Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/UAByN5pLG3_sFpaGOgGsgajV2tI.roa
File:                     UAByN5pLG3_sFpaGOgGsgajV2tI.roa (raw, json)
Hash identifier:          yaxjTCkFw+W540Nf5VOP29OTk0d1ExAFcK7wKNhgIQg=
Subject key identifier:   50:00:72:37:9A:4B:1B:7F:EC:16:96:86:3A:01:AC:81:A8:D5:DA:D2
Certificate issuer:       /CN=d56ef48ed6155dd7843eed3632469abaa3100bf3
Certificate serial:       018CCA295B421CB489E40A0767FC4AA9A4ED
Authority key identifier: D5:6E:F4:8E:D6:15:5D:D7:84:3E:ED:36:32:46:9A:BA:A3:10:0B:F3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/UAByN5pLG3_sFpaGOgGsgajV2tI.roa
Signing time:             Tue 02 Jan 2024 12:32:37 +0000
ROA not before:           Tue 02 Jan 2024 12:32:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202197
IP address blocks:        2a0e:8f02:21f0::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 13:01:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:29:5b:42:1c:b4:89:e4:0a:07:67:fc:4a:a9:a4:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d56ef48ed6155dd7843eed3632469abaa3100bf3
        Validity
            Not Before: Jan  2 12:32:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=500072379a4b1b7fec1696863a01ac81a8d5dad2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:69:e6:dd:da:9b:bd:41:2f:2b:d6:1a:ce:f6:
                    ae:f1:64:91:03:47:f1:08:87:78:38:83:37:17:06:
                    d4:50:ed:34:d7:b0:92:59:df:2c:2b:94:ba:20:a7:
                    56:3d:99:91:29:d5:b8:e1:f6:b1:87:a9:cb:86:a4:
                    4b:3b:6a:b9:f2:49:55:1d:8f:7f:05:da:52:3f:37:
                    08:f4:39:46:6e:66:d2:b6:0d:85:94:9c:73:55:b5:
                    b4:41:a6:99:45:9f:70:af:f8:61:0c:5e:c2:85:38:
                    3b:4e:bd:5a:ae:60:53:7e:bc:57:cb:e0:45:eb:ae:
                    a6:81:d9:f2:7a:bd:83:c2:9b:c6:e3:bc:8c:3c:55:
                    31:56:bb:ee:9d:28:30:b9:4d:e1:63:c0:c6:37:81:
                    45:58:41:e7:5c:10:35:d7:ff:48:4b:a3:49:83:fe:
                    99:5e:ca:cb:94:67:a4:6e:89:b7:60:42:15:24:a2:
                    e3:8a:4d:35:ba:1c:45:62:29:3a:5a:0f:9a:a7:fa:
                    db:6e:f2:60:86:0f:a8:2d:2b:26:7a:77:5c:16:2c:
                    ee:44:90:28:ae:bd:d5:23:de:2b:8d:05:98:68:ba:
                    3a:76:94:1c:91:e3:ec:ae:d3:3e:e6:46:07:8b:23:
                    78:ba:2c:29:ba:d2:ed:81:fb:47:fd:2f:ac:3b:05:
                    d3:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:00:72:37:9A:4B:1B:7F:EC:16:96:86:3A:01:AC:81:A8:D5:DA:D2
            X509v3 Authority Key Identifier:
                keyid:D5:6E:F4:8E:D6:15:5D:D7:84:3E:ED:36:32:46:9A:BA:A3:10:0B:F3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/UAByN5pLG3_sFpaGOgGsgajV2tI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:8f02:21f0::/44

