Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/y1R0S-q2N1i6JXnYzXqiBxdj744.roa
File:                     y1R0S-q2N1i6JXnYzXqiBxdj744.roa (raw, json)
Hash identifier:          YRLkkoGQ0AVNNbNlrS/97V/OaNM5OShh3xH/GWQkMz8=
Subject key identifier:   CB:54:74:4B:EA:B6:37:58:BA:25:79:D8:CD:7A:A2:07:17:63:EF:8E
Certificate issuer:       /CN=d56ef48ed6155dd7843eed3632469abaa3100bf3
Certificate serial:       018CCA2955F81415EF73B698C15A16B5F612
Authority key identifier: D5:6E:F4:8E:D6:15:5D:D7:84:3E:ED:36:32:46:9A:BA:A3:10:0B:F3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/y1R0S-q2N1i6JXnYzXqiBxdj744.roa
Signing time:             Tue 02 Jan 2024 12:32:35 +0000
ROA not before:           Tue 02 Jan 2024 12:32:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57403
IP address blocks:        2a0e:8f02:f04f::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 22 May 2024 04:00:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:29:55:f8:14:15:ef:73:b6:98:c1:5a:16:b5:f6:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d56ef48ed6155dd7843eed3632469abaa3100bf3
        Validity
            Not Before: Jan  2 12:32:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cb54744beab63758ba2579d8cd7aa2071763ef8e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:cf:29:1a:4c:46:05:89:63:65:ae:e7:ea:30:
                    3a:c7:df:67:0f:88:c9:9a:66:a0:54:ec:07:b6:82:
                    74:e8:be:49:97:71:49:73:47:f4:64:c8:8e:c6:fd:
                    26:37:85:d8:af:8f:d3:1a:3e:84:e9:f3:ab:25:0a:
                    10:54:80:0e:92:f5:d4:0d:45:f5:c3:50:e3:93:d3:
                    17:2d:fd:65:13:63:87:c9:59:06:d4:d0:75:00:2f:
                    1b:a2:d4:10:ed:ab:d4:2a:8e:57:3d:a0:51:62:b3:
                    1a:8a:81:45:93:1a:84:73:b9:51:cf:d2:84:26:a6:
                    8d:85:c8:e2:ab:e8:17:ee:d3:76:40:cf:63:8c:29:
                    cf:62:6c:9d:12:e5:3a:cb:7c:b3:2e:13:b4:5a:63:
                    27:c3:7d:21:6a:c6:71:62:d7:1e:9f:52:b4:be:17:
                    ea:52:47:59:88:ce:7f:3e:c0:08:f4:66:ae:6d:11:
                    9f:24:a0:aa:ca:c3:17:fd:ce:70:86:75:6d:7f:dc:
                    c3:31:00:15:b0:ad:26:86:77:cb:7d:60:f1:f9:7a:
                    b1:70:20:4d:0d:69:7a:28:d3:8a:05:b6:59:52:7d:
                    82:c4:d9:56:07:e8:b0:d1:bb:f6:84:44:34:75:4d:
                    31:a1:b1:55:67:17:d6:e1:f5:0f:4a:1c:9f:02:70:
                    2b:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:54:74:4B:EA:B6:37:58:BA:25:79:D8:CD:7A:A2:07:17:63:EF:8E
            X509v3 Authority Key Identifier:
                keyid:D5:6E:F4:8E:D6:15:5D:D7:84:3E:ED:36:32:46:9A:BA:A3:10:0B:F3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/y1R0S-q2N1i6JXnYzXqiBxdj744.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:8f02:f04f::/48

