Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/qm6M43Bf3k_6oSMSeKVcRjDddHY.roa
File:                     qm6M43Bf3k_6oSMSeKVcRjDddHY.roa (raw, json)
Hash identifier:          kyBJJpiiEML0MPFZQKFxW0Zd2rH4A3TKitJIZijmKyY=
Subject key identifier:   AA:6E:8C:E3:70:5F:DE:4F:FA:A1:23:12:78:A5:5C:46:30:DD:74:76
Certificate issuer:       /CN=d217b472c841c1d68550a24f1936d29cc6c28f6a
Certificate serial:       018CC6B94733DABF7AFC3CBF0A0410B4F2F3
Authority key identifier: D2:17:B4:72:C8:41:C1:D6:85:50:A2:4F:19:36:D2:9C:C6:C2:8F:6A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0he0cshBwdaFUKJPGTbSnMbCj2o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/qm6M43Bf3k_6oSMSeKVcRjDddHY.roa
Signing time:             Mon 01 Jan 2024 20:31:20 +0000
ROA not before:           Mon 01 Jan 2024 20:31:20 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     25560
IP address blocks:        2a03:f85::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/0he0cshBwdaFUKJPGTbSnMbCj2o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/0he0cshBwdaFUKJPGTbSnMbCj2o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0he0cshBwdaFUKJPGTbSnMbCj2o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 02:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b9:47:33:da:bf:7a:fc:3c:bf:0a:04:10:b4:f2:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d217b472c841c1d68550a24f1936d29cc6c28f6a
        Validity
            Not Before: Jan  1 20:31:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=aa6e8ce3705fde4ffaa1231278a55c4630dd7476
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:eb:0d:54:1e:68:16:e4:f2:b3:5e:78:1f:ce:e2:
                    d1:6b:5c:72:ea:58:73:18:26:40:b5:68:c2:de:78:
                    23:50:67:5c:da:f1:45:b7:5d:e0:cf:fc:2a:f5:89:
                    19:b3:6f:60:66:e3:dc:fc:1c:75:dd:3c:60:ec:ff:
                    03:6f:6c:20:93:f7:5f:fb:42:3d:36:e2:85:c0:38:
                    ca:a5:8b:88:3a:4e:07:05:c5:5a:1f:ce:be:02:fb:
                    a4:9f:5e:f7:40:5f:79:6b:e4:e1:d1:73:32:65:68:
                    e4:91:7e:ab:0d:04:d1:f3:61:5c:cd:51:5c:5c:b8:
                    4b:92:9d:8c:d5:39:29:c0:e1:7a:e9:66:9c:53:a2:
                    dd:a5:7a:d8:22:b2:99:69:c8:96:7f:76:bb:f2:7d:
                    30:5a:32:41:1c:b2:de:aa:05:fe:97:b7:19:22:de:
                    d2:0e:af:2a:df:86:43:9b:5b:2f:97:23:2d:6e:f8:
                    fc:02:c4:c6:5e:97:f2:a5:7e:4f:1f:6e:08:37:8f:
                    91:d8:b4:cf:2d:45:ca:4a:44:ff:84:ae:04:6a:8e:
                    ac:46:86:2c:6a:1f:8c:28:51:75:44:4d:c2:2b:32:
                    cb:39:28:ec:57:20:50:05:fc:e9:1e:95:0a:5d:0e:
                    8b:2a:14:f1:c0:ac:8c:cf:20:74:73:1e:cf:3d:8f:
                    23:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:6E:8C:E3:70:5F:DE:4F:FA:A1:23:12:78:A5:5C:46:30:DD:74:76
            X509v3 Authority Key Identifier:
                keyid:D2:17:B4:72:C8:41:C1:D6:85:50:A2:4F:19:36:D2:9C:C6:C2:8F:6A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0he0cshBwdaFUKJPGTbSnMbCj2o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/qm6M43Bf3k_6oSMSeKVcRjDddHY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/0he0cshBwdaFUKJPGTbSnMbCj2o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a03:f85::/48

    Signature Algorithm: sha256WithRSAEncryption
         25:8b:e3:68:bd:12:ed:08:3f:dc:1b:2a:46:5c:f0:ac:0d:88:
         59:5d:a8:42:3f:37:aa:da:89:bc:06:53:2d:4d:39:b6:c7:fa:
         3f:0f:2c:b0:f7:7e:4f:05:6b:bd:b8:e5:a6:de:a5:fd:a6:2d:
         a0:59:d6:88:6b:87:b6:d0:17:48:ff:de:57:07:32:62:0b:a3:
         e7:2e:d0:b6:96:e5:2b:bd:53:f3:f0:90:c2:c7:11:7f:de:f0:
         d3:24:e2:da:70:eb:e9:c6:63:48:fa:69:06:73:98:fc:b2:69:
         c2:61:c3:e5:bb:d0:34:3e:05:9b:19:d8:79:83:b4:27:50:4f:
         7e:43:0e:f4:b4:9d:a4:9b:04:39:ce:9b:74:4c:64:00:a6:97:
         48:3e:b5:b9:60:00:10:a6:bf:23:86:13:16:30:0b:c0:bf:f3:
         72:c2:05:8e:9b:b0:9b:a8:fa:3a:4c:ee:4c:96:c1:25:d8:5b:
         97:bf:17:9d:45:79:47:78:4c:26:c4:39:de:be:83:06:16:42:
         41:09:4d:df:2e:af:b5:b3:71:32:2b:7c:1f:5e:98:ef:aa:99:
         32:a1:a5:ae:41:65:fa:77:20:eb:24:11:76:02:b2:4c:06:b7:
         c6:62:85:6d:6c:45:c3:34:2d:92:e1:cf:1f:b6:62:3c:85:f7:
         c4:cd:55:d2
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzGuUcz2r96/Dy/CgQQtPLzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQyMTdiNDcyYzg0MWMxZDY4NTUwYTI0ZjE5MzZkMjljYzZj
MjhmNmEwHhcNMjQwMTAxMjAzMTIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYTZlOGNlMzcwNWZkZTRmZmFhMTIzMTI3OGE1NWM0NjMwZGQ3NDc2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6w1UHmgW5PKzXngfzuLRa1xy6lhz
GCZAtWjC3ngjUGdc2vFFt13gz/wq9YkZs29gZuPc/Bx13Txg7P8Db2wgk/df+0I9
NuKFwDjKpYuIOk4HBcVaH86+Avukn173QF95a+Th0XMyZWjkkX6rDQTR82FczVFc
XLhLkp2M1TkpwOF66WacU6LdpXrYIrKZaciWf3a78n0wWjJBHLLeqgX+l7cZIt7S
Dq8q34ZDm1svlyMtbvj8AsTGXpfypX5PH24IN4+R2LTPLUXKSkT/hK4Eao6sRoYs
ah+MKFF1RE3CKzLLOSjsVyBQBfzpHpUKXQ6LKhTxwKyMzyB0cx7PPY8jDQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFKpujONwX95P+qEjEnilXEYw3XR2MB8GA1UdIwQY
MBaAFNIXtHLIQcHWhVCiTxk20pzGwo9qMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMGhlMGNzaEJ3ZGFGVUtKUEdUYlNuTWJDajJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC8yOTBlNDQtYjQ3OS00NmNmLWFiNGIt
YjM4ZTI2NzdiM2RjLzEvcW02TTQzQmYza182b1NNU2VLVmNSakRkZEhZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC8yOTBlNDQtYjQ3OS00NmNmLWFiNGItYjM4ZTI2NzdiM2Rj
LzEvMGhlMGNzaEJ3ZGFGVUtKUEdUYlNuTWJDajJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgMPhQAA
MA0GCSqGSIb3DQEBCwUAA4IBAQAli+NovRLtCD/cGypGXPCsDYhZXahCPzeq2om8
BlMtTTm2x/o/Dyyw935PBWu9uOWm3qX9pi2gWdaIa4e20BdI/95XBzJiC6PnLtC2
luUrvVPz8JDCxxF/3vDTJOLacOvpxmNI+mkGc5j8smnCYcPlu9A0PgWbGdh5g7Qn
UE9+Qw70tJ2kmwQ5zpt0TGQAppdIPrW5YAAQpr8jhhMWMAvAv/NywgWOm7CbqPo6
TO5MlsEl2FuXvxedRXlHeEwmxDnevoMGFkJBCU3fLq+1s3EyK3wfXpjvqpkyoaWu
QWX6dyDrJBF2ArJMBrfGYoVtbEXDNC2S4c8ftmI8hffEzVXS
-----END CERTIFICATE-----