Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/STNXW1yU6JbBbtMzs6FgCvUsc_A.roa
File:                     STNXW1yU6JbBbtMzs6FgCvUsc_A.roa (raw, json)
Hash identifier:          jHhb6Pt7XksXoFpn902Zk/gC7p1/xfg4WQ1cUnvFVmg=
Subject key identifier:   49:33:57:5B:5C:94:E8:96:C1:6E:D3:33:B3:A1:60:0A:F5:2C:73:F0
Certificate issuer:       /CN=d56ef48ed6155dd7843eed3632469abaa3100bf3
Certificate serial:       018CCA295A8CF20745F9F5E78271C5770563
Authority key identifier: D5:6E:F4:8E:D6:15:5D:D7:84:3E:ED:36:32:46:9A:BA:A3:10:0B:F3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/STNXW1yU6JbBbtMzs6FgCvUsc_A.roa
Signing time:             Tue 02 Jan 2024 12:32:36 +0000
ROA not before:           Tue 02 Jan 2024 12:32:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201733
IP address blocks:        2a0e:8f02:f051::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:29:5a:8c:f2:07:45:f9:f5:e7:82:71:c5:77:05:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d56ef48ed6155dd7843eed3632469abaa3100bf3
        Validity
            Not Before: Jan  2 12:32:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4933575b5c94e896c16ed333b3a1600af52c73f0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:f2:5a:fc:65:75:44:ac:57:fa:e6:6f:21:ba:
                    04:2f:50:9b:bb:28:7d:38:99:99:f6:f9:37:4e:96:
                    c7:ef:1e:7e:a8:42:9c:ea:0f:cd:4a:b3:b6:b8:47:
                    6d:a1:f3:2b:59:a5:37:c3:66:ca:d3:8a:21:ea:55:
                    b0:d8:67:ad:6f:e0:8c:17:bf:04:58:26:66:47:db:
                    ca:65:a5:88:01:d3:65:72:e3:ed:59:66:d5:ff:f7:
                    fa:c1:af:99:cd:44:bd:c7:b6:15:e8:aa:e9:b8:20:
                    38:50:d0:bb:cf:df:7d:05:de:05:a2:53:c4:1f:b4:
                    9f:57:19:41:cb:10:a1:21:87:d0:51:94:ea:ff:89:
                    16:76:8a:0e:de:da:be:50:45:1b:bf:16:10:bc:16:
                    2b:bb:93:3f:13:27:69:32:0e:9f:0b:57:1c:c0:2a:
                    71:c7:d7:fd:17:cb:47:9a:c8:9a:73:60:96:61:60:
                    69:91:e7:d6:53:03:83:b4:33:e6:15:0f:12:fc:f9:
                    fb:a3:c1:7b:72:46:bb:15:db:13:6d:6e:d0:c1:68:
                    39:3a:9c:b5:c2:9e:6c:95:5d:da:b8:eb:4c:fa:d8:
                    15:f0:50:a3:bc:b3:2a:80:c7:4d:85:00:8e:b4:d2:
                    e2:07:54:1d:c2:45:c1:f8:29:d0:21:99:0c:d7:76:
                    13:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                49:33:57:5B:5C:94:E8:96:C1:6E:D3:33:B3:A1:60:0A:F5:2C:73:F0
            X509v3 Authority Key Identifier:
                keyid:D5:6E:F4:8E:D6:15:5D:D7:84:3E:ED:36:32:46:9A:BA:A3:10:0B:F3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/STNXW1yU6JbBbtMzs6FgCvUsc_A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:8f02:f051::/48

