Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/8G-v7hNb6O8YqpLU_t-u9NHMxE8.roa
File:                     8G-v7hNb6O8YqpLU_t-u9NHMxE8.roa (raw, json)
Hash identifier:          vLGz5AwXD7X4Jbg/xTlU6Zn8rtsMdLsGVM8w1nlu0vg=
Subject key identifier:   F0:6F:AF:EE:13:5B:E8:EF:18:AA:92:D4:FE:DF:AE:F4:D1:CC:C4:4F
Certificate issuer:       /CN=d56ef48ed6155dd7843eed3632469abaa3100bf3
Certificate serial:       018CCA29752FB235F469E8D3FB6EA547EC11
Authority key identifier: D5:6E:F4:8E:D6:15:5D:D7:84:3E:ED:36:32:46:9A:BA:A3:10:0B:F3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/8G-v7hNb6O8YqpLU_t-u9NHMxE8.roa
Signing time:             Tue 02 Jan 2024 12:32:43 +0000
ROA not before:           Tue 02 Jan 2024 12:32:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213045
IP address blocks:        2a0e:8f02:2000::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 13:01:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:29:75:2f:b2:35:f4:69:e8:d3:fb:6e:a5:47:ec:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d56ef48ed6155dd7843eed3632469abaa3100bf3
        Validity
            Not Before: Jan  2 12:32:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f06fafee135be8ef18aa92d4fedfaef4d1ccc44f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:c9:91:ec:ba:f2:93:34:ed:bf:d0:89:7b:e3:
                    41:93:b1:3b:cb:57:95:b5:e6:86:ab:44:bf:ef:db:
                    bd:19:38:5b:d6:75:bc:f8:1e:d5:62:66:ec:f3:57:
                    49:bd:fa:9a:1e:48:38:f0:e9:b6:a8:89:dc:8c:6e:
                    a4:9a:2c:fe:55:8b:7a:9b:48:52:79:36:bd:7c:d0:
                    21:d0:5a:ec:c5:8a:5d:82:38:7c:f7:d1:e1:3b:9f:
                    d7:9f:4f:33:33:9a:91:18:e9:23:e2:08:77:fc:7d:
                    4d:cc:a7:0a:ff:37:1d:5b:94:2e:38:1b:60:ef:e8:
                    a6:b8:28:3d:7d:c1:b4:e8:3d:25:6a:ae:e8:93:0d:
                    ce:06:1a:f2:91:be:89:1c:74:56:c4:6a:d6:b3:a9:
                    aa:aa:50:99:d3:f1:7b:fd:7d:a2:0a:40:01:ed:4c:
                    5f:97:5d:61:f5:7c:1f:aa:89:73:dd:a0:9f:4c:98:
                    0a:4c:cb:60:cb:0a:df:e8:50:80:f3:a6:57:b5:8f:
                    94:32:85:d6:fe:b5:95:db:44:fa:dd:8d:4e:84:db:
                    f7:3b:23:8b:6a:38:fb:c4:be:a3:6b:e5:8a:fa:84:
                    37:77:cb:e0:ce:45:74:f8:19:1b:d4:cf:74:f9:df:
                    5e:a9:6a:f1:ba:dd:b3:8b:d0:7e:d9:2f:ae:72:f3:
                    45:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:6F:AF:EE:13:5B:E8:EF:18:AA:92:D4:FE:DF:AE:F4:D1:CC:C4:4F
            X509v3 Authority Key Identifier:
                keyid:D5:6E:F4:8E:D6:15:5D:D7:84:3E:ED:36:32:46:9A:BA:A3:10:0B:F3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/8G-v7hNb6O8YqpLU_t-u9NHMxE8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:8f02:2000::/44

