Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/SKlWj6EeQKvxgl_UkZzsa8Y7qw8.roa
File:                     SKlWj6EeQKvxgl_UkZzsa8Y7qw8.roa (raw, json)
Hash identifier:          Q8ENz0YqDIZcQR05KhHOSKi1NLoh2O9DpOmL4KPCvg0=
Subject key identifier:   48:A9:56:8F:A1:1E:40:AB:F1:82:5F:D4:91:9C:EC:6B:C6:3B:AB:0F
Certificate issuer:       /CN=d56ef48ed6155dd7843eed3632469abaa3100bf3
Certificate serial:       018CCA2976FFB49023776CF408458D4065D9
Authority key identifier: D5:6E:F4:8E:D6:15:5D:D7:84:3E:ED:36:32:46:9A:BA:A3:10:0B:F3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/SKlWj6EeQKvxgl_UkZzsa8Y7qw8.roa
Signing time:             Tue 02 Jan 2024 12:32:44 +0000
ROA not before:           Tue 02 Jan 2024 12:32:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213248
IP address blocks:        2a0e:8f02:2160::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 22 May 2024 14:34:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:29:76:ff:b4:90:23:77:6c:f4:08:45:8d:40:65:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d56ef48ed6155dd7843eed3632469abaa3100bf3
        Validity
            Not Before: Jan  2 12:32:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=48a9568fa11e40abf1825fd4919cec6bc63bab0f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:d6:56:39:d5:08:49:eb:d0:3a:fa:21:a0:27:
                    e4:10:80:07:5f:70:2a:49:c8:a7:ca:5e:df:75:f9:
                    d6:3c:db:cb:1b:92:08:b7:96:49:1b:0d:ea:5b:8d:
                    53:5d:19:73:1d:b0:7f:90:94:c4:01:6e:89:87:40:
                    0a:d3:de:6c:f5:8a:6d:25:81:29:65:63:5c:2e:db:
                    a5:81:5c:bd:31:fa:8e:81:08:6c:f1:08:9a:bf:b7:
                    dd:2e:7a:95:fc:50:29:44:04:74:67:23:41:84:60:
                    2f:13:41:3a:97:fd:3e:78:e7:1e:ef:7f:d2:c3:7b:
                    bb:f0:21:53:02:ef:63:7e:c6:57:34:a7:2c:be:f1:
                    e3:de:f4:56:41:05:37:53:a3:b2:d8:48:68:6a:f8:
                    93:dc:59:cc:e2:e9:cd:69:40:a6:90:b0:90:b5:0f:
                    ea:59:33:77:c8:d8:e0:48:c0:93:f4:77:04:62:3b:
                    72:59:46:04:6c:9a:8a:67:b8:b9:7d:7f:8f:dd:8f:
                    a0:a2:f5:f9:7f:dc:d5:d9:d8:9b:1c:41:88:a7:17:
                    1f:cc:4f:7d:a6:bc:f7:c9:da:32:a2:6d:7a:7e:25:
                    8c:c7:68:20:f1:1c:7f:1a:e6:af:72:5d:34:fb:02:
                    74:24:47:71:f3:dc:67:e5:e0:f4:0e:d6:00:43:c6:
                    76:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                48:A9:56:8F:A1:1E:40:AB:F1:82:5F:D4:91:9C:EC:6B:C6:3B:AB:0F
            X509v3 Authority Key Identifier:
                keyid:D5:6E:F4:8E:D6:15:5D:D7:84:3E:ED:36:32:46:9A:BA:A3:10:0B:F3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/SKlWj6EeQKvxgl_UkZzsa8Y7qw8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:8f02:2160::/44

