Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/14/10e965-7409-44d8-9502-cf0aa3ecad28/1/ZCGix8UoP4DahJRzXez7xAH3Nls.roa
File:                     ZCGix8UoP4DahJRzXez7xAH3Nls.roa (raw, json)
Hash identifier:          IF1Uz1CFoR+SM1Ho3N8+tj4auhnLsOT4HilUevIiPLA=
Subject key identifier:   64:21:A2:C7:C5:28:3F:80:DA:84:94:73:5D:EC:FB:C4:01:F7:36:5B
Certificate issuer:       /CN=0802b95ce6239d526c35ae7a8e2ceb48aeb82b5f
Certificate serial:       018CC9BCE185782EF8B024F716801A758FDA
Authority key identifier: 08:02:B9:5C:E6:23:9D:52:6C:35:AE:7A:8E:2C:EB:48:AE:B8:2B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CAK5XOYjnVJsNa56jizrSK64K18.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/14/10e965-7409-44d8-9502-cf0aa3ecad28/1/ZCGix8UoP4DahJRzXez7xAH3Nls.roa
Signing time:             Tue 02 Jan 2024 10:34:08 +0000
ROA not before:           Tue 02 Jan 2024 10:34:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     56420
IP address blocks:        2a02:2698:6400::/38 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/14/10e965-7409-44d8-9502-cf0aa3ecad28/1/CAK5XOYjnVJsNa56jizrSK64K18.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/14/10e965-7409-44d8-9502-cf0aa3ecad28/1/CAK5XOYjnVJsNa56jizrSK64K18.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CAK5XOYjnVJsNa56jizrSK64K18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:e1:85:78:2e:f8:b0:24:f7:16:80:1a:75:8f:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0802b95ce6239d526c35ae7a8e2ceb48aeb82b5f
        Validity
            Not Before: Jan  2 10:34:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6421a2c7c5283f80da8494735decfbc401f7365b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:97:b3:0f:cc:d1:ee:04:90:a8:2b:1e:44:28:
                    d4:1d:6d:0f:f9:ce:55:d6:0f:eb:ed:74:34:68:c2:
                    50:dd:19:86:65:da:b8:28:79:8a:6e:df:7c:09:23:
                    33:7f:40:ea:a9:1d:f3:15:ed:5f:0c:55:f1:d2:8a:
                    a2:bf:9f:7e:6a:d7:0b:9c:90:3b:65:a4:5c:35:4d:
                    b1:e9:f9:70:46:d2:a3:2d:31:0a:d0:f8:27:ac:98:
                    ef:8c:66:42:b8:67:cf:c2:c6:21:a3:80:c9:25:4e:
                    ea:e1:bd:ea:1b:f0:55:ec:9b:47:41:07:df:8e:84:
                    5f:6f:63:98:f4:d9:53:6e:4d:6e:80:68:7e:b3:86:
                    9f:f7:44:2c:5d:20:b7:e0:08:33:e2:42:b4:86:24:
                    23:33:6f:13:7f:f9:63:ea:76:7f:2b:c4:a5:53:d8:
                    a8:f5:b8:79:9b:88:32:cb:95:ae:ed:e7:a3:44:38:
                    50:aa:7b:e3:92:90:88:73:3c:99:86:10:e6:b4:57:
                    6a:fb:3a:f0:45:2a:8f:40:3b:22:6b:6c:8a:0b:19:
                    ad:19:32:e5:26:4e:d0:ce:b2:c7:73:0a:70:4d:e2:
                    bd:f9:f1:79:8c:ff:36:4a:95:f6:49:a4:0f:ae:92:
                    05:b4:f9:db:5a:6d:86:cb:d8:86:81:92:34:c5:dc:
                    e3:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:21:A2:C7:C5:28:3F:80:DA:84:94:73:5D:EC:FB:C4:01:F7:36:5B
            X509v3 Authority Key Identifier:
                keyid:08:02:B9:5C:E6:23:9D:52:6C:35:AE:7A:8E:2C:EB:48:AE:B8:2B:5F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CAK5XOYjnVJsNa56jizrSK64K18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/14/10e965-7409-44d8-9502-cf0aa3ecad28/1/ZCGix8UoP4DahJRzXez7xAH3Nls.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/14/10e965-7409-44d8-9502-cf0aa3ecad28/1/CAK5XOYjnVJsNa56jizrSK64K18.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a02:2698:6400::/38

    Signature Algorithm: sha256WithRSAEncryption
         4f:69:fa:18:8b:b1:cf:ef:f6:1d:6d:af:40:c9:6b:e8:7d:4d:
         11:3f:f8:0c:23:01:7d:23:9c:9a:c0:cd:bc:45:9b:ef:e2:60:
         8c:9e:61:bd:dc:30:1f:bb:62:51:1d:44:09:86:73:9f:58:5d:
         a3:28:29:b9:d4:8f:36:fb:01:3e:fb:ab:6d:18:48:32:81:26:
         9c:c6:65:6b:96:15:de:d5:7c:0f:66:a2:f1:3b:59:85:11:27:
         27:b7:d0:2e:54:60:91:8b:92:bf:7b:44:9e:22:4b:dc:43:c7:
         ac:64:fd:9a:5b:84:c1:5c:fa:1a:1c:ef:8b:1a:bb:28:ec:68:
         7d:fc:fd:00:7a:4a:b9:0c:f1:bd:f1:82:81:f4:2f:dd:2a:4f:
         85:8b:65:b9:7a:09:81:f4:ee:fc:93:6d:ba:06:8b:38:41:9f:
         4a:2b:46:71:cb:dc:ac:ba:57:c2:e9:57:de:54:ee:9e:97:5b:
         cb:89:42:7f:ea:96:16:98:99:6c:67:42:b2:53:ad:61:c9:9e:
         5e:46:a1:a8:8a:a1:db:45:4e:ff:02:b7:67:63:12:e4:dc:78:
         a4:3b:67:83:25:f5:19:b8:a6:3a:e0:3f:74:65:8e:8e:de:0b:
         b4:2c:a1:b7:50:ce:65:9e:ad:b4:d5:89:f7:54:62:c3:51:38:
         0a:39:a8:b6
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzJvOGFeC74sCT3FoAadY/aMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4MDJiOTVjZTYyMzlkNTI2YzM1YWU3YThlMmNlYjQ4YWVi
ODJiNWYwHhcNMjQwMTAyMTAzNDA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NDIxYTJjN2M1MjgzZjgwZGE4NDk0NzM1ZGVjZmJjNDAxZjczNjViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqJezD8zR7gSQqCseRCjUHW0P+c5V
1g/r7XQ0aMJQ3RmGZdq4KHmKbt98CSMzf0DqqR3zFe1fDFXx0oqiv59+atcLnJA7
ZaRcNU2x6flwRtKjLTEK0PgnrJjvjGZCuGfPwsYho4DJJU7q4b3qG/BV7JtHQQff
joRfb2OY9NlTbk1ugGh+s4af90QsXSC34Agz4kK0hiQjM28Tf/lj6nZ/K8SlU9io
9bh5m4gyy5Wu7eejRDhQqnvjkpCIczyZhhDmtFdq+zrwRSqPQDsia2yKCxmtGTLl
Jk7QzrLHcwpwTeK9+fF5jP82SpX2SaQPrpIFtPnbWm2Gy9iGgZI0xdzjUQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFGQhosfFKD+A2oSUc13s+8QB9zZbMB8GA1UdIwQY
MBaAFAgCuVzmI51SbDWueo4s60iuuCtfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0FLNVhPWWpuVkpzTmE1NmppenJTSzY0SzE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNC8xMGU5NjUtNzQwOS00NGQ4LTk1MDIt
Y2YwYWEzZWNhZDI4LzEvWkNHaXg4VW9QNERhaEpSelhlejd4QUgzTmxzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNC8xMGU5NjUtNzQwOS00NGQ4LTk1MDItY2YwYWEzZWNhZDI4
LzEvQ0FLNVhPWWpuVkpzTmE1NmppenJTSzY0SzE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYCKgImmGQw
DQYJKoZIhvcNAQELBQADggEBAE9p+hiLsc/v9h1tr0DJa+h9TRE/+AwjAX0jnJrA
zbxFm+/iYIyeYb3cMB+7YlEdRAmGc59YXaMoKbnUjzb7AT77q20YSDKBJpzGZWuW
Fd7VfA9movE7WYURJye30C5UYJGLkr97RJ4iS9xDx6xk/ZpbhMFc+hoc74sauyjs
aH38/QB6SrkM8b3xgoH0L90qT4WLZbl6CYH07vyTbboGizhBn0orRnHL3Ky6V8Lp
V95U7p6XW8uJQn/qlhaYmWxnQrJTrWHJnl5GoaiKodtFTv8Ct2djEuTceKQ7Z4Ml
9Rm4pjrgP3Rljo7eC7QsobdQzmWerbTVifdUYsNROAo5qLY=
-----END CERTIFICATE-----