    Signature Algorithm: sha256WithRSAEncryption
         3a:09:06:48:bd:64:24:d5:35:ae:2e:56:af:db:12:71:ba:3f:
         f0:6f:a1:c0:84:07:b2:c3:3a:0e:aa:9b:b4:b2:01:4a:30:a6:
         20:68:1f:05:5e:ff:7f:d9:ca:d1:4e:50:6d:e7:fe:13:7b:97:
         f5:f8:0f:43:58:5f:97:2c:ea:7a:0e:25:dc:e3:6e:66:0f:61:
         7a:1c:fa:50:3e:9b:a9:48:89:05:9d:b6:ce:7e:c1:ce:78:3a:
         c6:ff:cd:06:d0:98:2d:b9:01:bb:c5:d5:30:10:d3:8b:08:0c:
         98:f4:3a:20:7d:2c:ff:3d:a5:e4:e8:b5:18:a2:51:f8:be:24:
         a1:ae:9d:9d:d2:3c:11:de:04:ba:a5:16:c2:b3:86:bc:3c:40:
         e5:7c:60:28:c6:4d:f3:4b:34:5d:c7:8b:c3:c9:4f:15:ff:6a:
         d2:2c:ca:b3:02:8b:77:1b:40:75:2c:e3:50:ad:8a:67:e8:6b:
         53:e3:df:83:9c:75:6d:80:7a:8a:be:c6:5f:4d:a5:dc:dc:34:
         74:ca:d2:87:71:f4:8a:f4:f2:eb:13:77:65:90:ac:6f:3c:d9:
         36:e3:54:e7:5d:78:2a:cf:54:3d:dc:d2:5b:37:18:62:c9:c7:
         a9:9f:00:0e:65:78:fd:58:5f:a7:b2:ff:32:0c:f0:ab:d3:12:
         b6:1a:7a:13
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzKKXUvsjX0aejT+26lR+wRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ1NmVmNDhlZDYxNTVkZDc4NDNlZWQzNjMyNDY5YWJhYTMx
MDBiZjMwHhcNMjQwMTAyMTIzMjQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMDZmYWZlZTEzNWJlOGVmMThhYTkyZDRmZWRmYWVmNGQxY2NjNDRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn8mR7LrykzTtv9CJe+NBk7E7y1eV
teaGq0S/79u9GThb1nW8+B7VYmbs81dJvfqaHkg48Om2qIncjG6kmiz+VYt6m0hS
eTa9fNAh0FrsxYpdgjh899HhO5/Xn08zM5qRGOkj4gh3/H1NzKcK/zcdW5QuOBtg
7+imuCg9fcG06D0laq7okw3OBhrykb6JHHRWxGrWs6mqqlCZ0/F7/X2iCkAB7Uxf
l11h9Xwfqolz3aCfTJgKTMtgywrf6FCA86ZXtY+UMoXW/rWV20T63Y1OhNv3OyOL
ajj7xL6ja+WK+oQ3d8vgzkV0+Bkb1M90+d9eqWrxut2zi9B+2S+ucvNFKwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFPBvr+4TW+jvGKqS1P7frvTRzMRPMB8GA1UdIwQY
MBaAFNVu9I7WFV3XhD7tNjJGmrqjEAvzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMVc3MGp0WVZYZGVFUHUwMk1rYWF1cU1RQ19NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS81OGZmNTQtMzQxMC00ZTQyLWFhYjgt
ZDJkN2YyYmI2NGRmLzEvOEctdjdoTmI2TzhZcXBMVV90LXU5TkhNeEU4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS81OGZmNTQtMzQxMC00ZTQyLWFhYjgtZDJkN2YyYmI2NGRm
LzEvMVc3MGp0WVZYZGVFUHUwMk1rYWF1cU1RQ19NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6PAiAA
MA0GCSqGSIb3DQEBCwUAA4IBAQA6CQZIvWQk1TWuLlav2xJxuj/wb6HAhAeywzoO
qpu0sgFKMKYgaB8FXv9/2crRTlBt5/4Te5f1+A9DWF+XLOp6DiXc425mD2F6HPpQ
PpupSIkFnbbOfsHOeDrG/80G0JgtuQG7xdUwENOLCAyY9DogfSz/PaXk6LUYolH4
viShrp2d0jwR3gS6pRbCs4a8PEDlfGAoxk3zSzRdx4vDyU8V/2rSLMqzAot3G0B1
LONQrYpn6GtT49+DnHVtgHqKvsZfTaXc3DR0ytKHcfSK9PLrE3dlkKxvPNk241Tn
XXgqz1Q93NJbNxhiycepnwAOZXj9WF+nsv8yDPCr0xK2GnoT
-----END CERTIFICATE-----