Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/fkujBUB71G0xTD0rkZpVcH_ekKI.roa
File:                     fkujBUB71G0xTD0rkZpVcH_ekKI.roa (raw, json)
Hash identifier:          LPto36N6ZxembkXp8XgqYKYvkfOhpjruR+1QlprdbFg=
Subject key identifier:   7E:4B:A3:05:40:7B:D4:6D:31:4C:3D:2B:91:9A:55:70:7F:DE:90:A2
Certificate issuer:       /CN=d56ef48ed6155dd7843eed3632469abaa3100bf3
Certificate serial:       018CCA29554F752BF91889D519133F362086
Authority key identifier: D5:6E:F4:8E:D6:15:5D:D7:84:3E:ED:36:32:46:9A:BA:A3:10:0B:F3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/fkujBUB71G0xTD0rkZpVcH_ekKI.roa
Signing time:             Tue 02 Jan 2024 12:32:35 +0000
ROA not before:           Tue 02 Jan 2024 12:32:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49192
IP address blocks:        2a0e:8f02:2200::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 22 May 2024 04:00:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:29:55:4f:75:2b:f9:18:89:d5:19:13:3f:36:20:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d56ef48ed6155dd7843eed3632469abaa3100bf3
        Validity
            Not Before: Jan  2 12:32:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7e4ba305407bd46d314c3d2b919a55707fde90a2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:2e:95:c7:71:84:71:e3:1b:9e:04:20:4c:2a:
                    f0:77:18:1c:e1:8c:4c:ad:1b:64:e9:46:fc:e0:4e:
                    6b:c3:94:79:64:a9:fb:f4:7f:71:e2:9b:5a:5c:a8:
                    32:cd:a5:2a:0a:3c:3c:22:7e:dc:b9:7f:cd:41:64:
                    69:1f:fe:70:c2:2a:d6:e1:2c:c9:33:c8:82:b4:5a:
                    a5:9c:82:69:21:de:50:c7:5c:f3:46:76:6a:b7:6b:
                    fd:cd:46:52:8d:52:96:c2:16:7c:25:0c:c6:0d:e6:
                    61:3a:b1:ec:2d:af:aa:78:7d:a0:d3:b2:0d:ec:59:
                    e5:b1:07:3d:52:95:0d:87:1c:65:ad:62:72:11:fd:
                    1c:8c:62:66:2e:7f:e8:e5:5d:c1:ae:31:26:20:50:
                    8e:fe:9d:fc:a9:11:3f:8f:65:4a:d6:c8:cc:05:4d:
                    4a:65:a3:94:b3:30:3a:28:00:40:ac:15:d0:4f:7f:
                    2c:0b:43:72:4d:7a:08:88:0d:ad:e8:35:18:8a:50:
                    89:07:ca:6c:8f:0b:72:b9:45:66:6a:45:b4:2c:a1:
                    b8:dc:62:ba:0c:a3:75:bb:e3:a9:35:26:4a:6c:e8:
                    d6:3b:08:ee:de:f6:a6:37:a8:79:b7:c3:a1:79:47:
                    9f:7f:39:f2:01:52:e5:d8:d4:fb:91:5c:b9:f2:e7:
                    63:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:4B:A3:05:40:7B:D4:6D:31:4C:3D:2B:91:9A:55:70:7F:DE:90:A2
            X509v3 Authority Key Identifier:
                keyid:D5:6E:F4:8E:D6:15:5D:D7:84:3E:ED:36:32:46:9A:BA:A3:10:0B:F3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/fkujBUB71G0xTD0rkZpVcH_ekKI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:8f02:2200::/44

