Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/757b56-7b57-48a0-9a75-a2a4c6a621cd/1/N6d_m4Z0zn4oUOL3azbOK12o5MU.roa
File:                     N6d_m4Z0zn4oUOL3azbOK12o5MU.roa (raw, json)
Hash identifier:          d8o3ekEXdkg0JJgGBStE6H4hvrMEMhZ1pFOOvqKJWKI=
Subject key identifier:   37:A7:7F:9B:86:74:CE:7E:28:50:E2:F7:6B:36:CE:2B:5D:A8:E4:C5
Certificate issuer:       /CN=189d6b55d6a688ee5e3381883bb5af68433276e3
Certificate serial:       018F489F16A82C6B07D8DED90880BDF339F4
Authority key identifier: 18:9D:6B:55:D6:A6:88:EE:5E:33:81:88:3B:B5:AF:68:43:32:76:E3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GJ1rVdamiO5eM4GIO7WvaEMyduM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/11/757b56-7b57-48a0-9a75-a2a4c6a621cd/1/N6d_m4Z0zn4oUOL3azbOK12o5MU.roa
Signing time:             Sun 05 May 2024 11:58:56 +0000
ROA not before:           Sun 05 May 2024 11:58:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     25198
IP address blocks:        2a12:d3c0::/29 maxlen: 30

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/11/757b56-7b57-48a0-9a75-a2a4c6a621cd/1/GJ1rVdamiO5eM4GIO7WvaEMyduM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/11/757b56-7b57-48a0-9a75-a2a4c6a621cd/1/GJ1rVdamiO5eM4GIO7WvaEMyduM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GJ1rVdamiO5eM4GIO7WvaEMyduM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 17:16:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:48:9f:16:a8:2c:6b:07:d8:de:d9:08:80:bd:f3:39:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=189d6b55d6a688ee5e3381883bb5af68433276e3
        Validity
            Not Before: May  5 11:58:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=37a77f9b8674ce7e2850e2f76b36ce2b5da8e4c5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:ac:02:c6:cd:0d:c7:df:aa:75:8b:f0:ee:7f:
                    57:91:cc:bf:11:56:df:d3:7d:7c:08:c8:fc:98:06:
                    af:9e:89:78:7f:7d:ae:1c:cd:ed:fa:9c:d2:55:4f:
                    b4:d2:ff:7f:d2:e5:04:c1:9f:2f:32:27:fc:95:3f:
                    f3:87:ec:c0:24:e1:b1:a0:25:65:49:ef:ca:3c:17:
                    bd:4b:66:90:29:02:d2:35:c1:19:93:af:ad:b8:2f:
                    6f:c7:71:61:58:ad:c0:a2:d4:ba:82:bd:5d:9b:8b:
                    ac:a6:5d:1d:b8:be:8d:f7:e5:39:e8:f5:d0:d8:2e:
                    e6:ee:ae:ee:5d:3c:67:f8:44:84:ac:43:c8:60:a2:
                    2a:87:ea:07:47:d5:22:4f:03:59:73:bd:8c:da:e4:
                    b5:03:ba:6f:f8:cb:78:88:68:54:0b:b5:53:56:4a:
                    40:00:c5:b1:da:d5:49:fb:66:8b:f0:96:f2:ac:d3:
                    ac:b8:2d:d2:9f:36:fb:64:82:33:8c:f7:2c:69:99:
                    50:8b:96:0c:da:cb:d5:19:fc:1e:29:08:11:5a:2e:
                    75:83:9f:c4:6b:94:46:37:8b:70:de:a2:da:45:8c:
                    d7:be:c4:73:97:40:93:af:f8:3d:8e:23:e1:7e:06:
                    12:b6:c1:8c:5a:ef:77:dc:22:18:92:9f:6a:be:dc:
                    bd:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:A7:7F:9B:86:74:CE:7E:28:50:E2:F7:6B:36:CE:2B:5D:A8:E4:C5
            X509v3 Authority Key Identifier:
                keyid:18:9D:6B:55:D6:A6:88:EE:5E:33:81:88:3B:B5:AF:68:43:32:76:E3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GJ1rVdamiO5eM4GIO7WvaEMyduM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/757b56-7b57-48a0-9a75-a2a4c6a621cd/1/N6d_m4Z0zn4oUOL3azbOK12o5MU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/11/757b56-7b57-48a0-9a75-a2a4c6a621cd/1/GJ1rVdamiO5eM4GIO7WvaEMyduM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:d3c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         af:6d:a6:ac:9a:93:2f:19:23:55:9c:b8:7c:8d:4d:b1:e8:bd:
         1b:bd:a7:65:f5:7d:4d:fa:d3:18:47:92:32:74:72:a9:0d:92:
         de:b8:6b:e3:2a:7e:d3:1b:d7:22:55:cf:83:9c:32:46:b9:55:
         20:25:9c:da:1d:97:93:c6:d7:64:a5:0a:8f:59:f4:8f:14:bd:
         36:a6:a1:63:db:ed:54:e2:96:bf:d4:44:53:35:65:f9:3b:24:
         68:29:92:de:71:c7:45:69:f6:94:53:7d:2e:9d:6d:31:97:ca:
         e4:96:b8:f4:a2:41:8a:fa:0a:f2:7a:dc:1c:48:e4:44:54:8b:
         8f:ba:5d:4f:92:0e:60:25:97:e2:90:23:49:da:bd:44:10:7e:
         6a:c0:6c:97:8b:e0:25:dc:62:ce:62:69:80:4a:cb:de:eb:fd:
         c1:00:da:c0:c2:fd:f3:b3:b0:23:5e:99:15:d8:a9:56:4d:7e:
         e1:0a:64:85:c7:0f:82:a8:29:17:70:47:41:cb:d4:6a:1a:96:
         a7:5d:75:a1:26:8d:b0:d5:67:7e:dc:8e:9f:e5:ae:eb:7f:88:
         d5:c6:47:07:fa:2d:0e:03:ed:48:33:cf:dd:e1:4b:18:4c:ad:
         90:80:01:2c:7a:91:bc:6e:ef:6a:e1:a7:86:ac:35:51:74:b5:
         50:c4:00:cf
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAY9InxaoLGsH2N7ZCIC98zn0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE4OWQ2YjU1ZDZhNjg4ZWU1ZTMzODE4ODNiYjVhZjY4NDMz
Mjc2ZTMwHhcNMjQwNTA1MTE1ODU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzN2E3N2Y5Yjg2NzRjZTdlMjg1MGUyZjc2YjM2Y2UyYjVkYThlNGM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5qwCxs0Nx9+qdYvw7n9Xkcy/EVbf
0318CMj8mAavnol4f32uHM3t+pzSVU+00v9/0uUEwZ8vMif8lT/zh+zAJOGxoCVl
Se/KPBe9S2aQKQLSNcEZk6+tuC9vx3FhWK3AotS6gr1dm4uspl0duL6N9+U56PXQ
2C7m7q7uXTxn+ESErEPIYKIqh+oHR9UiTwNZc72M2uS1A7pv+Mt4iGhUC7VTVkpA
AMWx2tVJ+2aL8JbyrNOsuC3Snzb7ZIIzjPcsaZlQi5YM2svVGfweKQgRWi51g5/E
a5RGN4tw3qLaRYzXvsRzl0CTr/g9jiPhfgYStsGMWu933CIYkp9qvty9BwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFDenf5uGdM5+KFDi92s2zitdqOTFMB8GA1UdIwQY
MBaAFBida1XWpojuXjOBiDu1r2hDMnbjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR0oxclZkYW1pTzVlTTRHSU83V3ZhRU15ZHVNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS83NTdiNTYtN2I1Ny00OGEwLTlhNzUt
YTJhNGM2YTYyMWNkLzEvTjZkX200WjB6bjRvVU9MM2F6Yk9LMTJvNU1VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS83NTdiNTYtN2I1Ny00OGEwLTlhNzUtYTJhNGM2YTYyMWNk
LzEvR0oxclZkYW1pTzVlTTRHSU83V3ZhRU15ZHVNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhLTwDAN
BgkqhkiG9w0BAQsFAAOCAQEAr22mrJqTLxkjVZy4fI1Nsei9G72nZfV9TfrTGEeS
MnRyqQ2S3rhr4yp+0xvXIlXPg5wyRrlVICWc2h2Xk8bXZKUKj1n0jxS9NqahY9vt
VOKWv9REUzVl+TskaCmS3nHHRWn2lFN9Lp1tMZfK5Ja49KJBivoK8nrcHEjkRFSL
j7pdT5IOYCWX4pAjSdq9RBB+asBsl4vgJdxizmJpgErL3uv9wQDawML987OwI16Z
FdipVk1+4QpkhccPgqgpF3BHQcvUahqWp111oSaNsNVnftyOn+Wu63+I1cZHB/ot
DgPtSDPP3eFLGEytkIABLHqRvG7vauGnhqw1UXS1UMQAzw==
-----END CERTIFICATE-----