Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/0f355a-3a0a-46ec-b07f-866607af2fa5/1/A2xZwRkF2X8PIHuoozy9-AhHCUA.roa
File:                     A2xZwRkF2X8PIHuoozy9-AhHCUA.roa (raw, json)
Hash identifier:          t67D9obj2Ugypjg/4nkVuNhYkvTOPg/8KPctZfzv/qk=
Subject key identifier:   03:6C:59:C1:19:05:D9:7F:0F:20:7B:A8:A3:3C:BD:F8:08:47:09:40
Certificate issuer:       /CN=a378118db05e4c93e76fa1f1c95679c705beb208
Certificate serial:       018CC56E1B7F695F78DDE038D6110FF27617
Authority key identifier: A3:78:11:8D:B0:5E:4C:93:E7:6F:A1:F1:C9:56:79:C7:05:BE:B2:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/o3gRjbBeTJPnb6HxyVZ5xwW-sgg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/0f355a-3a0a-46ec-b07f-866607af2fa5/1/A2xZwRkF2X8PIHuoozy9-AhHCUA.roa
Signing time:             Mon 01 Jan 2024 14:29:36 +0000
ROA not before:           Mon 01 Jan 2024 14:29:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15542
IP address blocks:        2001:67c:2ef0::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/0f355a-3a0a-46ec-b07f-866607af2fa5/1/o3gRjbBeTJPnb6HxyVZ5xwW-sgg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/0f355a-3a0a-46ec-b07f-866607af2fa5/1/o3gRjbBeTJPnb6HxyVZ5xwW-sgg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/o3gRjbBeTJPnb6HxyVZ5xwW-sgg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:1b:7f:69:5f:78:dd:e0:38:d6:11:0f:f2:76:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a378118db05e4c93e76fa1f1c95679c705beb208
        Validity
            Not Before: Jan  1 14:29:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=036c59c11905d97f0f207ba8a33cbdf808470940
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:b3:0d:0d:f4:07:9d:dc:69:7a:8d:cf:e6:42:
                    ef:4c:c7:e3:61:f7:58:10:92:58:67:a9:fc:f3:23:
                    05:da:2c:f4:79:27:07:67:05:31:87:6a:f3:6f:8d:
                    f2:80:31:38:5d:da:da:f2:88:14:ab:d7:77:d3:d2:
                    0b:92:9d:13:dd:c6:ca:86:3c:3d:5e:ba:b2:17:07:
                    94:f6:8b:b6:d7:39:4a:da:8d:a1:41:21:0a:df:2a:
                    e7:12:89:f3:af:d1:9f:d8:2f:b7:ee:c9:74:16:f9:
                    cd:60:a1:c9:88:e4:e7:ee:28:f4:c6:18:8a:a2:bb:
                    70:5b:bd:fc:01:b7:0b:40:3f:63:88:50:0f:7f:a3:
                    72:9d:2d:47:db:f3:86:bf:d6:b2:49:09:c9:2b:45:
                    a6:64:28:4b:af:d2:72:90:15:87:0c:59:f9:1f:e4:
                    11:af:55:ab:66:dc:23:c0:64:34:c3:ad:ab:50:6d:
                    f4:54:fd:19:c5:1f:dd:c1:82:d1:d7:c5:5a:a1:0e:
                    7b:59:8d:7b:00:6a:2a:35:62:af:a5:28:2d:65:fc:
                    9c:91:89:91:30:71:0a:85:b8:12:2f:41:24:2d:4a:
                    27:cb:09:3a:7f:b2:87:be:33:af:fe:67:48:9c:33:
                    c7:fa:36:98:16:2c:54:42:f6:b8:49:e9:9f:84:a5:
                    c3:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:6C:59:C1:19:05:D9:7F:0F:20:7B:A8:A3:3C:BD:F8:08:47:09:40
            X509v3 Authority Key Identifier:
                keyid:A3:78:11:8D:B0:5E:4C:93:E7:6F:A1:F1:C9:56:79:C7:05:BE:B2:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/o3gRjbBeTJPnb6HxyVZ5xwW-sgg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/0f355a-3a0a-46ec-b07f-866607af2fa5/1/A2xZwRkF2X8PIHuoozy9-AhHCUA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/0f355a-3a0a-46ec-b07f-866607af2fa5/1/o3gRjbBeTJPnb6HxyVZ5xwW-sgg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:2ef0::/48

    Signature Algorithm: sha256WithRSAEncryption
         a5:28:2a:16:24:2b:c7:33:d4:ba:06:a7:d5:a3:f5:28:4c:70:
         9a:46:3c:bc:bc:29:7c:55:1b:f4:0f:e0:d1:7c:74:ce:8d:a6:
         b8:0f:a5:d3:d0:31:bc:33:62:c9:2e:6a:8c:c3:a0:73:3a:99:
         4d:4f:96:50:9b:0f:4b:2b:a5:55:8a:99:e4:be:3a:89:89:7a:
         bd:93:ea:c1:20:1c:f8:91:c7:31:f1:27:61:c1:32:2e:0f:d2:
         35:a8:fc:56:16:b0:83:3a:f8:ea:05:10:69:94:62:dc:e1:60:
         83:33:f8:79:ec:90:d5:12:a4:cd:9a:d9:a8:c1:be:32:26:09:
         0a:21:4c:e7:dd:87:3d:8c:c0:f9:db:aa:7c:fe:b6:a6:a7:1b:
         cb:82:18:8c:81:9a:48:fb:87:07:3a:e5:3b:36:98:2d:4d:9d:
         1f:71:ac:10:1a:29:1b:16:c3:0b:3a:6a:d0:12:3b:a1:a3:99:
         cd:a2:30:3b:68:e3:de:fd:78:bf:d6:3b:36:e5:e5:13:b1:d0:
         e7:54:d3:ac:90:b1:4d:cb:8b:0a:b3:87:85:81:ea:e7:90:23:
         1c:3e:a4:8b:1a:26:2c:db:f4:4d:3e:5e:61:13:17:98:6a:71:
         d5:d8:9b:4f:a5:56:04:00:56:56:59:46:a0:7f:da:26:44:bc:
         08:e8:eb:8d
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzFbht/aV943eA41hEP8nYXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEzNzgxMThkYjA1ZTRjOTNlNzZmYTFmMWM5NTY3OWM3MDVi
ZWIyMDgwHhcNMjQwMTAxMTQyOTM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMzZjNTljMTE5MDVkOTdmMGYyMDdiYThhMzNjYmRmODA4NDcwOTQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhrMNDfQHndxpeo3P5kLvTMfjYfdY
EJJYZ6n88yMF2iz0eScHZwUxh2rzb43ygDE4Xdra8ogUq9d309ILkp0T3cbKhjw9
XrqyFweU9ou21zlK2o2hQSEK3yrnEonzr9Gf2C+37sl0FvnNYKHJiOTn7ij0xhiK
ortwW738AbcLQD9jiFAPf6NynS1H2/OGv9aySQnJK0WmZChLr9JykBWHDFn5H+QR
r1WrZtwjwGQ0w62rUG30VP0ZxR/dwYLR18VaoQ57WY17AGoqNWKvpSgtZfyckYmR
MHEKhbgSL0EkLUonywk6f7KHvjOv/mdInDPH+jaYFixUQva4SemfhKXDkQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFANsWcEZBdl/DyB7qKM8vfgIRwlAMB8GA1UdIwQY
MBaAFKN4EY2wXkyT52+h8clWeccFvrIIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbzNnUmpiQmVUSlBuYjZIeHlWWjV4d1ctc2dnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS8wZjM1NWEtM2EwYS00NmVjLWIwN2Yt
ODY2NjA3YWYyZmE1LzEvQTJ4WndSa0YyWDhQSUh1b296eTktQWhIQ1VBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS8wZjM1NWEtM2EwYS00NmVjLWIwN2YtODY2NjA3YWYyZmE1
LzEvbzNnUmpiQmVUSlBuYjZIeHlWWjV4d1ctc2dnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfC7w
MA0GCSqGSIb3DQEBCwUAA4IBAQClKCoWJCvHM9S6BqfVo/UoTHCaRjy8vCl8VRv0
D+DRfHTOjaa4D6XT0DG8M2LJLmqMw6BzOplNT5ZQmw9LK6VVipnkvjqJiXq9k+rB
IBz4kccx8SdhwTIuD9I1qPxWFrCDOvjqBRBplGLc4WCDM/h57JDVEqTNmtmowb4y
JgkKIUzn3Yc9jMD526p8/rampxvLghiMgZpI+4cHOuU7NpgtTZ0fcawQGikbFsML
OmrQEjuho5nNojA7aOPe/Xi/1js25eUTsdDnVNOskLFNy4sKs4eFgernkCMcPqSL
GiYs2/RNPl5hExeYanHV2JtPpVYEAFZWWUagf9omRLwI6OuN
-----END CERTIFICATE-----