Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/eff67f-40a9-4775-a9c2-ad28fa966b51/1/pIYkaFt_vy2BQo8IbKGI6NWsYko.roa
File:                     pIYkaFt_vy2BQo8IbKGI6NWsYko.roa (raw, json)
Hash identifier:          2cDNJBcItJ59E9ou5zfA12VIM5oue/3Fx4KNjBOKlIo=
Subject key identifier:   A4:86:24:68:5B:7F:BF:2D:81:42:8F:08:6C:A1:88:E8:D5:AC:62:4A
Certificate issuer:       /CN=0bb3e73aa8b7f0af3bd8400572dae72b0d46f55c
Certificate serial:       018CC34948D80463606C04918C2C7840B371
Authority key identifier: 0B:B3:E7:3A:A8:B7:F0:AF:3B:D8:40:05:72:DA:E7:2B:0D:46:F5:5C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/C7PnOqi38K872EAFctrnKw1G9Vw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/11/eff67f-40a9-4775-a9c2-ad28fa966b51/1/pIYkaFt_vy2BQo8IbKGI6NWsYko.roa
Signing time:             Mon 01 Jan 2024 04:30:09 +0000
ROA not before:           Mon 01 Jan 2024 04:30:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209968
IP address blocks:        2a0e:48c0::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/11/eff67f-40a9-4775-a9c2-ad28fa966b51/1/C7PnOqi38K872EAFctrnKw1G9Vw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/11/eff67f-40a9-4775-a9c2-ad28fa966b51/1/C7PnOqi38K872EAFctrnKw1G9Vw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/C7PnOqi38K872EAFctrnKw1G9Vw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 26 May 2024 05:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:48:d8:04:63:60:6c:04:91:8c:2c:78:40:b3:71
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0bb3e73aa8b7f0af3bd8400572dae72b0d46f55c
        Validity
            Not Before: Jan  1 04:30:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a48624685b7fbf2d81428f086ca188e8d5ac624a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:ad:fe:27:71:a9:c5:0d:76:04:13:ec:84:69:
                    bd:4c:10:56:4b:3b:9c:83:5f:a4:fa:d5:db:bd:8c:
                    36:9e:76:e4:23:9a:dc:fd:c2:03:d5:cf:ae:0d:54:
                    5b:26:8f:20:cd:5a:74:0e:87:d7:14:29:fe:a6:55:
                    30:0d:61:f0:a7:00:80:6a:b4:0e:13:39:20:77:bd:
                    9d:69:3e:73:df:a7:31:e2:88:c3:b9:40:eb:ef:4b:
                    9d:39:f6:c1:e0:96:c3:a8:0a:dd:63:ee:86:dd:1c:
                    ad:24:fe:12:f2:b9:a8:fe:56:67:15:02:36:ed:d0:
                    c9:0a:71:d5:19:9b:4b:f9:af:1f:02:b8:3d:ca:44:
                    cc:42:88:91:1a:46:72:df:67:c3:63:53:5b:e6:2a:
                    82:7d:74:10:39:6e:78:24:7a:9c:87:d1:cc:03:5f:
                    54:c3:44:c9:37:11:5f:07:dd:86:bb:96:b7:01:4b:
                    0e:8b:4a:15:2c:8f:2d:45:20:a5:07:51:66:8f:71:
                    47:86:c5:d2:74:fb:f6:48:4a:03:4d:55:48:fb:cf:
                    23:cf:c4:cc:26:46:63:bd:e9:2d:9b:56:93:29:04:
                    38:2e:ed:8f:74:57:88:5a:89:be:34:6b:06:6b:4a:
                    50:81:54:54:e6:97:ce:3e:f6:33:98:d0:1a:8b:16:
                    cf:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:86:24:68:5B:7F:BF:2D:81:42:8F:08:6C:A1:88:E8:D5:AC:62:4A
            X509v3 Authority Key Identifier:
                keyid:0B:B3:E7:3A:A8:B7:F0:AF:3B:D8:40:05:72:DA:E7:2B:0D:46:F5:5C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/C7PnOqi38K872EAFctrnKw1G9Vw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/eff67f-40a9-4775-a9c2-ad28fa966b51/1/pIYkaFt_vy2BQo8IbKGI6NWsYko.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/11/eff67f-40a9-4775-a9c2-ad28fa966b51/1/C7PnOqi38K872EAFctrnKw1G9Vw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:48c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         9e:ea:61:99:f8:92:55:c9:70:ae:37:9e:97:59:53:51:e8:4e:
         5a:95:db:fa:10:e9:53:98:b6:b2:f6:2c:23:db:dd:dd:b4:43:
         33:d5:39:fd:41:b2:b3:e9:84:36:db:34:47:e6:9e:9a:43:ef:
         0f:69:6c:f0:d2:ed:e8:45:3a:1d:d2:ce:77:74:c8:9c:a9:98:
         19:8e:07:4f:b9:6f:af:e5:6b:be:75:dd:2d:d3:51:62:04:7f:
         16:fd:50:f4:01:dc:a8:41:47:7b:9c:ad:51:26:9b:0a:17:69:
         dd:f8:3a:fb:d1:2f:ad:cf:ee:67:b8:35:3c:a5:a3:12:b0:df:
         98:cf:b0:ff:98:98:6f:07:32:1a:cd:04:c4:fc:2d:2e:5d:58:
         72:09:0c:48:c1:c8:08:7a:d4:34:db:0e:79:ac:43:10:31:1e:
         63:82:7a:f1:ef:4e:57:d5:2a:8f:96:54:95:73:c2:ab:26:a8:
         a0:16:1e:c0:fc:3a:40:27:da:e9:1e:9e:13:78:99:78:34:1b:
         2d:84:22:49:22:79:7c:d9:88:38:74:b3:fe:30:d5:b7:39:b7:
         35:8c:2f:fa:25:d4:22:b8:3d:59:d1:b0:f3:ae:e7:98:33:90:
         68:5f:4a:db:6f:bc:43:49:82:53:6a:35:54:c6:45:a4:ab:82:
         eb:78:91:ae
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzDSUjYBGNgbASRjCx4QLNxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBiYjNlNzNhYThiN2YwYWYzYmQ4NDAwNTcyZGFlNzJiMGQ0
NmY1NWMwHhcNMjQwMTAxMDQzMDA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNDg2MjQ2ODViN2ZiZjJkODE0MjhmMDg2Y2ExODhlOGQ1YWM2MjRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi63+J3GpxQ12BBPshGm9TBBWSzuc
g1+k+tXbvYw2nnbkI5rc/cID1c+uDVRbJo8gzVp0DofXFCn+plUwDWHwpwCAarQO
Ezkgd72daT5z36cx4ojDuUDr70udOfbB4JbDqArdY+6G3RytJP4S8rmo/lZnFQI2
7dDJCnHVGZtL+a8fArg9ykTMQoiRGkZy32fDY1Nb5iqCfXQQOW54JHqch9HMA19U
w0TJNxFfB92Gu5a3AUsOi0oVLI8tRSClB1Fmj3FHhsXSdPv2SEoDTVVI+88jz8TM
JkZjvektm1aTKQQ4Lu2PdFeIWom+NGsGa0pQgVRU5pfOPvYzmNAaixbPTQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFKSGJGhbf78tgUKPCGyhiOjVrGJKMB8GA1UdIwQY
MBaAFAuz5zqot/CvO9hABXLa5ysNRvVcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQzdQbk9xaTM4Szg3MkVBRmN0cm5LdzFHOVZ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS9lZmY2N2YtNDBhOS00Nzc1LWE5YzIt
YWQyOGZhOTY2YjUxLzEvcElZa2FGdF92eTJCUW84SWJLR0k2TldzWWtvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS9lZmY2N2YtNDBhOS00Nzc1LWE5YzItYWQyOGZhOTY2YjUx
LzEvQzdQbk9xaTM4Szg3MkVBRmN0cm5LdzFHOVZ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKg5IwDAN
BgkqhkiG9w0BAQsFAAOCAQEAnuphmfiSVclwrjeel1lTUehOWpXb+hDpU5i2svYs
I9vd3bRDM9U5/UGys+mENts0R+aemkPvD2ls8NLt6EU6HdLOd3TInKmYGY4HT7lv
r+VrvnXdLdNRYgR/Fv1Q9AHcqEFHe5ytUSabChdp3fg6+9Evrc/uZ7g1PKWjErDf
mM+w/5iYbwcyGs0ExPwtLl1YcgkMSMHICHrUNNsOeaxDEDEeY4J68e9OV9Uqj5ZU
lXPCqyaooBYewPw6QCfa6R6eE3iZeDQbLYQiSSJ5fNmIOHSz/jDVtzm3NYwv+iXU
Irg9WdGw867nmDOQaF9K22+8Q0mCU2o1VMZFpKuC63iRrg==
-----END CERTIFICATE-----