Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/9L4DqcBVUqh_ejL_NBq85hgMpuY.roa
File:                     9L4DqcBVUqh_ejL_NBq85hgMpuY.roa (raw, json)
Hash identifier:          Cr1KlYQJ9lqk3mzvP2yzE1kZAixCPRdNpSK6+O/V9nA=
Subject key identifier:   F4:BE:03:A9:C0:55:52:A8:7F:7A:32:FF:34:1A:BC:E6:18:0C:A6:E6
Certificate issuer:       /CN=d56ef48ed6155dd7843eed3632469abaa3100bf3
Certificate serial:       018CCA29568108C7AA978A60D1F18A875B0B
Authority key identifier: D5:6E:F4:8E:D6:15:5D:D7:84:3E:ED:36:32:46:9A:BA:A3:10:0B:F3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/9L4DqcBVUqh_ejL_NBq85hgMpuY.roa
Signing time:             Tue 02 Jan 2024 12:32:35 +0000
ROA not before:           Tue 02 Jan 2024 12:32:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     139317
IP address blocks:        2a0e:8f02:f058::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:29:56:81:08:c7:aa:97:8a:60:d1:f1:8a:87:5b:0b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d56ef48ed6155dd7843eed3632469abaa3100bf3
        Validity
            Not Before: Jan  2 12:32:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f4be03a9c05552a87f7a32ff341abce6180ca6e6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:7a:f8:57:53:e4:0b:02:ed:19:fc:6e:d3:51:
                    b8:6c:7b:80:a1:8e:99:d4:c8:58:b4:10:c2:85:02:
                    cf:c8:83:13:fa:7a:6d:74:2c:91:ab:dd:80:76:39:
                    38:dc:9d:09:9d:34:f5:80:96:c8:83:b5:41:1f:9f:
                    15:63:c2:c1:ac:dd:9f:8f:e8:1e:d0:a7:4e:c7:21:
                    dc:83:45:c2:44:29:0c:06:bc:02:3f:de:91:e3:5e:
                    ee:d5:e8:d1:28:e0:ad:f7:c3:2b:a3:78:ce:bd:31:
                    75:13:dd:de:0e:f8:95:31:f3:58:c4:15:02:4e:4a:
                    44:3b:0a:50:cb:63:43:3d:5b:8d:0c:7c:38:d7:60:
                    b0:4f:54:66:57:c7:94:2b:d9:08:04:cd:43:45:36:
                    83:da:dc:d4:2c:79:82:e8:ba:72:7c:05:64:36:46:
                    a9:e1:a7:04:3d:b0:da:f6:a0:7e:70:56:f0:b3:a7:
                    dc:13:88:76:35:8e:83:f5:97:80:8a:92:d5:5a:04:
                    49:c0:68:92:b8:e1:b3:c2:69:cf:ca:d5:95:95:b9:
                    ec:a7:04:59:b1:3a:8d:4e:75:81:f6:5a:c3:d3:1f:
                    a8:ec:41:b0:92:b9:55:50:b4:f2:c8:b4:2b:69:be:
                    80:1d:e2:9f:fd:7c:9d:eb:dc:0d:0d:67:60:58:81:
                    09:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:BE:03:A9:C0:55:52:A8:7F:7A:32:FF:34:1A:BC:E6:18:0C:A6:E6
            X509v3 Authority Key Identifier:
                keyid:D5:6E:F4:8E:D6:15:5D:D7:84:3E:ED:36:32:46:9A:BA:A3:10:0B:F3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/9L4DqcBVUqh_ejL_NBq85hgMpuY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:8f02:f058::/48

