Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/22b7ab-fc11-407a-bd3c-63411367d90a/1/iZ6b3EjXXfw-ECuTBiigs-tACBY.roa
File:                     iZ6b3EjXXfw-ECuTBiigs-tACBY.roa (raw, json)
Hash identifier:          IQZsBkVaLl9wZ51jgKKrrW9GE1OggvIxUE0uojgN+sI=
Subject key identifier:   89:9E:9B:DC:48:D7:5D:FC:3E:10:2B:93:06:28:A0:B3:EB:40:08:16
Certificate issuer:       /CN=9f0743496c7ff3effb870601139cad9d2f271e10
Certificate serial:       018CC500E244308B4FA6C2E6AF61DD92F444
Authority key identifier: 9F:07:43:49:6C:7F:F3:EF:FB:87:06:01:13:9C:AD:9D:2F:27:1E:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nwdDSWx_8-_7hwYBE5ytnS8nHhA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/15/22b7ab-fc11-407a-bd3c-63411367d90a/1/iZ6b3EjXXfw-ECuTBiigs-tACBY.roa
Signing time:             Mon 01 Jan 2024 12:30:18 +0000
ROA not before:           Mon 01 Jan 2024 12:30:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     64404
IP address blocks:        2a05:2d01::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/15/22b7ab-fc11-407a-bd3c-63411367d90a/1/nwdDSWx_8-_7hwYBE5ytnS8nHhA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/15/22b7ab-fc11-407a-bd3c-63411367d90a/1/nwdDSWx_8-_7hwYBE5ytnS8nHhA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nwdDSWx_8-_7hwYBE5ytnS8nHhA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 16:59:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:e2:44:30:8b:4f:a6:c2:e6:af:61:dd:92:f4:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9f0743496c7ff3effb870601139cad9d2f271e10
        Validity
            Not Before: Jan  1 12:30:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=899e9bdc48d75dfc3e102b930628a0b3eb400816
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:f1:51:11:91:2c:3b:79:3b:fb:ad:ae:75:d2:
                    27:26:79:53:b9:01:3e:78:c6:be:a5:42:91:bf:44:
                    9d:9c:fd:fc:73:7f:b9:89:95:1c:db:36:56:c0:37:
                    48:50:5a:a1:a5:7e:3d:dc:5c:d4:40:e1:92:89:aa:
                    94:73:25:20:74:5c:59:51:d5:1f:76:c8:01:44:7d:
                    50:00:f9:6c:5a:e6:a5:f2:11:7c:bc:60:22:70:a0:
                    45:5a:fe:41:db:33:dc:31:25:54:d1:ce:27:60:c0:
                    5c:98:14:88:25:a3:75:06:39:76:10:67:e8:2d:b3:
                    3b:49:e7:a8:d6:49:c3:ef:29:5e:c7:31:42:59:45:
                    69:88:1a:bf:79:1e:20:3d:fc:46:a2:67:bd:26:3b:
                    18:1f:62:24:e0:92:d7:8c:f4:05:d5:b9:e0:b8:8a:
                    d6:7a:84:5b:f6:0f:6a:fd:f5:5d:56:55:1d:7a:8e:
                    40:6b:45:e6:a0:99:a0:ff:f6:61:80:20:3b:bb:c2:
                    07:97:b0:14:79:1b:b4:59:62:a5:1e:b5:fd:e5:a3:
                    ee:a0:fd:ec:4f:33:a4:a6:1c:d8:cf:9b:d9:93:ef:
                    35:92:37:22:01:74:84:34:2b:59:b1:35:43:3e:d6:
                    56:b6:b9:a4:6f:60:42:f5:da:68:08:94:f1:28:75:
                    66:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:9E:9B:DC:48:D7:5D:FC:3E:10:2B:93:06:28:A0:B3:EB:40:08:16
            X509v3 Authority Key Identifier:
