Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/14/10e965-7409-44d8-9502-cf0aa3ecad28/1/ToyquzuuYlvBBxx1F623uhMw40o.roa
File:                     ToyquzuuYlvBBxx1F623uhMw40o.roa (raw, json)
Hash identifier:          0rasbmhw8WixgEqT0G480JRWcIFnZCJPK1baEoI/ZOs=
Subject key identifier:   4E:8C:AA:BB:3B:AE:62:5B:C1:07:1C:75:17:AD:B7:BA:13:30:E3:4A
Certificate issuer:       /CN=0802b95ce6239d526c35ae7a8e2ceb48aeb82b5f
Certificate serial:       018CC9BCE134C8B2800010E8820DB5F70A82
Authority key identifier: 08:02:B9:5C:E6:23:9D:52:6C:35:AE:7A:8E:2C:EB:48:AE:B8:2B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CAK5XOYjnVJsNa56jizrSK64K18.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/14/10e965-7409-44d8-9502-cf0aa3ecad28/1/ToyquzuuYlvBBxx1F623uhMw40o.roa
Signing time:             Tue 02 Jan 2024 10:34:07 +0000
ROA not before:           Tue 02 Jan 2024 10:34:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     56377
IP address blocks:        2a02:2698:4000::/38 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/14/10e965-7409-44d8-9502-cf0aa3ecad28/1/CAK5XOYjnVJsNa56jizrSK64K18.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/14/10e965-7409-44d8-9502-cf0aa3ecad28/1/CAK5XOYjnVJsNa56jizrSK64K18.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CAK5XOYjnVJsNa56jizrSK64K18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 01:00:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:e1:34:c8:b2:80:00:10:e8:82:0d:b5:f7:0a:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0802b95ce6239d526c35ae7a8e2ceb48aeb82b5f
        Validity
            Not Before: Jan  2 10:34:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4e8caabb3bae625bc1071c7517adb7ba1330e34a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:07:c7:c1:3b:ca:36:eb:02:77:13:47:79:5e:
                    cb:f5:52:08:15:23:47:24:b4:80:cd:f4:d9:1e:b4:
                    58:8e:48:bd:e4:df:d7:b3:95:7a:9a:bf:2f:9f:24:
                    64:c8:3b:2c:99:fa:07:67:64:98:dd:09:5b:78:6a:
                    54:85:4e:07:2f:9d:f3:73:a0:68:57:5f:b6:cb:59:
                    36:0b:5d:22:44:01:4a:a4:6a:b1:d3:ca:44:0e:f7:
                    d5:40:55:9b:36:6d:b6:c3:2c:d2:2d:0f:6f:7a:f5:
                    f9:1e:43:ac:46:71:c5:e9:26:be:c0:1a:bb:e2:b1:
                    0c:ce:b9:2c:64:24:62:a5:50:9e:02:2c:82:0e:80:
                    96:8f:9e:1f:dc:23:a3:f1:84:6a:15:d1:1d:88:66:
                    30:61:7d:28:f0:6b:e0:c7:05:01:5d:b4:48:64:a0:
                    4c:dd:6e:76:1f:c3:da:6c:27:63:40:89:ae:8c:20:
                    d9:4b:ce:ad:65:b1:6c:83:9e:c8:ec:97:c4:71:42:
                    ae:2a:65:ed:59:f4:3d:20:f4:2b:8d:2c:93:94:6d:
                    64:a2:70:03:dc:c1:9f:e1:27:e2:0f:4a:09:e6:98:
                    42:9c:d5:a2:09:0e:eb:b0:ce:e1:31:0b:c9:c0:4d:
                    7e:0a:f6:a4:42:f9:b9:14:45:88:e4:ab:3e:e9:98:
                    1e:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:8C:AA:BB:3B:AE:62:5B:C1:07:1C:75:17:AD:B7:BA:13:30:E3:4A
            X509v3 Authority Key Identifier:
                keyid:08:02:B9:5C:E6:23:9D:52:6C:35:AE:7A:8E:2C:EB:48:AE:B8:2B:5F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CAK5XOYjnVJsNa56jizrSK64K18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/14/10e965-7409-44d8-9502-cf0aa3ecad28/1/ToyquzuuYlvBBxx1F623uhMw40o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/14/10e965-7409-44d8-9502-cf0aa3ecad28/1/CAK5XOYjnVJsNa56jizrSK64K18.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a02:2698:4000::/38

    Signature Algorithm: sha256WithRSAEncryption
         46:19:47:d9:6b:4d:be:ce:18:f4:99:e6:cb:c7:3a:f2:01:21:
         7f:b3:37:39:29:d4:f6:5d:29:b0:1a:95:ff:3e:a6:6d:24:0d:
         48:84:eb:89:55:51:ba:0b:06:30:8c:52:ce:ff:4c:ff:30:cf:
         74:07:01:ad:6f:12:82:56:77:46:f7:42:d0:fe:64:54:fa:7a:
         13:20:b7:b9:6f:75:02:dc:eb:ae:57:82:14:41:74:7d:f5:7e:
         ae:27:b7:73:7f:8a:6c:c1:c1:c5:d0:dc:26:25:af:ad:73:bb:
         44:dd:ab:00:f2:31:e1:7e:4a:38:d3:53:25:f4:9b:af:ce:3b:
         79:2b:9c:eb:cd:de:0c:4f:74:05:a7:3f:87:d0:33:fc:c5:83:
         c5:f4:55:09:26:12:93:ee:5d:d4:cc:1e:43:95:58:37:70:6b:
         a8:bb:32:1c:a5:2c:35:8c:d8:31:e2:c5:52:02:c8:dd:69:ca:
         41:e1:3a:d6:86:8b:27:45:fa:f8:12:0f:a4:0a:ab:6b:ad:f8:
         e2:9a:73:32:07:89:c0:73:06:71:b0:a5:6c:a9:ee:78:4d:7e:
         5a:3b:21:b6:c7:66:85:c9:e1:85:e4:af:f0:83:40:9c:7d:42:
         4b:03:e7:fe:65:8b:eb:b8:c3:74:55:6d:ad:f3:ea:35:2b:b2:
         e2:28:fd:0b
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzJvOE0yLKAABDogg219wqCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4MDJiOTVjZTYyMzlkNTI2YzM1YWU3YThlMmNlYjQ4YWVi
ODJiNWYwHhcNMjQwMTAyMTAzNDA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZThjYWFiYjNiYWU2MjViYzEwNzFjNzUxN2FkYjdiYTEzMzBlMzRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApgfHwTvKNusCdxNHeV7L9VIIFSNH
JLSAzfTZHrRYjki95N/Xs5V6mr8vnyRkyDssmfoHZ2SY3QlbeGpUhU4HL53zc6Bo
V1+2y1k2C10iRAFKpGqx08pEDvfVQFWbNm22wyzSLQ9vevX5HkOsRnHF6Sa+wBq7
4rEMzrksZCRipVCeAiyCDoCWj54f3COj8YRqFdEdiGYwYX0o8GvgxwUBXbRIZKBM
3W52H8PabCdjQImujCDZS86tZbFsg57I7JfEcUKuKmXtWfQ9IPQrjSyTlG1konAD
3MGf4SfiD0oJ5phCnNWiCQ7rsM7hMQvJwE1+CvakQvm5FEWI5Ks+6ZgePQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFE6Mqrs7rmJbwQccdRett7oTMONKMB8GA1UdIwQY
MBaAFAgCuVzmI51SbDWueo4s60iuuCtfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0FLNVhPWWpuVkpzTmE1NmppenJTSzY0SzE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNC8xMGU5NjUtNzQwOS00NGQ4LTk1MDIt
Y2YwYWEzZWNhZDI4LzEvVG95cXV6dXVZbHZCQnh4MUY2MjN1aE13NDBvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNC8xMGU5NjUtNzQwOS00NGQ4LTk1MDItY2YwYWEzZWNhZDI4
LzEvQ0FLNVhPWWpuVkpzTmE1NmppenJTSzY0SzE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYCKgImmEAw
DQYJKoZIhvcNAQELBQADggEBAEYZR9lrTb7OGPSZ5svHOvIBIX+zNzkp1PZdKbAa
lf8+pm0kDUiE64lVUboLBjCMUs7/TP8wz3QHAa1vEoJWd0b3QtD+ZFT6ehMgt7lv
dQLc665XghRBdH31fq4nt3N/imzBwcXQ3CYlr61zu0TdqwDyMeF+SjjTUyX0m6/O
O3krnOvN3gxPdAWnP4fQM/zFg8X0VQkmEpPuXdTMHkOVWDdwa6i7MhylLDWM2DHi
xVICyN1pykHhOtaGiydF+vgSD6QKq2ut+OKaczIHicBzBnGwpWyp7nhNflo7IbbH
ZoXJ4YXkr/CDQJx9QksD5/5li+u4w3RVba3z6jUrsuIo/Qs=
-----END CERTIFICATE-----