    Signature Algorithm: sha256WithRSAEncryption
         0f:8d:24:f9:40:4a:aa:fa:c8:8a:e1:e0:f6:5f:3d:cd:5d:c2:
         91:ae:48:58:3b:28:48:a2:cd:76:26:f0:0b:b2:1a:89:c1:1f:
         af:fb:c8:85:78:90:b3:af:0d:65:49:f6:91:d8:e6:f3:f4:37:
         2f:92:05:b9:cf:04:15:9e:a9:fe:6d:0e:2c:c6:37:40:09:20:
         df:74:52:d1:b8:30:4f:e5:43:b9:5b:e9:c6:f2:31:33:0a:f6:
         ae:ce:25:b5:a5:8d:7c:a6:d3:fa:60:5f:a8:a3:50:8e:fe:b6:
         10:d2:48:5e:c1:08:e3:51:97:f2:27:69:75:9b:01:c7:4f:a1:
         61:0d:81:78:59:c0:7f:5c:81:dc:cf:db:4e:1e:d1:8c:67:f0:
         a3:4a:e3:e0:f9:9c:4e:b5:03:b9:e2:45:b5:01:20:cd:d7:5f:
         e4:8b:a5:b7:ff:e0:a2:80:46:5a:ac:75:49:98:f6:2b:76:b6:
         ec:95:05:30:5c:06:03:b0:61:78:e2:63:c6:44:6e:c8:36:63:
         18:c5:15:f1:0a:7c:9c:25:58:75:82:ac:91:1d:7e:be:c9:74:
         31:76:bb:c5:a2:56:76:ea:ed:e7:1f:e5:05:4c:b4:4d:b3:4d:
         14:bd:54:7d:ce:f1:2e:5f:5c:9d:ae:68:ac:18:66:f4:61:fe:
         c0:5a:b0:b4
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzKKVX4FBXvc7aYwVoWtfYSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ1NmVmNDhlZDYxNTVkZDc4NDNlZWQzNjMyNDY5YWJhYTMx
MDBiZjMwHhcNMjQwMTAyMTIzMjM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYjU0NzQ0YmVhYjYzNzU4YmEyNTc5ZDhjZDdhYTIwNzE3NjNlZjhlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqc8pGkxGBYljZa7n6jA6x99nD4jJ
mmagVOwHtoJ06L5Jl3FJc0f0ZMiOxv0mN4XYr4/TGj6E6fOrJQoQVIAOkvXUDUX1
w1Djk9MXLf1lE2OHyVkG1NB1AC8botQQ7avUKo5XPaBRYrMaioFFkxqEc7lRz9KE
JqaNhcjiq+gX7tN2QM9jjCnPYmydEuU6y3yzLhO0WmMnw30hasZxYtcen1K0vhfq
UkdZiM5/PsAI9GaubRGfJKCqysMX/c5whnVtf9zDMQAVsK0mhnfLfWDx+XqxcCBN
DWl6KNOKBbZZUn2CxNlWB+iw0bv2hEQ0dU0xobFVZxfW4fUPShyfAnArHQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFMtUdEvqtjdYuiV52M16ogcXY++OMB8GA1UdIwQY
MBaAFNVu9I7WFV3XhD7tNjJGmrqjEAvzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMVc3MGp0WVZYZGVFUHUwMk1rYWF1cU1RQ19NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS81OGZmNTQtMzQxMC00ZTQyLWFhYjgt
ZDJkN2YyYmI2NGRmLzEveTFSMFMtcTJOMWk2SlhuWXpYcWlCeGRqNzQ0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS81OGZmNTQtMzQxMC00ZTQyLWFhYjgtZDJkN2YyYmI2NGRm
LzEvMVc3MGp0WVZYZGVFUHUwMk1rYWF1cU1RQ19NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg6PAvBP
MA0GCSqGSIb3DQEBCwUAA4IBAQAPjST5QEqq+siK4eD2Xz3NXcKRrkhYOyhIos12
JvALshqJwR+v+8iFeJCzrw1lSfaR2Obz9DcvkgW5zwQVnqn+bQ4sxjdACSDfdFLR
uDBP5UO5W+nG8jEzCvauziW1pY18ptP6YF+oo1CO/rYQ0khewQjjUZfyJ2l1mwHH
T6FhDYF4WcB/XIHcz9tOHtGMZ/CjSuPg+ZxOtQO54kW1ASDN11/ki6W3/+CigEZa
rHVJmPYrdrbslQUwXAYDsGF44mPGRG7INmMYxRXxCnycJVh1gqyRHX6+yXQxdrvF
olZ26u3nH+UFTLRNs00UvVR9zvEuX1ydrmisGGb0Yf7AWrC0
-----END CERTIFICATE-----