Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/44/729da9-eb03-451b-bfef-0c45218e7981/1/01yhuJM8jGz6iBinHte0488RoYU.roa
File:                     01yhuJM8jGz6iBinHte0488RoYU.roa (raw, json)
Hash identifier:          YCEKkwfUnyCF8/rlMbDE7mP6O6byMMvSa5iNPa0mRYw=
Subject key identifier:   D3:5C:A1:B8:93:3C:8C:6C:FA:88:18:A7:1E:D7:B4:E3:CF:11:A1:85
Certificate issuer:       /CN=fc3ab55d57509cbfae798bd71aaa23b3444d8e5a
Certificate serial:       018F0F8E4FD3E318C330F2FABC8ED5110610
Authority key identifier: FC:3A:B5:5D:57:50:9C:BF:AE:79:8B:D7:1A:AA:23:B3:44:4D:8E:5A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_Dq1XVdQnL-ueYvXGqojs0RNjlo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/44/729da9-eb03-451b-bfef-0c45218e7981/1/01yhuJM8jGz6iBinHte0488RoYU.roa
Signing time:             Wed 24 Apr 2024 10:02:15 +0000
ROA not before:           Wed 24 Apr 2024 10:02:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     7018
IP address blocks:        2a0d:f40::/29 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/44/729da9-eb03-451b-bfef-0c45218e7981/1/_Dq1XVdQnL-ueYvXGqojs0RNjlo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/44/729da9-eb03-451b-bfef-0c45218e7981/1/_Dq1XVdQnL-ueYvXGqojs0RNjlo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_Dq1XVdQnL-ueYvXGqojs0RNjlo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:0f:8e:4f:d3:e3:18:c3:30:f2:fa:bc:8e:d5:11:06:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fc3ab55d57509cbfae798bd71aaa23b3444d8e5a
        Validity
            Not Before: Apr 24 10:02:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d35ca1b8933c8c6cfa8818a71ed7b4e3cf11a185
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:24:b7:bb:88:5d:60:77:1a:65:fb:34:8c:fb:
                    11:1c:46:b5:cc:ed:f7:fe:2c:c1:45:ed:8e:8e:4d:
                    c8:05:24:6e:fe:1a:31:13:fc:6e:d2:1b:e4:ee:13:
                    c9:8a:fc:27:c8:67:77:c5:f9:fc:12:cb:77:d2:c7:
                    50:98:58:de:d2:9b:50:a1:96:fc:f9:6b:eb:db:a4:
                    af:68:9f:ef:c7:00:25:b7:b7:ef:aa:7a:68:c8:b5:
                    b0:64:4b:ee:40:cb:b4:a8:84:b5:02:2c:0a:6d:62:
                    27:c0:9f:83:fd:cd:f1:94:3c:04:6e:94:40:b8:3c:
                    22:97:9f:f1:3e:b6:cf:74:c2:f4:c3:5f:70:b7:78:
                    f2:28:f2:44:84:cd:da:ac:95:69:ef:65:39:3e:df:
                    f7:ab:c4:ca:06:5d:5c:09:55:28:77:04:48:cf:5f:
                    e2:1e:5e:45:ee:2e:36:d8:29:b3:a8:0b:1e:0e:17:
                    f4:aa:ae:e2:d3:fd:4f:21:9d:b6:0a:15:14:b5:fb:
                    01:67:01:33:e6:9c:b5:08:21:51:94:94:f7:73:f4:
                    b9:d6:95:53:8e:23:3b:cb:e1:7c:7f:76:5b:a9:e6:
                    32:28:18:8c:f0:96:6d:62:fb:47:21:cc:73:6b:17:
                    af:5b:1f:42:ee:21:2b:64:36:31:23:e7:fc:21:9c:
                    6d:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:5C:A1:B8:93:3C:8C:6C:FA:88:18:A7:1E:D7:B4:E3:CF:11:A1:85
            X509v3 Authority Key Identifier:
                keyid:FC:3A:B5:5D:57:50:9C:BF:AE:79:8B:D7:1A:AA:23:B3:44:4D:8E:5A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_Dq1XVdQnL-ueYvXGqojs0RNjlo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/44/729da9-eb03-451b-bfef-0c45218e7981/1/01yhuJM8jGz6iBinHte0488RoYU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/44/729da9-eb03-451b-bfef-0c45218e7981/1/_Dq1XVdQnL-ueYvXGqojs0RNjlo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0d:f40::/29

    Signature Algorithm: sha256WithRSAEncryption
         5c:5a:c0:47:4d:1a:52:b4:a2:dd:ea:7a:9d:32:dd:d4:53:0c:
         8f:a0:0d:2d:f1:f2:d5:cc:ff:86:c1:3d:a8:71:8f:31:a1:79:
         7b:85:9a:62:20:f2:a0:83:bb:31:d5:40:ec:76:b6:ad:0a:ce:
         e8:07:c4:89:94:92:58:41:6b:44:4a:99:eb:59:0e:8d:19:a9:
         4e:c1:ea:d6:b7:8b:e7:e9:5f:b7:0d:62:83:d2:f4:54:88:3a:
         c1:69:6b:3b:34:26:7e:a4:6c:0a:5d:25:ff:be:f7:4e:38:e7:
         b3:98:11:bf:e1:e4:e4:8e:c3:09:fa:48:a2:24:b4:a7:17:fa:
         73:0f:d1:27:ef:a8:a9:79:1a:10:78:1b:9d:c3:7f:37:de:76:
         69:6b:b2:10:e1:52:a4:ab:6d:06:3b:73:58:82:c1:30:0c:7c:
         cb:45:e6:07:22:d0:dd:ea:c4:77:ec:9d:a2:b3:1d:1f:7d:dc:
         19:f9:3d:94:de:dc:3b:43:50:ef:23:51:85:2d:60:e2:47:c0:
         00:ae:3f:a7:45:9c:06:b7:e9:37:38:3f:02:11:fe:4d:af:92:
         dc:b7:02:50:aa:8b:a2:5c:35:fe:38:27:c6:20:4c:61:11:f0:
         52:75:14:f4:f6:3a:2b:a2:db:db:2f:b8:15:23:76:96:bf:59:
         90:ac:57:1d
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAY8Pjk/T4xjDMPL6vI7VEQYQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZjM2FiNTVkNTc1MDljYmZhZTc5OGJkNzFhYWEyM2IzNDQ0
ZDhlNWEwHhcNMjQwNDI0MTAwMjE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMzVjYTFiODkzM2M4YzZjZmE4ODE4YTcxZWQ3YjRlM2NmMTFhMTg1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3SS3u4hdYHcaZfs0jPsRHEa1zO33
/izBRe2Ojk3IBSRu/hoxE/xu0hvk7hPJivwnyGd3xfn8Est30sdQmFje0ptQoZb8
+Wvr26SvaJ/vxwAlt7fvqnpoyLWwZEvuQMu0qIS1AiwKbWInwJ+D/c3xlDwEbpRA
uDwil5/xPrbPdML0w19wt3jyKPJEhM3arJVp72U5Pt/3q8TKBl1cCVUodwRIz1/i
Hl5F7i422CmzqAseDhf0qq7i0/1PIZ22ChUUtfsBZwEz5py1CCFRlJT3c/S51pVT
jiM7y+F8f3ZbqeYyKBiM8JZtYvtHIcxzaxevWx9C7iErZDYxI+f8IZxtmwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFNNcobiTPIxs+ogYpx7XtOPPEaGFMB8GA1UdIwQY
MBaAFPw6tV1XUJy/rnmL1xqqI7NETY5aMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX0RxMVhWZFFuTC11ZVl2WEdxb2pzMFJOamxvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NC83MjlkYTktZWIwMy00NTFiLWJmZWYt
MGM0NTIxOGU3OTgxLzEvMDF5aHVKTThqR3o2aUJpbkh0ZTA0ODhSb1lVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NC83MjlkYTktZWIwMy00NTFiLWJmZWYtMGM0NTIxOGU3OTgx
LzEvX0RxMVhWZFFuTC11ZVl2WEdxb2pzMFJOamxvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKg0PQDAN
BgkqhkiG9w0BAQsFAAOCAQEAXFrAR00aUrSi3ep6nTLd1FMMj6ANLfHy1cz/hsE9
qHGPMaF5e4WaYiDyoIO7MdVA7Ha2rQrO6AfEiZSSWEFrREqZ61kOjRmpTsHq1reL
5+lftw1ig9L0VIg6wWlrOzQmfqRsCl0l/773Tjjns5gRv+Hk5I7DCfpIoiS0pxf6
cw/RJ++oqXkaEHgbncN/N952aWuyEOFSpKttBjtzWILBMAx8y0XmByLQ3erEd+yd
orMdH33cGfk9lN7cO0NQ7yNRhS1g4kfAAK4/p0WcBrfpNzg/AhH+Ta+S3LcCUKqL
olw1/jgnxiBMYRHwUnUU9PY6K6Lb2y+4FSN2lr9ZkKxXHQ==
-----END CERTIFICATE-----