Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0d/7583cb-d31e-4e03-b14b-b20e28f5188f/1/LOKXzhyRbwzG_hrS1YAPYSCG45A.roa
File:                     LOKXzhyRbwzG_hrS1YAPYSCG45A.roa (raw, json)
Hash identifier:          PU0bWjY54ItE6c99rFrvQCEZcmOkLKNdUqfP5HFfRRM=
Subject key identifier:   2C:E2:97:CE:1C:91:6F:0C:C6:FE:1A:D2:D5:80:0F:61:20:86:E3:90
Certificate issuer:       /CN=3a0b05f40a6916394782302d1b5660737257a48b
Certificate serial:       018CC501564C38A783B004C145854724DE0B
Authority key identifier: 3A:0B:05:F4:0A:69:16:39:47:82:30:2D:1B:56:60:73:72:57:A4:8B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OgsF9AppFjlHgjAtG1Zgc3JXpIs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0d/7583cb-d31e-4e03-b14b-b20e28f5188f/1/LOKXzhyRbwzG_hrS1YAPYSCG45A.roa
Signing time:             Mon 01 Jan 2024 12:30:48 +0000
ROA not before:           Mon 01 Jan 2024 12:30:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34828
IP address blocks:        2a0f:6580:10::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0d/7583cb-d31e-4e03-b14b-b20e28f5188f/1/OgsF9AppFjlHgjAtG1Zgc3JXpIs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0d/7583cb-d31e-4e03-b14b-b20e28f5188f/1/OgsF9AppFjlHgjAtG1Zgc3JXpIs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OgsF9AppFjlHgjAtG1Zgc3JXpIs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 09:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:56:4c:38:a7:83:b0:04:c1:45:85:47:24:de:0b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3a0b05f40a6916394782302d1b5660737257a48b
        Validity
            Not Before: Jan  1 12:30:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2ce297ce1c916f0cc6fe1ad2d5800f612086e390
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:3b:b2:fd:ec:4f:48:37:9f:cd:14:2d:63:4d:
                    63:4b:9e:2e:20:2e:c3:bc:d7:f2:d8:4b:7f:fc:62:
                    52:b3:65:8b:03:23:2a:c4:c4:c3:ef:d3:98:84:fa:
                    1d:b7:b7:35:75:4b:f7:79:e2:f5:16:17:bb:4d:f7:
                    73:2c:7a:12:c7:58:74:3b:b8:e7:aa:bb:08:9a:dd:
                    45:40:f2:98:b4:48:84:ba:96:d6:34:19:63:05:78:
                    e3:6f:f9:73:16:8f:80:ec:35:38:01:1f:3a:7e:12:
                    f5:cb:2a:5b:dd:c2:df:7a:6c:d2:da:0d:3e:a9:14:
                    18:2f:e0:56:7d:6c:10:56:85:c9:80:2e:44:7e:26:
                    e9:8f:95:27:36:37:f6:54:6f:b9:73:1a:d4:60:e0:
                    c2:2a:6d:4a:6f:95:3d:c4:ba:cf:1c:dd:74:a9:5b:
                    aa:92:a5:6b:de:9d:92:b9:48:c0:35:ec:7c:04:d4:
                    78:af:29:3e:62:fa:a6:38:6e:88:62:3f:8c:1f:d6:
                    e6:7f:75:e5:c9:83:0f:4d:ea:b7:0f:4e:d6:28:2a:
                    02:f0:5d:3e:61:4b:67:ad:16:c8:6f:38:2d:d4:af:
                    66:f5:74:89:65:66:2f:44:2e:5d:c7:a8:d0:a5:38:
                    a5:cb:38:56:04:b3:fc:e5:5a:e8:d1:a7:73:d0:04:
                    71:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2C:E2:97:CE:1C:91:6F:0C:C6:FE:1A:D2:D5:80:0F:61:20:86:E3:90
            X509v3 Authority Key Identifier:
                keyid:3A:0B:05:F4:0A:69:16:39:47:82:30:2D:1B:56:60:73:72:57:A4:8B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OgsF9AppFjlHgjAtG1Zgc3JXpIs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/7583cb-d31e-4e03-b14b-b20e28f5188f/1/LOKXzhyRbwzG_hrS1YAPYSCG45A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/7583cb-d31e-4e03-b14b-b20e28f5188f/1/OgsF9AppFjlHgjAtG1Zgc3JXpIs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:6580:10::/48

    Signature Algorithm: sha256WithRSAEncryption
         4e:fe:e5:2d:54:91:b1:1f:aa:74:94:0d:da:00:41:1d:5f:34:
         95:c8:27:14:0e:18:60:a0:95:a4:9a:4d:f0:45:d3:ce:e0:d1:
         c3:97:82:05:1a:83:84:d9:59:9f:3c:74:a0:ac:d1:f3:04:93:
         76:95:8a:7e:66:94:94:0f:4a:94:d3:9d:63:39:ac:dc:aa:8a:
         e5:41:d8:1e:61:b4:80:ac:00:c7:5a:16:8b:9a:6d:d6:9a:26:
         7a:f3:57:78:ab:2c:93:40:b8:20:06:ae:12:08:0e:42:f6:26:
         6e:be:15:4b:5b:17:0e:d6:e8:d3:c6:64:65:a7:2a:ac:cb:28:
         99:6d:ac:8a:39:a1:b6:55:a0:88:36:76:b4:7c:cb:8c:00:9b:
         0a:d9:b2:67:c9:bf:1d:78:08:fb:80:3e:af:8b:22:54:c7:37:
         07:a6:cc:47:8a:cd:27:38:d9:11:8b:5f:49:7c:e7:cb:4c:a2:
         31:bb:96:30:27:d7:dd:ab:be:0c:9c:4f:f1:f7:33:a8:19:dc:
         cd:75:49:af:22:f9:4d:ae:64:21:79:1b:d1:20:9b:b5:9c:db:
         96:ff:17:cb:c5:6d:8e:32:09:9f:62:5b:9e:2f:cd:39:73:db:
         a1:68:a2:8f:d1:26:91:a5:74:c4:3c:d5:0c:04:07:59:ba:eb:
         8e:9e:e1:f2
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzFAVZMOKeDsATBRYVHJN4LMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhMGIwNWY0MGE2OTE2Mzk0NzgyMzAyZDFiNTY2MDczNzI1
N2E0OGIwHhcNMjQwMTAxMTIzMDQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyY2UyOTdjZTFjOTE2ZjBjYzZmZTFhZDJkNTgwMGY2MTIwODZlMzkwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlDuy/exPSDefzRQtY01jS54uIC7D
vNfy2Et//GJSs2WLAyMqxMTD79OYhPodt7c1dUv3eeL1Fhe7TfdzLHoSx1h0O7jn
qrsImt1FQPKYtEiEupbWNBljBXjjb/lzFo+A7DU4AR86fhL1yypb3cLfemzS2g0+
qRQYL+BWfWwQVoXJgC5Efibpj5UnNjf2VG+5cxrUYODCKm1Kb5U9xLrPHN10qVuq
kqVr3p2SuUjANex8BNR4ryk+YvqmOG6IYj+MH9bmf3XlyYMPTeq3D07WKCoC8F0+
YUtnrRbIbzgt1K9m9XSJZWYvRC5dx6jQpTilyzhWBLP85Vro0adz0ARx4wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFCzil84ckW8Mxv4a0tWAD2EghuOQMB8GA1UdIwQY
MBaAFDoLBfQKaRY5R4IwLRtWYHNyV6SLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT2dzRjlBcHBGamxIZ2pBdEcxWmdjM0pYcElzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZC83NTgzY2ItZDMxZS00ZTAzLWIxNGIt
YjIwZTI4ZjUxODhmLzEvTE9LWHpoeVJid3pHX2hyUzFZQVBZU0NHNDVBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZC83NTgzY2ItZDMxZS00ZTAzLWIxNGItYjIwZTI4ZjUxODhm
LzEvT2dzRjlBcHBGamxIZ2pBdEcxWmdjM0pYcElzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg9lgAAQ
MA0GCSqGSIb3DQEBCwUAA4IBAQBO/uUtVJGxH6p0lA3aAEEdXzSVyCcUDhhgoJWk
mk3wRdPO4NHDl4IFGoOE2VmfPHSgrNHzBJN2lYp+ZpSUD0qU051jOazcqorlQdge
YbSArADHWhaLmm3WmiZ681d4qyyTQLggBq4SCA5C9iZuvhVLWxcO1ujTxmRlpyqs
yyiZbayKOaG2VaCINna0fMuMAJsK2bJnyb8deAj7gD6viyJUxzcHpsxHis0nONkR
i19JfOfLTKIxu5YwJ9fdq74MnE/x9zOoGdzNdUmvIvlNrmQheRvRIJu1nNuW/xfL
xW2OMgmfYlueL805c9uhaKKP0SaRpXTEPNUMBAdZuuuOnuHy
-----END CERTIFICATE-----