Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/28f7a6-e1ba-4978-9122-e18e7b2ac536/1/F6PQ9QxCrP1FvXd_CfbLxRhhTNQ.roa
File:                     F6PQ9QxCrP1FvXd_CfbLxRhhTNQ.roa (raw, json)
Hash identifier:          n0PRrUQAyBx9CcvAOmYSIyc/QdWUwxnb8OXptwsMWLg=
Subject key identifier:   17:A3:D0:F5:0C:42:AC:FD:45:BD:77:7F:09:F6:CB:C5:18:61:4C:D4
Certificate issuer:       /CN=494d7873416510a2fb2346ef342280155522713b
Certificate serial:       018CC94DAE6A0FCB1761073F5534ACD71973
Authority key identifier: 49:4D:78:73:41:65:10:A2:FB:23:46:EF:34:22:80:15:55:22:71:3B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SU14c0FlEKL7I0bvNCKAFVUicTs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/28f7a6-e1ba-4978-9122-e18e7b2ac536/1/F6PQ9QxCrP1FvXd_CfbLxRhhTNQ.roa
Signing time:             Tue 02 Jan 2024 08:32:40 +0000
ROA not before:           Tue 02 Jan 2024 08:32:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61272
IP address blocks:        2a02:e00:ffe7::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/28f7a6-e1ba-4978-9122-e18e7b2ac536/1/SU14c0FlEKL7I0bvNCKAFVUicTs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/28f7a6-e1ba-4978-9122-e18e7b2ac536/1/SU14c0FlEKL7I0bvNCKAFVUicTs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SU14c0FlEKL7I0bvNCKAFVUicTs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 14:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:ae:6a:0f:cb:17:61:07:3f:55:34:ac:d7:19:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=494d7873416510a2fb2346ef342280155522713b
        Validity
            Not Before: Jan  2 08:32:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=17a3d0f50c42acfd45bd777f09f6cbc518614cd4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:fe:7e:21:c9:c6:73:fe:8e:7a:1a:8b:5a:4f:
                    10:b0:9b:24:99:16:65:44:c5:ae:a7:3b:66:67:2a:
                    ff:d5:4c:ea:cf:56:9e:9f:a4:34:77:7d:68:1f:b2:
                    be:95:41:73:8d:30:e4:a9:3e:e4:17:e9:44:8d:03:
                    e6:b0:41:f5:05:b9:a0:ef:ae:f3:a2:65:be:45:53:
                    84:c6:c6:a6:2e:c8:1d:fe:3c:dc:64:4d:54:78:12:
                    af:9a:ac:5a:f3:c9:47:d4:fc:50:f4:d2:46:cb:02:
                    92:f0:8b:ed:e7:63:c7:fe:69:63:09:03:6e:32:f4:
                    12:c4:06:cf:bc:88:91:1a:21:da:63:bb:40:cc:ca:
                    b7:43:f3:d3:46:00:4d:f6:90:64:f1:29:8f:9b:b6:
                    8b:1b:2b:04:45:88:63:3c:9d:f4:84:b7:5f:41:2d:
                    56:32:5e:07:ff:25:6b:7c:34:15:f7:3d:10:86:a2:
                    81:fc:a2:f9:4e:d9:a6:ca:f6:31:55:8a:39:1a:bb:
                    f1:ca:28:27:f1:9f:ed:4f:f2:55:a0:9b:99:36:46:
                    bb:8c:b3:b2:7a:72:36:bb:61:09:97:92:0b:ff:df:
                    1a:1c:5b:f0:bb:4e:46:68:d7:ef:48:81:3e:ea:8d:
                    de:9b:8b:38:d4:c1:e0:0d:d0:b4:a5:44:b2:54:47:
                    be:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:A3:D0:F5:0C:42:AC:FD:45:BD:77:7F:09:F6:CB:C5:18:61:4C:D4
            X509v3 Authority Key Identifier:
                keyid:49:4D:78:73:41:65:10:A2:FB:23:46:EF:34:22:80:15:55:22:71:3B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SU14c0FlEKL7I0bvNCKAFVUicTs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/28f7a6-e1ba-4978-9122-e18e7b2ac536/1/F6PQ9QxCrP1FvXd_CfbLxRhhTNQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/28f7a6-e1ba-4978-9122-e18e7b2ac536/1/SU14c0FlEKL7I0bvNCKAFVUicTs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a02:e00:ffe7::/48

    Signature Algorithm: sha256WithRSAEncryption
         67:ff:ac:94:fa:88:12:aa:db:32:e6:5d:36:c3:05:9d:29:3d:
         c7:1d:1b:1d:e1:73:a0:e2:aa:e3:02:01:c2:a9:95:d6:ad:21:
         7b:83:25:fe:a9:7b:7f:48:70:56:27:2f:bd:d4:f6:b6:de:17:
         f5:b8:ef:d4:ac:b1:93:5e:08:33:e9:02:bf:be:6d:0c:15:18:
         70:2e:79:01:12:b7:48:75:74:b0:ec:76:a7:fa:3f:23:85:18:
         54:e2:a2:7b:80:d2:34:6d:36:74:40:b8:bf:47:ac:32:bc:c9:
         06:b9:06:19:84:a2:f1:7a:13:c9:16:1d:72:55:28:1b:f7:b8:
         7e:4c:4e:6b:c1:1c:e6:be:06:6d:57:9b:bf:00:79:60:f1:46:
         db:eb:65:3e:2f:07:a5:11:7e:9c:e3:a2:d4:8c:47:08:85:7d:
         c0:44:bb:3a:e4:5e:a0:41:cc:34:de:99:65:9c:81:85:29:a3:
         bf:b0:d7:21:0f:00:9e:7f:83:9a:f3:65:7d:db:72:8b:fe:e7:
         4b:dc:38:b1:e6:e8:1c:9a:58:71:60:dc:9e:c8:ab:af:80:50:
         22:c6:30:70:d4:4c:61:f9:54:90:50:f3:da:76:ba:95:b9:aa:
         92:23:11:e9:5a:f2:cf:06:0a:eb:35:ec:1c:65:ba:8c:b1:a5:
         65:4c:5a:89
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzJTa5qD8sXYQc/VTSs1xlzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ5NGQ3ODczNDE2NTEwYTJmYjIzNDZlZjM0MjI4MDE1NTUy
MjcxM2IwHhcNMjQwMTAyMDgzMjQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxN2EzZDBmNTBjNDJhY2ZkNDViZDc3N2YwOWY2Y2JjNTE4NjE0Y2Q0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiv5+IcnGc/6OehqLWk8QsJskmRZl
RMWupztmZyr/1Uzqz1aen6Q0d31oH7K+lUFzjTDkqT7kF+lEjQPmsEH1Bbmg767z
omW+RVOExsamLsgd/jzcZE1UeBKvmqxa88lH1PxQ9NJGywKS8Ivt52PH/mljCQNu
MvQSxAbPvIiRGiHaY7tAzMq3Q/PTRgBN9pBk8SmPm7aLGysERYhjPJ30hLdfQS1W
Ml4H/yVrfDQV9z0QhqKB/KL5TtmmyvYxVYo5Grvxyign8Z/tT/JVoJuZNka7jLOy
enI2u2EJl5IL/98aHFvwu05GaNfvSIE+6o3em4s41MHgDdC0pUSyVEe+OwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFBej0PUMQqz9Rb13fwn2y8UYYUzUMB8GA1UdIwQY
MBaAFElNeHNBZRCi+yNG7zQigBVVInE7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU1UxNGMwRmxFS0w3STBidk5DS0FGVlVpY1RzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS8yOGY3YTYtZTFiYS00OTc4LTkxMjIt
ZTE4ZTdiMmFjNTM2LzEvRjZQUTlReENyUDFGdlhkX0NmYkx4UmhoVE5RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS8yOGY3YTYtZTFiYS00OTc4LTkxMjItZTE4ZTdiMmFjNTM2
LzEvU1UxNGMwRmxFS0w3STBidk5DS0FGVlVpY1RzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgIOAP/n
MA0GCSqGSIb3DQEBCwUAA4IBAQBn/6yU+ogSqtsy5l02wwWdKT3HHRsd4XOg4qrj
AgHCqZXWrSF7gyX+qXt/SHBWJy+91Pa23hf1uO/UrLGTXggz6QK/vm0MFRhwLnkB
ErdIdXSw7Han+j8jhRhU4qJ7gNI0bTZ0QLi/R6wyvMkGuQYZhKLxehPJFh1yVSgb
97h+TE5rwRzmvgZtV5u/AHlg8Ubb62U+LwelEX6c46LUjEcIhX3ARLs65F6gQcw0
3pllnIGFKaO/sNchDwCef4Oa82V923KL/udL3Dix5ugcmlhxYNyeyKuvgFAixjBw
1Exh+VSQUPPadrqVuaqSIxHpWvLPBgrrNewcZbqMsaVlTFqJ
-----END CERTIFICATE-----