Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/IY0AIb4yBC9CPRWl2qnMdMBpOnw.roa
File:                     IY0AIb4yBC9CPRWl2qnMdMBpOnw.roa (raw, json)
Hash identifier:          4B4pssAD1DAMfJfQ3tonmvmQabk5c3Xu3fxN06+fARc=
Subject key identifier:   21:8D:00:21:BE:32:04:2F:42:3D:15:A5:DA:A9:CC:74:C0:69:3A:7C
Certificate issuer:       /CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
Certificate serial:       018CC4256FC5F4BB9D25D73ABAA65369D50B
Authority key identifier: B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/IY0AIb4yBC9CPRWl2qnMdMBpOnw.roa
Signing time:             Mon 01 Jan 2024 08:30:36 +0000
ROA not before:           Mon 01 Jan 2024 08:30:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210902
IP address blocks:        2a0b:b87:ff10::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:12:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:6f:c5:f4:bb:9d:25:d7:3a:ba:a6:53:69:d5:0b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
        Validity
            Not Before: Jan  1 08:30:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=218d0021be32042f423d15a5daa9cc74c0693a7c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:3c:33:0b:d4:d6:5f:c9:3d:78:c2:d9:fc:26:
                    9f:7e:12:98:bf:e7:38:56:6a:8f:20:6c:36:eb:c2:
                    15:8d:31:6e:db:3c:c3:e4:7e:5a:17:a0:d5:ed:c9:
                    d5:3c:9d:4d:08:63:3b:ca:88:fe:f6:31:47:3e:16:
                    9d:23:3b:79:55:23:01:18:32:f7:16:f3:6f:84:dd:
                    07:e6:c9:e9:85:e8:ed:d8:ed:dd:84:2d:1e:e5:69:
                    f3:5b:4b:14:0c:bc:53:40:62:bb:b4:ec:4d:58:65:
                    0f:47:00:84:32:47:9e:97:a0:88:37:37:83:90:ae:
                    dd:f9:c5:34:42:aa:23:f9:75:0d:f2:25:f6:c0:bb:
                    41:c5:95:a1:00:c7:59:fb:7b:0c:88:d0:1f:bd:3a:
                    cc:22:3e:63:b7:71:cd:ad:ac:b1:e3:c7:d6:1b:ac:
                    ae:fe:2b:b4:fb:a3:98:b3:86:23:9f:16:00:2f:b1:
                    af:59:e1:a1:3b:0f:f7:3f:50:26:bd:e1:97:c4:21:
                    e7:f6:cd:fc:49:d8:92:70:80:56:f4:e9:3c:08:d9:
                    8d:30:61:0b:5e:d9:b4:3a:d5:30:0a:d7:9a:7c:9e:
                    01:b5:5a:54:a8:bc:76:2c:bd:7a:53:75:b8:85:07:
                    60:84:71:72:9f:bb:d4:79:d3:22:15:15:bb:3d:34:
                    52:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:8D:00:21:BE:32:04:2F:42:3D:15:A5:DA:A9:CC:74:C0:69:3A:7C
            X509v3 Authority Key Identifier:
                keyid:B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/IY0AIb4yBC9CPRWl2qnMdMBpOnw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:b87:ff10::/48

    Signature Algorithm: sha256WithRSAEncryption
         49:13:b9:51:94:bd:6f:18:12:11:fb:c8:d1:84:a8:04:bf:27:
         c7:a0:bb:80:50:8e:f5:c4:76:06:d3:75:de:36:69:5f:89:09:
         d0:7e:27:db:3a:bd:39:af:80:77:4b:06:3c:e2:74:60:19:fd:
         18:22:04:4f:aa:16:de:35:a1:b4:24:ba:95:78:68:9d:15:20:
         47:86:7a:bd:64:aa:df:ff:89:52:15:21:8c:e3:a0:49:ab:52:
         b2:42:9f:fc:6c:4f:db:bf:3b:5d:6f:b6:d9:14:00:bb:2b:23:
         c1:ef:88:e0:21:e3:46:d1:d1:05:d4:ab:b4:fe:f1:70:ed:2f:
         8b:f7:b7:3c:49:c0:b9:81:1b:45:60:02:b8:d6:28:cb:28:b7:
         b6:3d:44:87:2c:d9:fd:3a:57:78:d6:80:fd:ad:68:07:ac:0b:
         42:16:ef:2c:85:03:2f:a5:51:6c:d5:ff:e9:e9:e4:5e:97:24:
         ee:f9:59:f9:8e:ec:c9:0d:ba:67:f1:08:cf:d2:84:20:d8:15:
         c2:1c:33:84:fe:75:cf:13:e6:3d:50:ef:e6:fa:c7:b8:c6:73:
         76:67:ee:51:d0:08:1a:07:bd:e9:2b:38:b5:cf:18:31:16:1e:
         a3:2c:c0:47:4e:f2:5f:38:2f:fa:8b:d4:e6:dd:2b:ee:32:e9:
         c9:79:9b:f4
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzEJW/F9LudJdc6uqZTadULMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxYTdiMGQ4ZGU4MjUxZDM2ZDdjODNmYWY2YmM3ZWZlYzcz
YjUwMzQwHhcNMjQwMTAxMDgzMDM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMThkMDAyMWJlMzIwNDJmNDIzZDE1YTVkYWE5Y2M3NGMwNjkzYTdjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhzwzC9TWX8k9eMLZ/CaffhKYv+c4
VmqPIGw268IVjTFu2zzD5H5aF6DV7cnVPJ1NCGM7yoj+9jFHPhadIzt5VSMBGDL3
FvNvhN0H5snphejt2O3dhC0e5WnzW0sUDLxTQGK7tOxNWGUPRwCEMkeel6CINzeD
kK7d+cU0Qqoj+XUN8iX2wLtBxZWhAMdZ+3sMiNAfvTrMIj5jt3HNrayx48fWG6yu
/iu0+6OYs4YjnxYAL7GvWeGhOw/3P1AmveGXxCHn9s38SdiScIBW9Ok8CNmNMGEL
Xtm0OtUwCteafJ4BtVpUqLx2LL16U3W4hQdghHFyn7vUedMiFRW7PTRS8QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFCGNACG+MgQvQj0VpdqpzHTAaTp8MB8GA1UdIwQY
MBaAFLGnsNjeglHTbXyD+va8fv7HO1A0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2It
Mzk0YWNkMjFmMzliLzEvSVkwQUliNHlCQzlDUFJXbDJxbk1kTUJwT253LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2ItMzk0YWNkMjFmMzli
LzEvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgsLh/8Q
MA0GCSqGSIb3DQEBCwUAA4IBAQBJE7lRlL1vGBIR+8jRhKgEvyfHoLuAUI71xHYG
03XeNmlfiQnQfifbOr05r4B3SwY84nRgGf0YIgRPqhbeNaG0JLqVeGidFSBHhnq9
ZKrf/4lSFSGM46BJq1KyQp/8bE/bvztdb7bZFAC7KyPB74jgIeNG0dEF1Ku0/vFw
7S+L97c8ScC5gRtFYAK41ijLKLe2PUSHLNn9Old41oD9rWgHrAtCFu8shQMvpVFs
1f/p6eRelyTu+Vn5juzJDbpn8QjP0oQg2BXCHDOE/nXPE+Y9UO/m+se4xnN2Z+5R
0AgaB73pKzi1zxgxFh6jLMBHTvJfOC/6i9Tm3SvuMunJeZv0
-----END CERTIFICATE-----