Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/41/59a3aa-4eae-44e7-acc1-6f16834bc847/1/HF2WXZ3YZVlvJ0E_hJPC_2D1w9I.roa
File:                     HF2WXZ3YZVlvJ0E_hJPC_2D1w9I.roa (raw, json)
Hash identifier:          xYvwJZC5J5afWLKHjBTM3p8CSMwBCPk1TUlvrDlb5Ww=
Subject key identifier:   1C:5D:96:5D:9D:D8:65:59:6F:27:41:3F:84:93:C2:FF:60:F5:C3:D2
Certificate issuer:       /CN=7803558ea6e5165b3876097af75bf1e92a142cf2
Certificate serial:       01935321E31883A4E8CC9453502826DDB7DF
Authority key identifier: 78:03:55:8E:A6:E5:16:5B:38:76:09:7A:F7:5B:F1:E9:2A:14:2C:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eANVjqblFls4dgl691vx6SoULPI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/41/59a3aa-4eae-44e7-acc1-6f16834bc847/1/HF2WXZ3YZVlvJ0E_hJPC_2D1w9I.roa
Signing time:             Fri 22 Nov 2024 09:09:09 +0000
ROA not before:           Fri 22 Nov 2024 09:09:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209641
IP address blocks:        2a0e:eec3::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/41/59a3aa-4eae-44e7-acc1-6f16834bc847/1/eANVjqblFls4dgl691vx6SoULPI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/41/59a3aa-4eae-44e7-acc1-6f16834bc847/1/eANVjqblFls4dgl691vx6SoULPI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eANVjqblFls4dgl691vx6SoULPI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:53:21:e3:18:83:a4:e8:cc:94:53:50:28:26:dd:b7:df
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7803558ea6e5165b3876097af75bf1e92a142cf2
        Validity
            Not Before: Nov 22 09:09:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1c5d965d9dd865596f27413f8493c2ff60f5c3d2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:74:00:c5:df:82:93:96:4d:88:5f:0d:51:ac:
                    8c:4f:11:20:16:6d:36:60:d2:46:56:6e:d0:42:6a:
                    45:b4:fa:10:9d:5a:9d:ce:b6:fe:76:ad:0f:e4:fc:
                    c1:15:ed:42:30:45:d5:15:b4:9e:b8:9d:25:5a:ac:
                    07:12:e6:31:49:54:04:77:88:ca:20:a2:1c:cc:37:
                    a8:87:0e:d7:d7:5b:2d:bb:e0:d1:25:76:69:a3:c6:
                    67:74:5d:06:cd:33:c3:3d:78:5e:e4:fc:f2:ad:0d:
                    30:fd:02:6e:a0:61:16:74:19:be:ec:6a:59:2e:5e:
                    ea:32:3f:7d:f6:4a:fa:a9:96:e6:7a:20:51:9b:2e:
                    40:cc:93:71:f8:e5:36:f2:9f:ce:f4:55:05:b0:91:
                    fd:fc:e3:52:5f:af:2d:50:1f:6b:8f:b9:78:f1:25:
                    1c:5b:53:47:45:02:4f:ff:e7:a5:65:c5:45:b8:5d:
                    c1:e0:ad:87:93:15:ae:48:94:d9:03:19:fb:4e:f0:
                    b2:a4:fe:c0:1c:50:83:26:e1:ca:bb:7d:6e:de:95:
                    6f:73:7a:c6:02:73:62:68:78:fc:44:c3:dd:f7:39:
                    b9:b3:dd:72:68:61:42:ff:ed:a8:74:ce:94:ba:38:
                    54:9e:3e:ca:d1:a7:78:bf:9a:d7:3b:eb:61:69:b8:
                    11:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:5D:96:5D:9D:D8:65:59:6F:27:41:3F:84:93:C2:FF:60:F5:C3:D2
            X509v3 Authority Key Identifier:
                keyid:78:03:55:8E:A6:E5:16:5B:38:76:09:7A:F7:5B:F1:E9:2A:14:2C:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eANVjqblFls4dgl691vx6SoULPI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/41/59a3aa-4eae-44e7-acc1-6f16834bc847/1/HF2WXZ3YZVlvJ0E_hJPC_2D1w9I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/41/59a3aa-4eae-44e7-acc1-6f16834bc847/1/eANVjqblFls4dgl691vx6SoULPI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:eec3::/32

    Signature Algorithm: sha256WithRSAEncryption
         11:65:c1:d0:a0:12:c0:6d:b2:3b:ce:09:eb:7e:71:a2:ca:8d:
         63:c5:03:33:97:86:83:c5:65:e5:03:02:d7:21:09:f2:ec:34:
         de:57:83:7f:45:b8:31:46:89:e1:3a:35:bc:9b:be:8a:b2:cd:
         42:8f:c3:dc:40:8d:c8:ed:93:98:9d:4e:01:59:da:aa:ed:4f:
         8e:d8:7d:ee:30:c4:50:59:a7:1c:27:0f:4b:ac:3a:90:2b:e1:
         fa:91:26:e7:11:e9:91:6a:45:c4:fd:a6:53:c7:ba:fe:81:09:
         4f:a7:1c:b9:98:e0:c3:ca:88:1e:a5:9a:cc:7b:3e:c3:9b:42:
         70:1a:fe:90:8a:39:d4:24:2e:ab:63:e1:1a:4d:34:a6:4c:df:
         ef:40:cd:da:cd:10:d4:c8:08:85:93:ea:be:14:4e:7f:f2:d7:
         26:82:99:c5:b4:45:f8:08:9b:4d:d7:d1:96:6f:44:dd:df:c6:
         d0:29:af:f4:f4:91:d2:16:3a:ed:d3:87:61:b5:d4:e8:8b:5d:
         93:04:0d:35:bb:1b:54:54:7a:6d:22:65:72:4d:ee:5a:06:b5:
         19:c9:5b:b1:af:88:32:8a:1d:44:58:3d:9e:d7:65:7e:d1:00:
         84:16:45:c9:9e:b6:3f:a3:9f:87:83:3a:18:56:be:d5:80:19:
         d0:76:1f:0f
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZNTIeMYg6TozJRTUCgm3bffMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc4MDM1NThlYTZlNTE2NWIzODc2MDk3YWY3NWJmMWU5MmEx
NDJjZjIwHhcNMjQxMTIyMDkwOTA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYzVkOTY1ZDlkZDg2NTU5NmYyNzQxM2Y4NDkzYzJmZjYwZjVjM2QyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArHQAxd+Ck5ZNiF8NUayMTxEgFm02
YNJGVm7QQmpFtPoQnVqdzrb+dq0P5PzBFe1CMEXVFbSeuJ0lWqwHEuYxSVQEd4jK
IKIczDeohw7X11stu+DRJXZpo8ZndF0GzTPDPXhe5PzyrQ0w/QJuoGEWdBm+7GpZ
Ll7qMj999kr6qZbmeiBRmy5AzJNx+OU28p/O9FUFsJH9/ONSX68tUB9rj7l48SUc
W1NHRQJP/+elZcVFuF3B4K2HkxWuSJTZAxn7TvCypP7AHFCDJuHKu31u3pVvc3rG
AnNiaHj8RMPd9zm5s91yaGFC/+2odM6UujhUnj7K0ad4v5rXO+thabgRLwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFBxdll2d2GVZbydBP4STwv9g9cPSMB8GA1UdIwQY
MBaAFHgDVY6m5RZbOHYJevdb8ekqFCzyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZUFOVmpxYmxGbHM0ZGdsNjkxdng2U29VTFBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MS81OWEzYWEtNGVhZS00NGU3LWFjYzEt
NmYxNjgzNGJjODQ3LzEvSEYyV1haM1laVmx2SjBFX2hKUENfMkQxdzlJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MS81OWEzYWEtNGVhZS00NGU3LWFjYzEtNmYxNjgzNGJjODQ3
LzEvZUFOVmpxYmxGbHM0ZGdsNjkxdng2U29VTFBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKg7uwzAN
BgkqhkiG9w0BAQsFAAOCAQEAEWXB0KASwG2yO84J635xosqNY8UDM5eGg8Vl5QMC
1yEJ8uw03leDf0W4MUaJ4To1vJu+irLNQo/D3ECNyO2TmJ1OAVnaqu1Pjth97jDE
UFmnHCcPS6w6kCvh+pEm5xHpkWpFxP2mU8e6/oEJT6ccuZjgw8qIHqWazHs+w5tC
cBr+kIo51CQuq2PhGk00pkzf70DN2s0Q1MgIhZPqvhROf/LXJoKZxbRF+AibTdfR
lm9E3d/G0Cmv9PSR0hY67dOHYbXU6ItdkwQNNbsbVFR6bSJlck3uWga1Gclbsa+I
MoodRFg9ntdlftEAhBZFyZ62P6Ofh4M6GFa+1YAZ0HYfDw==
-----END CERTIFICATE-----