Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/mD9LaRNHqsZJm-kqSub2htztWZs.roa
File:                     mD9LaRNHqsZJm-kqSub2htztWZs.roa (raw, json)
Hash identifier:          Ypaj0rr3MqBGVXURfVjOjgQlQ/vrLwSyNpmZ1bNRUvE=
Subject key identifier:   98:3F:4B:69:13:47:AA:C6:49:9B:E9:2A:4A:E6:F6:86:DC:ED:59:9B
Certificate issuer:       /CN=d56ef48ed6155dd7843eed3632469abaa3100bf3
Certificate serial:       018CCA2974EA48D6FFAD6C0EF61D3E2D49AA
Authority key identifier: D5:6E:F4:8E:D6:15:5D:D7:84:3E:ED:36:32:46:9A:BA:A3:10:0B:F3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/mD9LaRNHqsZJm-kqSub2htztWZs.roa
Signing time:             Tue 02 Jan 2024 12:32:43 +0000
ROA not before:           Tue 02 Jan 2024 12:32:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213033
IP address blocks:        2a0e:8f02:f003::/48 maxlen: 48
                          2a0e:8f02:20e0::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:29:74:ea:48:d6:ff:ad:6c:0e:f6:1d:3e:2d:49:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d56ef48ed6155dd7843eed3632469abaa3100bf3
        Validity
            Not Before: Jan  2 12:32:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=983f4b691347aac6499be92a4ae6f686dced599b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:f7:66:cc:09:67:ad:79:09:94:e7:31:45:04:
                    37:43:fc:a5:91:94:e1:8f:b4:f4:71:d8:74:64:be:
                    60:34:33:81:51:c8:0f:10:b9:78:a5:4b:5e:72:c2:
                    a1:da:0f:91:1f:3c:fc:e9:73:1e:b4:27:e2:2c:46:
                    04:e3:c3:eb:56:19:37:28:fd:20:b1:ab:f7:4b:22:
                    97:14:03:3c:24:09:22:ff:6e:07:9a:e9:35:4e:a8:
                    6e:aa:a6:2b:d2:24:78:4b:f4:56:2b:c5:66:25:26:
                    95:ae:94:19:1a:44:3e:45:66:b4:72:14:58:80:b8:
                    f5:42:d8:9d:d9:1a:48:dd:51:60:b5:6f:17:e8:9f:
                    d1:f4:43:fa:ab:a0:62:29:95:3e:b2:57:29:d0:bf:
                    02:a9:17:a6:08:89:73:26:c6:42:42:aa:24:af:99:
                    a9:ae:13:47:6d:55:24:d3:11:31:59:89:63:1e:a6:
                    80:5a:9c:09:55:68:2e:5f:a4:25:dc:5a:b6:3b:93:
                    a1:f0:61:77:5d:db:34:61:d1:d7:36:c2:ab:4d:05:
                    19:cd:af:92:ef:fd:44:ea:d8:b2:65:ca:e4:02:46:
                    16:49:de:49:f4:d9:8f:c0:5c:92:cd:04:86:27:de:
                    c9:8e:60:0a:99:30:a0:b1:98:8e:89:75:5c:12:c0:
                    45:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:3F:4B:69:13:47:AA:C6:49:9B:E9:2A:4A:E6:F6:86:DC:ED:59:9B
            X509v3 Authority Key Identifier:
                keyid:D5:6E:F4:8E:D6:15:5D:D7:84:3E:ED:36:32:46:9A:BA:A3:10:0B:F3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/mD9LaRNHqsZJm-kqSub2htztWZs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:8f02:20e0::/44