    Signature Algorithm: sha256WithRSAEncryption
         80:a3:0a:74:6c:5d:5f:a5:32:96:05:8e:1d:e7:d1:66:28:2b:
         2f:37:2a:57:83:28:9c:8c:5f:97:8e:ff:c7:92:0d:fa:b1:7b:
         65:b2:61:23:24:d2:70:4b:cd:8f:9a:fe:b9:6d:aa:13:02:dc:
         0d:4c:3b:11:87:14:2f:c9:04:39:b2:31:8c:44:f2:82:fe:20:
         56:6f:06:f6:53:af:cd:fe:5e:ca:f0:01:98:a9:42:37:e4:07:
         f2:db:12:94:1b:9a:ca:82:75:91:97:4d:20:b2:41:b1:0f:04:
         c3:dd:25:54:43:87:80:42:a2:61:20:9a:0a:4a:b0:80:94:20:
         ae:18:d7:d3:68:48:63:f1:e4:73:3a:a1:d5:1f:2d:56:87:eb:
         06:89:31:77:64:bf:7e:3e:59:7a:60:6d:c3:dd:4d:0d:0d:9f:
         c1:d2:11:8e:b0:3c:ed:42:df:e1:2a:c7:a9:fd:25:3a:c1:02:
         33:a1:24:f0:46:36:e9:94:ea:28:91:08:92:bb:26:da:bf:fe:
         c2:6b:55:6f:ca:a5:6e:ea:2c:3a:a5:29:2c:e1:2c:b5:c9:cd:
         26:76:40:3f:c3:bc:ab:11:65:52:10:c2:29:04:67:fe:72:72:
         a7:4a:ef:63:9c:db:9a:fc:67:60:6a:de:af:54:b8:d5:96:a7:
         c4:32:56:b2
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzKKVtCHLSJ5AoHZ/xKqaTtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ1NmVmNDhlZDYxNTVkZDc4NDNlZWQzNjMyNDY5YWJhYTMx
MDBiZjMwHhcNMjQwMTAyMTIzMjM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MDAwNzIzNzlhNGIxYjdmZWMxNjk2ODYzYTAxYWM4MWE4ZDVkYWQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtWnm3dqbvUEvK9Yazvau8WSRA0fx
CId4OIM3FwbUUO0017CSWd8sK5S6IKdWPZmRKdW44faxh6nLhqRLO2q58klVHY9/
BdpSPzcI9DlGbmbStg2FlJxzVbW0QaaZRZ9wr/hhDF7ChTg7Tr1armBTfrxXy+BF
666mgdnyer2DwpvG47yMPFUxVrvunSgwuU3hY8DGN4FFWEHnXBA11/9IS6NJg/6Z
XsrLlGekbom3YEIVJKLjik01uhxFYik6Wg+ap/rbbvJghg+oLSsmendcFizuRJAo
rr3VI94rjQWYaLo6dpQckePsrtM+5kYHiyN4uiwputLtgftH/S+sOwXTDwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFFAAcjeaSxt/7BaWhjoBrIGo1drSMB8GA1UdIwQY
MBaAFNVu9I7WFV3XhD7tNjJGmrqjEAvzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMVc3MGp0WVZYZGVFUHUwMk1rYWF1cU1RQ19NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS81OGZmNTQtMzQxMC00ZTQyLWFhYjgt
ZDJkN2YyYmI2NGRmLzEvVUFCeU41cExHM19zRnBhR09nR3NnYWpWMnRJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS81OGZmNTQtMzQxMC00ZTQyLWFhYjgtZDJkN2YyYmI2NGRm
LzEvMVc3MGp0WVZYZGVFUHUwMk1rYWF1cU1RQ19NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6PAiHw
MA0GCSqGSIb3DQEBCwUAA4IBAQCAowp0bF1fpTKWBY4d59FmKCsvNypXgyicjF+X
jv/Hkg36sXtlsmEjJNJwS82Pmv65baoTAtwNTDsRhxQvyQQ5sjGMRPKC/iBWbwb2
U6/N/l7K8AGYqUI35Afy2xKUG5rKgnWRl00gskGxDwTD3SVUQ4eAQqJhIJoKSrCA
lCCuGNfTaEhj8eRzOqHVHy1Wh+sGiTF3ZL9+Pll6YG3D3U0NDZ/B0hGOsDztQt/h
Ksep/SU6wQIzoSTwRjbplOookQiSuybav/7Ca1VvyqVu6iw6pSks4Sy1yc0mdkA/
w7yrEWVSEMIpBGf+cnKnSu9jnNua/Gdgat6vVLjVlqfEMlay
-----END CERTIFICATE-----