Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/39/d334ad-5240-4daa-a050-9f5bf736720e/1/OApgk7CRycRnP48UAd6TyPZDeq0.roa
File:                     OApgk7CRycRnP48UAd6TyPZDeq0.roa (raw, json)
Hash identifier:          TMltobx10ocPPW9x6lxEDbjE3lDcD5kKXSBKvt4ZBak=
Subject key identifier:   38:0A:60:93:B0:91:C9:C4:67:3F:8F:14:01:DE:93:C8:F6:43:7A:AD
Certificate issuer:       /CN=7bab6c11d41162db0306858f83e5e65121132a6b
Certificate serial:       018CC2DB5CA499D076AAE04729BE7FCA5191
Authority key identifier: 7B:AB:6C:11:D4:11:62:DB:03:06:85:8F:83:E5:E6:51:21:13:2A:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/e6tsEdQRYtsDBoWPg-XmUSETKms.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/39/d334ad-5240-4daa-a050-9f5bf736720e/1/OApgk7CRycRnP48UAd6TyPZDeq0.roa
Signing time:             Mon 01 Jan 2024 02:30:05 +0000
ROA not before:           Mon 01 Jan 2024 02:30:05 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203105
IP address blocks:        2a07:22c1:40::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/39/d334ad-5240-4daa-a050-9f5bf736720e/1/e6tsEdQRYtsDBoWPg-XmUSETKms.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/39/d334ad-5240-4daa-a050-9f5bf736720e/1/e6tsEdQRYtsDBoWPg-XmUSETKms.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/e6tsEdQRYtsDBoWPg-XmUSETKms.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 14:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:5c:a4:99:d0:76:aa:e0:47:29:be:7f:ca:51:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7bab6c11d41162db0306858f83e5e65121132a6b
        Validity
            Not Before: Jan  1 02:30:05 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=380a6093b091c9c4673f8f1401de93c8f6437aad
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:6c:4c:d6:bd:3b:a1:21:96:ef:3e:98:63:2f:
                    47:6c:a1:8b:8a:d8:5e:c5:9e:a4:d4:fc:65:f4:58:
                    46:c4:bd:c4:42:13:1f:81:87:4e:83:38:66:69:d5:
                    bd:b0:2a:99:bc:c9:13:ae:70:06:f2:1c:ae:7e:00:
                    c1:66:c6:c3:98:83:56:d9:14:44:4a:d0:ab:6a:95:
                    58:6a:46:9f:76:24:64:bb:6d:06:3a:46:c8:9b:5b:
                    b7:26:1d:68:27:b5:d7:81:5b:8d:83:a0:f7:31:9d:
                    25:4e:96:ec:23:99:84:17:96:d8:5f:56:0f:6e:c3:
                    dd:c7:9a:45:fa:fd:78:6e:f1:6f:b9:75:df:21:f3:
                    8c:ac:25:2c:7f:60:9c:64:9c:42:40:34:9e:c0:34:
                    e4:95:9d:4f:49:b0:1d:96:cc:cf:0c:22:ff:85:4a:
                    47:ad:1c:f6:b3:81:f0:da:85:f3:b2:d9:70:e4:07:
                    26:ea:de:a3:50:7f:d7:3d:c0:bd:45:03:51:97:62:
                    d4:10:0c:20:f3:a3:ac:1e:8e:be:27:1b:cf:55:5b:
                    ad:04:1a:19:9f:88:43:c1:5e:fa:88:49:f1:91:9a:
                    77:b0:00:59:20:7e:41:ef:46:ab:fa:03:60:e4:69:
                    23:ea:58:d4:80:3e:ea:a2:99:b3:ad:ee:0a:fb:20:
                    b5:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:0A:60:93:B0:91:C9:C4:67:3F:8F:14:01:DE:93:C8:F6:43:7A:AD
            X509v3 Authority Key Identifier:
                keyid:7B:AB:6C:11:D4:11:62:DB:03:06:85:8F:83:E5:E6:51:21:13:2A:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/e6tsEdQRYtsDBoWPg-XmUSETKms.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/39/d334ad-5240-4daa-a050-9f5bf736720e/1/OApgk7CRycRnP48UAd6TyPZDeq0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/39/d334ad-5240-4daa-a050-9f5bf736720e/1/e6tsEdQRYtsDBoWPg-XmUSETKms.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a07:22c1:40::/48

    Signature Algorithm: sha256WithRSAEncryption
         22:db:1d:2c:02:94:e9:be:22:50:80:11:8d:46:c7:78:d2:ff:
         73:2a:cc:20:3c:32:ad:0f:f1:a3:05:f4:d1:7b:a5:4b:45:83:
         61:49:8a:29:d2:a1:d6:52:d8:3d:42:fe:36:c3:4f:e1:3f:d5:
         e3:16:5e:48:d3:22:fe:0f:62:70:04:18:ea:44:2f:05:9a:50:
         1f:e1:3d:c4:44:a7:c7:04:9b:ef:b6:51:2b:47:af:98:6f:2a:
         ae:be:73:8b:5a:77:a8:38:c4:6f:28:d9:d1:33:de:2f:83:6d:
         2a:31:e1:11:ac:61:59:b8:94:3f:84:3b:40:22:bd:21:43:69:
         91:da:8f:70:2a:dc:7d:c5:ef:9e:d5:e7:f6:f5:c5:ac:75:d8:
         bc:fc:15:3f:54:7e:e5:15:d2:27:80:4a:c3:a1:7c:85:0b:a8:
         61:ca:0e:be:19:8d:ef:b1:f6:63:89:67:ab:64:12:1d:60:3c:
         4d:30:fc:86:f8:35:9e:25:5d:fb:ff:d6:9f:4e:2a:b7:c0:28:
         73:3a:90:e3:ef:8b:77:bd:c2:50:3b:2c:b1:a6:77:5c:d0:7a:
         c0:61:6d:67:a7:76:ac:86:d8:2c:81:dc:c8:60:8d:f1:0c:49:
         e9:5f:15:1c:9c:bd:04:ad:30:d3:85:a8:22:d0:46:8f:9c:af:
         e3:94:36:2f
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzC21ykmdB2quBHKb5/ylGRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdiYWI2YzExZDQxMTYyZGIwMzA2ODU4ZjgzZTVlNjUxMjEx
MzJhNmIwHhcNMjQwMTAxMDIzMDA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzODBhNjA5M2IwOTFjOWM0NjczZjhmMTQwMWRlOTNjOGY2NDM3YWFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhGxM1r07oSGW7z6YYy9HbKGLithe
xZ6k1Pxl9FhGxL3EQhMfgYdOgzhmadW9sCqZvMkTrnAG8hyufgDBZsbDmINW2RRE
StCrapVYakafdiRku20GOkbIm1u3Jh1oJ7XXgVuNg6D3MZ0lTpbsI5mEF5bYX1YP
bsPdx5pF+v14bvFvuXXfIfOMrCUsf2CcZJxCQDSewDTklZ1PSbAdlszPDCL/hUpH
rRz2s4Hw2oXzstlw5Acm6t6jUH/XPcC9RQNRl2LUEAwg86OsHo6+JxvPVVutBBoZ
n4hDwV76iEnxkZp3sABZIH5B70ar+gNg5Gkj6ljUgD7qopmzre4K+yC1QQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFDgKYJOwkcnEZz+PFAHek8j2Q3qtMB8GA1UdIwQY
MBaAFHurbBHUEWLbAwaFj4Pl5lEhEyprMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZTZ0c0VkUVJZdHNEQm9XUGctWG1VU0VUS21zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOS9kMzM0YWQtNTI0MC00ZGFhLWEwNTAt
OWY1YmY3MzY3MjBlLzEvT0FwZ2s3Q1J5Y1JuUDQ4VUFkNlR5UFpEZXEwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOS9kMzM0YWQtNTI0MC00ZGFhLWEwNTAtOWY1YmY3MzY3MjBl
LzEvZTZ0c0VkUVJZdHNEQm9XUGctWG1VU0VUS21zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgciwQBA
MA0GCSqGSIb3DQEBCwUAA4IBAQAi2x0sApTpviJQgBGNRsd40v9zKswgPDKtD/Gj
BfTRe6VLRYNhSYop0qHWUtg9Qv42w0/hP9XjFl5I0yL+D2JwBBjqRC8FmlAf4T3E
RKfHBJvvtlErR6+YbyquvnOLWneoOMRvKNnRM94vg20qMeERrGFZuJQ/hDtAIr0h
Q2mR2o9wKtx9xe+e1ef29cWsddi8/BU/VH7lFdIngErDoXyFC6hhyg6+GY3vsfZj
iWerZBIdYDxNMPyG+DWeJV37/9afTiq3wChzOpDj74t3vcJQOyyxpndc0HrAYW1n
p3ashtgsgdzIYI3xDEnpXxUcnL0ErTDThagi0EaPnK/jlDYv
-----END CERTIFICATE-----