Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/iss7SSrkEVkkGUA0aK3Qjw71-7w.roa
File:                     iss7SSrkEVkkGUA0aK3Qjw71-7w.roa (raw, json)
Hash identifier:          hV2vty5CebV9mOCI45UjejeMoRmHv0/plsnHVIn40xY=
Subject key identifier:   8A:CB:3B:49:2A:E4:11:59:24:19:40:34:68:AD:D0:8F:0E:F5:FB:BC
Certificate issuer:       /CN=d56ef48ed6155dd7843eed3632469abaa3100bf3
Certificate serial:       018CCA296940E90BF320597C56731C86FBEC
Authority key identifier: D5:6E:F4:8E:D6:15:5D:D7:84:3E:ED:36:32:46:9A:BA:A3:10:0B:F3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/iss7SSrkEVkkGUA0aK3Qjw71-7w.roa
Signing time:             Tue 02 Jan 2024 12:32:40 +0000
ROA not before:           Tue 02 Jan 2024 12:32:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211722
IP address blocks:        2a0e:8f02:2130::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:29:69:40:e9:0b:f3:20:59:7c:56:73:1c:86:fb:ec
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d56ef48ed6155dd7843eed3632469abaa3100bf3
        Validity
            Not Before: Jan  2 12:32:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8acb3b492ae411592419403468add08f0ef5fbbc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:c6:77:29:a8:6c:ff:c4:4e:3f:c1:07:af:e2:
                    fa:14:0a:78:f9:14:85:4c:a7:4c:19:29:8c:fc:ea:
                    c1:cd:9c:36:a5:c7:c3:a0:6a:77:16:73:fb:7d:60:
                    25:ec:55:99:07:01:6a:99:76:86:c6:89:1c:a3:1f:
                    3f:06:60:34:90:e4:67:29:89:55:a1:30:5d:c0:ea:
                    8c:e7:f4:9b:30:f2:20:41:c9:ef:37:3d:97:4c:60:
                    3b:cc:9d:50:a7:e6:42:87:7a:83:84:b9:0c:fa:90:
                    e5:aa:55:46:88:ac:14:ce:50:51:f6:8a:10:97:3d:
                    7f:b2:7a:d4:ad:7b:f8:e3:b2:ec:49:89:b8:32:a8:
                    93:0b:53:00:2c:ee:d1:95:e3:87:a0:3a:04:5f:2e:
                    ea:6f:fa:2e:ff:f3:00:ca:54:a5:0c:5a:ce:bc:01:
                    fd:ed:5f:e7:2e:d0:9f:e4:6a:cf:6a:59:de:4c:00:
                    0c:a5:bf:23:34:71:98:01:11:d2:01:01:89:22:e3:
                    44:e5:a7:73:d5:95:88:6e:58:34:60:8a:0e:5d:e6:
                    16:b1:7b:af:e6:79:57:14:cb:ba:80:a3:bd:ab:73:
                    f6:aa:89:fc:57:83:c8:f8:d8:67:8f:05:2e:05:30:
                    c4:15:bf:14:d9:42:40:82:67:ee:e9:21:3e:ac:b0:
                    f2:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:CB:3B:49:2A:E4:11:59:24:19:40:34:68:AD:D0:8F:0E:F5:FB:BC
            X509v3 Authority Key Identifier:
                keyid:D5:6E:F4:8E:D6:15:5D:D7:84:3E:ED:36:32:46:9A:BA:A3:10:0B:F3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/iss7SSrkEVkkGUA0aK3Qjw71-7w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:8f02:2130::/44

