Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/9T6z31VN_V-2xsAS9KFxljMDWy4.roa
File:                     9T6z31VN_V-2xsAS9KFxljMDWy4.roa (raw, json)
Hash identifier:          /EpVyCvynQNR1FOzoAaLo9UY9rrWW9Kru+tOcyQUvng=
Subject key identifier:   F5:3E:B3:DF:55:4D:FD:5F:B6:C6:C0:12:F4:A1:71:96:33:03:5B:2E
Certificate issuer:       /CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
Certificate serial:       018CC4256016882115DD16D23BDC2E71024F
Authority key identifier: B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/9T6z31VN_V-2xsAS9KFxljMDWy4.roa
Signing time:             Mon 01 Jan 2024 08:30:32 +0000
ROA not before:           Mon 01 Jan 2024 08:30:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51992
IP address blocks:        2a0b:b86:3b::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:12:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:60:16:88:21:15:dd:16:d2:3b:dc:2e:71:02:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
        Validity
            Not Before: Jan  1 08:30:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f53eb3df554dfd5fb6c6c012f4a1719633035b2e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:50:32:1e:e0:a6:0f:a4:15:33:10:f1:ad:b4:
                    46:ee:a9:00:97:7a:60:c5:ba:ac:ee:eb:93:53:a4:
                    eb:5b:8c:61:b1:56:b5:a6:3e:29:56:e2:9e:e2:66:
                    08:d4:91:9e:ba:07:67:c3:7c:d7:8e:15:14:5d:5b:
                    1b:7a:57:63:c4:cd:2d:ae:44:d5:f7:2a:00:3c:bd:
                    28:6d:7f:b7:20:4b:7a:85:52:36:7b:33:e9:fe:67:
                    9f:f8:fb:e5:84:7f:01:5d:eb:d9:83:21:15:bf:32:
                    d8:63:e0:a1:6a:52:c8:48:f4:fb:2a:54:2d:35:47:
                    e0:53:ba:a4:76:99:fd:db:71:c2:ec:08:75:79:e4:
                    6f:05:83:69:9d:22:47:07:99:31:0c:58:fc:99:43:
                    da:c4:44:24:85:b4:0a:1b:b7:aa:04:83:78:dc:24:
                    70:f7:4b:95:1a:39:b0:04:98:e4:a0:5f:c4:03:e4:
                    45:2d:5f:57:3a:ee:b8:a9:01:b2:86:83:91:d8:89:
                    10:47:f2:c9:8d:4d:9a:3a:ad:5a:22:c7:b8:b0:55:
                    82:b0:bc:0e:49:8a:d3:39:c7:a7:70:50:7f:44:9b:
                    43:d4:84:00:f3:e9:2f:a4:fc:df:7a:67:94:fc:9b:
                    b0:b1:a5:25:e2:c9:af:da:56:40:0f:eb:86:0a:96:
                    ff:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:3E:B3:DF:55:4D:FD:5F:B6:C6:C0:12:F4:A1:71:96:33:03:5B:2E
            X509v3 Authority Key Identifier:
                keyid:B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/9T6z31VN_V-2xsAS9KFxljMDWy4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:b86:3b::/48

    Signature Algorithm: sha256WithRSAEncryption
         09:14:2e:0c:f2:ff:3d:d8:3b:3c:b0:d7:e0:2b:b4:a8:4b:19:
         80:28:51:53:a1:a2:fb:85:8a:71:f9:95:8a:7b:52:4b:4e:e8:
         cd:8e:3d:70:4f:ef:a1:74:d3:1c:40:7e:19:36:de:53:78:7c:
         4e:5e:3c:da:42:31:82:ad:a8:f3:76:02:82:56:34:01:11:6b:
         eb:89:09:73:27:3b:68:1e:0a:fd:dd:c5:b6:7f:a6:0f:47:8b:
         88:59:14:91:97:9c:56:3b:d4:62:96:b5:50:ee:2a:75:bb:8e:
         2c:c9:eb:85:5a:cc:08:93:da:af:ef:07:85:b6:50:30:59:e2:
         a8:60:50:a4:30:e4:8b:ee:ae:aa:53:ad:2a:1b:da:eb:bd:50:
         74:a1:58:2f:f5:62:04:e5:63:78:b9:af:e2:89:3e:e8:39:1e:
         d1:b1:68:3e:7f:05:71:83:66:3f:89:fc:b6:b3:04:db:9d:01:
         8e:16:e1:d5:ca:9f:0f:bc:80:f2:93:f2:1e:08:94:0d:03:77:
         f7:d5:34:cf:b7:b9:c7:22:ec:e5:ee:2e:db:c2:2f:54:5b:21:
         3d:7f:8e:0d:db:43:dd:71:71:57:0b:b8:6a:83:ad:96:bb:bd:
         28:40:fa:30:19:f2:13:0b:62:7e:76:0e:5f:78:ca:a2:0a:cd:
         81:86:c7:24
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzEJWAWiCEV3RbSO9wucQJPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxYTdiMGQ4ZGU4MjUxZDM2ZDdjODNmYWY2YmM3ZWZlYzcz
YjUwMzQwHhcNMjQwMTAxMDgzMDMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNTNlYjNkZjU1NGRmZDVmYjZjNmMwMTJmNGExNzE5NjMzMDM1YjJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArVAyHuCmD6QVMxDxrbRG7qkAl3pg
xbqs7uuTU6TrW4xhsVa1pj4pVuKe4mYI1JGeugdnw3zXjhUUXVsbeldjxM0trkTV
9yoAPL0obX+3IEt6hVI2ezPp/mef+PvlhH8BXevZgyEVvzLYY+ChalLISPT7KlQt
NUfgU7qkdpn923HC7Ah1eeRvBYNpnSJHB5kxDFj8mUPaxEQkhbQKG7eqBIN43CRw
90uVGjmwBJjkoF/EA+RFLV9XOu64qQGyhoOR2IkQR/LJjU2aOq1aIse4sFWCsLwO
SYrTOcencFB/RJtD1IQA8+kvpPzfemeU/JuwsaUl4smv2lZAD+uGCpb//QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFPU+s99VTf1ftsbAEvShcZYzA1suMB8GA1UdIwQY
MBaAFLGnsNjeglHTbXyD+va8fv7HO1A0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2It
Mzk0YWNkMjFmMzliLzEvOVQ2ejMxVk5fVi0yeHNBUzlLRnhsak1EV3k0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2ItMzk0YWNkMjFmMzli
LzEvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgsLhgA7
MA0GCSqGSIb3DQEBCwUAA4IBAQAJFC4M8v892Ds8sNfgK7SoSxmAKFFToaL7hYpx
+ZWKe1JLTujNjj1wT++hdNMcQH4ZNt5TeHxOXjzaQjGCrajzdgKCVjQBEWvriQlz
JztoHgr93cW2f6YPR4uIWRSRl5xWO9RilrVQ7ip1u44syeuFWswIk9qv7weFtlAw
WeKoYFCkMOSL7q6qU60qG9rrvVB0oVgv9WIE5WN4ua/iiT7oOR7RsWg+fwVxg2Y/
ify2swTbnQGOFuHVyp8PvIDyk/IeCJQNA3f31TTPt7nHIuzl7i7bwi9UWyE9f44N
20PdcXFXC7hqg62Wu70oQPowGfITC2J+dg5feMqiCs2Bhsck
-----END CERTIFICATE-----