Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/6e5dc3-c7fa-4d36-9095-c19232bda430/1/0FnhdMQCmf52NBJCNAWXUz8BWl8.roa
File:                     0FnhdMQCmf52NBJCNAWXUz8BWl8.roa (raw, json)
Hash identifier:          f0R+1bBJLq2FNJPVZF0gaiiuvvfA/FIuGkWttv2ZvMk=
Subject key identifier:   D0:59:E1:74:C4:02:99:FE:76:34:12:42:34:05:97:53:3F:01:5A:5F
Certificate issuer:       /CN=13b89b80186332d441bb0515c47261c5ffa0616b
Certificate serial:       018CC725B54F7783F50D1766701C4E2C08AB
Authority key identifier: 13:B8:9B:80:18:63:32:D4:41:BB:05:15:C4:72:61:C5:FF:A0:61:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/E7ibgBhjMtRBuwUVxHJhxf-gYWs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3a/6e5dc3-c7fa-4d36-9095-c19232bda430/1/0FnhdMQCmf52NBJCNAWXUz8BWl8.roa
Signing time:             Mon 01 Jan 2024 22:29:46 +0000
ROA not before:           Mon 01 Jan 2024 22:29:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39018
IP address blocks:        2a10:8f00::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3a/6e5dc3-c7fa-4d36-9095-c19232bda430/1/E7ibgBhjMtRBuwUVxHJhxf-gYWs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3a/6e5dc3-c7fa-4d36-9095-c19232bda430/1/E7ibgBhjMtRBuwUVxHJhxf-gYWs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/E7ibgBhjMtRBuwUVxHJhxf-gYWs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:25:b5:4f:77:83:f5:0d:17:66:70:1c:4e:2c:08:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=13b89b80186332d441bb0515c47261c5ffa0616b
        Validity
            Not Before: Jan  1 22:29:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d059e174c40299fe76341242340597533f015a5f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:ac:f6:af:75:2f:40:d4:60:02:63:6d:73:e9:
                    97:a0:4b:d5:75:d5:e4:94:cd:36:a8:81:cc:38:74:
                    52:5a:33:23:f2:1a:c6:03:9b:ba:ff:21:c6:83:f2:
                    6c:ef:52:4a:2e:87:f7:ae:ea:52:48:eb:80:41:f3:
                    1b:47:5b:e5:6a:28:81:70:28:6f:09:33:28:94:63:
                    03:9d:60:9c:b9:f6:fa:3b:e7:a9:22:44:74:21:d3:
                    ce:55:cf:ce:35:2d:d8:db:44:a2:5e:1c:ca:1b:cd:
                    62:d7:b2:ee:e1:99:4c:56:33:8c:02:5b:c9:d2:53:
                    58:86:18:0e:12:67:f2:6e:32:1d:2f:5c:2c:96:45:
                    92:94:76:7c:4e:f9:f1:e1:44:78:c0:9f:6b:46:1b:
                    50:61:e5:ac:73:f0:2d:21:72:2a:cf:4a:34:6b:4a:
                    d4:ff:04:97:9f:4b:53:81:97:4c:6b:22:5c:1b:59:
                    92:11:18:ff:5e:83:ab:24:a4:50:e7:96:3a:14:1f:
                    7d:6f:18:da:27:f7:9d:6d:ba:09:20:15:9e:d2:67:
                    a4:2c:27:e6:39:03:bd:9b:e4:1e:b0:c7:4d:35:68:
                    30:cf:22:3a:fe:ae:14:70:58:dc:d1:c1:96:c1:40:
                    86:23:18:6d:05:2c:69:40:30:f1:9c:60:84:43:5a:
                    75:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:59:E1:74:C4:02:99:FE:76:34:12:42:34:05:97:53:3F:01:5A:5F
            X509v3 Authority Key Identifier:
                keyid:13:B8:9B:80:18:63:32:D4:41:BB:05:15:C4:72:61:C5:FF:A0:61:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/E7ibgBhjMtRBuwUVxHJhxf-gYWs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/6e5dc3-c7fa-4d36-9095-c19232bda430/1/0FnhdMQCmf52NBJCNAWXUz8BWl8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/6e5dc3-c7fa-4d36-9095-c19232bda430/1/E7ibgBhjMtRBuwUVxHJhxf-gYWs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:8f00::/29

    Signature Algorithm: sha256WithRSAEncryption
         6d:1f:fc:aa:23:49:09:a0:da:1e:df:00:6c:41:8d:0e:33:31:
         99:02:a8:30:e0:a6:98:45:83:13:11:75:d3:99:a9:31:3a:2b:
         df:1c:58:b7:04:b7:cf:1e:38:80:c5:b1:14:c2:8c:8f:ff:45:
         4f:a5:3d:67:e4:02:11:a2:34:60:68:9c:e2:b4:0c:5b:81:f9:
         3e:45:42:62:da:d0:16:35:86:31:16:cc:83:1f:ea:49:84:46:
         e0:51:0a:a6:4f:22:32:7c:db:ff:48:06:b4:8a:ba:33:a4:a0:
         64:13:7e:b2:f9:ce:f9:e8:27:a2:d4:bd:98:ca:9c:86:64:35:
         11:1a:a3:05:9a:06:f0:d3:50:e5:9d:19:36:4e:91:ca:73:82:
         c1:d9:46:b6:7c:10:93:b4:80:71:2c:55:1e:19:4e:ff:de:27:
         e1:ab:47:76:c1:11:5d:c5:ee:c0:14:fa:5c:74:9a:ad:45:f9:
         e5:85:fc:14:d1:f3:56:08:b1:a9:f6:b5:d4:2c:56:08:7f:8b:
         c4:e2:51:cf:cb:a8:c5:86:f4:a6:e8:ca:c2:75:27:46:8c:fd:
         34:23:b2:51:55:57:70:ae:da:4c:37:53:f5:d8:67:e5:83:74:
         1f:1f:81:42:09:1d:fb:f9:62:e4:f9:11:cd:aa:8d:7e:3c:f6:
         ed:f6:ff:b2
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzHJbVPd4P1DRdmcBxOLAirMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEzYjg5YjgwMTg2MzMyZDQ0MWJiMDUxNWM0NzI2MWM1ZmZh
MDYxNmIwHhcNMjQwMTAxMjIyOTQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMDU5ZTE3NGM0MDI5OWZlNzYzNDEyNDIzNDA1OTc1MzNmMDE1YTVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp6z2r3UvQNRgAmNtc+mXoEvVddXk
lM02qIHMOHRSWjMj8hrGA5u6/yHGg/Js71JKLof3rupSSOuAQfMbR1vlaiiBcChv
CTMolGMDnWCcufb6O+epIkR0IdPOVc/ONS3Y20SiXhzKG81i17Lu4ZlMVjOMAlvJ
0lNYhhgOEmfybjIdL1wslkWSlHZ8Tvnx4UR4wJ9rRhtQYeWsc/AtIXIqz0o0a0rU
/wSXn0tTgZdMayJcG1mSERj/XoOrJKRQ55Y6FB99bxjaJ/edbboJIBWe0mekLCfm
OQO9m+QesMdNNWgwzyI6/q4UcFjc0cGWwUCGIxhtBSxpQDDxnGCEQ1p1LwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFNBZ4XTEApn+djQSQjQFl1M/AVpfMB8GA1UdIwQY
MBaAFBO4m4AYYzLUQbsFFcRyYcX/oGFrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRTdpYmdCaGpNdFJCdXdVVnhISmh4Zi1nWVdzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS82ZTVkYzMtYzdmYS00ZDM2LTkwOTUt
YzE5MjMyYmRhNDMwLzEvMEZuaGRNUUNtZjUyTkJKQ05BV1hVejhCV2w4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS82ZTVkYzMtYzdmYS00ZDM2LTkwOTUtYzE5MjMyYmRhNDMw
LzEvRTdpYmdCaGpNdFJCdXdVVnhISmh4Zi1nWVdzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhCPADAN
BgkqhkiG9w0BAQsFAAOCAQEAbR/8qiNJCaDaHt8AbEGNDjMxmQKoMOCmmEWDExF1
05mpMTor3xxYtwS3zx44gMWxFMKMj/9FT6U9Z+QCEaI0YGic4rQMW4H5PkVCYtrQ
FjWGMRbMgx/qSYRG4FEKpk8iMnzb/0gGtIq6M6SgZBN+svnO+egnotS9mMqchmQ1
ERqjBZoG8NNQ5Z0ZNk6RynOCwdlGtnwQk7SAcSxVHhlO/94n4atHdsERXcXuwBT6
XHSarUX55YX8FNHzVgixqfa11CxWCH+LxOJRz8uoxYb0pujKwnUnRoz9NCOyUVVX
cK7aTDdT9dhn5YN0Hx+BQgkd+/li5PkRzaqNfjz27fb/sg==
-----END CERTIFICATE-----