Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/20/28462c-2c23-4f95-8e8d-ade530d7c41b/1/eWJJOz28GL4wbf0_3ygQbb72ODo.roa
File:                     eWJJOz28GL4wbf0_3ygQbb72ODo.roa (raw, json)
Hash identifier:          5pTePYm7LrgTbJxM8DilSombCxOmAfiJv+yX9xNqtYo=
Subject key identifier:   79:62:49:3B:3D:BC:18:BE:30:6D:FD:3F:DF:28:10:6D:BE:F6:38:3A
Certificate issuer:       /CN=c6bfbef279bf9ded6e3651e0628d39ba79294f78
Certificate serial:       018CC6B906EE66973458A0DB74F9E432B68F
Authority key identifier: C6:BF:BE:F2:79:BF:9D:ED:6E:36:51:E0:62:8D:39:BA:79:29:4F:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xr--8nm_ne1uNlHgYo05unkpT3g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/20/28462c-2c23-4f95-8e8d-ade530d7c41b/1/eWJJOz28GL4wbf0_3ygQbb72ODo.roa
Signing time:             Mon 01 Jan 2024 20:31:03 +0000
ROA not before:           Mon 01 Jan 2024 20:31:03 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20118
IP address blocks:        2a03:ba1::/64 maxlen: 64

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/20/28462c-2c23-4f95-8e8d-ade530d7c41b/1/xr--8nm_ne1uNlHgYo05unkpT3g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/20/28462c-2c23-4f95-8e8d-ade530d7c41b/1/xr--8nm_ne1uNlHgYo05unkpT3g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xr--8nm_ne1uNlHgYo05unkpT3g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b9:06:ee:66:97:34:58:a0:db:74:f9:e4:32:b6:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c6bfbef279bf9ded6e3651e0628d39ba79294f78
        Validity
            Not Before: Jan  1 20:31:03 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7962493b3dbc18be306dfd3fdf28106dbef6383a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:9a:a0:af:62:05:76:f0:4a:7d:5a:6b:2c:74:
                    57:23:ca:13:f7:27:d7:04:de:39:d5:32:53:b7:e8:
                    b9:67:d1:15:59:6d:cd:f4:ac:2b:b5:97:3d:28:2c:
                    1c:5e:bf:a1:bd:ed:4a:46:f6:d5:5c:26:7a:5e:50:
                    ea:e8:60:91:c0:09:1b:b8:22:96:a1:a9:d3:98:d7:
                    f6:37:9f:d2:29:9f:c4:ac:4f:ba:a0:7f:71:d9:5f:
                    d1:82:e6:13:04:f6:1b:73:5e:e0:ed:e0:23:1f:2e:
                    8a:67:08:a3:14:4b:ab:a3:53:53:f3:6a:4e:95:13:
                    4a:ae:0d:65:f8:67:df:97:d9:f7:b2:d7:89:04:01:
                    98:ee:4e:c9:28:b3:d9:16:9c:73:3c:87:a7:a8:5a:
                    92:03:a6:e9:f8:4d:4f:6f:8e:fb:9e:72:83:71:52:
                    8d:10:23:cf:8d:03:36:22:f0:ae:7c:74:a3:6a:74:
                    98:c4:99:3c:4b:5d:5d:50:4e:94:08:04:02:96:26:
                    32:14:5c:60:45:9d:50:d5:d7:83:60:a9:d3:07:31:
                    6b:96:42:12:d6:a8:12:de:05:64:9c:0d:ff:7c:d4:
                    d6:8a:83:37:01:bb:00:14:a9:29:5b:2c:6b:e8:50:
                    92:a0:d4:1a:4c:53:05:f2:a1:cb:c0:bb:94:12:ce:
                    41:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                79:62:49:3B:3D:BC:18:BE:30:6D:FD:3F:DF:28:10:6D:BE:F6:38:3A
            X509v3 Authority Key Identifier:
