Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/SInWfp9KiOGfdogFy6kqI7b1bHE.roa
File:                     SInWfp9KiOGfdogFy6kqI7b1bHE.roa (raw, json)
Hash identifier:          dnBuUHw9L7LX1TT5OBQKOkybuTVRXl715GwCR/BcKLk=
Subject key identifier:   48:89:D6:7E:9F:4A:88:E1:9F:76:88:05:CB:A9:2A:23:B6:F5:6C:71
Certificate issuer:       /CN=d56ef48ed6155dd7843eed3632469abaa3100bf3
Certificate serial:       018CCA295C2EAC91AD2B95254147B8E3EDF7
Authority key identifier: D5:6E:F4:8E:D6:15:5D:D7:84:3E:ED:36:32:46:9A:BA:A3:10:0B:F3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/SInWfp9KiOGfdogFy6kqI7b1bHE.roa
Signing time:             Tue 02 Jan 2024 12:32:37 +0000
ROA not before:           Tue 02 Jan 2024 12:32:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203472
IP address blocks:        2a0e:8f02:f046::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 22 May 2024 04:00:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:29:5c:2e:ac:91:ad:2b:95:25:41:47:b8:e3:ed:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d56ef48ed6155dd7843eed3632469abaa3100bf3
        Validity
            Not Before: Jan  2 12:32:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4889d67e9f4a88e19f768805cba92a23b6f56c71
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:39:fb:5e:8e:69:cb:2c:08:61:41:d5:7e:ba:
                    98:be:92:72:a9:45:c5:40:45:7f:5b:25:d7:6a:10:
                    c8:24:a0:54:9a:79:5a:e2:8a:af:b5:46:c6:38:17:
                    33:e3:47:9f:04:2f:4f:7e:09:84:da:67:f2:06:bf:
                    0d:cd:b5:d7:a4:44:cd:70:35:d5:5b:f1:74:6e:5e:
                    5a:c4:13:a7:27:c2:26:20:a3:71:d4:c3:74:a3:7a:
                    b2:cc:1f:05:c1:21:b3:ae:c8:25:bd:2e:1c:21:b5:
                    75:0c:74:03:63:5b:d8:49:23:aa:7f:2d:95:ab:a2:
                    40:70:c1:1f:ef:95:e9:8b:a4:57:4e:3f:66:2a:b1:
                    54:08:cf:07:a9:87:43:c4:f6:10:82:83:37:99:76:
                    a6:ff:bb:b9:18:ef:a8:4d:2f:44:22:64:53:ba:bf:
                    09:1b:0c:23:9a:25:b0:0c:e0:3f:27:c0:a1:4b:bc:
                    80:50:b8:76:db:3e:50:be:88:d1:d2:fe:e4:86:36:
                    b1:f5:9e:32:90:cd:fe:8a:8e:56:87:2e:ab:9d:16:
                    ef:2e:d7:b8:de:a8:35:cb:82:5d:20:a8:5b:c9:cf:
                    b7:43:20:38:8a:4d:b8:ae:1f:8e:4d:ce:b9:9a:e0:
                    92:87:e9:8e:0f:f3:56:cb:99:ba:75:5e:e7:4e:e2:
                    19:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                48:89:D6:7E:9F:4A:88:E1:9F:76:88:05:CB:A9:2A:23:B6:F5:6C:71
            X509v3 Authority Key Identifier:
                keyid:D5:6E:F4:8E:D6:15:5D:D7:84:3E:ED:36:32:46:9A:BA:A3:10:0B:F3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/SInWfp9KiOGfdogFy6kqI7b1bHE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:8f02:f046::/48

