsS11OQMnlvSptpEtX
v3FgAZ/xdwR1j7l25ZEtafC423DPkM3HEapewctDwKVfGPNUGHc31K0z4wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFKbctN6d8PbkcjGxmvdukLVAq6e7MB8GA1UdIwQY
MBaAFJ6Vo2H+KyxSkmJrpMVqZagU5IAIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbnBXallmNHJMRktTWW11a3hXcGxxQlRrZ0FnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi9mOTZmNzMtNjY4Ni00MTY0LWIyM2Yt
YmY0ZTUyN2I5ZmE4LzEvcHR5MDNwM3c5dVJ5TWJHYTkyNlF0VUNycDdzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMi9mOTZmNzMtNjY4Ni00MTY0LWIyM2YtYmY0ZTUyN2I5ZmE4
LzEvbnBXallmNHJMRktTWW11a3hXcGxxQlRrZ0FnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgyaQICF
MA0GCSqGSIb3DQEBCwUAA4IBAQAsSCyzKeU96JLiT4GdXHCRpFEHssQztVAveTZd
c058CAChXY5lBM9TD5YQtDRsY6s8k+YgFCuF5GwlMo52VvJrllIDNepJXGzo/AP9
rWm0poT4laAx0yw3pkkbke4bNGcyc8T9sdZi+fuCLPEP6O3x77HdNWzz5vD+E7yR
sifUpb5xS9mrfVO4rdYsq11BEB6anjxRw9Z6ruWjxRrsUE9Kad8M/yre2natU6hW
dy9MmofY9VH6RfxNr7ooUMp3YBbFk5jPs68S60kaNAon/QvGOciY4ajAUOi1CoEW
YSbrhL1WuZ99BB9sL1bOqbN1p27ltaxkd24+TG5w8i2u/YCW
-----END CERTIFICATE-----