    Signature Algorithm: sha256WithRSAEncryption
         a4:09:d8:c3:c3:33:22:c3:85:bb:0d:08:d9:23:61:d8:4c:d3:
         d2:94:12:46:28:77:ee:e7:12:64:99:13:5d:af:5a:ea:50:c7:
         ae:8d:77:7b:2d:69:1e:9f:05:b9:f1:61:fe:df:79:e1:a9:f5:
         d9:88:7e:88:08:d6:4e:ca:aa:b3:4f:c3:e9:a6:5e:84:67:14:
         cc:36:94:9f:fc:29:96:03:fb:30:37:22:7e:8d:e7:01:f9:a8:
         19:3b:e2:b3:69:52:5a:eb:17:f3:38:25:a9:f5:8e:38:2c:da:
         9f:67:84:58:34:5d:9d:2d:d1:7f:96:91:85:94:3a:df:e1:84:
         df:75:69:cf:53:2b:47:a8:2e:d2:c9:45:92:08:93:20:56:5d:
         55:e0:c5:68:a6:4b:dd:39:ef:ec:52:11:0f:5c:63:49:75:ea:
         92:53:a5:10:25:6d:08:d8:22:83:96:8e:24:d0:74:67:87:b2:
         2b:d7:12:fb:af:21:a7:55:1d:27:a5:64:84:b3:1e:c0:a8:ec:
         20:ad:6a:5b:5f:a3:9b:27:c9:0e:5b:74:86:1c:8b:3e:8a:ac:
         a3:97:6a:9e:40:b4:cd:f5:69:e2:06:c1:21:56:6e:66:05:c4:
         75:6f:e1:2e:00:d5:b9:ef:1e:c9:fc:1a:f3:ec:f2:b9:4e:1e:
         6a:ff:c0:7a
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzKKXb/tJAjd2z0CEWNQGXZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ1NmVmNDhlZDYxNTVkZDc4NDNlZWQzNjMyNDY5YWJhYTMx
MDBiZjMwHhcNMjQwMTAyMTIzMjQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OGE5NTY4ZmExMWU0MGFiZjE4MjVmZDQ5MTljZWM2YmM2M2JhYjBmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAotZWOdUISevQOvohoCfkEIAHX3Aq
Scinyl7fdfnWPNvLG5IIt5ZJGw3qW41TXRlzHbB/kJTEAW6Jh0AK095s9YptJYEp
ZWNcLtulgVy9MfqOgQhs8Qiav7fdLnqV/FApRAR0ZyNBhGAvE0E6l/0+eOce73/S
w3u78CFTAu9jfsZXNKcsvvHj3vRWQQU3U6Oy2EhoaviT3FnM4unNaUCmkLCQtQ/q
WTN3yNjgSMCT9HcEYjtyWUYEbJqKZ7i5fX+P3Y+govX5f9zV2dibHEGIpxcfzE99
prz3ydoyom16fiWMx2gg8Rx/Guavcl00+wJ0JEdx89xn5eD0DtYAQ8Z2NQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFEipVo+hHkCr8YJf1JGc7GvGO6sPMB8GA1UdIwQY
MBaAFNVu9I7WFV3XhD7tNjJGmrqjEAvzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMVc3MGp0WVZYZGVFUHUwMk1rYWF1cU1RQ19NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS81OGZmNTQtMzQxMC00ZTQyLWFhYjgt
ZDJkN2YyYmI2NGRmLzEvU0tsV2o2RWVRS3Z4Z2xfVWtaenNhOFk3cXc4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS81OGZmNTQtMzQxMC00ZTQyLWFhYjgtZDJkN2YyYmI2NGRm
LzEvMVc3MGp0WVZYZGVFUHUwMk1rYWF1cU1RQ19NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6PAiFg
MA0GCSqGSIb3DQEBCwUAA4IBAQCkCdjDwzMiw4W7DQjZI2HYTNPSlBJGKHfu5xJk
mRNdr1rqUMeujXd7LWkenwW58WH+33nhqfXZiH6ICNZOyqqzT8Pppl6EZxTMNpSf
/CmWA/swNyJ+jecB+agZO+KzaVJa6xfzOCWp9Y44LNqfZ4RYNF2dLdF/lpGFlDrf
4YTfdWnPUytHqC7SyUWSCJMgVl1V4MVopkvdOe/sUhEPXGNJdeqSU6UQJW0I2CKD
lo4k0HRnh7Ir1xL7ryGnVR0npWSEsx7AqOwgrWpbX6ObJ8kOW3SGHIs+iqyjl2qe
QLTN9WniBsEhVm5mBcR1b+EuANW57x7J/Brz7PK5Th5q/8B6
-----END CERTIFICATE-----