Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/41/9ac86a-85ed-4a1c-873f-752905330392/1/RSJBjBmO9Kr1UGIe5sqfNcwfS8Q.roa
File:                     RSJBjBmO9Kr1UGIe5sqfNcwfS8Q.roa (raw, json)
Hash identifier:          6koalnlBDziJat0fB6x1TUMqvsqUAkFYn813uHyi2KM=
Subject key identifier:   45:22:41:8C:19:8E:F4:AA:F5:50:62:1E:E6:CA:9F:35:CC:1F:4B:C4
Certificate issuer:       /CN=1983604f083e58c3cd19d39480baaadf38a19b63
Certificate serial:       018CC8015DCCA87D74A035F7C610ECA9C89B
Authority key identifier: 19:83:60:4F:08:3E:58:C3:CD:19:D3:94:80:BA:AA:DF:38:A1:9B:63
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GYNgTwg-WMPNGdOUgLqq3zihm2M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/41/9ac86a-85ed-4a1c-873f-752905330392/1/RSJBjBmO9Kr1UGIe5sqfNcwfS8Q.roa
Signing time:             Tue 02 Jan 2024 02:29:41 +0000
ROA not before:           Tue 02 Jan 2024 02:29:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     21263
IP address blocks:        2a0d:9600::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/41/9ac86a-85ed-4a1c-873f-752905330392/1/GYNgTwg-WMPNGdOUgLqq3zihm2M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/41/9ac86a-85ed-4a1c-873f-752905330392/1/GYNgTwg-WMPNGdOUgLqq3zihm2M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GYNgTwg-WMPNGdOUgLqq3zihm2M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 28 Sep 2024 22:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:5d:cc:a8:7d:74:a0:35:f7:c6:10:ec:a9:c8:9b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1983604f083e58c3cd19d39480baaadf38a19b63
        Validity
            Not Before: Jan  2 02:29:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4522418c198ef4aaf550621ee6ca9f35cc1f4bc4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:cc:e7:7f:7e:a2:35:43:51:21:3e:3e:3a:03:
                    f7:57:47:ae:b6:f1:80:88:d6:c0:cc:e5:0a:39:c4:
                    83:62:76:be:75:d8:07:39:a5:c2:9a:25:e1:0f:aa:
                    0e:2b:29:dd:55:1d:10:bc:8e:81:81:da:b8:1f:ee:
                    20:e2:16:ef:91:75:f0:a2:6a:1b:e3:a8:30:ff:a0:
                    66:58:7a:30:cb:dc:7a:12:be:0e:d2:38:81:96:02:
                    3c:30:10:33:c6:a4:bf:0c:62:d3:dc:d3:6c:50:14:
                    42:0e:9a:5e:d1:20:62:f8:10:be:9e:5b:d9:61:75:
                    ca:21:a0:2c:d0:12:d8:6e:43:25:d7:20:33:9d:c2:
                    ad:9a:f6:8f:f8:34:3c:45:55:13:f9:b0:28:47:49:
                    8d:d3:57:f4:df:3c:55:7d:77:f4:d7:7d:7d:45:9e:
                    a9:38:6e:48:4e:27:e0:dd:9b:23:00:d7:24:5e:4a:
                    8a:ae:20:d0:5d:ec:c3:c0:5b:69:19:51:a8:0e:df:
                    54:a2:7d:90:2c:e7:0f:6b:63:3e:27:c9:65:e4:19:
                    39:cb:77:e4:f7:01:39:45:93:0b:f4:08:d5:8c:0d:
                    d6:dd:7e:5e:72:3f:c1:24:2c:15:a2:53:ed:4d:50:
                    50:14:4c:93:2e:cb:ae:4d:b0:98:53:58:79:86:87:
                    41:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:22:41:8C:19:8E:F4:AA:F5:50:62:1E:E6:CA:9F:35:CC:1F:4B:C4
            X509v3 Authority Key Identifier:
                keyid:19:83:60:4F:08:3E:58:C3:CD:19:D3:94:80:BA:AA:DF:38:A1:9B:63

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GYNgTwg-WMPNGdOUgLqq3zihm2M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/41/9ac86a-85ed-4a1c-873f-752905330392/1/RSJBjBmO9Kr1UGIe5sqfNcwfS8Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/41/9ac86a-85ed-4a1c-873f-752905330392/1/GYNgTwg-WMPNGdOUgLqq3zihm2M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0d:9600::/29

    Signature Algorithm: sha256WithRSAEncryption
         94:5e:53:ff:96:83:a1:f7:9b:88:c0:2b:89:84:59:d2:15:ec:
         a2:06:e5:7a:36:f5:3c:b9:e7:96:8b:53:e8:f4:28:9e:60:d5:
         66:9f:30:0b:5f:77:79:48:4e:1f:2e:87:46:55:9c:ae:00:33:
         39:dc:49:b0:91:8c:f0:86:ef:47:d2:d9:c9:3e:19:91:5f:eb:
         f1:66:cc:73:2a:0e:50:93:46:03:32:a1:c2:a9:0a:4d:a7:04:
         a9:87:fc:7c:ea:d8:22:8c:54:24:22:c9:cf:e8:e0:0d:7c:d3:
         af:5c:5e:f3:de:50:ef:2b:5c:78:ec:ef:cc:fb:e7:6a:14:35:
         65:d2:05:f1:fe:ff:44:c7:ae:6e:b6:f1:3b:5f:9f:4d:a5:fc:
         b3:46:bd:c6:72:70:9d:8e:21:bd:60:d4:4f:82:da:27:80:b3:
         99:76:02:73:9b:c0:11:b3:a1:14:25:03:d7:2c:53:a3:ac:d2:
         5d:a3:e7:42:30:fc:5e:8d:33:56:ad:8a:0f:2c:cd:5d:91:56:
         2d:00:ed:26:20:db:53:c9:82:a7:f6:a4:ac:8d:d2:be:a2:40:
         b4:d5:6b:7e:d0:3e:e0:df:60:cc:9d:d2:b7:74:73:3d:fe:55:
         da:55:b3:cc:65:b3:99:b6:d4:56:c2:19:36:90:eb:f3:a4:e2:
         30:61:76:b9
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzIAV3MqH10oDX3xhDsqcibMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE5ODM2MDRmMDgzZTU4YzNjZDE5ZDM5NDgwYmFhYWRmMzhh
MTliNjMwHhcNMjQwMTAyMDIyOTQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NTIyNDE4YzE5OGVmNGFhZjU1MDYyMWVlNmNhOWYzNWNjMWY0YmM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxcznf36iNUNRIT4+OgP3V0eutvGA
iNbAzOUKOcSDYna+ddgHOaXCmiXhD6oOKyndVR0QvI6Bgdq4H+4g4hbvkXXwomob
46gw/6BmWHowy9x6Er4O0jiBlgI8MBAzxqS/DGLT3NNsUBRCDppe0SBi+BC+nlvZ
YXXKIaAs0BLYbkMl1yAzncKtmvaP+DQ8RVUT+bAoR0mN01f03zxVfXf01319RZ6p
OG5ITifg3ZsjANckXkqKriDQXezDwFtpGVGoDt9Uon2QLOcPa2M+J8ll5Bk5y3fk
9wE5RZML9AjVjA3W3X5ecj/BJCwVolPtTVBQFEyTLsuuTbCYU1h5hodB+wIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFEUiQYwZjvSq9VBiHubKnzXMH0vEMB8GA1UdIwQY
MBaAFBmDYE8IPljDzRnTlIC6qt84oZtjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR1lOZ1R3Zy1XTVBOR2RPVWdMcXEzemlobTJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MS85YWM4NmEtODVlZC00YTFjLTg3M2Yt
NzUyOTA1MzMwMzkyLzEvUlNKQmpCbU85S3IxVUdJZTVzcWZOY3dmUzhRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MS85YWM4NmEtODVlZC00YTFjLTg3M2YtNzUyOTA1MzMwMzky
LzEvR1lOZ1R3Zy1XTVBOR2RPVWdMcXEzemlobTJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKg2WADAN
BgkqhkiG9w0BAQsFAAOCAQEAlF5T/5aDofebiMAriYRZ0hXsogblejb1PLnnlotT
6PQonmDVZp8wC193eUhOHy6HRlWcrgAzOdxJsJGM8IbvR9LZyT4ZkV/r8WbMcyoO
UJNGAzKhwqkKTacEqYf8fOrYIoxUJCLJz+jgDXzTr1xe895Q7ytceOzvzPvnahQ1
ZdIF8f7/RMeubrbxO1+fTaX8s0a9xnJwnY4hvWDUT4LaJ4CzmXYCc5vAEbOhFCUD
1yxTo6zSXaPnQjD8Xo0zVq2KDyzNXZFWLQDtJiDbU8mCp/akrI3SvqJAtNVrftA+
4N9gzJ3St3RzPf5V2lWzzGWzmbbUVsIZNpDr86TiMGF2uQ==
-----END CERTIFICATE-----