Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/12/8c5808-3165-41dc-90a0-3ef5eb7c8598/1/A-afEIlrE5XNwqvqXzdFn-gjYTE.roa
File:                     A-afEIlrE5XNwqvqXzdFn-gjYTE.roa (raw, json)
Hash identifier:          EGsAkb4JUX2fScm/GERI2kSm37YiHR3uz/Dr4gjrpnU=
Subject key identifier:   03:E6:9F:10:89:6B:13:95:CD:C2:AB:EA:5F:37:45:9F:E8:23:61:31
Certificate issuer:       /CN=f3b90781dbbebdb8ec42baf66488059ea5866aac
Certificate serial:       018CC42484F2BD060D473D6773484CD5A189
Authority key identifier: F3:B9:07:81:DB:BE:BD:B8:EC:42:BA:F6:64:88:05:9E:A5:86:6A:AC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/87kHgdu-vbjsQrr2ZIgFnqWGaqw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/12/8c5808-3165-41dc-90a0-3ef5eb7c8598/1/A-afEIlrE5XNwqvqXzdFn-gjYTE.roa
Signing time:             Mon 01 Jan 2024 08:29:36 +0000
ROA not before:           Mon 01 Jan 2024 08:29:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50973
IP address blocks:        2a03:6947:100::/40 maxlen: 40

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/12/8c5808-3165-41dc-90a0-3ef5eb7c8598/1/87kHgdu-vbjsQrr2ZIgFnqWGaqw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/12/8c5808-3165-41dc-90a0-3ef5eb7c8598/1/87kHgdu-vbjsQrr2ZIgFnqWGaqw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/87kHgdu-vbjsQrr2ZIgFnqWGaqw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 01:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:84:f2:bd:06:0d:47:3d:67:73:48:4c:d5:a1:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f3b90781dbbebdb8ec42baf66488059ea5866aac
        Validity
            Not Before: Jan  1 08:29:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=03e69f10896b1395cdc2abea5f37459fe8236131
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:e5:a6:04:3c:a5:ed:c5:c8:aa:da:6c:c2:25:
                    9e:25:57:1d:52:25:38:a6:2d:0a:26:16:cb:de:c8:
                    8e:d5:91:83:5d:a0:b7:86:53:38:15:3a:78:fe:71:
                    ee:a1:c1:ad:ca:10:41:e5:e1:15:af:00:7b:8b:bb:
                    17:35:f4:61:65:15:c6:9a:61:cf:4f:09:c8:f0:d0:
                    1e:f4:19:28:a7:ec:e4:53:6e:ae:a3:08:d7:43:f5:
                    9e:e3:88:2f:6c:67:dc:1c:8f:13:b8:c8:2f:10:b7:
                    d5:70:36:4d:94:23:df:b0:ce:54:35:a2:7e:a5:2d:
                    28:40:49:67:1e:df:59:24:51:8f:0c:b9:c1:b8:b0:
                    63:dd:1f:80:38:8e:a4:07:c7:5d:ec:b5:7b:a9:3d:
                    5c:24:dc:a2:ea:44:95:03:d6:9d:b3:01:92:f8:f2:
                    74:9c:c7:55:ed:b6:d1:c7:a3:a9:72:fb:9e:a4:5f:
                    37:fe:e3:1d:47:d4:13:6a:9c:3f:34:b7:7c:02:f7:
                    14:1c:a6:eb:30:ad:83:fd:0b:39:72:17:5f:b9:d4:
                    1b:24:bb:33:e3:af:34:46:5a:a1:52:2a:3e:14:5f:
                    88:9a:f5:1f:e7:3f:df:17:69:16:84:ea:11:71:87:
                    ed:9b:14:b7:ac:fe:95:23:d6:35:1a:ed:d8:0e:94:
                    2e:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:E6:9F:10:89:6B:13:95:CD:C2:AB:EA:5F:37:45:9F:E8:23:61:31
            X509v3 Authority Key Identifier:
                keyid:F3:B9:07:81:DB:BE:BD:B8:EC:42:BA:F6:64:88:05:9E:A5:86:6A:AC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/87kHgdu-vbjsQrr2ZIgFnqWGaqw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/12/8c5808-3165-41dc-90a0-3ef5eb7c8598/1/A-afEIlrE5XNwqvqXzdFn-gjYTE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/12/8c5808-3165-41dc-90a0-3ef5eb7c8598/1/87kHgdu-vbjsQrr2ZIgFnqWGaqw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a03:6947:100::/40

    Signature Algorithm: sha256WithRSAEncryption
         87:75:43:6f:c8:52:1a:85:21:f6:82:a6:31:c8:76:4d:d6:a5:
         aa:25:66:64:af:f7:16:e4:54:90:c4:a2:fb:2c:5f:75:7a:78:
         7b:18:5a:22:0b:84:82:30:71:df:7d:3b:41:8c:b1:4f:b1:7f:
         cc:71:be:f9:f7:6e:e1:22:e8:b3:19:de:4b:5b:01:45:32:eb:
         65:3b:b5:67:08:a7:75:fd:13:6e:43:b1:7d:62:87:28:5b:16:
         15:6e:48:45:85:65:cb:9a:62:b1:e5:9e:73:a8:d2:1b:49:f2:
         98:6a:0c:0b:56:fa:12:48:05:53:46:ff:e8:21:5d:50:8f:4b:
         67:30:fb:6e:94:a6:b7:a2:34:80:40:43:ea:f7:b5:66:bb:1a:
         28:ce:71:c9:df:83:21:28:df:77:dd:4f:66:ab:81:36:50:19:
         24:2e:48:e4:11:38:c3:ae:a5:07:97:c1:d7:3e:8a:af:3d:00:
         23:e2:9a:2a:60:58:14:24:4f:fc:bb:60:16:d7:54:f0:ff:6d:
         70:89:80:7f:41:86:8b:e5:de:2a:48:93:82:c0:a5:55:61:13:
         bd:31:55:df:ae:df:22:41:2b:3d:60:97:13:99:23:3e:78:68:
         4c:73:e2:e0:62:39:a6:27:02:4c:8b:6a:6c:da:8b:93:2d:4c:
         09:9f:30:fa
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzEJITyvQYNRz1nc0hM1aGJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYzYjkwNzgxZGJiZWJkYjhlYzQyYmFmNjY0ODgwNTllYTU4
NjZhYWMwHhcNMjQwMTAxMDgyOTM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwM2U2OWYxMDg5NmIxMzk1Y2RjMmFiZWE1ZjM3NDU5ZmU4MjM2MTMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAluWmBDyl7cXIqtpswiWeJVcdUiU4
pi0KJhbL3siO1ZGDXaC3hlM4FTp4/nHuocGtyhBB5eEVrwB7i7sXNfRhZRXGmmHP
TwnI8NAe9Bkop+zkU26uowjXQ/We44gvbGfcHI8TuMgvELfVcDZNlCPfsM5UNaJ+
pS0oQElnHt9ZJFGPDLnBuLBj3R+AOI6kB8dd7LV7qT1cJNyi6kSVA9adswGS+PJ0
nMdV7bbRx6OpcvuepF83/uMdR9QTapw/NLd8AvcUHKbrMK2D/Qs5chdfudQbJLsz
4680RlqhUio+FF+ImvUf5z/fF2kWhOoRcYftmxS3rP6VI9Y1Gu3YDpQuPQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFAPmnxCJaxOVzcKr6l83RZ/oI2ExMB8GA1UdIwQY
MBaAFPO5B4Hbvr247EK69mSIBZ6lhmqsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvODdrSGdkdS12YmpzUXJyMlpJZ0ZucVdHYXF3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMi84YzU4MDgtMzE2NS00MWRjLTkwYTAt
M2VmNWViN2M4NTk4LzEvQS1hZkVJbHJFNVhOd3F2cVh6ZEZuLWdqWVRFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMi84YzU4MDgtMzE2NS00MWRjLTkwYTAtM2VmNWViN2M4NTk4
LzEvODdrSGdkdS12YmpzUXJyMlpJZ0ZucVdHYXF3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKgNpRwEw
DQYJKoZIhvcNAQELBQADggEBAId1Q2/IUhqFIfaCpjHIdk3WpaolZmSv9xbkVJDE
ovssX3V6eHsYWiILhIIwcd99O0GMsU+xf8xxvvn3buEi6LMZ3ktbAUUy62U7tWcI
p3X9E25DsX1ihyhbFhVuSEWFZcuaYrHlnnOo0htJ8phqDAtW+hJIBVNG/+ghXVCP
S2cw+26UpreiNIBAQ+r3tWa7GijOccnfgyEo33fdT2argTZQGSQuSOQROMOupQeX
wdc+iq89ACPimipgWBQkT/y7YBbXVPD/bXCJgH9Bhovl3ipIk4LApVVhE70xVd+u
3yJBKz1glxOZIz54aExz4uBiOaYnAkyLamzai5MtTAmfMPo=
-----END CERTIFICATE-----