Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/41/59a3aa-4eae-44e7-acc1-6f16834bc847/1/Tu5TqC42hO3kggQ8OrI3auCi4C4.roa
File:                     Tu5TqC42hO3kggQ8OrI3auCi4C4.roa (raw, json)
Hash identifier:          XXi2Fzfz3lcomm+MEQn/oRQ0G1SC9ruC+gcSiytHUB8=
Subject key identifier:   4E:EE:53:A8:2E:36:84:ED:E4:82:04:3C:3A:B2:37:6A:E0:A2:E0:2E
Certificate issuer:       /CN=7803558ea6e5165b3876097af75bf1e92a142cf2
Certificate serial:       018F05BC29B345FDE1947BF5D319CAB90C6A
Authority key identifier: 78:03:55:8E:A6:E5:16:5B:38:76:09:7A:F7:5B:F1:E9:2A:14:2C:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eANVjqblFls4dgl691vx6SoULPI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/41/59a3aa-4eae-44e7-acc1-6f16834bc847/1/Tu5TqC42hO3kggQ8OrI3auCi4C4.roa
Signing time:             Mon 22 Apr 2024 12:16:08 +0000
ROA not before:           Mon 22 Apr 2024 12:16:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35196
IP address blocks:        2a0d:cdc5::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/41/59a3aa-4eae-44e7-acc1-6f16834bc847/1/eANVjqblFls4dgl691vx6SoULPI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/41/59a3aa-4eae-44e7-acc1-6f16834bc847/1/eANVjqblFls4dgl691vx6SoULPI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eANVjqblFls4dgl691vx6SoULPI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 19:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:05:bc:29:b3:45:fd:e1:94:7b:f5:d3:19:ca:b9:0c:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7803558ea6e5165b3876097af75bf1e92a142cf2
        Validity
            Not Before: Apr 22 12:16:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4eee53a82e3684ede482043c3ab2376ae0a2e02e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:53:9c:79:83:63:aa:12:ae:2e:33:c0:69:5b:
                    d1:6a:06:31:9e:01:2c:df:d1:ac:35:36:17:56:7c:
                    40:0b:9f:d2:f6:b5:25:15:db:0a:d3:bb:18:22:29:
                    d5:12:5c:45:33:61:f8:23:af:35:16:ba:da:9e:a1:
                    be:fa:9e:f7:3a:66:42:30:2d:24:71:cb:58:f1:db:
                    b6:96:a8:05:6b:01:4e:38:b3:f1:87:62:7e:9f:9f:
                    63:bb:e0:ba:ee:aa:e4:38:36:5f:22:6a:27:57:7d:
                    4c:d2:fa:d8:05:13:52:c4:12:56:d3:14:32:3a:d7:
                    c1:af:7f:d4:1e:8d:57:3e:76:50:2d:1f:af:34:b0:
                    94:82:97:d6:af:90:f9:8d:7c:c6:07:9a:25:3f:2c:
                    27:41:a1:d9:bb:4e:fa:ff:86:84:e1:02:3a:4f:9c:
                    cc:3d:2f:1e:bd:be:cb:7f:ad:1d:65:f6:1a:e6:3b:
                    e2:bb:c0:31:20:8f:4d:db:0e:b8:70:d2:0c:d7:40:
                    0d:1b:2f:f7:67:6a:dd:31:33:24:da:9d:c8:c7:fb:
                    0b:60:5f:ea:9e:d8:ae:a2:76:73:49:a0:d2:f2:e7:
                    42:74:ba:47:cf:ff:3c:fd:d6:29:fa:53:a7:21:20:
                    2c:f7:3b:ca:a9:12:21:2f:fc:e4:a5:21:da:dd:b9:
                    8f:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:EE:53:A8:2E:36:84:ED:E4:82:04:3C:3A:B2:37:6A:E0:A2:E0:2E
            X509v3 Authority Key Identifier:
                keyid:78:03:55:8E:A6:E5:16:5B:38:76:09:7A:F7:5B:F1:E9:2A:14:2C:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eANVjqblFls4dgl691vx6SoULPI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/41/59a3aa-4eae-44e7-acc1-6f16834bc847/1/Tu5TqC42hO3kggQ8OrI3auCi4C4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/41/59a3aa-4eae-44e7-acc1-6f16834bc847/1/eANVjqblFls4dgl691vx6SoULPI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0d:cdc5::/32

    Signature Algorithm: sha256WithRSAEncryption
         3e:a3:20:06:e8:41:ae:d1:54:7d:7c:18:9b:88:25:61:21:6c:
         9e:64:16:32:4f:8a:31:ce:ec:da:24:5f:57:3e:59:41:dd:31:
         e2:63:05:1a:66:01:25:b1:aa:56:6a:54:1a:3f:66:03:b2:c4:
         47:c9:10:98:d6:0d:f3:b3:3f:35:ce:ee:3f:25:1b:60:d6:d2:
         ca:df:0f:76:52:fa:66:6c:fb:ed:59:19:91:41:15:1f:61:23:
         af:92:6c:32:f4:db:e6:20:bf:c1:c0:b5:0d:78:32:96:5e:d7:
         6c:d4:00:00:ee:80:aa:18:48:0f:53:c2:9d:17:c7:ff:6e:c0:
         e4:b4:ac:47:2a:6e:90:41:32:7b:57:e5:6e:28:75:d4:69:83:
         f3:d9:7d:1a:24:d2:51:82:ec:09:bc:0b:fa:d7:9e:2a:f6:9d:
         4c:81:cd:22:8a:cd:72:87:ae:bb:5e:b3:34:1e:77:20:73:46:
         92:53:37:5f:72:f8:4d:24:27:17:66:28:54:af:e8:65:37:81:
         48:af:ee:9f:88:f8:80:1a:e6:75:41:d2:ed:c8:b3:0a:b2:bd:
         52:f9:92:3f:0f:85:92:5f:6f:10:6f:0e:31:93:39:81:7d:ae:
         d5:34:b7:15:5f:40:43:ca:55:60:3b:1b:72:5e:50:d6:76:8e:
         e1:b8:e0:ca
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAY8FvCmzRf3hlHv10xnKuQxqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc4MDM1NThlYTZlNTE2NWIzODc2MDk3YWY3NWJmMWU5MmEx
NDJjZjIwHhcNMjQwNDIyMTIxNjA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZWVlNTNhODJlMzY4NGVkZTQ4MjA0M2MzYWIyMzc2YWUwYTJlMDJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArFOceYNjqhKuLjPAaVvRagYxngEs
39GsNTYXVnxAC5/S9rUlFdsK07sYIinVElxFM2H4I681FrranqG++p73OmZCMC0k
cctY8du2lqgFawFOOLPxh2J+n59ju+C67qrkODZfImonV31M0vrYBRNSxBJW0xQy
OtfBr3/UHo1XPnZQLR+vNLCUgpfWr5D5jXzGB5olPywnQaHZu076/4aE4QI6T5zM
PS8evb7Lf60dZfYa5jviu8AxII9N2w64cNIM10ANGy/3Z2rdMTMk2p3Ix/sLYF/q
ntiuonZzSaDS8udCdLpHz/88/dYp+lOnISAs9zvKqRIhL/zkpSHa3bmPhQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFE7uU6guNoTt5IIEPDqyN2rgouAuMB8GA1UdIwQY
MBaAFHgDVY6m5RZbOHYJevdb8ekqFCzyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZUFOVmpxYmxGbHM0ZGdsNjkxdng2U29VTFBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MS81OWEzYWEtNGVhZS00NGU3LWFjYzEt
NmYxNjgzNGJjODQ3LzEvVHU1VHFDNDJoTzNrZ2dROE9ySTNhdUNpNEM0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MS81OWEzYWEtNGVhZS00NGU3LWFjYzEtNmYxNjgzNGJjODQ3
LzEvZUFOVmpxYmxGbHM0ZGdsNjkxdng2U29VTFBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKg3NxTAN
BgkqhkiG9w0BAQsFAAOCAQEAPqMgBuhBrtFUfXwYm4glYSFsnmQWMk+KMc7s2iRf
Vz5ZQd0x4mMFGmYBJbGqVmpUGj9mA7LER8kQmNYN87M/Nc7uPyUbYNbSyt8PdlL6
Zmz77VkZkUEVH2Ejr5JsMvTb5iC/wcC1DXgyll7XbNQAAO6AqhhID1PCnRfH/27A
5LSsRypukEEye1flbih11GmD89l9GiTSUYLsCbwL+teeKvadTIHNIorNcoeuu16z
NB53IHNGklM3X3L4TSQnF2YoVK/oZTeBSK/un4j4gBrmdUHS7cizCrK9UvmSPw+F
kl9vEG8OMZM5gX2u1TS3FV9AQ8pVYDsbcl5Q1naO4bjgyg==
-----END CERTIFICATE-----