    Signature Algorithm: sha256WithRSAEncryption
         63:4b:33:3b:c9:3a:3a:7f:b8:ed:54:7f:fd:5f:a1:26:5d:17:
         e3:1a:22:ed:e6:e1:d9:4e:f4:48:87:ce:db:b1:be:7f:0d:1f:
         39:c5:5e:4d:38:29:30:70:76:e0:3a:86:7e:26:48:8e:17:5b:
         a7:06:e2:92:32:d5:ec:b1:e1:f7:f7:fa:51:b1:be:fe:31:64:
         bf:c6:07:1e:6c:0b:e3:80:e4:e9:fe:33:4c:f6:9d:78:1a:68:
         43:6d:45:4b:e5:72:66:aa:0a:47:bc:13:88:fe:6a:f2:9e:c3:
         1a:62:74:ed:81:c1:b0:6a:d6:c8:9f:81:3d:0c:a4:5b:9e:83:
         d9:4b:96:03:c5:83:a8:05:fc:0a:f3:cb:40:53:ed:af:38:e6:
         4b:58:33:29:cd:7e:d1:f2:cd:26:85:35:96:4f:f6:d3:c2:43:
         ed:1b:8c:d4:01:6a:81:84:26:7d:a7:eb:f5:c9:64:f2:4c:48:
         99:ba:7a:1a:0e:60:77:d3:14:13:b5:cb:95:e3:c8:5b:1b:3d:
         2f:90:4a:34:86:6e:8c:16:69:32:75:66:f9:fc:93:cf:64:c2:
         26:92:ce:c8:1d:d7:19:06:b0:5b:30:34:df:4e:14:65:43:9a:
         f4:01:87:f1:a4:ec:36:82:d0:a6:d5:4f:d0:c2:8c:30:13:94:
         0e:ad:80:bc
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzKKVVPdSv5GInVGRM/NiCGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ1NmVmNDhlZDYxNTVkZDc4NDNlZWQzNjMyNDY5YWJhYTMx
MDBiZjMwHhcNMjQwMTAyMTIzMjM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZTRiYTMwNTQwN2JkNDZkMzE0YzNkMmI5MTlhNTU3MDdmZGU5MGEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqC6Vx3GEceMbngQgTCrwdxgc4YxM
rRtk6Ub84E5rw5R5ZKn79H9x4ptaXKgyzaUqCjw8In7cuX/NQWRpH/5wwirW4SzJ
M8iCtFqlnIJpId5Qx1zzRnZqt2v9zUZSjVKWwhZ8JQzGDeZhOrHsLa+qeH2g07IN
7FnlsQc9UpUNhxxlrWJyEf0cjGJmLn/o5V3BrjEmIFCO/p38qRE/j2VK1sjMBU1K
ZaOUszA6KABArBXQT38sC0NyTXoIiA2t6DUYilCJB8psjwtyuUVmakW0LKG43GK6
DKN1u+OpNSZKbOjWOwju3vamN6h5t8OheUeffznyAVLl2NT7kVy58udjowIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFH5LowVAe9RtMUw9K5GaVXB/3pCiMB8GA1UdIwQY
MBaAFNVu9I7WFV3XhD7tNjJGmrqjEAvzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMVc3MGp0WVZYZGVFUHUwMk1rYWF1cU1RQ19NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS81OGZmNTQtMzQxMC00ZTQyLWFhYjgt
ZDJkN2YyYmI2NGRmLzEvZmt1akJVQjcxRzB4VEQwcmtacFZjSF9la0tJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS81OGZmNTQtMzQxMC00ZTQyLWFhYjgtZDJkN2YyYmI2NGRm
LzEvMVc3MGp0WVZYZGVFUHUwMk1rYWF1cU1RQ19NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6PAiIA
MA0GCSqGSIb3DQEBCwUAA4IBAQBjSzM7yTo6f7jtVH/9X6EmXRfjGiLt5uHZTvRI
h87bsb5/DR85xV5NOCkwcHbgOoZ+JkiOF1unBuKSMtXsseH39/pRsb7+MWS/xgce
bAvjgOTp/jNM9p14GmhDbUVL5XJmqgpHvBOI/mrynsMaYnTtgcGwatbIn4E9DKRb
noPZS5YDxYOoBfwK88tAU+2vOOZLWDMpzX7R8s0mhTWWT/bTwkPtG4zUAWqBhCZ9
p+v1yWTyTEiZunoaDmB30xQTtcuV48hbGz0vkEo0hm6MFmkydWb5/JPPZMImks7I
HdcZBrBbMDTfThRlQ5r0AYfxpOw2gtCm1U/QwowwE5QOrYC8
-----END CERTIFICATE-----