                  2a0e:8f02:f003::/48

    Signature Algorithm: sha256WithRSAEncryption
         6b:35:f1:ba:c5:5e:3e:8c:91:58:2b:c6:ec:08:92:ca:16:ac:
         10:dc:c4:09:fd:ef:88:b6:67:b3:ed:e4:11:d3:2c:8a:b7:19:
         18:63:32:07:a4:64:ac:1b:7a:36:67:53:f3:e6:6c:05:99:a6:
         ad:64:24:92:2b:61:0e:93:61:3c:46:af:0b:eb:2d:59:b1:1f:
         a6:e4:4c:e3:b1:35:a2:fc:c9:91:0c:a9:4d:30:8e:f8:b1:87:
         cb:ba:88:d4:28:ec:b3:85:f0:4a:f6:8b:4d:16:e9:97:9e:90:
         6d:d4:a3:fa:bc:39:57:08:be:5c:38:d6:a7:61:33:c2:36:a8:
         79:af:58:d2:90:ed:40:4e:cf:93:93:76:12:72:ba:8c:5d:9a:
         a7:58:4f:89:97:21:25:01:1c:49:b6:96:1c:59:9b:4e:86:0b:
         44:fa:c3:f8:52:63:0a:c1:d4:80:66:97:00:0b:2c:81:19:3b:
         c4:62:35:12:d8:8f:4c:cc:5d:27:2b:0f:7a:a8:c6:d9:89:93:
         da:f0:a9:ee:3c:e7:67:47:7c:9f:b1:00:42:9e:ae:1b:cc:5c:
         68:0a:16:10:3b:ac:27:2f:ad:7c:e9:22:8f:a3:2d:69:60:ac:
         95:15:b4:30:f9:65:9b:f6:49:bc:76:ae:67:50:31:d8:dc:cc:
         ba:a8:b5:b2
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzKKXTqSNb/rWwO9h0+LUmqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ1NmVmNDhlZDYxNTVkZDc4NDNlZWQzNjMyNDY5YWJhYTMx
MDBiZjMwHhcNMjQwMTAyMTIzMjQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ODNmNGI2OTEzNDdhYWM2NDk5YmU5MmE0YWU2ZjY4NmRjZWQ1OTliMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgPdmzAlnrXkJlOcxRQQ3Q/ylkZTh
j7T0cdh0ZL5gNDOBUcgPELl4pUtecsKh2g+RHzz86XMetCfiLEYE48PrVhk3KP0g
sav3SyKXFAM8JAki/24Hmuk1TqhuqqYr0iR4S/RWK8VmJSaVrpQZGkQ+RWa0chRY
gLj1Qtid2RpI3VFgtW8X6J/R9EP6q6BiKZU+slcp0L8CqRemCIlzJsZCQqokr5mp
rhNHbVUk0xExWYljHqaAWpwJVWguX6Ql3Fq2O5Oh8GF3Xds0YdHXNsKrTQUZza+S
7/1E6tiyZcrkAkYWSd5J9NmPwFySzQSGJ97JjmAKmTCgsZiOiXVcEsBFSQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFJg/S2kTR6rGSZvpKkrm9obc7VmbMB8GA1UdIwQY
MBaAFNVu9I7WFV3XhD7tNjJGmrqjEAvzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMVc3MGp0WVZYZGVFUHUwMk1rYWF1cU1RQ19NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS81OGZmNTQtMzQxMC00ZTQyLWFhYjgt
ZDJkN2YyYmI2NGRmLzEvbUQ5TGFSTkhxc1pKbS1rcVN1YjJodHp0V1pzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS81OGZmNTQtMzQxMC00ZTQyLWFhYjgtZDJkN2YyYmI2NGRm
LzEvMVc3MGp0WVZYZGVFUHUwMk1rYWF1cU1RQ19NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcEKg6PAiDg
AwcAKg6PAvADMA0GCSqGSIb3DQEBCwUAA4IBAQBrNfG6xV4+jJFYK8bsCJLKFqwQ
3MQJ/e+Itmez7eQR0yyKtxkYYzIHpGSsG3o2Z1Pz5mwFmaatZCSSK2EOk2E8Rq8L
6y1ZsR+m5EzjsTWi/MmRDKlNMI74sYfLuojUKOyzhfBK9otNFumXnpBt1KP6vDlX
CL5cONanYTPCNqh5r1jSkO1ATs+Tk3YScrqMXZqnWE+JlyElARxJtpYcWZtOhgtE
+sP4UmMKwdSAZpcACyyBGTvEYjUS2I9MzF0nKw96qMbZiZPa8KnuPOdnR3yfsQBC
nq4bzFxoChYQO6wnL6186SKPoy1pYKyVFbQw+WWb9km8dq5nUDHY3My6qLWy
-----END CERTIFICATE-----