Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3c/9c8e59-afdf-42a6-80d7-8a9667d762a5/1/ogfXLD3UkHw1q-S8gM-Ur0mHMJU.roa
File:                     ogfXLD3UkHw1q-S8gM-Ur0mHMJU.roa (raw, json)
Hash identifier:          nDm1vKENPmQQeXks4hl0qeJnOiHNLO2b6G2a+dSyFUw=
Subject key identifier:   A2:07:D7:2C:3D:D4:90:7C:35:AB:E4:BC:80:CF:94:AF:49:87:30:95
Certificate issuer:       /CN=ae4ad2d4b0b7330e4a9b5afa11a6198fcb651bf7
Certificate serial:       018D31EC14E97A3EB13010FACCF880F5145F
Authority key identifier: AE:4A:D2:D4:B0:B7:33:0E:4A:9B:5A:FA:11:A6:19:8F:CB:65:1B:F7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rkrS1LC3Mw5Km1r6EaYZj8tlG_c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3c/9c8e59-afdf-42a6-80d7-8a9667d762a5/1/ogfXLD3UkHw1q-S8gM-Ur0mHMJU.roa
Signing time:             Mon 22 Jan 2024 16:06:11 +0000
ROA not before:           Mon 22 Jan 2024 16:06:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212165
IP address blocks:        2a05:8e80::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3c/9c8e59-afdf-42a6-80d7-8a9667d762a5/1/rkrS1LC3Mw5Km1r6EaYZj8tlG_c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3c/9c8e59-afdf-42a6-80d7-8a9667d762a5/1/rkrS1LC3Mw5Km1r6EaYZj8tlG_c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rkrS1LC3Mw5Km1r6EaYZj8tlG_c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Jun 2024 13:01:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:31:ec:14:e9:7a:3e:b1:30:10:fa:cc:f8:80:f5:14:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ae4ad2d4b0b7330e4a9b5afa11a6198fcb651bf7
        Validity
            Not Before: Jan 22 16:06:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a207d72c3dd4907c35abe4bc80cf94af49873095
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:6d:80:5a:d3:d2:8d:ed:3e:f7:62:58:f6:b9:
                    72:ae:a4:5d:43:e9:a8:9c:38:30:4f:da:58:92:4e:
                    4d:7b:66:84:5f:8a:02:69:70:94:dc:f8:cb:25:3a:
                    e2:3f:92:7e:ab:57:55:7a:77:1f:bd:29:68:71:66:
                    5b:51:80:65:70:42:4b:4e:31:42:cf:55:15:c6:9f:
                    21:15:48:c1:40:d7:ab:25:88:7c:8c:7b:6d:81:ca:
                    d8:95:aa:57:6e:83:8a:ac:f5:c7:e7:eb:db:f2:14:
                    e3:b2:35:86:fc:b7:46:38:ca:86:8a:6b:e0:79:cf:
                    d8:ae:b7:b2:8a:9f:f5:ed:06:22:80:5e:a0:30:97:
                    f6:dc:5f:4f:95:0e:bb:c3:f6:e1:96:6f:a0:15:3b:
                    e8:5a:fc:2f:79:ea:7b:a7:b5:43:3f:e2:4c:3f:57:
                    f3:32:ba:05:ad:d8:b7:11:ff:7c:5d:0d:2e:69:19:
                    e2:de:45:64:af:89:59:91:5d:0c:f1:8e:1c:88:fb:
                    89:2b:98:b4:46:c3:76:17:58:e4:8a:da:c8:35:e2:
                    b6:28:9f:03:47:4e:52:8f:c5:70:8c:1e:f8:26:02:
                    3b:77:64:5e:87:27:41:00:37:6f:a5:c4:af:6a:08:
                    35:fc:b0:7d:eb:d3:ac:11:d1:a6:38:63:9e:e1:8e:
                    5f:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:07:D7:2C:3D:D4:90:7C:35:AB:E4:BC:80:CF:94:AF:49:87:30:95
            X509v3 Authority Key Identifier:
                keyid:AE:4A:D2:D4:B0:B7:33:0E:4A:9B:5A:FA:11:A6:19:8F:CB:65:1B:F7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rkrS1LC3Mw5Km1r6EaYZj8tlG_c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/9c8e59-afdf-42a6-80d7-8a9667d762a5/1/ogfXLD3UkHw1q-S8gM-Ur0mHMJU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/9c8e59-afdf-42a6-80d7-8a9667d762a5/1/rkrS1LC3Mw5Km1r6EaYZj8tlG_c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:8e80::/29

    Signature Algorithm: sha256WithRSAEncryption
         45:e1:1f:89:a5:55:d1:ea:dc:cf:8c:1f:9f:5c:99:c4:2f:6d:
         e3:38:29:ac:5d:38:78:1c:d1:74:6d:6b:66:c4:99:83:c8:1e:
         86:39:63:12:5f:4b:ba:c0:58:30:6a:dc:ce:a6:b7:f9:22:ea:
         1f:d1:b2:75:8d:ce:6b:44:a4:40:ef:c8:d1:89:39:bd:1b:42:
         0f:92:bc:0e:3a:2e:fc:82:64:33:61:c5:e6:e4:83:f6:40:30:
         ec:a7:bb:be:f2:51:b2:ee:65:91:31:ee:ea:77:b6:1a:64:ac:
         b5:1a:cc:eb:1b:23:1f:2d:b9:2a:98:8c:22:60:a7:58:cd:b8:
         ba:6c:4a:a6:34:63:44:25:55:03:dc:0f:74:2e:9e:cc:c9:73:
         39:f6:cb:78:d6:d2:46:a2:3e:c3:87:97:dc:d5:bb:47:4f:11:
         d3:1a:1a:32:2c:fb:68:50:c8:5c:02:9b:97:92:36:cd:fc:44:
         f6:94:70:bb:f5:5e:2a:11:d3:90:bf:7b:fa:b6:e8:f1:1d:80:
         90:d4:0b:eb:81:5a:07:54:25:f0:e9:94:ed:c2:36:b5:28:11:
         7b:dc:b6:8c:69:de:54:84:57:d2:78:d5:93:82:8d:89:80:0f:
         42:6f:11:31:05:55:2f:10:b9:8f:fb:4c:37:97:b1:8d:d2:1c:
         0b:fd:27:b0
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAY0x7BTpej6xMBD6zPiA9RRfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFlNGFkMmQ0YjBiNzMzMGU0YTliNWFmYTExYTYxOThmY2I2
NTFiZjcwHhcNMjQwMTIyMTYwNjExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMjA3ZDcyYzNkZDQ5MDdjMzVhYmU0YmM4MGNmOTRhZjQ5ODczMDk1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAim2AWtPSje0+92JY9rlyrqRdQ+mo
nDgwT9pYkk5Ne2aEX4oCaXCU3PjLJTriP5J+q1dVencfvSlocWZbUYBlcEJLTjFC
z1UVxp8hFUjBQNerJYh8jHttgcrYlapXboOKrPXH5+vb8hTjsjWG/LdGOMqGimvg
ec/Yrreyip/17QYigF6gMJf23F9PlQ67w/bhlm+gFTvoWvwveep7p7VDP+JMP1fz
MroFrdi3Ef98XQ0uaRni3kVkr4lZkV0M8Y4ciPuJK5i0RsN2F1jkitrINeK2KJ8D
R05Sj8VwjB74JgI7d2RehydBADdvpcSvagg1/LB969OsEdGmOGOe4Y5fawIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFKIH1yw91JB8NavkvIDPlK9JhzCVMB8GA1UdIwQY
MBaAFK5K0tSwtzMOSpta+hGmGY/LZRv3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcmtyUzFMQzNNdzVLbTFyNkVhWVpqOHRsR19jLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYy85YzhlNTktYWZkZi00MmE2LTgwZDct
OGE5NjY3ZDc2MmE1LzEvb2dmWExEM1VrSHcxcS1TOGdNLVVyMG1ITUpVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYy85YzhlNTktYWZkZi00MmE2LTgwZDctOGE5NjY3ZDc2MmE1
LzEvcmtyUzFMQzNNdzVLbTFyNkVhWVpqOHRsR19jLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKgWOgDAN
BgkqhkiG9w0BAQsFAAOCAQEAReEfiaVV0ercz4wfn1yZxC9t4zgprF04eBzRdG1r
ZsSZg8gehjljEl9LusBYMGrczqa3+SLqH9GydY3Oa0SkQO/I0Yk5vRtCD5K8Djou
/IJkM2HF5uSD9kAw7Ke7vvJRsu5lkTHu6ne2GmSstRrM6xsjHy25KpiMImCnWM24
umxKpjRjRCVVA9wPdC6ezMlzOfbLeNbSRqI+w4eX3NW7R08R0xoaMiz7aFDIXAKb
l5I2zfxE9pRwu/VeKhHTkL97+rbo8R2AkNQL64FaB1Ql8OmU7cI2tSgRe9y2jGne
VIRX0njVk4KNiYAPQm8RMQVVLxC5j/tMN5exjdIcC/0nsA==
-----END CERTIFICATE-----