    Signature Algorithm: sha256WithRSAEncryption
         30:fb:d7:f6:0e:0e:c2:b1:62:53:1d:11:5f:7a:c3:a4:4c:cc:
         8f:c6:6a:b8:17:3a:0e:fd:e6:00:5b:9d:c4:51:7d:77:ac:ff:
         54:29:be:f1:c1:ce:23:1f:ba:74:84:80:4d:2f:2b:c1:f0:f2:
         5a:0c:bd:83:26:02:0a:5a:46:f8:48:98:bc:ff:d3:fa:c6:2f:
         ee:94:28:aa:8b:46:8b:03:e2:79:7c:43:03:70:b3:be:36:41:
         29:05:0c:b6:7e:90:47:a7:d1:14:13:94:ae:82:e7:0c:96:d4:
         f0:fe:6f:cb:06:7c:9c:bc:53:8a:a3:1d:18:8f:b0:0a:03:66:
         39:93:56:94:a1:48:fa:65:6f:c2:54:c1:25:eb:a0:76:a3:49:
         3e:6e:a8:d6:1a:a6:a4:eb:09:5a:ac:56:38:2d:2f:d7:5a:4a:
         2e:34:10:e9:2a:3a:c9:d9:39:96:73:b1:4d:4b:a2:72:7a:6c:
         a1:c2:8a:de:77:b9:9c:9a:9d:49:30:05:3c:25:8d:ac:5c:37:
         d4:87:36:02:fb:4a:fa:d0:b5:3c:14:a6:4b:28:59:ca:f8:0d:
         e2:5a:41:68:95:99:3d:4d:4e:1a:c9:9c:73:1a:c5:8a:46:b0:
         e0:96:97:f3:d4:44:dc:0f:85:f0:5f:c8:80:3c:af:88:8c:50:
         a7:b9:f4:f3
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzKKVwurJGtK5UlQUe44+33MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ1NmVmNDhlZDYxNTVkZDc4NDNlZWQzNjMyNDY5YWJhYTMx
MDBiZjMwHhcNMjQwMTAyMTIzMjM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ODg5ZDY3ZTlmNGE4OGUxOWY3Njg4MDVjYmE5MmEyM2I2ZjU2YzcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmzn7Xo5pyywIYUHVfrqYvpJyqUXF
QEV/WyXXahDIJKBUmnla4oqvtUbGOBcz40efBC9PfgmE2mfyBr8NzbXXpETNcDXV
W/F0bl5axBOnJ8ImIKNx1MN0o3qyzB8FwSGzrsglvS4cIbV1DHQDY1vYSSOqfy2V
q6JAcMEf75Xpi6RXTj9mKrFUCM8HqYdDxPYQgoM3mXam/7u5GO+oTS9EImRTur8J
GwwjmiWwDOA/J8ChS7yAULh22z5QvojR0v7khjax9Z4ykM3+io5Why6rnRbvLte4
3qg1y4JdIKhbyc+3QyA4ik24rh+OTc65muCSh+mOD/NWy5m6dV7nTuIZhwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFEiJ1n6fSojhn3aIBcupKiO29WxxMB8GA1UdIwQY
MBaAFNVu9I7WFV3XhD7tNjJGmrqjEAvzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMVc3MGp0WVZYZGVFUHUwMk1rYWF1cU1RQ19NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS81OGZmNTQtMzQxMC00ZTQyLWFhYjgt
ZDJkN2YyYmI2NGRmLzEvU0luV2ZwOUtpT0dmZG9nRnk2a3FJN2IxYkhFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS81OGZmNTQtMzQxMC00ZTQyLWFhYjgtZDJkN2YyYmI2NGRm
LzEvMVc3MGp0WVZYZGVFUHUwMk1rYWF1cU1RQ19NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg6PAvBG
MA0GCSqGSIb3DQEBCwUAA4IBAQAw+9f2Dg7CsWJTHRFfesOkTMyPxmq4FzoO/eYA
W53EUX13rP9UKb7xwc4jH7p0hIBNLyvB8PJaDL2DJgIKWkb4SJi8/9P6xi/ulCiq
i0aLA+J5fEMDcLO+NkEpBQy2fpBHp9EUE5SugucMltTw/m/LBnycvFOKox0Yj7AK
A2Y5k1aUoUj6ZW/CVMEl66B2o0k+bqjWGqak6wlarFY4LS/XWkouNBDpKjrJ2TmW
c7FNS6Jyemyhwored7mcmp1JMAU8JY2sXDfUhzYC+0r60LU8FKZLKFnK+A3iWkFo
lZk9TU4ayZxzGsWKRrDglpfz1ETcD4XwX8iAPK+IjFCnufTz
-----END CERTIFICATE-----