    Signature Algorithm: sha256WithRSAEncryption
         8b:12:c3:65:32:48:87:18:af:23:40:c9:22:9f:9d:77:e1:36:
         31:0a:b9:c2:23:68:9a:81:87:e5:71:f1:19:b5:26:6e:96:4e:
         24:c4:3f:71:61:31:5c:8e:2e:81:e1:7d:78:99:87:c5:fe:65:
         30:c6:a3:6d:83:ed:21:01:b6:67:89:2f:c6:ee:6b:9f:0f:a4:
         c8:66:b5:8b:7a:e6:56:82:5d:cf:4e:a8:dc:1f:2a:52:3a:58:
         37:2c:a6:1c:5b:9b:01:8c:d6:3b:86:19:7b:5b:66:0f:72:fa:
         16:50:f4:75:fe:54:9a:04:79:2f:4c:13:70:58:f1:5f:1b:ed:
         ea:52:ae:f2:40:a5:6a:0b:9e:89:2c:5d:31:bd:b7:d4:25:c8:
         8c:ac:97:ee:5f:1d:4e:7d:ef:5f:91:ef:24:c1:59:10:e0:87:
         ee:24:70:6f:37:08:8b:ab:bc:54:65:d3:f6:1e:76:fb:5a:4d:
         36:8f:05:22:e5:c6:73:a9:cd:5a:91:87:87:66:49:fe:21:6e:
         b5:27:e6:0e:6c:bc:10:9e:9f:6a:0e:d9:fe:11:2a:c5:5c:95:
         cd:3b:a7:1b:ff:b3:2f:55:11:47:1e:ef:2f:f0:d8:88:77:2d:
         17:d0:96:33:7f:2e:89:3a:b5:2f:29:f3:12:57:6d:7b:66:47:
         3c:e0:dc:1c
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzKKWlA6QvzIFl8VnMchvvsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ1NmVmNDhlZDYxNTVkZDc4NDNlZWQzNjMyNDY5YWJhYTMx
MDBiZjMwHhcNMjQwMTAyMTIzMjQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YWNiM2I0OTJhZTQxMTU5MjQxOTQwMzQ2OGFkZDA4ZjBlZjVmYmJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAssZ3Kahs/8ROP8EHr+L6FAp4+RSF
TKdMGSmM/OrBzZw2pcfDoGp3FnP7fWAl7FWZBwFqmXaGxokcox8/BmA0kORnKYlV
oTBdwOqM5/SbMPIgQcnvNz2XTGA7zJ1Qp+ZCh3qDhLkM+pDlqlVGiKwUzlBR9ooQ
lz1/snrUrXv447LsSYm4MqiTC1MALO7RleOHoDoEXy7qb/ou//MAylSlDFrOvAH9
7V/nLtCf5GrPalneTAAMpb8jNHGYARHSAQGJIuNE5adz1ZWIblg0YIoOXeYWsXuv
5nlXFMu6gKO9q3P2qon8V4PI+NhnjwUuBTDEFb8U2UJAgmfu6SE+rLDy+QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFIrLO0kq5BFZJBlANGit0I8O9fu8MB8GA1UdIwQY
MBaAFNVu9I7WFV3XhD7tNjJGmrqjEAvzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMVc3MGp0WVZYZGVFUHUwMk1rYWF1cU1RQ19NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS81OGZmNTQtMzQxMC00ZTQyLWFhYjgt
ZDJkN2YyYmI2NGRmLzEvaXNzN1NTcmtFVmtrR1VBMGFLM1FqdzcxLTd3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS81OGZmNTQtMzQxMC00ZTQyLWFhYjgtZDJkN2YyYmI2NGRm
LzEvMVc3MGp0WVZYZGVFUHUwMk1rYWF1cU1RQ19NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6PAiEw
MA0GCSqGSIb3DQEBCwUAA4IBAQCLEsNlMkiHGK8jQMkin5134TYxCrnCI2iagYfl
cfEZtSZulk4kxD9xYTFcji6B4X14mYfF/mUwxqNtg+0hAbZniS/G7mufD6TIZrWL
euZWgl3PTqjcHypSOlg3LKYcW5sBjNY7hhl7W2YPcvoWUPR1/lSaBHkvTBNwWPFf
G+3qUq7yQKVqC56JLF0xvbfUJciMrJfuXx1Ofe9fke8kwVkQ4IfuJHBvNwiLq7xU
ZdP2Hnb7Wk02jwUi5cZzqc1akYeHZkn+IW61J+YObLwQnp9qDtn+ESrFXJXNO6cb
/7MvVRFHHu8v8NiIdy0X0JYzfy6JOrUvKfMSV217Zkc84Nwc
-----END CERTIFICATE-----