Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/sKHz6S80IHSH6DfuduV2jrvqKyE.roa
File:                     sKHz6S80IHSH6DfuduV2jrvqKyE.roa (raw, json)
Hash identifier:          d8pIb9BD7cFgIMYxGZASEdgUnw/T+fPdSBc8PD2SUCc=
Subject key identifier:   B0:A1:F3:E9:2F:34:20:74:87:E8:37:EE:76:E5:76:8E:BB:EA:2B:21
Certificate issuer:       /CN=1b9f21ba04e5e3077b391e3d48ff5b0a50b3369f
Certificate serial:       018CC94D0AF6D15E470C880F3DF9261740E9
Authority key identifier: 1B:9F:21:BA:04:E5:E3:07:7B:39:1E:3D:48:FF:5B:0A:50:B3:36:9F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/G58hugTl4wd7OR49SP9bClCzNp8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/sKHz6S80IHSH6DfuduV2jrvqKyE.roa
Signing time:             Tue 02 Jan 2024 08:31:58 +0000
ROA not before:           Tue 02 Jan 2024 08:31:58 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203868
IP address blocks:        2a0a:280:b000::/36 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/G58hugTl4wd7OR49SP9bClCzNp8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/G58hugTl4wd7OR49SP9bClCzNp8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/G58hugTl4wd7OR49SP9bClCzNp8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 14:01:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:0a:f6:d1:5e:47:0c:88:0f:3d:f9:26:17:40:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1b9f21ba04e5e3077b391e3d48ff5b0a50b3369f
        Validity
            Not Before: Jan  2 08:31:58 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b0a1f3e92f34207487e837ee76e5768ebbea2b21
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:54:ef:37:34:1d:1c:b2:7c:1c:5f:ba:55:a8:
                    37:6f:35:06:f1:49:18:ce:d2:5c:d9:0c:ef:26:c3:
                    1f:af:2c:03:6a:03:20:cb:f0:08:4e:94:da:74:0b:
                    5b:59:94:db:a8:76:d6:1d:7f:a3:40:fd:c3:95:dd:
                    b1:68:70:ff:24:92:c8:f4:33:39:16:2b:86:02:96:
                    12:4a:63:ef:48:c4:48:1c:7e:a6:24:8f:2f:e5:e4:
                    58:fc:de:82:ce:bd:2b:39:2f:c6:94:ae:76:45:6d:
                    53:36:03:d3:f4:de:3a:7c:9a:df:b8:64:e1:90:28:
                    a9:ae:da:12:ff:90:01:c6:b7:c0:5c:04:77:af:5c:
                    bf:28:0a:55:9a:87:09:07:b4:ef:79:45:f4:e3:59:
                    90:2f:e6:28:6c:b0:e6:97:d6:12:77:f1:97:5f:ed:
                    a6:15:cc:79:3e:67:2e:9b:ee:66:e7:64:98:ea:dd:
                    d9:a6:7e:6b:43:d0:af:50:05:4e:7b:7e:49:5e:e0:
                    6f:4d:e0:ab:9c:b3:da:b1:33:f7:33:be:8f:3e:25:
                    0a:e2:54:06:97:4b:66:ab:d3:d4:85:0c:b3:b9:04:
                    ae:3a:b7:97:b0:d7:c4:f6:76:38:b8:90:75:98:60:
                    7d:d5:a0:b7:e2:f7:c5:b7:ce:e1:50:a6:fb:89:0c:
                    ae:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:A1:F3:E9:2F:34:20:74:87:E8:37:EE:76:E5:76:8E:BB:EA:2B:21
            X509v3 Authority Key Identifier:
                keyid:1B:9F:21:BA:04:E5:E3:07:7B:39:1E:3D:48:FF:5B:0A:50:B3:36:9F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/G58hugTl4wd7OR49SP9bClCzNp8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/sKHz6S80IHSH6DfuduV2jrvqKyE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/G58hugTl4wd7OR49SP9bClCzNp8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0a:280:b000::/36

    Signature Algorithm: sha256WithRSAEncryption
         71:2c:8c:0a:f7:c5:e2:d8:91:20:10:72:b6:a1:39:f3:4b:ce:
         7e:e9:e4:3b:79:88:c4:42:ac:2f:59:8a:2e:b4:31:95:ec:5d:
         7a:71:3e:36:76:73:b6:d9:dc:25:92:a5:97:27:6a:4d:93:2a:
         2e:4e:04:c0:85:b9:a1:b9:b2:cc:75:fb:f5:47:c9:88:5a:53:
         72:34:93:6a:fb:07:94:5e:26:35:66:d0:b6:4b:b2:b6:41:b9:
         c3:81:55:a1:3c:26:7d:c4:06:3e:bc:c1:ab:51:3e:ea:aa:5a:
         62:b9:d6:78:1b:d9:2a:9d:0e:3c:7a:fc:b3:b1:3d:9d:1e:82:
         14:00:81:b3:97:6e:65:81:8f:ed:55:9f:ad:5e:42:b6:07:96:
         0b:33:3a:93:01:33:2d:4d:09:c5:d2:70:c4:68:c4:df:7a:c4:
         fc:df:d3:b8:a3:6d:ac:ce:22:e2:f3:a8:11:ab:70:48:99:9d:
         4d:70:ae:7f:5c:64:a8:68:36:6d:ba:7c:55:a7:0a:f5:5f:21:
         f1:09:a5:41:74:9a:71:51:a2:02:e8:87:e8:68:69:d2:69:50:
         35:07:c7:5d:c1:18:09:29:d8:2e:21:c1:6c:e4:af:60:58:22:
         eb:3c:15:94:37:fe:e7:4b:58:ca:bf:aa:34:d9:be:2b:7c:f9:
         8f:a2:6e:93
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzJTQr20V5HDIgPPfkmF0DpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiOWYyMWJhMDRlNWUzMDc3YjM5MWUzZDQ4ZmY1YjBhNTBi
MzM2OWYwHhcNMjQwMTAyMDgzMTU4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMGExZjNlOTJmMzQyMDc0ODdlODM3ZWU3NmU1NzY4ZWJiZWEyYjIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsFTvNzQdHLJ8HF+6Vag3bzUG8UkY
ztJc2QzvJsMfrywDagMgy/AITpTadAtbWZTbqHbWHX+jQP3Dld2xaHD/JJLI9DM5
FiuGApYSSmPvSMRIHH6mJI8v5eRY/N6Czr0rOS/GlK52RW1TNgPT9N46fJrfuGTh
kCiprtoS/5ABxrfAXAR3r1y/KApVmocJB7TveUX041mQL+YobLDml9YSd/GXX+2m
Fcx5Pmcum+5m52SY6t3Zpn5rQ9CvUAVOe35JXuBvTeCrnLPasTP3M76PPiUK4lQG
l0tmq9PUhQyzuQSuOreXsNfE9nY4uJB1mGB91aC34vfFt87hUKb7iQyuOQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFLCh8+kvNCB0h+g37nbldo676ishMB8GA1UdIwQY
MBaAFBufIboE5eMHezkePUj/WwpQszafMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRzU4aHVnVGw0d2Q3T1I0OVNQOWJDbEN6TnA4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMi9mNjdhNzgtMTgzZC00OTRhLTk5NWUt
ZjUxYzVmYjNkZjlhLzEvc0tIejZTODBJSFNINkRmdWR1VjJqcnZxS3lFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMi9mNjdhNzgtMTgzZC00OTRhLTk5NWUtZjUxYzVmYjNkZjlh
LzEvRzU4aHVnVGw0d2Q3T1I0OVNQOWJDbEN6TnA4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYEKgoCgLAw
DQYJKoZIhvcNAQELBQADggEBAHEsjAr3xeLYkSAQcrahOfNLzn7p5Dt5iMRCrC9Z
ii60MZXsXXpxPjZ2c7bZ3CWSpZcnak2TKi5OBMCFuaG5ssx1+/VHyYhaU3I0k2r7
B5ReJjVm0LZLsrZBucOBVaE8Jn3EBj68watRPuqqWmK51ngb2SqdDjx6/LOxPZ0e
ghQAgbOXbmWBj+1Vn61eQrYHlgszOpMBMy1NCcXScMRoxN96xPzf07ijbazOIuLz
qBGrcEiZnU1wrn9cZKhoNm26fFWnCvVfIfEJpUF0mnFRogLoh+hoadJpUDUHx13B
GAkp2C4hwWzkr2BYIus8FZQ3/udLWMq/qjTZvit8+Y+ibpM=
-----END CERTIFICATE-----