Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/VF-X0GbopjDhEsHXaVu-91_6x0o.roa
File:                     VF-X0GbopjDhEsHXaVu-91_6x0o.roa (raw, json)
Hash identifier:          uAyTAjjs6+sMwsdstrgVnDlKZv+ui4c9UKneHXIpII8=
Subject key identifier:   54:5F:97:D0:66:E8:A6:30:E1:12:C1:D7:69:5B:BE:F7:5F:FA:C7:4A
Certificate issuer:       /CN=d56ef48ed6155dd7843eed3632469abaa3100bf3
Certificate serial:       018CCA2973443CFC8ACB6AE7FD421C3F2357
Authority key identifier: D5:6E:F4:8E:D6:15:5D:D7:84:3E:ED:36:32:46:9A:BA:A3:10:0B:F3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/VF-X0GbopjDhEsHXaVu-91_6x0o.roa
Signing time:             Tue 02 Jan 2024 12:32:43 +0000
ROA not before:           Tue 02 Jan 2024 12:32:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212666
IP address blocks:        2a0e:8f02:f009::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 22 May 2024 04:00:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:29:73:44:3c:fc:8a:cb:6a:e7:fd:42:1c:3f:23:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d56ef48ed6155dd7843eed3632469abaa3100bf3
        Validity
            Not Before: Jan  2 12:32:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=545f97d066e8a630e112c1d7695bbef75ffac74a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:6b:1e:22:37:b0:51:6f:14:02:67:04:1e:1c:
                    e5:fc:eb:b5:89:ec:0b:22:f7:98:9f:82:72:18:68:
                    90:52:a8:d1:18:8d:e7:c7:78:9a:84:f7:f4:15:96:
                    2a:ad:8f:78:51:6f:33:a6:ba:0b:b9:33:93:bc:fc:
                    79:19:65:2c:57:25:3b:a5:85:e2:a0:fd:89:56:6e:
                    8b:9a:e9:73:18:a6:fa:b8:4b:13:8c:f4:4b:02:f1:
                    2a:98:18:00:d6:34:c1:41:e6:d1:cc:91:d5:e6:d1:
                    7e:c8:d9:85:f7:5e:8f:59:93:fa:ec:00:cc:a0:ee:
                    66:51:aa:30:29:e1:46:32:24:7b:1d:a1:91:30:59:
                    29:35:72:5a:ef:e8:0a:7c:91:75:eb:64:27:05:99:
                    b4:a1:d7:d4:e7:bb:6c:7e:13:19:32:23:9d:95:ff:
                    92:4e:0f:25:6c:7b:a7:0e:6a:8c:eb:39:02:be:50:
                    c4:5d:d1:20:6d:b0:cd:23:d7:b4:38:4a:b8:83:9c:
                    3a:dc:20:b9:9e:2f:b4:6c:48:f2:05:8b:41:6f:63:
                    0d:6d:7a:52:77:97:85:f8:c9:66:8d:09:c0:5f:7e:
                    8b:7f:ba:e5:49:10:61:b4:c1:b6:7c:c3:b5:35:b4:
                    84:ce:00:8e:00:ac:d4:47:2f:06:ae:5b:7d:d0:32:
                    d6:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                54:5F:97:D0:66:E8:A6:30:E1:12:C1:D7:69:5B:BE:F7:5F:FA:C7:4A
            X509v3 Authority Key Identifier:
                keyid:D5:6E:F4:8E:D6:15:5D:D7:84:3E:ED:36:32:46:9A:BA:A3:10:0B:F3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/VF-X0GbopjDhEsHXaVu-91_6x0o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:8f02:f009::/48

