Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/k2y0dbclqfkDR4RCHMrKPPkanuM.roa
File:                     k2y0dbclqfkDR4RCHMrKPPkanuM.roa (raw, json)
Hash identifier:          /PhTPQdai2pCCi6fhus+cushWk0wKvSDPiyzlkIqwtE=
Subject key identifier:   93:6C:B4:75:B7:25:A9:F9:03:47:84:42:1C:CA:CA:3C:F9:1A:9E:E3
Certificate issuer:       /CN=fe58952d393935f0d3bce814fd9178d04693aeb9
Certificate serial:       018CC94DFE2BED00CC15B0CB13B7FB7A17CF
Authority key identifier: FE:58:95:2D:39:39:35:F0:D3:BC:E8:14:FD:91:78:D0:46:93:AE:B9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_liVLTk5NfDTvOgU_ZF40EaTrrk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/k2y0dbclqfkDR4RCHMrKPPkanuM.roa
Signing time:             Tue 02 Jan 2024 08:33:00 +0000
ROA not before:           Tue 02 Jan 2024 08:33:00 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     33823
IP address blocks:        2a05:b680::/48 maxlen: 56

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/_liVLTk5NfDTvOgU_ZF40EaTrrk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/_liVLTk5NfDTvOgU_ZF40EaTrrk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_liVLTk5NfDTvOgU_ZF40EaTrrk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 May 2024 06:00:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:fe:2b:ed:00:cc:15:b0:cb:13:b7:fb:7a:17:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fe58952d393935f0d3bce814fd9178d04693aeb9
        Validity
            Not Before: Jan  2 08:33:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=936cb475b725a9f9034784421ccaca3cf91a9ee3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:cb:65:a6:cf:75:d7:ee:01:29:79:3f:61:1d:
                    7c:53:7f:10:5f:5b:13:58:61:23:9d:5f:ed:9d:64:
                    46:b2:cb:d3:1d:d9:b8:40:36:ff:ea:9f:a7:1d:24:
                    31:b2:31:ba:8f:5f:f5:d1:cb:3c:56:0b:a7:56:bf:
                    48:fd:aa:6d:8d:3a:40:d2:16:e5:53:2c:b0:4c:a0:
                    56:63:bb:16:9d:0e:60:51:f0:67:c2:63:1c:59:c7:
                    54:92:d3:ee:da:72:08:ad:ac:16:de:a0:0a:5c:03:
                    1d:a8:5b:09:c8:dd:58:18:e6:45:30:4a:88:49:5b:
                    09:d2:f4:9c:a4:49:71:44:37:58:ec:8f:41:0a:28:
                    b3:61:98:15:1b:b0:b7:cf:ab:ff:04:83:0b:4e:7b:
                    fa:1c:4f:39:8a:19:51:fd:43:f0:27:59:f8:20:bd:
                    a7:b9:1f:9b:59:c6:c5:d8:5b:96:7e:81:97:ab:9a:
                    83:2c:56:fb:c5:47:d1:f6:2c:d4:d9:95:35:45:b3:
                    9f:65:df:19:6c:f9:2d:39:3a:32:47:e8:5b:03:b8:
                    bf:27:c9:c8:bd:f7:ff:38:88:94:8c:0d:47:b1:d8:
                    46:56:e9:f1:22:99:be:e7:53:19:55:71:de:41:4e:
                    36:1e:7c:8d:8e:cc:e2:6b:8c:62:21:3c:36:3c:90:
                    53:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:6C:B4:75:B7:25:A9:F9:03:47:84:42:1C:CA:CA:3C:F9:1A:9E:E3
            X509v3 Authority Key Identifier:
