Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/aeCTsfz8N5bahiQlCOsJb_GEUP4.roa
File:                     aeCTsfz8N5bahiQlCOsJb_GEUP4.roa (raw, json)
Hash identifier:          pKj2/gq2zWPDwzNFvcvC7/1qf3MiM4H2ZmJOsSQpidY=
Subject key identifier:   69:E0:93:B1:FC:FC:37:96:DA:86:24:25:08:EB:09:6F:F1:84:50:FE
Certificate issuer:       /CN=d76bb48e93e8a0058c5c72a81a8799455307ee56
Certificate serial:       018F05BC2A2B3AE8468ED8E6D419F1D3717E
Authority key identifier: D7:6B:B4:8E:93:E8:A0:05:8C:5C:72:A8:1A:87:99:45:53:07:EE:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/aeCTsfz8N5bahiQlCOsJb_GEUP4.roa
Signing time:             Mon 22 Apr 2024 12:16:08 +0000
ROA not before:           Mon 22 Apr 2024 12:16:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35196
IP address blocks:        2a0e:52c7::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 02:01:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:05:bc:2a:2b:3a:e8:46:8e:d8:e6:d4:19:f1:d3:71:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d76bb48e93e8a0058c5c72a81a8799455307ee56
        Validity
            Not Before: Apr 22 12:16:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=69e093b1fcfc3796da86242508eb096ff18450fe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:9b:ff:ce:b5:99:38:2e:9f:2c:7d:82:1f:d5:
                    ef:98:1a:c5:ca:06:d0:47:e0:22:55:f2:4e:37:8b:
                    41:53:a6:e3:c2:85:30:0a:91:ee:6d:52:83:ea:f7:
                    61:65:c2:d6:74:72:ef:89:74:31:7f:a8:84:de:7b:
                    52:4c:c8:9b:c5:cf:93:4a:60:e9:56:63:27:8a:c1:
                    18:6e:e3:99:7a:da:5f:b1:1d:7c:0d:32:7a:1a:c3:
                    d5:db:a5:fd:6a:26:b7:f7:ca:b9:e8:c7:33:d0:16:
                    d1:04:7d:56:e0:ab:b9:33:a9:f4:11:90:9b:60:7e:
                    78:d6:2f:d4:ca:d2:59:6b:0c:5b:fb:27:03:e2:43:
                    19:21:bd:5a:da:a1:6d:06:a7:38:57:b1:1f:19:5a:
                    d9:58:f3:fa:5f:b3:5c:6d:85:52:da:f0:2a:8e:15:
                    92:78:74:ee:70:0e:10:f4:99:db:39:d9:24:ac:5d:
                    58:5d:fc:9d:61:4b:0d:ea:1d:dc:50:87:4d:65:db:
                    d7:a9:72:0f:91:5e:fa:f8:3a:15:cb:4a:35:89:74:
                    31:3d:f6:2a:61:e0:71:72:cf:54:fd:10:e5:ee:03:
                    d1:48:22:9f:24:cf:1e:9a:12:e8:48:b6:76:86:df:
                    81:99:09:46:fc:7f:ad:e9:ff:8b:4e:a3:1c:ba:2c:
                    54:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:E0:93:B1:FC:FC:37:96:DA:86:24:25:08:EB:09:6F:F1:84:50:FE
            X509v3 Authority Key Identifier:
                keyid:D7:6B:B4:8E:93:E8:A0:05:8C:5C:72:A8:1A:87:99:45:53:07:EE:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/aeCTsfz8N5bahiQlCOsJb_GEUP4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:52c7::/32

