Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/c36f83-8b35-4d05-a334-f98c483015d7/1/6DAfSPo7y5bBFK8ZKdf2BmLsf2U.roa
File:                     6DAfSPo7y5bBFK8ZKdf2BmLsf2U.roa (raw, json)
Hash identifier:          CJOmBPmiCjTqY52A+BmO5twIQr7K1p0tyTu9IT/7yhU=
Subject key identifier:   E8:30:1F:48:FA:3B:CB:96:C1:14:AF:19:29:D7:F6:06:62:EC:7F:65
Certificate issuer:       /CN=d301991fc343f358c0f2eebae55cf2da34521c7a
Certificate serial:       018CC726CC40315C0A52BF358DD40995B4E1
Authority key identifier: D3:01:99:1F:C3:43:F3:58:C0:F2:EE:BA:E5:5C:F2:DA:34:52:1C:7A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0wGZH8ND81jA8u665Vzy2jRSHHo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/c36f83-8b35-4d05-a334-f98c483015d7/1/6DAfSPo7y5bBFK8ZKdf2BmLsf2U.roa
Signing time:             Mon 01 Jan 2024 22:30:57 +0000
ROA not before:           Mon 01 Jan 2024 22:30:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15703
IP address blocks:        2a00:a7c0:1026::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/c36f83-8b35-4d05-a334-f98c483015d7/1/0wGZH8ND81jA8u665Vzy2jRSHHo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/c36f83-8b35-4d05-a334-f98c483015d7/1/0wGZH8ND81jA8u665Vzy2jRSHHo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0wGZH8ND81jA8u665Vzy2jRSHHo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 15 Jun 2024 02:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:26:cc:40:31:5c:0a:52:bf:35:8d:d4:09:95:b4:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d301991fc343f358c0f2eebae55cf2da34521c7a
        Validity
            Not Before: Jan  1 22:30:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e8301f48fa3bcb96c114af1929d7f60662ec7f65
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:5f:b9:29:22:c7:0a:a6:41:4a:4e:14:8b:b5:
                    8b:0d:0f:86:11:19:31:9e:3e:05:18:c0:09:53:e3:
                    d1:7e:11:97:55:53:8c:06:03:f7:60:7c:90:a7:6e:
                    a6:35:64:df:f0:d8:68:26:2b:ef:92:70:00:ac:cf:
                    d0:29:3d:7e:6f:0f:c8:f8:62:e4:9a:42:b0:ab:88:
                    48:82:28:96:7d:9a:6b:3c:54:7d:81:f9:85:d0:8f:
                    e1:c3:d3:4b:fd:d4:bd:51:80:77:28:86:4e:75:8e:
                    a5:87:d6:5d:86:08:91:79:8b:e5:2d:47:95:82:09:
                    3d:04:9b:f5:7a:93:50:7d:37:01:05:4a:87:c6:86:
                    e2:17:7a:11:4a:6d:c6:00:e3:a9:d3:aa:1f:62:96:
                    d3:df:43:7c:8d:5a:99:e0:da:d2:bd:1f:d8:34:a3:
                    13:36:ed:bd:dc:9b:9f:e4:32:19:ab:ea:7a:9d:0c:
                    bc:10:1f:d9:51:19:e6:85:6d:29:44:1b:bf:82:57:
                    41:92:24:7e:87:b7:de:ee:47:75:4b:80:ee:8c:16:
                    84:a1:2f:71:5e:2f:8c:83:e0:84:42:a4:c5:e1:f2:
                    dc:ad:88:df:6a:7c:57:0b:cb:0e:aa:3a:5c:c4:fe:
                    4a:fc:1a:f8:0c:11:f4:f9:39:4e:70:70:c7:79:83:
                    2d:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E8:30:1F:48:FA:3B:CB:96:C1:14:AF:19:29:D7:F6:06:62:EC:7F:65
            X509v3 Authority Key Identifier:
                keyid:D3:01:99:1F:C3:43:F3:58:C0:F2:EE:BA:E5:5C:F2:DA:34:52:1C:7A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0wGZH8ND81jA8u665Vzy2jRSHHo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/c36f83-8b35-4d05-a334-f98c483015d7/1/6DAfSPo7y5bBFK8ZKdf2BmLsf2U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/c36f83-8b35-4d05-a334-f98c483015d7/1/0wGZH8ND81jA8u665Vzy2jRSHHo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a00:a7c0:1026::/48

    Signature Algorithm: sha256WithRSAEncryption
         8c:91:73:d5:f7:6c:96:be:57:a3:7c:67:43:ef:b0:b7:14:fb:
         d6:53:07:f4:44:76:9b:b8:65:b8:6b:0c:20:69:3c:66:86:2f:
         b4:87:7c:53:46:27:48:a4:b3:f2:6d:9f:ad:80:d2:91:c6:dd:
         be:e2:cd:5d:bd:c3:63:32:48:2a:b6:5f:22:c6:bf:57:b5:57:
         38:c4:88:38:60:d6:60:6f:28:eb:ce:b5:d8:1d:50:7e:dd:c0:
         a4:9b:f7:b8:a8:eb:31:43:b0:c9:7a:a0:3d:8a:42:14:5b:b0:
         66:a3:9b:63:e7:41:1b:8f:b2:84:c4:b3:05:26:a8:6d:4c:68:
         94:f2:8e:11:9c:6a:95:4d:49:f2:58:ec:58:d5:78:62:5a:26:
         da:f6:b2:14:7e:84:8d:1d:e1:5c:5f:d5:ec:d4:17:35:db:3a:
         bd:df:6d:eb:05:b0:dd:f4:7d:18:6f:c1:2d:68:9d:05:7a:f8:
         8c:f9:0d:5b:0b:be:34:c6:58:10:f8:42:fc:86:77:1c:06:70:
         52:c9:60:0f:70:11:5f:f1:66:e3:65:a5:27:3f:1e:34:7a:8c:
         3e:c3:f6:b8:09:d0:51:4c:1b:f3:50:88:c0:75:d4:91:7a:b0:
         c7:2c:89:28:dc:2c:d5:f8:b5:d0:c0:92:1b:2e:e0:a5:3f:77:
         32:48:a1:3d
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzHJsxAMVwKUr81jdQJlbThMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzMDE5OTFmYzM0M2YzNThjMGYyZWViYWU1NWNmMmRhMzQ1
MjFjN2EwHhcNMjQwMTAxMjIzMDU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlODMwMWY0OGZhM2JjYjk2YzExNGFmMTkyOWQ3ZjYwNjYyZWM3ZjY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnF+5KSLHCqZBSk4Ui7WLDQ+GERkx
nj4FGMAJU+PRfhGXVVOMBgP3YHyQp26mNWTf8NhoJivvknAArM/QKT1+bw/I+GLk
mkKwq4hIgiiWfZprPFR9gfmF0I/hw9NL/dS9UYB3KIZOdY6lh9ZdhgiReYvlLUeV
ggk9BJv1epNQfTcBBUqHxobiF3oRSm3GAOOp06ofYpbT30N8jVqZ4NrSvR/YNKMT
Nu293Juf5DIZq+p6nQy8EB/ZURnmhW0pRBu/gldBkiR+h7fe7kd1S4DujBaEoS9x
Xi+Mg+CEQqTF4fLcrYjfanxXC8sOqjpcxP5K/Br4DBH0+TlOcHDHeYMtwwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFOgwH0j6O8uWwRSvGSnX9gZi7H9lMB8GA1UdIwQY
MBaAFNMBmR/DQ/NYwPLuuuVc8to0Uhx6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMHdHWkg4TkQ4MWpBOHU2NjVWenkyalJTSEhvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi9jMzZmODMtOGIzNS00ZDA1LWEzMzQt
Zjk4YzQ4MzAxNWQ3LzEvNkRBZlNQbzd5NWJCRks4WktkZjJCbUxzZjJVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi9jMzZmODMtOGIzNS00ZDA1LWEzMzQtZjk4YzQ4MzAxNWQ3
LzEvMHdHWkg4TkQ4MWpBOHU2NjVWenkyalJTSEhvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgCnwBAm
MA0GCSqGSIb3DQEBCwUAA4IBAQCMkXPV92yWvlejfGdD77C3FPvWUwf0RHabuGW4
awwgaTxmhi+0h3xTRidIpLPybZ+tgNKRxt2+4s1dvcNjMkgqtl8ixr9XtVc4xIg4
YNZgbyjrzrXYHVB+3cCkm/e4qOsxQ7DJeqA9ikIUW7Bmo5tj50Ebj7KExLMFJqht
TGiU8o4RnGqVTUnyWOxY1XhiWiba9rIUfoSNHeFcX9Xs1Bc12zq9323rBbDd9H0Y
b8EtaJ0FeviM+Q1bC740xlgQ+EL8hnccBnBSyWAPcBFf8WbjZaUnPx40eow+w/a4
CdBRTBvzUIjAddSRerDHLIko3CzV+LXQwJIbLuClP3cySKE9
-----END CERTIFICATE-----