Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/d83777-5ba8-4f1e-851c-92819de8a036/1/Zn5uA6g94v2EEL5Asa1rU4LgCAw.roa
File:                     Zn5uA6g94v2EEL5Asa1rU4LgCAw.roa (raw, json)
Hash identifier:          XkwRh6h6CI15dbIOaf+OQX8vQhy+coZI4TFA1gE5PFA=
Subject key identifier:   66:7E:6E:03:A8:3D:E2:FD:84:10:BE:40:B1:AD:6B:53:82:E0:08:0C
Certificate issuer:       /CN=ed77e6b925b3b7a7abb92885d55d733dc5fa62d2
Certificate serial:       018CC64B7AE8CBD9E5EE0995FDEDB9C503D7
Authority key identifier: ED:77:E6:B9:25:B3:B7:A7:AB:B9:28:85:D5:5D:73:3D:C5:FA:62:D2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7XfmuSWzt6eruSiF1V1zPcX6YtI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/d83777-5ba8-4f1e-851c-92819de8a036/1/Zn5uA6g94v2EEL5Asa1rU4LgCAw.roa
Signing time:             Mon 01 Jan 2024 18:31:24 +0000
ROA not before:           Mon 01 Jan 2024 18:31:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207480
IP address blocks:        2a06:1e82::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/d83777-5ba8-4f1e-851c-92819de8a036/1/7XfmuSWzt6eruSiF1V1zPcX6YtI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/d83777-5ba8-4f1e-851c-92819de8a036/1/7XfmuSWzt6eruSiF1V1zPcX6YtI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7XfmuSWzt6eruSiF1V1zPcX6YtI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 08:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:7a:e8:cb:d9:e5:ee:09:95:fd:ed:b9:c5:03:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ed77e6b925b3b7a7abb92885d55d733dc5fa62d2
        Validity
            Not Before: Jan  1 18:31:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=667e6e03a83de2fd8410be40b1ad6b5382e0080c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:80:55:0c:fa:cf:f5:2e:9d:ae:6d:79:4c:f5:
                    2c:ed:29:a2:e7:43:10:af:ab:63:f4:de:26:f7:4b:
                    42:30:10:48:4f:e8:00:23:6a:05:05:4e:86:ea:d8:
                    d2:c9:6d:ee:b7:dc:10:60:00:21:ae:b7:3d:64:83:
                    21:3a:4d:2c:1d:e3:9c:53:32:40:e8:e5:2a:c0:9a:
                    8b:b4:ca:ea:31:6a:74:17:ee:d7:74:2e:93:13:84:
                    c6:38:4e:5f:d4:bf:ca:4f:c0:e1:bb:c7:5c:05:4a:
                    8f:b7:d3:f4:1e:ed:ca:5e:bd:80:10:86:8e:4b:e8:
                    d8:c2:a6:19:38:9b:45:2a:83:a8:4b:ea:84:4d:5f:
                    06:ef:5c:73:8d:2c:b2:54:ff:bb:d7:0a:b7:eb:37:
                    ef:4c:a8:10:a5:52:ff:f4:ab:fe:ab:39:96:07:60:
                    36:22:ea:cc:1f:24:a6:a9:e7:5f:c4:79:b1:d3:1b:
                    44:70:aa:95:34:c0:91:b6:b7:51:d1:30:b4:5c:7c:
                    b0:0b:f9:ff:e4:16:8c:de:39:a8:cc:6a:98:bf:8c:
                    a2:79:13:ec:4e:45:8c:5f:25:2d:78:e8:2c:49:e2:
                    91:de:10:5b:6c:35:9d:3b:19:c9:59:8a:16:2e:c8:
                    ed:8f:93:42:be:c5:4e:e4:6a:96:0a:c8:03:39:47:
                    73:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:7E:6E:03:A8:3D:E2:FD:84:10:BE:40:B1:AD:6B:53:82:E0:08:0C
            X509v3 Authority Key Identifier:
                keyid:ED:77:E6:B9:25:B3:B7:A7:AB:B9:28:85:D5:5D:73:3D:C5:FA:62:D2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7XfmuSWzt6eruSiF1V1zPcX6YtI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/d83777-5ba8-4f1e-851c-92819de8a036/1/Zn5uA6g94v2EEL5Asa1rU4LgCAw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/d83777-5ba8-4f1e-851c-92819de8a036/1/7XfmuSWzt6eruSiF1V1zPcX6YtI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:1e82::/44

    Signature Algorithm: sha256WithRSAEncryption
         61:72:fd:4e:ec:7f:2d:0b:58:30:f5:c9:e4:46:84:06:37:cf:
         d9:d0:7a:d4:3e:bc:2b:ec:31:39:6e:2e:6f:d0:fc:ab:30:e2:
         ff:46:6c:64:bc:91:4f:4f:19:60:f5:9c:64:cd:9d:30:0b:48:
         e1:5f:61:0c:2a:39:36:a2:e0:08:d3:a0:fc:0d:fd:e6:19:ed:
         31:01:bb:92:b1:20:dd:fa:7e:5a:cf:1c:91:9f:0f:44:2f:9b:
         b3:30:0b:c5:ef:47:ee:ac:77:10:f9:68:e3:a9:a1:8d:79:f8:
         2e:7f:f0:87:02:63:11:49:f1:3e:7a:b3:7a:2a:ce:fa:73:ab:
         9f:6b:b6:03:f2:aa:32:63:c8:58:c0:a6:58:34:35:d7:94:f3:
         c8:f8:1b:fa:ed:65:38:56:8c:6a:a7:1f:5e:25:12:61:aa:d3:
         ba:59:27:54:cb:81:88:cc:22:8d:cc:ca:d1:d5:0f:b5:c1:37:
         db:70:a7:d4:b5:83:5e:ab:79:9e:f0:c0:e2:73:fa:d7:38:f6:
         a7:e4:f1:75:49:f0:69:3f:43:03:b5:a9:e4:9a:19:33:9a:c9:
         c0:d3:48:3b:c1:72:96:05:c3:d7:40:48:c9:28:92:07:ab:dd:
         91:50:87:98:38:fc:47:42:f9:b0:dd:dc:c6:ad:d2:02:49:10:
         42:b6:84:56
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzGS3roy9nl7gmV/e25xQPXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVkNzdlNmI5MjViM2I3YTdhYmI5Mjg4NWQ1NWQ3MzNkYzVm
YTYyZDIwHhcNMjQwMTAxMTgzMTI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NjdlNmUwM2E4M2RlMmZkODQxMGJlNDBiMWFkNmI1MzgyZTAwODBjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2YBVDPrP9S6drm15TPUs7Smi50MQ
r6tj9N4m90tCMBBIT+gAI2oFBU6G6tjSyW3ut9wQYAAhrrc9ZIMhOk0sHeOcUzJA
6OUqwJqLtMrqMWp0F+7XdC6TE4TGOE5f1L/KT8Dhu8dcBUqPt9P0Hu3KXr2AEIaO
S+jYwqYZOJtFKoOoS+qETV8G71xzjSyyVP+71wq36zfvTKgQpVL/9Kv+qzmWB2A2
IurMHySmqedfxHmx0xtEcKqVNMCRtrdR0TC0XHywC/n/5BaM3jmozGqYv4yieRPs
TkWMXyUteOgsSeKR3hBbbDWdOxnJWYoWLsjtj5NCvsVO5GqWCsgDOUdz8QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFGZ+bgOoPeL9hBC+QLGta1OC4AgMMB8GA1UdIwQY
MBaAFO135rkls7enq7kohdVdcz3F+mLSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN1hmbXVTV3p0NmVydVNpRjFWMXpQY1g2WXRJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy9kODM3NzctNWJhOC00ZjFlLTg1MWMt
OTI4MTlkZThhMDM2LzEvWm41dUE2Zzk0djJFRUw1QXNhMXJVNExnQ0F3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy9kODM3NzctNWJhOC00ZjFlLTg1MWMtOTI4MTlkZThhMDM2
LzEvN1hmbXVTV3p0NmVydVNpRjFWMXpQY1g2WXRJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgYeggAA
MA0GCSqGSIb3DQEBCwUAA4IBAQBhcv1O7H8tC1gw9cnkRoQGN8/Z0HrUPrwr7DE5
bi5v0PyrMOL/RmxkvJFPTxlg9ZxkzZ0wC0jhX2EMKjk2ouAI06D8Df3mGe0xAbuS
sSDd+n5azxyRnw9EL5uzMAvF70furHcQ+WjjqaGNefguf/CHAmMRSfE+erN6Ks76
c6ufa7YD8qoyY8hYwKZYNDXXlPPI+Bv67WU4Voxqpx9eJRJhqtO6WSdUy4GIzCKN
zMrR1Q+1wTfbcKfUtYNeq3me8MDic/rXOPan5PF1SfBpP0MDtankmhkzmsnA00g7
wXKWBcPXQEjJKJIHq92RUIeYOPxHQvmw3dzGrdICSRBCtoRW
-----END CERTIFICATE-----