Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/28/ec3284-3576-4ee4-93b8-1847cb88e83a/1/AFTGiMT-q7uQdGsLdd5kmzK5bqE.roa
File:                     AFTGiMT-q7uQdGsLdd5kmzK5bqE.roa (raw, json)
Hash identifier:          cZg+FVRu5+DC4GFEgeA/sZDECFCZRupVpNK88gdy1Ek=
Subject key identifier:   00:54:C6:88:C4:FE:AB:BB:90:74:6B:0B:75:DE:64:9B:32:B9:6E:A1
Certificate issuer:       /CN=c2afc14dce450b05ec86c7c53070cd6bb6dbc7ee
Certificate serial:       018CCA2A39F502899F3673C12A78D17C4406
Authority key identifier: C2:AF:C1:4D:CE:45:0B:05:EC:86:C7:C5:30:70:CD:6B:B6:DB:C7:EE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wq_BTc5FCwXshsfFMHDNa7bbx-4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/28/ec3284-3576-4ee4-93b8-1847cb88e83a/1/AFTGiMT-q7uQdGsLdd5kmzK5bqE.roa
Signing time:             Tue 02 Jan 2024 12:33:34 +0000
ROA not before:           Tue 02 Jan 2024 12:33:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48809
IP address blocks:        2a05:36c0:2::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/28/ec3284-3576-4ee4-93b8-1847cb88e83a/1/wq_BTc5FCwXshsfFMHDNa7bbx-4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/28/ec3284-3576-4ee4-93b8-1847cb88e83a/1/wq_BTc5FCwXshsfFMHDNa7bbx-4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wq_BTc5FCwXshsfFMHDNa7bbx-4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:39:f5:02:89:9f:36:73:c1:2a:78:d1:7c:44:06
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2afc14dce450b05ec86c7c53070cd6bb6dbc7ee
        Validity
            Not Before: Jan  2 12:33:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0054c688c4feabbb90746b0b75de649b32b96ea1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:d5:01:5a:d4:8b:4b:98:3c:c2:46:c3:dc:0d:
                    aa:10:7e:bb:c7:f9:fa:ff:3b:e4:c8:c9:c9:77:a0:
                    f3:81:de:f6:8e:da:aa:86:89:b5:68:d0:e1:a1:92:
                    0c:25:00:72:9c:1b:c7:77:d4:f5:b4:11:d7:a0:62:
                    ea:3f:82:85:20:a9:c7:b3:d3:2a:8c:c9:fd:00:97:
                    1d:a0:1a:8f:23:49:91:cb:ba:08:2f:a7:3a:1e:15:
                    66:42:82:08:92:78:ef:c9:bd:1b:17:48:e6:2f:7d:
                    67:4c:1a:c7:e1:3b:06:9c:3a:76:2b:44:86:5e:ef:
                    c4:b3:1a:ee:42:9c:4a:06:79:e4:b7:f2:9e:56:c2:
                    3d:dc:06:b5:aa:d5:0f:95:46:99:78:11:2d:f6:c7:
                    60:e7:38:e1:cb:1e:91:e3:9d:41:06:61:48:64:75:
                    eb:fd:51:ab:2f:24:62:8a:38:46:d0:a5:27:38:6e:
                    c0:f1:aa:4a:8e:1b:78:9a:43:aa:e3:0c:b9:be:f4:
                    83:6b:0a:f7:a1:fb:12:a7:21:7a:b2:bf:fb:5b:37:
                    5f:2f:2f:01:36:29:95:e4:0c:e6:99:aa:8e:fb:7a:
                    2d:b0:4d:60:4b:b6:7e:29:e3:46:de:c1:86:1c:b9:
                    fd:1c:1d:23:6f:75:db:93:ed:29:c0:73:ca:53:22:
                    38:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:54:C6:88:C4:FE:AB:BB:90:74:6B:0B:75:DE:64:9B:32:B9:6E:A1
            X509v3 Authority Key Identifier:
                keyid:C2:AF:C1:4D:CE:45:0B:05:EC:86:C7:C5:30:70:CD:6B:B6:DB:C7:EE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wq_BTc5FCwXshsfFMHDNa7bbx-4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/28/ec3284-3576-4ee4-93b8-1847cb88e83a/1/AFTGiMT-q7uQdGsLdd5kmzK5bqE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/28/ec3284-3576-4ee4-93b8-1847cb88e83a/1/wq_BTc5FCwXshsfFMHDNa7bbx-4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:36c0:2::/48

    Signature Algorithm: sha256WithRSAEncryption
         35:59:a1:43:6f:69:27:07:42:0b:5e:e8:8a:2e:84:62:a0:3f:
         66:56:82:39:62:c0:3f:ad:40:db:d1:c6:7b:c9:45:1f:47:27:
         4d:08:e8:57:3c:fa:3a:e2:d0:13:63:ef:67:21:85:c2:bb:56:
         ed:56:46:7d:d5:e7:5a:3e:74:08:2c:83:56:53:42:79:10:52:
         fe:40:b4:d5:0e:42:eb:12:42:44:77:d2:b7:f1:67:1e:4d:d0:
         5d:3f:ea:da:b4:79:f3:2d:13:7f:a4:2a:da:29:3d:5e:6c:22:
         c4:3c:aa:47:aa:dd:aa:5c:10:cb:6e:86:32:2c:05:4d:36:33:
         59:fd:e5:63:de:d7:de:b6:e4:d7:62:00:33:21:14:64:14:99:
         08:50:40:47:61:37:df:e3:04:41:f2:c8:0e:b5:b2:d7:24:fa:
         36:51:f7:59:d8:6e:c6:f7:b4:78:1e:4d:bd:60:be:f6:0d:d5:
         85:32:00:6a:00:f3:41:dc:15:9a:65:1d:d1:11:69:a4:96:44:
         05:94:be:d0:a1:f2:16:16:52:a1:56:a7:7d:9a:a2:76:84:68:
         2d:9e:61:08:fe:b3:8c:5d:76:3c:6f:78:e8:ba:e7:19:e0:6b:
         b3:1e:b5:07:9a:50:4a:91:f5:9a:aa:33:41:17:4a:06:d0:3c:
         82:00:f8:3c
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzKKjn1AomfNnPBKnjRfEQGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyYWZjMTRkY2U0NTBiMDVlYzg2YzdjNTMwNzBjZDZiYjZk
YmM3ZWUwHhcNMjQwMTAyMTIzMzM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMDU0YzY4OGM0ZmVhYmJiOTA3NDZiMGI3NWRlNjQ5YjMyYjk2ZWExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAktUBWtSLS5g8wkbD3A2qEH67x/n6
/zvkyMnJd6Dzgd72jtqqhom1aNDhoZIMJQBynBvHd9T1tBHXoGLqP4KFIKnHs9Mq
jMn9AJcdoBqPI0mRy7oIL6c6HhVmQoIIknjvyb0bF0jmL31nTBrH4TsGnDp2K0SG
Xu/EsxruQpxKBnnkt/KeVsI93Aa1qtUPlUaZeBEt9sdg5zjhyx6R451BBmFIZHXr
/VGrLyRiijhG0KUnOG7A8apKjht4mkOq4wy5vvSDawr3ofsSpyF6sr/7WzdfLy8B
NimV5AzmmaqO+3otsE1gS7Z+KeNG3sGGHLn9HB0jb3Xbk+0pwHPKUyI40QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFABUxojE/qu7kHRrC3XeZJsyuW6hMB8GA1UdIwQY
MBaAFMKvwU3ORQsF7IbHxTBwzWu228fuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd3FfQlRjNUZDd1hzaHNmRk1IRE5hN2JieC00LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOC9lYzMyODQtMzU3Ni00ZWU0LTkzYjgt
MTg0N2NiODhlODNhLzEvQUZUR2lNVC1xN3VRZEdzTGRkNWtteks1YnFFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOC9lYzMyODQtMzU3Ni00ZWU0LTkzYjgtMTg0N2NiODhlODNh
LzEvd3FfQlRjNUZDd1hzaHNmRk1IRE5hN2JieC00LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgU2wAAC
MA0GCSqGSIb3DQEBCwUAA4IBAQA1WaFDb2knB0ILXuiKLoRioD9mVoI5YsA/rUDb
0cZ7yUUfRydNCOhXPPo64tATY+9nIYXCu1btVkZ91edaPnQILINWU0J5EFL+QLTV
DkLrEkJEd9K38WceTdBdP+ratHnzLRN/pCraKT1ebCLEPKpHqt2qXBDLboYyLAVN
NjNZ/eVj3tfetuTXYgAzIRRkFJkIUEBHYTff4wRB8sgOtbLXJPo2UfdZ2G7G97R4
Hk29YL72DdWFMgBqAPNB3BWaZR3REWmklkQFlL7QofIWFlKhVqd9mqJ2hGgtnmEI
/rOMXXY8b3jouucZ4GuzHrUHmlBKkfWaqjNBF0oG0DyCAPg8
-----END CERTIFICATE-----