    Signature Algorithm: sha256WithRSAEncryption
         2c:ff:fd:cc:4a:f0:1b:30:c6:93:c3:9a:ef:1a:ac:f0:12:f3:
         29:f2:70:fe:8c:2d:09:bf:cf:f2:ef:f2:6d:e2:36:bc:c9:e4:
         a3:90:ed:47:ee:45:e9:6c:89:6b:2b:9a:30:58:9f:da:7a:cc:
         1c:07:10:54:d7:9f:15:f8:10:35:dd:60:71:29:24:f3:2b:6e:
         de:47:ee:6e:b2:26:c7:1d:0c:63:f1:d6:fd:b5:dc:e9:36:d7:
         d3:c0:61:8e:15:09:e4:6d:96:f3:a0:43:92:7c:29:92:90:82:
         dc:dd:3c:64:a2:a3:f9:20:d5:37:ca:5a:9a:54:a9:82:18:46:
         21:86:df:cf:05:93:3b:46:98:8e:7c:ba:e5:fd:f1:b8:dc:57:
         a3:8c:ce:aa:a0:c3:cb:a5:1a:d7:19:2e:48:4e:d0:ba:e6:c8:
         c9:97:0f:0b:02:ee:5c:58:9e:d5:d5:e1:ed:32:51:f0:81:9c:
         47:c4:c4:ab:67:4c:f2:be:40:79:f5:a9:dd:1b:1f:93:41:d4:
         c4:04:94:2f:ab:a0:e4:6a:8e:34:cc:48:c1:9f:d2:93:02:e7:
         03:2b:df:ef:aa:2a:23:42:b4:08:6d:99:90:85:09:c2:9c:6d:
         57:fd:39:12:e7:88:49:46:64:f1:b0:7a:21:70:6d:ed:17:b1:
         3b:08:38:d5
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzKKVqM8gdF+fXngnHFdwVjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ1NmVmNDhlZDYxNTVkZDc4NDNlZWQzNjMyNDY5YWJhYTMx
MDBiZjMwHhcNMjQwMTAyMTIzMjM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OTMzNTc1YjVjOTRlODk2YzE2ZWQzMzNiM2ExNjAwYWY1MmM3M2YwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxfJa/GV1RKxX+uZvIboEL1Cbuyh9
OJmZ9vk3TpbH7x5+qEKc6g/NSrO2uEdtofMrWaU3w2bK04oh6lWw2Getb+CMF78E
WCZmR9vKZaWIAdNlcuPtWWbV//f6wa+ZzUS9x7YV6KrpuCA4UNC7z999Bd4FolPE
H7SfVxlByxChIYfQUZTq/4kWdooO3tq+UEUbvxYQvBYru5M/EydpMg6fC1ccwCpx
x9f9F8tHmsiac2CWYWBpkefWUwODtDPmFQ8S/Pn7o8F7cka7FdsTbW7QwWg5Opy1
wp5slV3auOtM+tgV8FCjvLMqgMdNhQCOtNLiB1QdwkXB+CnQIZkM13YTKQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFEkzV1tclOiWwW7TM7OhYAr1LHPwMB8GA1UdIwQY
MBaAFNVu9I7WFV3XhD7tNjJGmrqjEAvzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMVc3MGp0WVZYZGVFUHUwMk1rYWF1cU1RQ19NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS81OGZmNTQtMzQxMC00ZTQyLWFhYjgt
ZDJkN2YyYmI2NGRmLzEvU1ROWFcxeVU2SmJCYnRNenM2RmdDdlVzY19BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS81OGZmNTQtMzQxMC00ZTQyLWFhYjgtZDJkN2YyYmI2NGRm
LzEvMVc3MGp0WVZYZGVFUHUwMk1rYWF1cU1RQ19NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg6PAvBR
MA0GCSqGSIb3DQEBCwUAA4IBAQAs//3MSvAbMMaTw5rvGqzwEvMp8nD+jC0Jv8/y
7/Jt4ja8yeSjkO1H7kXpbIlrK5owWJ/aeswcBxBU158V+BA13WBxKSTzK27eR+5u
sibHHQxj8db9tdzpNtfTwGGOFQnkbZbzoEOSfCmSkILc3TxkoqP5INU3ylqaVKmC
GEYhht/PBZM7RpiOfLrl/fG43FejjM6qoMPLpRrXGS5ITtC65sjJlw8LAu5cWJ7V
1eHtMlHwgZxHxMSrZ0zyvkB59andGx+TQdTEBJQvq6Dkao40zEjBn9KTAucDK9/v
qiojQrQIbZmQhQnCnG1X/TkS54hJRmTxsHohcG3tF7E7CDjV
-----END CERTIFICATE-----