    Signature Algorithm: sha256WithRSAEncryption
         77:18:99:14:a9:ee:83:06:10:5e:3c:44:a6:84:41:65:10:c9:
         ad:af:44:b5:ba:cd:c6:c5:16:9e:e9:73:dd:62:0c:d7:ee:34:
         9b:8f:e9:65:73:c7:77:f6:bc:d4:7e:64:9f:ee:08:a4:1a:a3:
         fd:c1:84:e6:d0:ed:a8:d5:6a:fc:b6:d7:52:9b:b5:81:ae:d2:
         37:2e:d6:55:2b:b5:57:70:9b:87:43:96:eb:c0:31:e3:7d:bf:
         96:7d:67:8a:87:65:5c:58:48:6e:1e:c2:b8:f4:c4:69:ac:51:
         bb:7b:ea:69:45:fd:98:b6:6f:7e:c8:e4:37:a4:af:6d:b6:d8:
         ce:d0:8b:47:dd:6c:c7:1b:5f:1d:31:70:7f:cb:ef:a2:84:00:
         43:03:75:c8:9c:c0:1b:55:fb:e7:47:f7:5b:91:e0:25:f3:0d:
         99:25:11:bd:d3:8d:fd:e8:a2:10:e0:90:05:9d:0e:e7:a4:c5:
         a6:60:b5:20:03:4c:b8:9e:81:5d:fd:6b:91:9d:9b:15:f6:15:
         24:5c:72:76:75:6e:67:9a:45:85:28:d7:c0:82:6a:28:24:04:
         7e:73:6a:40:0f:1e:2d:db:18:43:eb:60:f7:7b:16:0c:54:11:
         db:52:c7:68:80:18:17:1e:c9:0c:0f:af:c6:aa:c4:34:4d:f4:
         d5:b2:12:e3
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAY8FvCorOuhGjtjm1Bnx03F+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ3NmJiNDhlOTNlOGEwMDU4YzVjNzJhODFhODc5OTQ1NTMw
N2VlNTYwHhcNMjQwNDIyMTIxNjA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OWUwOTNiMWZjZmMzNzk2ZGE4NjI0MjUwOGViMDk2ZmYxODQ1MGZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4Zv/zrWZOC6fLH2CH9XvmBrFygbQ
R+AiVfJON4tBU6bjwoUwCpHubVKD6vdhZcLWdHLviXQxf6iE3ntSTMibxc+TSmDp
VmMnisEYbuOZetpfsR18DTJ6GsPV26X9aia398q56Mcz0BbRBH1W4Ku5M6n0EZCb
YH541i/UytJZawxb+ycD4kMZIb1a2qFtBqc4V7EfGVrZWPP6X7NcbYVS2vAqjhWS
eHTucA4Q9JnbOdkkrF1YXfydYUsN6h3cUIdNZdvXqXIPkV76+DoVy0o1iXQxPfYq
YeBxcs9U/RDl7gPRSCKfJM8emhLoSLZ2ht+BmQlG/H+t6f+LTqMcuixUZQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFGngk7H8/DeW2oYkJQjrCW/xhFD+MB8GA1UdIwQY
MBaAFNdrtI6T6KAFjFxyqBqHmUVTB+5WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMTJ1MGpwUG9vQVdNWEhLb0dvZVpSVk1IN2xZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9hNWJmYjYtNmExMC00ZmJjLWFmNDgt
OGJmYmRkNDVjYjYyLzEvYWVDVHNmejhONWJhaGlRbENPc0piX0dFVVA0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9hNWJmYjYtNmExMC00ZmJjLWFmNDgtOGJmYmRkNDVjYjYy
LzEvMTJ1MGpwUG9vQVdNWEhLb0dvZVpSVk1IN2xZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKg5SxzAN
BgkqhkiG9w0BAQsFAAOCAQEAdxiZFKnugwYQXjxEpoRBZRDJra9EtbrNxsUWnulz
3WIM1+40m4/pZXPHd/a81H5kn+4IpBqj/cGE5tDtqNVq/LbXUpu1ga7SNy7WVSu1
V3Cbh0OW68Ax432/ln1niodlXFhIbh7CuPTEaaxRu3vqaUX9mLZvfsjkN6SvbbbY
ztCLR91sxxtfHTFwf8vvooQAQwN1yJzAG1X750f3W5HgJfMNmSURvdON/eiiEOCQ
BZ0O56TFpmC1IANMuJ6BXf1rkZ2bFfYVJFxydnVuZ5pFhSjXwIJqKCQEfnNqQA8e
LdsYQ+tg93sWDFQR21LHaIAYFx7JDA+vxqrENE301bIS4w==
-----END CERTIFICATE-----