Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/19/340c73-79ee-4926-8e4f-607d4f37f59f/1/iXfRtmudxAE1lJnnD7CamGaHwOQ.roa
File:                     iXfRtmudxAE1lJnnD7CamGaHwOQ.roa (raw, json)
Hash identifier:          bs+Zo96eDGbGYk6314dX8Lc92xqIBTCAonrq4A7DJ8U=
Subject key identifier:   89:77:D1:B6:6B:9D:C4:01:35:94:99:E7:0F:B0:9A:98:66:87:C0:E4
Certificate issuer:       /CN=c68c65e699b576ab113a79be8828948f1e6cc260
Certificate serial:       018CC72710CA89B4CF36E4BCEAD2163D8597
Authority key identifier: C6:8C:65:E6:99:B5:76:AB:11:3A:79:BE:88:28:94:8F:1E:6C:C2:60
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xoxl5pm1dqsROnm-iCiUjx5swmA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/19/340c73-79ee-4926-8e4f-607d4f37f59f/1/iXfRtmudxAE1lJnnD7CamGaHwOQ.roa
Signing time:             Mon 01 Jan 2024 22:31:15 +0000
ROA not before:           Mon 01 Jan 2024 22:31:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209419
IP address blocks:        2a0d:2d41::/32 maxlen: 48
                          2a0e:c6c1::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/19/340c73-79ee-4926-8e4f-607d4f37f59f/1/xoxl5pm1dqsROnm-iCiUjx5swmA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/19/340c73-79ee-4926-8e4f-607d4f37f59f/1/xoxl5pm1dqsROnm-iCiUjx5swmA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xoxl5pm1dqsROnm-iCiUjx5swmA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 May 2024 08:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:10:ca:89:b4:cf:36:e4:bc:ea:d2:16:3d:85:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c68c65e699b576ab113a79be8828948f1e6cc260
        Validity
            Not Before: Jan  1 22:31:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8977d1b66b9dc401359499e70fb09a986687c0e4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:7a:83:a8:a4:aa:ca:8a:86:3a:5f:cb:34:42:
                    e6:77:07:9b:0e:72:78:e3:4f:6c:1d:17:09:6e:e1:
                    30:d3:9d:11:ce:1a:db:a1:50:78:d4:5c:e8:9e:74:
                    0c:24:19:bc:94:90:ab:1c:76:2f:cf:53:86:c9:f6:
                    1c:88:af:07:26:87:8d:29:da:ab:24:d5:7e:5e:60:
                    ee:54:79:b6:71:85:c2:1d:2d:d8:c6:fd:6a:47:33:
                    d2:94:78:81:b1:1d:96:7a:1c:aa:26:22:26:68:92:
                    48:bb:b5:1c:5c:62:f3:f4:47:2e:34:16:e7:0f:89:
                    43:05:0c:1a:0f:e3:9f:8a:f4:b7:7d:90:03:79:c4:
                    95:ba:14:a8:34:d3:23:03:5f:c7:28:29:c9:ac:e2:
                    3a:a3:bc:64:cd:22:e9:bd:cb:b4:1a:4b:02:07:6b:
                    6f:a4:bc:0a:20:af:f1:af:a8:bf:46:a4:94:b2:0a:
                    28:6c:57:97:49:90:f5:d6:14:20:36:25:88:f0:fb:
                    fb:48:20:cf:c4:4b:6e:4f:3c:09:00:1f:f8:b7:39:
                    00:b2:ec:7a:31:04:2e:49:39:8c:e6:8a:88:33:ab:
                    f3:3f:45:f7:3f:98:92:f6:bf:fe:f4:91:7d:77:ed:
                    0d:fb:dc:02:67:59:c7:6d:a3:ef:12:2c:38:22:45:
                    33:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:77:D1:B6:6B:9D:C4:01:35:94:99:E7:0F:B0:9A:98:66:87:C0:E4
            X509v3 Authority Key Identifier:
                keyid:C6:8C:65:E6:99:B5:76:AB:11:3A:79:BE:88:28:94:8F:1E:6C:C2:60

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xoxl5pm1dqsROnm-iCiUjx5swmA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/19/340c73-79ee-4926-8e4f-607d4f37f59f/1/iXfRtmudxAE1lJnnD7CamGaHwOQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/19/340c73-79ee-4926-8e4f-607d4f37f59f/1/xoxl5pm1dqsROnm-iCiUjx5swmA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0d:2d41::/32
                  2a0e:c6c1::/32

    Signature Algorithm: sha256WithRSAEncryption
         86:1d:b8:82:a0:e8:57:24:2b:f4:cb:32:79:cd:bd:60:27:53:
         e3:ca:d7:ed:4f:e4:2d:26:04:16:ca:11:b5:1a:7c:e8:3c:58:
         3b:38:76:f6:ad:75:cf:2f:94:b0:ee:4b:21:91:26:b0:74:8b:
         d1:bf:51:9b:8f:85:8d:86:1b:fe:57:6a:02:89:fb:d0:71:3f:
         c5:af:c0:91:fd:41:f3:d0:50:e6:a3:1d:0c:1e:7a:10:1c:fc:
         c2:05:fb:69:89:5f:e4:e7:0b:bb:82:ad:61:a4:4d:7e:5a:86:
         60:ae:b5:63:ad:a8:14:1e:3f:82:f7:31:61:3d:98:73:1b:01:
         da:c9:50:8d:99:0a:7c:00:02:2a:29:20:9b:69:1b:cb:78:60:
         d6:39:7c:df:2f:a2:6a:64:22:e9:f5:c2:57:3c:36:72:c2:a3:
         4c:eb:35:95:20:7d:10:99:9b:70:41:2e:ef:97:9a:f8:2b:31:
         34:79:4b:70:d8:7c:54:e2:f3:35:6f:64:e8:3d:71:41:4a:06:
         2a:17:63:38:5a:85:48:de:0d:4c:ab:58:5a:8e:10:5f:5c:0c:
         5b:94:3a:44:06:34:02:d3:8e:60:cb:fc:cc:13:f9:fd:9f:cf:
         69:aa:83:08:e3:11:ac:44:04:03:5c:d3:e7:8c:08:0b:b9:38:
         5e:a4:a3:00
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzHJxDKibTPNuS86tIWPYWXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2OGM2NWU2OTliNTc2YWIxMTNhNzliZTg4Mjg5NDhmMWU2
Y2MyNjAwHhcNMjQwMTAxMjIzMTE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OTc3ZDFiNjZiOWRjNDAxMzU5NDk5ZTcwZmIwOWE5ODY2ODdjMGU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiXqDqKSqyoqGOl/LNELmdwebDnJ4
409sHRcJbuEw050RzhrboVB41FzonnQMJBm8lJCrHHYvz1OGyfYciK8HJoeNKdqr
JNV+XmDuVHm2cYXCHS3Yxv1qRzPSlHiBsR2WehyqJiImaJJIu7UcXGLz9EcuNBbn
D4lDBQwaD+OfivS3fZADecSVuhSoNNMjA1/HKCnJrOI6o7xkzSLpvcu0GksCB2tv
pLwKIK/xr6i/RqSUsgoobFeXSZD11hQgNiWI8Pv7SCDPxEtuTzwJAB/4tzkAsux6
MQQuSTmM5oqIM6vzP0X3P5iS9r/+9JF9d+0N+9wCZ1nHbaPvEiw4IkUzTwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFIl30bZrncQBNZSZ5w+wmphmh8DkMB8GA1UdIwQY
MBaAFMaMZeaZtXarETp5vogolI8ebMJgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG94bDVwbTFkcXNST25tLWlDaVVqeDVzd21BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOS8zNDBjNzMtNzllZS00OTI2LThlNGYt
NjA3ZDRmMzdmNTlmLzEvaVhmUnRtdWR4QUUxbEpubkQ3Q2FtR2FId09RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOS8zNDBjNzMtNzllZS00OTI2LThlNGYtNjA3ZDRmMzdmNTlm
LzEveG94bDVwbTFkcXNST25tLWlDaVVqeDVzd21BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAAjAOAwUAKg0tQQMF
ACoOxsEwDQYJKoZIhvcNAQELBQADggEBAIYduIKg6FckK/TLMnnNvWAnU+PK1+1P
5C0mBBbKEbUafOg8WDs4dvatdc8vlLDuSyGRJrB0i9G/UZuPhY2GG/5XagKJ+9Bx
P8WvwJH9QfPQUOajHQweehAc/MIF+2mJX+TnC7uCrWGkTX5ahmCutWOtqBQeP4L3
MWE9mHMbAdrJUI2ZCnwAAiopIJtpG8t4YNY5fN8vompkIun1wlc8NnLCo0zrNZUg
fRCZm3BBLu+XmvgrMTR5S3DYfFTi8zVvZOg9cUFKBioXYzhahUjeDUyrWFqOEF9c
DFuUOkQGNALTjmDL/MwT+f2fz2mqgwjjEaxEBANc0+eMCAu5OF6kowA=
-----END CERTIFICATE-----