                keyid:9F:07:43:49:6C:7F:F3:EF:FB:87:06:01:13:9C:AD:9D:2F:27:1E:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nwdDSWx_8-_7hwYBE5ytnS8nHhA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/22b7ab-fc11-407a-bd3c-63411367d90a/1/iZ6b3EjXXfw-ECuTBiigs-tACBY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/15/22b7ab-fc11-407a-bd3c-63411367d90a/1/nwdDSWx_8-_7hwYBE5ytnS8nHhA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:2d01::/32

    Signature Algorithm: sha256WithRSAEncryption
         0d:9e:4b:81:73:7d:4b:ff:c6:f1:f4:ec:07:3b:6b:32:d9:3f:
         44:4a:f2:b5:28:d6:33:bd:46:f1:77:f2:6e:29:86:1c:da:aa:
         ca:87:f4:19:c4:cb:bf:58:a7:33:31:53:d2:d0:77:13:4f:65:
         9b:8f:94:5e:fe:d0:18:04:87:b0:7c:69:97:92:2f:51:90:76:
         95:10:6c:23:c1:86:5c:e5:e1:17:8f:96:d3:b6:82:ee:cb:81:
         ab:39:d6:df:c2:56:be:54:8e:d6:3f:1c:f2:57:7b:8d:9b:06:
         37:7c:6c:13:54:0f:13:8f:6c:e2:10:ab:b0:b7:bc:88:21:0f:
         89:a4:0b:1a:9c:7a:53:52:12:58:7b:1e:43:bd:9c:d6:1a:9e:
         27:09:9d:f8:1c:fb:f0:5a:75:84:02:25:81:ee:82:e8:56:f6:
         de:05:d5:6a:18:16:04:d2:e6:29:51:7f:a5:92:76:4e:36:08:
         9e:a8:64:11:c7:3f:ce:51:14:e5:4f:89:09:33:dc:01:6c:63:
         17:5a:2d:3c:f8:58:5e:c7:fc:7a:3c:89:54:60:9b:6e:0a:df:
         f2:ce:11:7f:a5:f2:f6:b4:44:4d:7b:4d:9c:1f:a9:6f:fe:e1:
         91:77:1a:89:85:51:a7:e4:b8:2a:71:d8:1c:92:11:17:31:90:
         4e:8a:20:43
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzFAOJEMItPpsLmr2HdkvREMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlmMDc0MzQ5NmM3ZmYzZWZmYjg3MDYwMTEzOWNhZDlkMmYy
NzFlMTAwHhcNMjQwMTAxMTIzMDE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OTllOWJkYzQ4ZDc1ZGZjM2UxMDJiOTMwNjI4YTBiM2ViNDAwODE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmvFREZEsO3k7+62uddInJnlTuQE+
eMa+pUKRv0SdnP38c3+5iZUc2zZWwDdIUFqhpX493FzUQOGSiaqUcyUgdFxZUdUf
dsgBRH1QAPlsWual8hF8vGAicKBFWv5B2zPcMSVU0c4nYMBcmBSIJaN1Bjl2EGfo
LbM7Seeo1knD7ylexzFCWUVpiBq/eR4gPfxGome9JjsYH2Ik4JLXjPQF1bnguIrW
eoRb9g9q/fVdVlUdeo5Aa0XmoJmg//ZhgCA7u8IHl7AUeRu0WWKlHrX95aPuoP3s
TzOkphzYz5vZk+81kjciAXSENCtZsTVDPtZWtrmkb2BC9dpoCJTxKHVmgQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFImem9xI1138PhArkwYooLPrQAgWMB8GA1UdIwQY
MBaAFJ8HQ0lsf/Pv+4cGAROcrZ0vJx4QMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbndkRFNXeF84LV83aHdZQkU1eXRuUzhuSGhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNS8yMmI3YWItZmMxMS00MDdhLWJkM2Mt
NjM0MTEzNjdkOTBhLzEvaVo2YjNFalhYZnctRUN1VEJpaWdzLXRBQ0JZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNS8yMmI3YWItZmMxMS00MDdhLWJkM2MtNjM0MTEzNjdkOTBh
LzEvbndkRFNXeF84LV83aHdZQkU1eXRuUzhuSGhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgUtATAN
BgkqhkiG9w0BAQsFAAOCAQEADZ5LgXN9S//G8fTsBztrMtk/RErytSjWM71G8Xfy
bimGHNqqyof0GcTLv1inMzFT0tB3E09lm4+UXv7QGASHsHxpl5IvUZB2lRBsI8GG
XOXhF4+W07aC7suBqznW38JWvlSO1j8c8ld7jZsGN3xsE1QPE49s4hCrsLe8iCEP
iaQLGpx6U1ISWHseQ72c1hqeJwmd+Bz78Fp1hAIlge6C6Fb23gXVahgWBNLmKVF/
pZJ2TjYInqhkEcc/zlEU5U+JCTPcAWxjF1otPPhYXsf8ejyJVGCbbgrf8s4Rf6Xy
9rRETXtNnB+pb/7hkXcaiYVRp+S4KnHYHJIRFzGQToogQw==
-----END CERTIFICATE-----