Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/45/64ab99-49aa-4aae-8dd5-382355fc2ff1/1/_D4aDdgXjfDC3w2x8vgzuFoc0_o.roa
File:                     _D4aDdgXjfDC3w2x8vgzuFoc0_o.roa (raw, json)
Hash identifier:          koCRhSdvjI0PZh70imVyxfMgs3ix1LtC+CWFg1BgnVk=
Subject key identifier:   FC:3E:1A:0D:D8:17:8D:F0:C2:DF:0D:B1:F2:F8:33:B8:5A:1C:D3:FA
Certificate issuer:       /CN=f8a966664ec96edbd12e8e82e940bfb9faec105e
Certificate serial:       018CC6B78FDC155C4348E08A25E4C9333CFE
Authority key identifier: F8:A9:66:66:4E:C9:6E:DB:D1:2E:8E:82:E9:40:BF:B9:FA:EC:10:5E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-KlmZk7JbtvRLo6C6UC_ufrsEF4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/45/64ab99-49aa-4aae-8dd5-382355fc2ff1/1/_D4aDdgXjfDC3w2x8vgzuFoc0_o.roa
Signing time:             Mon 01 Jan 2024 20:29:27 +0000
ROA not before:           Mon 01 Jan 2024 20:29:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213341
IP address blocks:        2a0a:4587:2000::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/45/64ab99-49aa-4aae-8dd5-382355fc2ff1/1/1-KlmZk7JbtvRLo6C6UC_ufrsEF4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/45/64ab99-49aa-4aae-8dd5-382355fc2ff1/1/1-KlmZk7JbtvRLo6C6UC_ufrsEF4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-KlmZk7JbtvRLo6C6UC_ufrsEF4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 20:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:8f:dc:15:5c:43:48:e0:8a:25:e4:c9:33:3c:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f8a966664ec96edbd12e8e82e940bfb9faec105e
        Validity
            Not Before: Jan  1 20:29:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fc3e1a0dd8178df0c2df0db1f2f833b85a1cd3fa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:f7:e0:22:0a:7c:45:eb:85:d8:ff:2f:f9:05:
                    cb:74:9a:16:99:21:ac:20:db:d3:36:44:97:67:18:
                    f3:59:d7:31:de:e9:7c:7e:ba:bf:47:9b:1f:d9:c9:
                    a6:eb:2d:7a:a6:8e:b4:9b:e5:6b:8e:05:af:f5:ca:
                    08:6c:55:11:07:4f:72:cb:09:16:16:d7:76:9b:b0:
                    06:a9:21:3d:12:bc:2f:f0:7a:e3:f9:c2:8f:70:2c:
                    60:b8:b8:ba:3e:97:9a:50:b0:a7:56:61:3b:84:b4:
                    08:90:45:8e:4a:ef:ca:b4:9f:b8:fa:0d:dd:92:04:
                    07:46:ca:cd:83:29:98:44:cd:d2:af:05:0a:55:b9:
                    45:35:21:e1:ed:78:dc:da:fa:0f:a0:4d:53:71:6b:
                    54:3e:93:42:57:68:90:57:60:71:63:55:82:3e:68:
                    e6:cb:03:11:c1:48:d3:22:d1:e5:4e:16:31:66:61:
                    72:d1:b2:f6:08:35:23:8c:d1:04:98:5f:07:74:85:
                    1e:dc:94:87:f5:8c:59:51:2e:82:9c:6f:a5:17:1e:
                    10:1d:8e:74:9d:50:70:c6:d2:ea:ca:e6:1c:e5:8e:
                    3c:26:a6:99:9d:38:7b:d4:52:ae:15:ac:8d:f8:da:
                    fd:cf:3e:bf:72:d8:5b:fa:03:97:9a:79:5f:de:09:
                    4d:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:3E:1A:0D:D8:17:8D:F0:C2:DF:0D:B1:F2:F8:33:B8:5A:1C:D3:FA
            X509v3 Authority Key Identifier:
                keyid:F8:A9:66:66:4E:C9:6E:DB:D1:2E:8E:82:E9:40:BF:B9:FA:EC:10:5E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-KlmZk7JbtvRLo6C6UC_ufrsEF4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/45/64ab99-49aa-4aae-8dd5-382355fc2ff1/1/_D4aDdgXjfDC3w2x8vgzuFoc0_o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/45/64ab99-49aa-4aae-8dd5-382355fc2ff1/1/1-KlmZk7JbtvRLo6C6UC_ufrsEF4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0a:4587:2000::/44

    Signature Algorithm: sha256WithRSAEncryption
         a8:71:2a:35:1d:4e:9a:af:ac:e5:0d:df:08:8c:63:1b:2d:30:
         db:72:78:29:6b:b9:a6:d1:82:98:0e:e2:4e:b8:41:16:a5:21:
         73:e9:d3:ff:41:95:69:04:91:44:4c:d4:58:52:4f:d3:9f:a5:
         ac:be:d6:18:a8:91:f8:b5:32:21:64:71:c6:ec:62:eb:9b:d2:
         12:2c:ed:a3:7d:5c:25:5c:5f:5a:4c:32:ef:12:7b:6a:f5:b0:
         7c:f3:4e:f8:e1:51:07:4b:bf:2d:54:9b:80:58:d2:6d:85:c0:
         c7:28:0d:a2:cb:86:72:c1:0c:f1:96:b7:c8:3b:e8:09:fb:ba:
         d8:6f:c4:9d:35:b3:46:ca:52:b3:06:19:72:4f:f5:b2:7d:a1:
         ac:50:37:7d:62:67:f7:92:9a:ee:91:d9:13:d0:f8:ec:98:06:
         18:56:33:0d:73:bf:bd:7b:82:5e:ce:46:fc:29:d6:6d:80:df:
         b4:89:1d:c3:3d:3a:17:de:c2:a2:8a:d0:84:48:58:2a:04:15:
         bd:bb:d1:94:42:8c:89:c4:fd:66:5f:26:75:36:41:a3:e1:c2:
         10:ed:99:1c:b2:a3:4c:0c:17:5e:e8:ce:5c:e5:f6:0e:3b:71:
         6e:3a:e4:4a:cd:c8:e9:b5:43:bd:ef:68:a8:05:7b:c9:d2:06:
         b6:95:63:02
-----BEGIN CERTIFICATE-----
MIIFAjCCA+qgAwIBAgISAYzGt4/cFVxDSOCKJeTJMzz+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4YTk2NjY2NGVjOTZlZGJkMTJlOGU4MmU5NDBiZmI5ZmFl
YzEwNWUwHhcNMjQwMTAxMjAyOTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYzNlMWEwZGQ4MTc4ZGYwYzJkZjBkYjFmMmY4MzNiODVhMWNkM2ZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx/fgIgp8ReuF2P8v+QXLdJoWmSGs
INvTNkSXZxjzWdcx3ul8frq/R5sf2cmm6y16po60m+VrjgWv9coIbFURB09yywkW
Ftd2m7AGqSE9Erwv8Hrj+cKPcCxguLi6PpeaULCnVmE7hLQIkEWOSu/KtJ+4+g3d
kgQHRsrNgymYRM3SrwUKVblFNSHh7Xjc2voPoE1TcWtUPpNCV2iQV2BxY1WCPmjm
ywMRwUjTItHlThYxZmFy0bL2CDUjjNEEmF8HdIUe3JSH9YxZUS6CnG+lFx4QHY50
nVBwxtLqyuYc5Y48JqaZnTh71FKuFayN+Nr9zz6/cthb+gOXmnlf3glNMwIDAQAB
o4ICDjCCAgowHQYDVR0OBBYEFPw+Gg3YF43wwt8NsfL4M7haHNP6MB8GA1UdIwQY
MBaAFPipZmZOyW7b0S6OgulAv7n67BBeMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1LbG1aazdKYnR2UkxvNkM2VUNfdWZyc0VGNC5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNDUvNjRhYjk5LTQ5YWEtNGFhZS04ZGQ1
LTM4MjM1NWZjMmZmMS8xL19ENGFEZGdYamZEQzN3Mng4dmd6dUZvYzBfby5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNDUvNjRhYjk5LTQ5YWEtNGFhZS04ZGQ1LTM4MjM1NWZjMmZm
MS8xLzEtS2xtWms3SmJ0dlJMbzZDNlVDX3VmcnNFRjQuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgACMAkDBwQqCkWH
IAAwDQYJKoZIhvcNAQELBQADggEBAKhxKjUdTpqvrOUN3wiMYxstMNtyeClruabR
gpgO4k64QRalIXPp0/9BlWkEkURM1FhST9Ofpay+1hiokfi1MiFkccbsYuub0hIs
7aN9XCVcX1pMMu8Se2r1sHzzTvjhUQdLvy1Um4BY0m2FwMcoDaLLhnLBDPGWt8g7
6An7uthvxJ01s0bKUrMGGXJP9bJ9oaxQN31iZ/eSmu6R2RPQ+OyYBhhWMw1zv717
gl7ORvwp1m2A37SJHcM9OhfewqKK0IRIWCoEFb270ZRCjInE/WZfJnU2QaPhwhDt
mRyyo0wMF17ozlzl9g47cW465ErNyOm1Q73vaKgFe8nSBraVYwI=
-----END CERTIFICATE-----