    Signature Algorithm: sha256WithRSAEncryption
         a8:de:8b:b6:78:ef:60:2e:94:93:64:cf:7f:de:56:1a:5d:67:
         95:55:9c:2a:61:66:f6:e4:87:47:ff:f1:df:fc:39:5a:80:bd:
         e2:a6:f8:ce:a8:d8:9c:64:85:40:97:24:e1:04:da:8c:55:b5:
         5a:57:6d:0d:a1:ee:a2:7a:98:97:6d:b1:46:30:c4:5c:79:a4:
         7a:c1:1e:d7:3e:fa:ff:7d:af:c2:00:72:4c:5f:63:6d:b5:40:
         3b:26:34:85:9e:76:c9:2e:d8:08:a8:7f:ee:b8:03:43:b7:69:
         f7:0c:f7:c9:fd:2c:64:a7:b6:66:3c:c7:2f:b7:47:a4:b2:73:
         05:da:56:57:ea:88:34:05:98:fb:08:fb:9a:2f:15:53:8d:4a:
         b0:07:5c:f4:cb:4d:af:a8:00:df:78:a3:5d:eb:44:c3:22:6c:
         46:8d:56:e3:05:c7:49:ec:e1:77:a4:2c:f2:b5:46:d8:ad:41:
         cd:e6:dd:53:1b:19:d6:e3:30:e1:70:74:af:3c:e8:79:78:4a:
         a2:9a:ac:1c:67:98:71:0d:24:65:1f:9e:e0:75:26:c5:32:1a:
         d6:a8:c4:3b:dd:0b:7e:4b:49:4e:68:c8:6e:2a:7b:76:94:a2:
         b1:7f:51:dd:2c:fa:b8:76:7f:52:b1:5f:1d:d3:de:e9:04:b0:
         86:8d:46:42
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzKKVaBCMeql4pg0fGKh1sLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ1NmVmNDhlZDYxNTVkZDc4NDNlZWQzNjMyNDY5YWJhYTMx
MDBiZjMwHhcNMjQwMTAyMTIzMjM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNGJlMDNhOWMwNTU1MmE4N2Y3YTMyZmYzNDFhYmNlNjE4MGNhNmU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk3r4V1PkCwLtGfxu01G4bHuAoY6Z
1MhYtBDChQLPyIMT+nptdCyRq92Adjk43J0JnTT1gJbIg7VBH58VY8LBrN2fj+ge
0KdOxyHcg0XCRCkMBrwCP96R417u1ejRKOCt98Mro3jOvTF1E93eDviVMfNYxBUC
TkpEOwpQy2NDPVuNDHw412CwT1RmV8eUK9kIBM1DRTaD2tzULHmC6LpyfAVkNkap
4acEPbDa9qB+cFbws6fcE4h2NY6D9ZeAipLVWgRJwGiSuOGzwmnPytWVlbnspwRZ
sTqNTnWB9lrD0x+o7EGwkrlVULTyyLQrab6AHeKf/Xyd69wNDWdgWIEJnwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFPS+A6nAVVKof3oy/zQavOYYDKbmMB8GA1UdIwQY
MBaAFNVu9I7WFV3XhD7tNjJGmrqjEAvzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMVc3MGp0WVZYZGVFUHUwMk1rYWF1cU1RQ19NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS81OGZmNTQtMzQxMC00ZTQyLWFhYjgt
ZDJkN2YyYmI2NGRmLzEvOUw0RHFjQlZVcWhfZWpMX05CcTg1aGdNcHVZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS81OGZmNTQtMzQxMC00ZTQyLWFhYjgtZDJkN2YyYmI2NGRm
LzEvMVc3MGp0WVZYZGVFUHUwMk1rYWF1cU1RQ19NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg6PAvBY
MA0GCSqGSIb3DQEBCwUAA4IBAQCo3ou2eO9gLpSTZM9/3lYaXWeVVZwqYWb25IdH
//Hf/DlagL3ipvjOqNicZIVAlyThBNqMVbVaV20Noe6iepiXbbFGMMRceaR6wR7X
Pvr/fa/CAHJMX2NttUA7JjSFnnbJLtgIqH/uuANDt2n3DPfJ/Sxkp7ZmPMcvt0ek
snMF2lZX6og0BZj7CPuaLxVTjUqwB1z0y02vqADfeKNd60TDImxGjVbjBcdJ7OF3
pCzytUbYrUHN5t1TGxnW4zDhcHSvPOh5eEqimqwcZ5hxDSRlH57gdSbFMhrWqMQ7
3Qt+S0lOaMhuKnt2lKKxf1HdLPq4dn9SsV8d097pBLCGjUZC
-----END CERTIFICATE-----