Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/Xm4knbvbNyy-YfJmrsCd5rjz_C8.roa
File:                     Xm4knbvbNyy-YfJmrsCd5rjz_C8.roa (raw, json)
Hash identifier:          Cvt6FBHSds5nduA7d4VAxrNl1zII2W8Yo6yRjYRWZaY=
Subject key identifier:   5E:6E:24:9D:BB:DB:37:2C:BE:61:F2:66:AE:C0:9D:E6:B8:F3:FC:2F
Certificate issuer:       /CN=ba6ed0fb7b320832ac1580534c7b263f304e981b
Certificate serial:       018CC8013E45543222A14BE16616DE2F859C
Authority key identifier: BA:6E:D0:FB:7B:32:08:32:AC:15:80:53:4C:7B:26:3F:30:4E:98:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/um7Q-3syCDKsFYBTTHsmPzBOmBs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/Xm4knbvbNyy-YfJmrsCd5rjz_C8.roa
Signing time:             Tue 02 Jan 2024 02:29:33 +0000
ROA not before:           Tue 02 Jan 2024 02:29:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     398106
IP address blocks:        2a01:488:bb1a::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/um7Q-3syCDKsFYBTTHsmPzBOmBs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/um7Q-3syCDKsFYBTTHsmPzBOmBs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/um7Q-3syCDKsFYBTTHsmPzBOmBs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 19:51:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:3e:45:54:32:22:a1:4b:e1:66:16:de:2f:85:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ba6ed0fb7b320832ac1580534c7b263f304e981b
        Validity
            Not Before: Jan  2 02:29:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5e6e249dbbdb372cbe61f266aec09de6b8f3fc2f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:72:c3:61:3c:08:86:5d:84:18:a1:a9:47:da:
                    2e:8f:c0:1d:68:2b:49:bb:53:62:a2:a4:75:42:a2:
                    8a:6c:66:41:33:95:74:64:7f:49:db:31:80:1a:bc:
                    5b:d4:9d:b8:01:47:0e:df:37:a5:47:a7:83:69:48:
                    a2:a0:56:b0:f9:12:df:5b:de:b4:27:cd:09:a0:5a:
                    3f:88:05:8b:d2:d2:9a:84:da:ac:43:d9:83:79:ec:
                    98:ff:df:11:05:40:57:80:44:2a:81:75:ac:fd:bc:
                    50:be:38:bf:ce:4f:c9:2a:15:43:36:4c:01:65:e1:
                    e8:14:80:4d:b8:c8:3a:df:86:6e:94:ab:db:30:c5:
                    43:77:e3:e9:13:89:cd:bb:1f:56:24:ea:88:98:af:
                    2a:50:3a:93:54:11:15:b3:da:35:72:b5:bf:20:d1:
                    1d:84:e2:cd:16:e1:14:8c:6a:4c:48:94:93:30:30:
                    6d:3f:0d:83:57:34:84:04:e1:97:41:f3:fd:f2:0a:
                    a2:8a:5a:57:1a:a9:22:2a:a5:76:9e:21:e6:32:68:
                    b2:4d:c2:ab:25:98:b6:ef:0a:37:67:5b:a6:26:8e:
                    f9:f8:b3:ca:8d:69:c1:0f:bf:bc:ae:41:5b:37:15:
                    bc:d8:95:25:cc:e3:a0:03:ba:e9:4d:e7:b8:6b:fd:
                    61:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:6E:24:9D:BB:DB:37:2C:BE:61:F2:66:AE:C0:9D:E6:B8:F3:FC:2F
            X509v3 Authority Key Identifier:
                keyid:BA:6E:D0:FB:7B:32:08:32:AC:15:80:53:4C:7B:26:3F:30:4E:98:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/um7Q-3syCDKsFYBTTHsmPzBOmBs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/Xm4knbvbNyy-YfJmrsCd5rjz_C8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/um7Q-3syCDKsFYBTTHsmPzBOmBs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:488:bb1a::/48

    Signature Algorithm: sha256WithRSAEncryption
         b7:05:3a:d2:80:7a:07:8f:ff:89:60:de:32:a9:16:0b:97:75:
         09:7f:04:a1:6b:f4:e3:da:84:3a:3a:63:ac:7a:2e:e9:44:a6:
         88:4b:16:29:e2:a6:c9:53:9f:06:90:1e:82:3e:5b:88:ab:b2:
         d5:9d:f9:08:b7:40:d2:11:34:0b:62:92:fe:87:d6:74:80:5c:
         49:85:88:98:42:68:de:06:fc:4f:a6:6c:8e:db:05:43:2b:9f:
         09:60:f0:1e:6a:c2:c7:72:b3:46:8b:2a:bd:59:66:37:49:d3:
         cb:20:fc:b4:53:37:93:aa:6c:3d:b5:47:ab:af:c9:fa:99:e5:
         0f:be:1b:05:38:a7:db:59:27:5d:85:a5:07:a7:57:59:23:d6:
         15:74:d1:c0:ae:1b:04:1d:6b:99:e2:cb:8f:20:39:9b:4f:b7:
         bb:25:e9:6d:2d:63:8a:02:fe:5e:4d:fb:10:9a:b2:5f:67:51:
         e9:45:17:53:00:e1:58:08:71:31:3f:f5:a0:83:d6:74:20:4a:
         ab:89:a9:2d:8c:47:6d:04:bf:cb:9f:bc:9f:88:88:02:4e:d6:
         f1:d1:2f:c4:74:e8:36:10:8d:b6:4c:9b:c5:c2:3d:6c:7d:4b:
         b6:96:40:89:8b:e0:30:52:04:41:15:a0:5f:a5:34:6e:a5:8e:
         da:4a:b8:d4
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzIAT5FVDIioUvhZhbeL4WcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJhNmVkMGZiN2IzMjA4MzJhYzE1ODA1MzRjN2IyNjNmMzA0
ZTk4MWIwHhcNMjQwMTAyMDIyOTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZTZlMjQ5ZGJiZGIzNzJjYmU2MWYyNjZhZWMwOWRlNmI4ZjNmYzJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr3LDYTwIhl2EGKGpR9ouj8AdaCtJ
u1NioqR1QqKKbGZBM5V0ZH9J2zGAGrxb1J24AUcO3zelR6eDaUiioFaw+RLfW960
J80JoFo/iAWL0tKahNqsQ9mDeeyY/98RBUBXgEQqgXWs/bxQvji/zk/JKhVDNkwB
ZeHoFIBNuMg634ZulKvbMMVDd+PpE4nNux9WJOqImK8qUDqTVBEVs9o1crW/INEd
hOLNFuEUjGpMSJSTMDBtPw2DVzSEBOGXQfP98gqiilpXGqkiKqV2niHmMmiyTcKr
JZi27wo3Z1umJo75+LPKjWnBD7+8rkFbNxW82JUlzOOgA7rpTee4a/1hlQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFF5uJJ272zcsvmHyZq7Anea48/wvMB8GA1UdIwQY
MBaAFLpu0Pt7MggyrBWAU0x7Jj8wTpgbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdW03US0zc3lDREtzRllCVFRIc21QekJPbUJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMC80MjA0MWQtNTkzMS00ODI0LTkyNTQt
MTYxZjM0MjM4N2QxLzEvWG00a25idmJOeXktWWZKbXJzQ2Q1cmp6X0M4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMC80MjA0MWQtNTkzMS00ODI0LTkyNTQtMTYxZjM0MjM4N2Qx
LzEvdW03US0zc3lDREtzRllCVFRIc21QekJPbUJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgEEiLsa
MA0GCSqGSIb3DQEBCwUAA4IBAQC3BTrSgHoHj/+JYN4yqRYLl3UJfwSha/Tj2oQ6
OmOsei7pRKaISxYp4qbJU58GkB6CPluIq7LVnfkIt0DSETQLYpL+h9Z0gFxJhYiY
QmjeBvxPpmyO2wVDK58JYPAeasLHcrNGiyq9WWY3SdPLIPy0UzeTqmw9tUerr8n6
meUPvhsFOKfbWSddhaUHp1dZI9YVdNHArhsEHWuZ4suPIDmbT7e7JeltLWOKAv5e
TfsQmrJfZ1HpRRdTAOFYCHExP/Wgg9Z0IEqriaktjEdtBL/Ln7yfiIgCTtbx0S/E
dOg2EI22TJvFwj1sfUu2lkCJi+AwUgRBFaBfpTRupY7aSrjU
-----END CERTIFICATE-----