                keyid:C6:BF:BE:F2:79:BF:9D:ED:6E:36:51:E0:62:8D:39:BA:79:29:4F:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xr--8nm_ne1uNlHgYo05unkpT3g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/28462c-2c23-4f95-8e8d-ade530d7c41b/1/eWJJOz28GL4wbf0_3ygQbb72ODo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/20/28462c-2c23-4f95-8e8d-ade530d7c41b/1/xr--8nm_ne1uNlHgYo05unkpT3g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a03:ba1::/64

    Signature Algorithm: sha256WithRSAEncryption
         cd:8e:48:de:4d:42:84:ce:0d:c3:3f:8f:0d:17:1b:f5:a4:c6:
         89:2a:d0:fc:3d:58:96:c3:2b:38:4c:89:3a:7e:db:d9:92:51:
         d6:c5:bb:93:7c:2d:ed:fc:f6:f9:91:18:01:ab:d6:7a:84:52:
         3a:c3:7c:a3:52:b0:ac:20:bf:bd:9b:72:35:35:5f:8f:cb:cf:
         4d:d9:08:64:30:b4:d5:35:71:42:b2:22:22:0c:24:0f:c0:cc:
         40:65:c1:e1:bd:3b:a8:31:30:47:aa:27:92:e3:92:57:00:7c:
         1a:7b:15:c3:64:9d:d7:2f:d7:70:7b:3f:4b:58:03:ad:6e:c2:
         bf:04:0c:01:f4:70:ef:4d:20:7c:d8:7d:b5:1e:11:e2:1f:35:
         7e:a9:46:fb:34:b2:4f:b1:3d:56:36:5d:22:dd:4e:1a:f4:f3:
         d8:09:ff:b0:15:70:5d:f6:4f:f0:de:ac:6b:6d:3f:7b:42:cc:
         be:b0:7b:da:9a:96:45:eb:10:a7:72:85:71:f1:c5:49:86:73:
         b8:7b:4c:07:98:fb:b3:c2:80:80:33:2b:48:9b:af:ec:71:e7:
         9f:f6:51:2d:54:86:f6:6c:48:6f:82:59:69:c1:7b:bb:01:ef:
         9f:17:94:84:6a:99:69:11:d1:6a:93:75:4b:e7:ee:d3:bc:bd:
         16:33:a7:eb
-----BEGIN CERTIFICATE-----
MIIFAjCCA+qgAwIBAgISAYzGuQbuZpc0WKDbdPnkMraPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2YmZiZWYyNzliZjlkZWQ2ZTM2NTFlMDYyOGQzOWJhNzky
OTRmNzgwHhcNMjQwMTAxMjAzMTAzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3OTYyNDkzYjNkYmMxOGJlMzA2ZGZkM2ZkZjI4MTA2ZGJlZjYzODNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiZqgr2IFdvBKfVprLHRXI8oT9yfX
BN451TJTt+i5Z9EVWW3N9KwrtZc9KCwcXr+hve1KRvbVXCZ6XlDq6GCRwAkbuCKW
oanTmNf2N5/SKZ/ErE+6oH9x2V/RguYTBPYbc17g7eAjHy6KZwijFEuro1NT82pO
lRNKrg1l+Gffl9n3steJBAGY7k7JKLPZFpxzPIenqFqSA6bp+E1Pb477nnKDcVKN
ECPPjQM2IvCufHSjanSYxJk8S11dUE6UCAQCliYyFFxgRZ1Q1deDYKnTBzFrlkIS
1qgS3gVknA3/fNTWioM3AbsAFKkpWyxr6FCSoNQaTFMF8qHLwLuUEs5B6wIDAQAB
o4ICDjCCAgowHQYDVR0OBBYEFHliSTs9vBi+MG39P98oEG2+9jg6MB8GA1UdIwQY
MBaAFMa/vvJ5v53tbjZR4GKNObp5KU94MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveHItLThubV9uZTF1TmxIZ1lvMDV1bmtwVDNnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMC8yODQ2MmMtMmMyMy00Zjk1LThlOGQt
YWRlNTMwZDdjNDFiLzEvZVdKSk96MjhHTDR3YmYwXzN5Z1FiYjcyT0RvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMC8yODQ2MmMtMmMyMy00Zjk1LThlOGQtYWRlNTMwZDdjNDFi
LzEveHItLThubV9uZTF1TmxIZ1lvMDV1bmtwVDNnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCQGCCsGAQUFBwEHAQH/BBUwEzARBAIAAjALAwkAKgMLoQAA
AAAwDQYJKoZIhvcNAQELBQADggEBAM2OSN5NQoTODcM/jw0XG/Wkxokq0Pw9WJbD
KzhMiTp+29mSUdbFu5N8Le389vmRGAGr1nqEUjrDfKNSsKwgv72bcjU1X4/Lz03Z
CGQwtNU1cUKyIiIMJA/AzEBlweG9O6gxMEeqJ5LjklcAfBp7FcNkndcv13B7P0tY
A61uwr8EDAH0cO9NIHzYfbUeEeIfNX6pRvs0sk+xPVY2XSLdThr089gJ/7AVcF32
T/DerGttP3tCzL6we9qalkXrEKdyhXHxxUmGc7h7TAeY+7PCgIAzK0ibr+xx55/2
US1UhvZsSG+CWWnBe7sB758XlIRqmWkR0WqTdUvn7tO8vRYzp+s=
-----END CERTIFICATE-----