Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a/7523d9-4648-435e-9961-40735b2f8481/1/xCBjs2dT-yD9AYhb9e5VqxNNOfU.roa
File:                     xCBjs2dT-yD9AYhb9e5VqxNNOfU.roa (raw, json)
Hash identifier:          K726j3D/rWk7YQ0u5K8WNeYQM5RVsrWmC2iSYWN0pj8=
Subject key identifier:   C4:20:63:B3:67:53:FB:20:FD:01:88:5B:F5:EE:55:AB:13:4D:39:F5
Certificate issuer:       /CN=abdc402cd535fc9123ea026c62ae9cf0f80e9418
Certificate serial:       018CC8DEED0992B05C11E2DDA9A5111FD188
Authority key identifier: AB:DC:40:2C:D5:35:FC:91:23:EA:02:6C:62:AE:9C:F0:F8:0E:94:18
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/q9xALNU1_JEj6gJsYq6c8PgOlBg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2a/7523d9-4648-435e-9961-40735b2f8481/1/xCBjs2dT-yD9AYhb9e5VqxNNOfU.roa
Signing time:             Tue 02 Jan 2024 06:31:42 +0000
ROA not before:           Tue 02 Jan 2024 06:31:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203820
IP address blocks:        2a06:9040::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2a/7523d9-4648-435e-9961-40735b2f8481/1/q9xALNU1_JEj6gJsYq6c8PgOlBg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2a/7523d9-4648-435e-9961-40735b2f8481/1/q9xALNU1_JEj6gJsYq6c8PgOlBg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/q9xALNU1_JEj6gJsYq6c8PgOlBg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 18:01:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:ed:09:92:b0:5c:11:e2:dd:a9:a5:11:1f:d1:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=abdc402cd535fc9123ea026c62ae9cf0f80e9418
        Validity
            Not Before: Jan  2 06:31:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c42063b36753fb20fd01885bf5ee55ab134d39f5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:e7:03:4f:33:c0:47:50:cc:8c:4a:bd:11:15:
                    90:4b:ff:9e:8d:b1:43:e5:74:65:c9:1c:b7:a9:7c:
                    f2:5d:07:41:27:45:a3:b1:e5:7e:e0:18:83:eb:6b:
                    7c:56:a9:7e:e2:aa:60:c1:d9:f4:4e:df:e0:d4:7a:
                    39:7f:90:bf:e2:58:38:18:0c:92:ee:0f:50:7e:02:
                    52:11:a1:bf:5c:c7:21:e1:c9:8d:83:b8:5e:c6:32:
                    a3:8e:b8:ce:5c:d6:f8:3b:9a:06:f5:65:d3:bf:17:
                    ca:17:4c:6e:7e:16:11:0c:f7:65:4f:02:54:7e:b8:
                    6f:8f:98:38:bc:d1:29:6e:f3:b6:10:d0:e3:58:5d:
                    63:9c:fc:c4:67:ee:97:77:ab:65:86:2f:46:94:42:
                    a3:3d:cb:13:f2:f2:a2:00:fe:6f:49:16:86:44:d0:
                    1b:41:ed:f0:27:83:0e:b0:20:42:08:18:aa:9d:b9:
                    04:1f:c1:c3:d2:12:76:ef:17:82:f8:8d:19:41:22:
                    ec:8f:a9:d8:62:44:96:46:54:d6:f2:9f:68:ff:67:
                    40:50:28:4b:db:4c:52:84:3e:00:83:f5:4e:58:6b:
                    ec:fc:fd:26:8c:c7:18:98:2a:56:ee:12:08:7c:2a:
                    37:16:e7:f0:03:71:11:9d:1d:a3:86:f3:ba:0c:08:
                    93:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:20:63:B3:67:53:FB:20:FD:01:88:5B:F5:EE:55:AB:13:4D:39:F5
            X509v3 Authority Key Identifier:
                keyid:AB:DC:40:2C:D5:35:FC:91:23:EA:02:6C:62:AE:9C:F0:F8:0E:94:18

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/q9xALNU1_JEj6gJsYq6c8PgOlBg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/7523d9-4648-435e-9961-40735b2f8481/1/xCBjs2dT-yD9AYhb9e5VqxNNOfU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/7523d9-4648-435e-9961-40735b2f8481/1/q9xALNU1_JEj6gJsYq6c8PgOlBg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:9040::/29

    Signature Algorithm: sha256WithRSAEncryption
         34:c0:7c:45:46:61:85:3c:02:c5:9d:71:c8:c0:72:5a:4a:59:
         29:bb:40:cd:5c:42:e3:bc:9b:c1:f9:ee:ff:ff:f2:57:e2:4d:
         e1:54:47:26:17:4b:9c:bb:bf:e1:c4:f5:c6:fd:cc:53:57:26:
         d0:3f:57:24:e2:b5:af:fe:f4:69:31:ac:00:12:e0:06:79:c3:
         47:25:df:40:07:f7:2b:5d:c4:67:8b:ed:6a:16:e1:f9:17:0f:
         f5:0d:f7:74:68:a5:93:7b:64:a6:bf:e1:c1:d6:f3:b5:b8:d5:
         9d:ae:d4:ad:8d:c9:42:1c:f7:8a:d8:9d:7c:64:45:f5:8d:c3:
         61:05:0d:6c:2e:f1:10:e5:c1:24:32:96:78:d2:3f:23:58:ac:
         64:49:69:ed:b5:2f:7e:0b:d7:e1:64:73:79:8a:9c:8b:f4:5c:
         43:fa:98:ae:52:2f:e0:2f:6b:7b:1d:73:f6:c8:f2:d5:b5:7a:
         03:bf:30:af:68:99:80:49:cb:7d:99:6d:cc:1b:c9:b5:f6:14:
         f0:0f:b0:00:79:62:ad:00:00:1c:cf:09:1d:f1:dc:34:31:50:
         17:aa:b2:1a:24:79:86:66:ca:e2:2f:80:6e:0a:71:4c:60:95:
         35:a5:8b:c4:9f:1e:d2:23:0b:d9:c9:92:f6:88:c9:a6:d8:88:
         f9:fb:03:c2
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzI3u0JkrBcEeLdqaURH9GIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiZGM0MDJjZDUzNWZjOTEyM2VhMDI2YzYyYWU5Y2YwZjgw
ZTk0MTgwHhcNMjQwMTAyMDYzMTQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNDIwNjNiMzY3NTNmYjIwZmQwMTg4NWJmNWVlNTVhYjEzNGQzOWY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArOcDTzPAR1DMjEq9ERWQS/+ejbFD
5XRlyRy3qXzyXQdBJ0WjseV+4BiD62t8Vql+4qpgwdn0Tt/g1Ho5f5C/4lg4GAyS
7g9QfgJSEaG/XMch4cmNg7hexjKjjrjOXNb4O5oG9WXTvxfKF0xufhYRDPdlTwJU
frhvj5g4vNEpbvO2ENDjWF1jnPzEZ+6Xd6tlhi9GlEKjPcsT8vKiAP5vSRaGRNAb
Qe3wJ4MOsCBCCBiqnbkEH8HD0hJ27xeC+I0ZQSLsj6nYYkSWRlTW8p9o/2dAUChL
20xShD4Ag/VOWGvs/P0mjMcYmCpW7hIIfCo3FufwA3ERnR2jhvO6DAiT6wIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFMQgY7NnU/sg/QGIW/XuVasTTTn1MB8GA1UdIwQY
MBaAFKvcQCzVNfyRI+oCbGKunPD4DpQYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcTl4QUxOVTFfSkVqNmdKc1lxNmM4UGdPbEJnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYS83NTIzZDktNDY0OC00MzVlLTk5NjEt
NDA3MzViMmY4NDgxLzEveENCanMyZFQteUQ5QVloYjllNVZxeE5OT2ZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYS83NTIzZDktNDY0OC00MzVlLTk5NjEtNDA3MzViMmY4NDgx
LzEvcTl4QUxOVTFfSkVqNmdKc1lxNmM4UGdPbEJnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKgaQQDAN
BgkqhkiG9w0BAQsFAAOCAQEANMB8RUZhhTwCxZ1xyMByWkpZKbtAzVxC47ybwfnu
///yV+JN4VRHJhdLnLu/4cT1xv3MU1cm0D9XJOK1r/70aTGsABLgBnnDRyXfQAf3
K13EZ4vtahbh+RcP9Q33dGilk3tkpr/hwdbztbjVna7UrY3JQhz3itidfGRF9Y3D
YQUNbC7xEOXBJDKWeNI/I1isZElp7bUvfgvX4WRzeYqci/RcQ/qYrlIv4C9rex1z
9sjy1bV6A78wr2iZgEnLfZltzBvJtfYU8A+wAHlirQAAHM8JHfHcNDFQF6qyGiR5
hmbK4i+AbgpxTGCVNaWLxJ8e0iML2cmS9ojJptiI+fsDwg==
-----END CERTIFICATE-----