Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/I_ia6ZEHRCtONRDG77C86wEgcP0.roa
File:                     I_ia6ZEHRCtONRDG77C86wEgcP0.roa (raw, json)
Hash identifier:          h98YnjDXGbWgCHDaOMpNvkzsksuR2uICqmEC78Cy4tM=
Subject key identifier:   23:F8:9A:E9:91:07:44:2B:4E:35:10:C6:EF:B0:BC:EB:01:20:70:FD
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       018CC801822B60F4709E195C15D7D52055A6
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/I_ia6ZEHRCtONRDG77C86wEgcP0.roa
Signing time:             Tue 02 Jan 2024 02:29:51 +0000
ROA not before:           Tue 02 Jan 2024 02:29:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213236
IP address blocks:        2a0c:b641:6c0::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 14:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:82:2b:60:f4:70:9e:19:5c:15:d7:d5:20:55:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Jan  2 02:29:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=23f89ae99107442b4e3510c6efb0bceb012070fd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:72:af:06:70:c2:66:d4:18:fb:da:ff:93:de:
                    b8:88:47:16:d2:d5:9b:fd:e0:37:22:fa:24:53:b4:
                    7c:ec:7c:e5:f6:57:2c:8d:3c:55:59:67:0f:5d:14:
                    b6:5c:1f:f0:0c:f2:1d:50:0b:ac:ea:68:aa:26:9e:
                    5c:b6:9e:4d:b0:6d:90:bf:52:7a:49:d3:57:f9:12:
                    3a:0b:96:d3:c5:39:c7:51:06:b5:b8:e9:8d:25:92:
                    80:85:79:9d:45:27:ca:39:20:c3:f6:45:c3:86:27:
                    53:2d:8f:86:3f:71:49:b8:31:a0:ff:6b:3f:4e:6a:
                    84:c1:1e:a9:2e:7e:27:2f:39:25:4f:63:c1:6b:5b:
                    54:20:74:0b:ee:9c:5f:10:26:63:90:ec:4e:cb:2f:
                    61:3f:25:be:10:36:64:14:33:45:69:20:83:ca:06:
                    ec:e1:b9:c8:b4:65:d7:2f:75:7b:8b:38:93:c2:17:
                    32:aa:1f:fe:94:d5:69:4d:da:b1:e3:3f:2f:97:44:
                    a8:b3:71:e4:a3:6a:98:5a:58:70:ca:6d:54:00:37:
                    32:69:06:f2:ae:33:04:38:2e:db:dd:15:10:a4:f0:
                    19:49:3c:f8:db:69:cd:ea:c4:df:ad:7b:a0:d9:b0:
                    63:87:ca:b1:00:c2:26:67:67:a6:71:3d:f6:e3:d1:
                    dd:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:F8:9A:E9:91:07:44:2B:4E:35:10:C6:EF:B0:BC:EB:01:20:70:FD
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/I_ia6ZEHRCtONRDG77C86wEgcP0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b641:6c0::/44

    Signature Algorithm: sha256WithRSAEncryption
         6f:12:1b:25:10:3c:68:90:bb:6e:98:f3:e2:a5:1e:8e:a9:e5:
         80:c8:66:04:50:76:32:a3:ce:b1:6e:14:f3:d8:b3:23:dd:cd:
         46:33:43:40:18:e3:7a:d9:57:dc:17:bb:15:13:19:40:f3:b0:
         c3:e9:40:84:09:ff:68:84:72:c0:4c:fb:62:3c:b0:12:92:8f:
         2e:ea:a8:53:7c:60:77:4d:52:d1:e2:30:b2:3b:86:14:7d:2b:
         5c:14:74:46:f0:4b:30:4a:35:ea:5b:16:ee:c6:13:68:c8:13:
         01:bf:26:a3:f0:7b:18:0e:b9:04:0e:74:69:d7:e6:4f:2a:f4:
         13:92:6f:61:74:87:fb:ea:65:70:6e:b9:0e:05:5d:2d:c4:0e:
         08:45:1a:1d:28:47:de:25:48:70:a9:9f:17:aa:da:69:f2:86:
         22:ab:3e:a3:42:2e:66:f4:bb:ec:f7:ba:ee:fc:39:c6:13:15:
         42:8b:70:bb:9b:ba:4b:d0:69:25:c8:5c:3d:de:80:27:3b:b7:
         6a:f8:33:2f:2c:98:10:ec:cd:a9:91:d1:5d:1e:08:bf:af:f2:
         0b:ea:14:ca:7d:9d:55:76:25:33:db:d2:37:8d:a4:0c:59:1f:
         c0:c8:71:d7:23:b9:a7:8e:96:c0:4f:df:b6:73:5e:e6:de:1d:
         99:f4:b9:83
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzIAYIrYPRwnhlcFdfVIFWmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjQwMTAyMDIyOTUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyM2Y4OWFlOTkxMDc0NDJiNGUzNTEwYzZlZmIwYmNlYjAxMjA3MGZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh3KvBnDCZtQY+9r/k964iEcW0tWb
/eA3IvokU7R87Hzl9lcsjTxVWWcPXRS2XB/wDPIdUAus6miqJp5ctp5NsG2Qv1J6
SdNX+RI6C5bTxTnHUQa1uOmNJZKAhXmdRSfKOSDD9kXDhidTLY+GP3FJuDGg/2s/
TmqEwR6pLn4nLzklT2PBa1tUIHQL7pxfECZjkOxOyy9hPyW+EDZkFDNFaSCDygbs
4bnItGXXL3V7iziTwhcyqh/+lNVpTdqx4z8vl0Sos3Hko2qYWlhwym1UADcyaQby
rjMEOC7b3RUQpPAZSTz422nN6sTfrXug2bBjh8qxAMImZ2emcT3249Hd1wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFCP4mumRB0QrTjUQxu+wvOsBIHD9MB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvSV9pYTZaRUhSQ3RPTlJERzc3Qzg2d0VnY1AwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgy2QQbA
MA0GCSqGSIb3DQEBCwUAA4IBAQBvEhslEDxokLtumPPipR6OqeWAyGYEUHYyo86x
bhTz2LMj3c1GM0NAGON62VfcF7sVExlA87DD6UCECf9ohHLATPtiPLASko8u6qhT
fGB3TVLR4jCyO4YUfStcFHRG8EswSjXqWxbuxhNoyBMBvyaj8HsYDrkEDnRp1+ZP
KvQTkm9hdIf76mVwbrkOBV0txA4IRRodKEfeJUhwqZ8Xqtpp8oYiqz6jQi5m9Lvs
97ru/DnGExVCi3C7m7pL0GklyFw93oAnO7dq+DMvLJgQ7M2pkdFdHgi/r/IL6hTK
fZ1VdiUz29I3jaQMWR/AyHHXI7mnjpbAT9+2c17m3h2Z9LmD
-----END CERTIFICATE-----