    Signature Algorithm: sha256WithRSAEncryption
         86:20:02:ef:c1:7f:db:34:3d:63:92:f2:2a:98:49:a1:71:fc:
         96:19:c5:e2:a9:cc:ef:b0:94:8e:32:32:63:2f:eb:ed:c7:ca:
         35:d4:8d:ad:bb:11:82:64:44:6c:a1:2c:5f:72:87:d6:8e:61:
         0a:d6:48:78:32:18:83:44:39:5e:63:9f:b6:3a:7f:44:a6:36:
         bc:7a:79:7b:d9:0b:10:67:0b:79:66:bc:d2:66:93:15:f2:d6:
         6b:88:74:ab:85:e2:54:59:bf:b6:29:11:76:1f:17:33:20:63:
         a0:88:f4:5c:5b:16:ad:0f:3c:cd:a4:6d:11:17:63:d7:4f:79:
         6e:88:4e:19:96:cb:ab:3d:3d:6d:ae:4b:d9:54:06:e5:b9:6e:
         c9:1a:bf:e6:52:0b:b0:86:4d:c7:72:6e:3f:2d:5c:e3:f3:7b:
         dd:1a:6c:12:19:68:db:72:86:b9:31:aa:05:2e:83:81:d6:ed:
         d9:86:84:45:ca:cb:24:70:2d:dd:c0:23:29:bc:5f:06:4b:d5:
         d8:9c:d7:2d:67:cf:06:17:3f:79:4f:37:2a:dd:62:13:5e:cc:
         15:7b:7a:aa:60:8b:de:0f:76:89:14:b0:97:22:59:b1:61:c4:
         7a:ac:af:1e:6e:72:eb:a0:8c:b5:18:96:c2:10:f1:2e:40:45:
         84:e0:60:63
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzKKXNEPPyKy2rn/UIcPyNXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ1NmVmNDhlZDYxNTVkZDc4NDNlZWQzNjMyNDY5YWJhYTMx
MDBiZjMwHhcNMjQwMTAyMTIzMjQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NDVmOTdkMDY2ZThhNjMwZTExMmMxZDc2OTViYmVmNzVmZmFjNzRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAomseIjewUW8UAmcEHhzl/Ou1iewL
IveYn4JyGGiQUqjRGI3nx3iahPf0FZYqrY94UW8zproLuTOTvPx5GWUsVyU7pYXi
oP2JVm6LmulzGKb6uEsTjPRLAvEqmBgA1jTBQebRzJHV5tF+yNmF916PWZP67ADM
oO5mUaowKeFGMiR7HaGRMFkpNXJa7+gKfJF162QnBZm0odfU57tsfhMZMiOdlf+S
Tg8lbHunDmqM6zkCvlDEXdEgbbDNI9e0OEq4g5w63CC5ni+0bEjyBYtBb2MNbXpS
d5eF+MlmjQnAX36Lf7rlSRBhtMG2fMO1NbSEzgCOAKzURy8Grlt90DLWKwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFFRfl9Bm6KYw4RLB12lbvvdf+sdKMB8GA1UdIwQY
MBaAFNVu9I7WFV3XhD7tNjJGmrqjEAvzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMVc3MGp0WVZYZGVFUHUwMk1rYWF1cU1RQ19NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS81OGZmNTQtMzQxMC00ZTQyLWFhYjgt
ZDJkN2YyYmI2NGRmLzEvVkYtWDBHYm9wakRoRXNIWGFWdS05MV82eDBvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS81OGZmNTQtMzQxMC00ZTQyLWFhYjgtZDJkN2YyYmI2NGRm
LzEvMVc3MGp0WVZYZGVFUHUwMk1rYWF1cU1RQ19NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg6PAvAJ
MA0GCSqGSIb3DQEBCwUAA4IBAQCGIALvwX/bND1jkvIqmEmhcfyWGcXiqczvsJSO
MjJjL+vtx8o11I2tuxGCZERsoSxfcofWjmEK1kh4MhiDRDleY5+2On9Epja8enl7
2QsQZwt5ZrzSZpMV8tZriHSrheJUWb+2KRF2HxczIGOgiPRcWxatDzzNpG0RF2PX
T3luiE4ZlsurPT1trkvZVAbluW7JGr/mUguwhk3Hcm4/LVzj83vdGmwSGWjbcoa5
MaoFLoOB1u3ZhoRFysskcC3dwCMpvF8GS9XYnNctZ88GFz95Tzcq3WITXswVe3qq
YIveD3aJFLCXIlmxYcR6rK8ebnLroIy1GJbCEPEuQEWE4GBj
-----END CERTIFICATE-----