Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0d/1c062a-04d4-4c05-a2d2-90bdcc4aa5db/1/1442qk6OaBahbSE4x8WQBQkwKeY.roa
File:                     1442qk6OaBahbSE4x8WQBQkwKeY.roa (raw, json)
Hash identifier:          NbnORGblW48uq6P7H71GD4fB7NHwwXycd34AVU10IuA=
Subject key identifier:   D7:8E:36:AA:4E:8E:68:16:A1:6D:21:38:C7:C5:90:05:09:30:29:E6
Certificate issuer:       /CN=722325ecf368c9148a7c41281d607fa6d804a0c9
Certificate serial:       018DF48F4D06DAFED6FF170AB2173C542FE8
Authority key identifier: 72:23:25:EC:F3:68:C9:14:8A:7C:41:28:1D:60:7F:A6:D8:04:A0:C9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ciMl7PNoyRSKfEEoHWB_ptgEoMk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0d/1c062a-04d4-4c05-a2d2-90bdcc4aa5db/1/1442qk6OaBahbSE4x8WQBQkwKeY.roa
Signing time:             Thu 29 Feb 2024 11:10:48 +0000
ROA not before:           Thu 29 Feb 2024 11:10:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211335
IP address blocks:        2a13:e300::/32 maxlen: 32
                          2a13:e301::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0d/1c062a-04d4-4c05-a2d2-90bdcc4aa5db/1/ciMl7PNoyRSKfEEoHWB_ptgEoMk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0d/1c062a-04d4-4c05-a2d2-90bdcc4aa5db/1/ciMl7PNoyRSKfEEoHWB_ptgEoMk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ciMl7PNoyRSKfEEoHWB_ptgEoMk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 02 Jul 2024 11:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:f4:8f:4d:06:da:fe:d6:ff:17:0a:b2:17:3c:54:2f:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=722325ecf368c9148a7c41281d607fa6d804a0c9
        Validity
            Not Before: Feb 29 11:10:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d78e36aa4e8e6816a16d2138c7c59005093029e6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f4:e2:c0:69:3a:83:64:90:8e:88:43:5c:73:fa:
                    21:43:26:69:4b:f3:63:77:39:c8:19:28:cc:cf:d9:
                    0c:63:49:b9:f4:51:84:34:61:83:25:7d:e8:c1:b5:
                    87:42:0d:c2:ab:18:45:cb:69:70:da:ac:8a:7c:3a:
                    80:90:26:76:10:e5:56:77:49:17:2f:50:0d:f0:81:
                    29:7a:94:8b:c0:ae:96:30:56:2e:99:8f:ea:f7:fc:
                    c4:8f:a9:b5:b8:11:ca:60:46:3b:41:75:5b:65:26:
                    cd:3a:0b:d2:2d:97:a2:0b:03:35:76:29:f3:92:9e:
                    73:94:96:b0:e6:76:f9:8f:e4:c4:8b:83:08:30:4c:
                    fd:77:96:ed:8e:5f:47:2a:58:93:62:67:18:06:5a:
                    aa:5f:d7:27:9b:30:04:9d:20:0c:2a:46:bf:82:57:
                    ae:fc:81:5f:41:b8:b1:38:70:17:82:c7:b2:9d:6c:
                    45:a1:6c:da:70:9b:51:ab:09:3d:95:61:3c:a3:a8:
                    4c:af:8e:c7:c8:0d:3f:b5:f2:4f:c5:2e:19:f1:e6:
                    45:ac:4c:6d:7c:df:08:44:40:dd:9f:e8:3a:0d:d5:
                    06:4c:00:75:b9:e4:01:d1:f5:50:90:e9:a1:c2:94:
                    f1:5d:dc:6e:39:80:73:98:6d:3e:0b:50:7a:a2:d7:
                    89:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:8E:36:AA:4E:8E:68:16:A1:6D:21:38:C7:C5:90:05:09:30:29:E6
            X509v3 Authority Key Identifier:
                keyid:72:23:25:EC:F3:68:C9:14:8A:7C:41:28:1D:60:7F:A6:D8:04:A0:C9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ciMl7PNoyRSKfEEoHWB_ptgEoMk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/1c062a-04d4-4c05-a2d2-90bdcc4aa5db/1/1442qk6OaBahbSE4x8WQBQkwKeY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/1c062a-04d4-4c05-a2d2-90bdcc4aa5db/1/ciMl7PNoyRSKfEEoHWB_ptgEoMk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:e300::/31

    Signature Algorithm: sha256WithRSAEncryption
         4a:7d:f6:02:b2:85:99:52:20:56:3c:ad:4d:96:7c:f7:9f:e7:
         bc:1c:68:9e:95:45:51:c9:0a:25:74:3c:78:20:a3:e0:3e:da:
         89:22:e7:47:e4:59:e2:f5:af:8e:b9:14:f0:d6:20:f5:98:46:
         8f:bf:7b:be:04:4b:76:d7:6f:3c:de:29:8a:d9:5d:96:b5:3d:
         77:41:31:c4:21:5e:b4:04:46:a1:c3:70:0d:d2:3c:ac:8d:63:
         4f:9e:bd:da:03:9e:32:71:68:e2:92:1e:fd:b6:b8:cf:41:59:
         19:9b:01:36:5c:a2:5e:75:1d:49:b9:7c:0c:c0:d2:53:d5:14:
         f4:76:11:16:c2:2c:ce:14:a1:f0:93:2e:fe:76:11:9b:e8:4d:
         83:17:41:d6:2f:74:6a:61:d9:dc:34:ac:9e:b5:1c:7b:03:22:
         29:21:dc:ce:6a:bd:fb:14:31:21:6b:09:c5:ae:c1:8d:f5:6b:
         8f:c6:b1:69:49:34:04:88:9d:f5:ee:8c:60:d9:81:c9:05:73:
         ab:d3:03:7e:b2:3c:7e:a3:40:cc:eb:b4:41:1e:8e:11:f8:c7:
         be:06:eb:af:3c:8a:79:19:8d:83:55:58:fb:37:e6:c5:87:9a:
         6e:9c:a8:dd:88:cf:39:65:b7:61:3c:16:48:c3:08:97:ec:e3:
         3e:55:97:6f
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAY30j00G2v7W/xcKshc8VC/oMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMjMyNWVjZjM2OGM5MTQ4YTdjNDEyODFkNjA3ZmE2ZDgw
NGEwYzkwHhcNMjQwMjI5MTExMDQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNzhlMzZhYTRlOGU2ODE2YTE2ZDIxMzhjN2M1OTAwNTA5MzAyOWU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9OLAaTqDZJCOiENcc/ohQyZpS/Nj
dznIGSjMz9kMY0m59FGENGGDJX3owbWHQg3CqxhFy2lw2qyKfDqAkCZ2EOVWd0kX
L1AN8IEpepSLwK6WMFYumY/q9/zEj6m1uBHKYEY7QXVbZSbNOgvSLZeiCwM1dinz
kp5zlJaw5nb5j+TEi4MIMEz9d5btjl9HKliTYmcYBlqqX9cnmzAEnSAMKka/gleu
/IFfQbixOHAXgseynWxFoWzacJtRqwk9lWE8o6hMr47HyA0/tfJPxS4Z8eZFrExt
fN8IREDdn+g6DdUGTAB1ueQB0fVQkOmhwpTxXdxuOYBzmG0+C1B6oteJuwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFNeONqpOjmgWoW0hOMfFkAUJMCnmMB8GA1UdIwQY
MBaAFHIjJezzaMkUinxBKB1gf6bYBKDJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2lNbDdQTm95UlNLZkVFb0hXQl9wdGdFb01rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZC8xYzA2MmEtMDRkNC00YzA1LWEyZDIt
OTBiZGNjNGFhNWRiLzEvMTQ0MnFrNk9hQmFoYlNFNHg4V1FCUWt3S2VZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZC8xYzA2MmEtMDRkNC00YzA1LWEyZDItOTBiZGNjNGFhNWRi
LzEvY2lNbDdQTm95UlNLZkVFb0hXQl9wdGdFb01rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUBKhPjADAN
BgkqhkiG9w0BAQsFAAOCAQEASn32ArKFmVIgVjytTZZ895/nvBxonpVFUckKJXQ8
eCCj4D7aiSLnR+RZ4vWvjrkU8NYg9ZhGj797vgRLdtdvPN4pitldlrU9d0ExxCFe
tARGocNwDdI8rI1jT5692gOeMnFo4pIe/ba4z0FZGZsBNlyiXnUdSbl8DMDSU9UU
9HYRFsIszhSh8JMu/nYRm+hNgxdB1i90amHZ3DSsnrUcewMiKSHczmq9+xQxIWsJ
xa7BjfVrj8axaUk0BIid9e6MYNmByQVzq9MDfrI8fqNAzOu0QR6OEfjHvgbrrzyK
eRmNg1VY+zfmxYeabpyo3YjPOWW3YTwWSMMIl+zjPlWXbw==
-----END CERTIFICATE-----