                keyid:FE:58:95:2D:39:39:35:F0:D3:BC:E8:14:FD:91:78:D0:46:93:AE:B9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_liVLTk5NfDTvOgU_ZF40EaTrrk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/k2y0dbclqfkDR4RCHMrKPPkanuM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/_liVLTk5NfDTvOgU_ZF40EaTrrk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:b680::/48

    Signature Algorithm: sha256WithRSAEncryption
         6d:b7:20:be:04:1d:42:b7:f6:d3:8d:8c:7c:a2:d8:39:46:57:
         22:68:f5:a6:c5:a4:fa:11:87:43:7e:c8:cd:e6:93:1d:98:21:
         93:e1:6c:19:3a:c1:3a:a4:77:fd:dd:c2:ac:b0:2c:a3:a1:55:
         ef:91:1c:2e:b2:e9:2c:cc:d9:e1:28:4f:dd:87:20:20:9e:50:
         5b:39:2e:ff:9d:ed:4c:d7:15:53:78:0a:9f:13:83:f0:ee:e6:
         8c:94:87:38:fe:66:a1:43:2f:14:31:94:75:12:a1:2d:fc:66:
         02:ca:29:d4:80:9f:67:89:70:f8:be:ba:6f:a3:21:34:68:ca:
         25:77:15:eb:99:f7:f9:5c:e1:c9:20:4a:4e:65:48:8b:b5:ef:
         fa:a6:62:87:d2:c0:24:c6:c3:42:9d:1a:4d:1e:1c:0d:b3:80:
         56:ad:dc:95:b7:3e:8c:22:78:b5:7c:5d:0f:5b:80:37:c5:7b:
         d4:7f:9b:33:0c:5e:53:8e:3d:35:1a:04:46:86:98:dc:60:4e:
         4a:04:82:8d:d1:3a:fe:8d:9e:cf:ea:e6:da:69:e8:50:d0:b2:
         a5:80:42:f8:3a:4f:18:fb:b1:db:b4:b7:3a:94:68:63:8d:e6:
         fb:87:a1:21:01:6c:20:3a:be:81:d0:75:df:52:9f:f8:21:0b:
         55:f2:7e:7f
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzJTf4r7QDMFbDLE7f7ehfPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZlNTg5NTJkMzkzOTM1ZjBkM2JjZTgxNGZkOTE3OGQwNDY5
M2FlYjkwHhcNMjQwMTAyMDgzMzAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MzZjYjQ3NWI3MjVhOWY5MDM0Nzg0NDIxY2NhY2EzY2Y5MWE5ZWUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsstlps911+4BKXk/YR18U38QX1sT
WGEjnV/tnWRGssvTHdm4QDb/6p+nHSQxsjG6j1/10cs8VgunVr9I/aptjTpA0hbl
UyywTKBWY7sWnQ5gUfBnwmMcWcdUktPu2nIIrawW3qAKXAMdqFsJyN1YGOZFMEqI
SVsJ0vScpElxRDdY7I9BCiizYZgVG7C3z6v/BIMLTnv6HE85ihlR/UPwJ1n4IL2n
uR+bWcbF2FuWfoGXq5qDLFb7xUfR9izU2ZU1RbOfZd8ZbPktOToyR+hbA7i/J8nI
vff/OIiUjA1HsdhGVunxIpm+51MZVXHeQU42HnyNjszia4xiITw2PJBTzwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFJNstHW3Jan5A0eEQhzKyjz5Gp7jMB8GA1UdIwQY
MBaAFP5YlS05OTXw07zoFP2ReNBGk665MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX2xpVkxUazVOZkRUdk9nVV9aRjQwRWFUcnJrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC9iMjZhYTgtYWNlNy00ZmE2LTllOGUt
NWQ0OGI2NWNlNTczLzEvazJ5MGRiY2xxZmtEUjRSQ0hNcktQUGthbnVNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC9iMjZhYTgtYWNlNy00ZmE2LTllOGUtNWQ0OGI2NWNlNTcz
LzEvX2xpVkxUazVOZkRUdk9nVV9aRjQwRWFUcnJrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgW2gAAA
MA0GCSqGSIb3DQEBCwUAA4IBAQBttyC+BB1Ct/bTjYx8otg5RlciaPWmxaT6EYdD
fsjN5pMdmCGT4WwZOsE6pHf93cKssCyjoVXvkRwusukszNnhKE/dhyAgnlBbOS7/
ne1M1xVTeAqfE4Pw7uaMlIc4/mahQy8UMZR1EqEt/GYCyinUgJ9niXD4vrpvoyE0
aMoldxXrmff5XOHJIEpOZUiLte/6pmKH0sAkxsNCnRpNHhwNs4BWrdyVtz6MIni1
fF0PW4A3xXvUf5szDF5Tjj01GgRGhpjcYE5KBIKN0Tr+jZ7P6ubaaehQ0LKlgEL4
Ok8Y+7HbtLc6lGhjjeb7h6EhAWwgOr6B0HXfUp/4IQtV8n5/
-----END CERTIFICATE-----