Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/8fc09d-7d25-425c-8b91-d62e454bf37f/1/auXHw97rxtq0l02QZIf6GMVazhY.roa
File:                     auXHw97rxtq0l02QZIf6GMVazhY.roa (raw, json)
Hash identifier:          RJfo6b+/zYgz1YLp4XKHIvtqCVWf1ziRRNhMfsxBR10=
Subject key identifier:   6A:E5:C7:C3:DE:EB:C6:DA:B4:97:4D:90:64:87:FA:18:C5:5A:CE:16
Certificate issuer:       /CN=fbac50f19d9930aeec09cd27f508fc502ea14d1f
Certificate serial:       018CC6B79FC5B74CCA6A2752474730E6F539
Authority key identifier: FB:AC:50:F1:9D:99:30:AE:EC:09:CD:27:F5:08:FC:50:2E:A1:4D:1F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-6xQ8Z2ZMK7sCc0n9Qj8UC6hTR8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/8fc09d-7d25-425c-8b91-d62e454bf37f/1/auXHw97rxtq0l02QZIf6GMVazhY.roa
Signing time:             Mon 01 Jan 2024 20:29:31 +0000
ROA not before:           Mon 01 Jan 2024 20:29:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        2a0a:4540:1000::/48 maxlen: 48
                          2a0a:4540:220::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4e/8fc09d-7d25-425c-8b91-d62e454bf37f/1/1-6xQ8Z2ZMK7sCc0n9Qj8UC6hTR8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4e/8fc09d-7d25-425c-8b91-d62e454bf37f/1/1-6xQ8Z2ZMK7sCc0n9Qj8UC6hTR8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-6xQ8Z2ZMK7sCc0n9Qj8UC6hTR8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 16:02:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:9f:c5:b7:4c:ca:6a:27:52:47:47:30:e6:f5:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fbac50f19d9930aeec09cd27f508fc502ea14d1f
        Validity
            Not Before: Jan  1 20:29:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6ae5c7c3deebc6dab4974d906487fa18c55ace16
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:30:80:cf:25:2d:d1:6a:b3:c6:35:2a:72:6c:
                    39:5d:9e:54:a1:08:98:5f:87:ec:95:65:29:62:58:
                    cc:c2:3e:9d:8e:29:1c:1e:41:e0:e9:a3:81:2e:86:
                    5f:26:66:7f:2a:bc:8e:d0:fa:63:92:a1:65:31:4a:
                    5e:35:59:af:c5:09:2b:f0:9d:7c:17:f5:b6:af:60:
                    ec:b1:67:61:56:5b:84:7a:7e:54:46:18:ee:6b:8b:
                    be:04:53:46:0c:b5:c5:cf:af:6f:d1:39:56:25:7a:
                    9a:af:f5:de:3f:70:1c:56:12:bb:77:32:52:dd:2f:
                    4b:79:61:96:38:7b:0b:e5:d7:47:2d:73:53:44:25:
                    30:30:87:22:80:ce:30:45:c2:3e:db:cd:77:1e:7b:
                    32:8a:9f:e4:eb:65:c7:d7:27:f6:e8:63:6b:e4:0d:
                    e5:a8:a1:f9:e7:2f:75:18:91:8d:d9:ff:ee:0c:90:
                    c6:ef:02:00:00:a0:8f:2d:e3:40:d3:a9:15:c3:8e:
                    1d:b7:a1:b5:3a:00:77:97:b1:7b:48:39:41:2b:ff:
                    2a:9c:19:bc:f9:e1:25:f4:3d:e5:80:7d:c8:40:1e:
                    10:72:60:51:f6:b7:8e:2a:41:f3:cb:f7:6f:5b:b2:
                    e7:e5:99:fb:d0:f8:d1:d1:8c:1f:92:b9:b2:6b:97:
                    28:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:E5:C7:C3:DE:EB:C6:DA:B4:97:4D:90:64:87:FA:18:C5:5A:CE:16
            X509v3 Authority Key Identifier:
                keyid:FB:AC:50:F1:9D:99:30:AE:EC:09:CD:27:F5:08:FC:50:2E:A1:4D:1F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-6xQ8Z2ZMK7sCc0n9Qj8UC6hTR8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/8fc09d-7d25-425c-8b91-d62e454bf37f/1/auXHw97rxtq0l02QZIf6GMVazhY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/8fc09d-7d25-425c-8b91-d62e454bf37f/1/1-6xQ8Z2ZMK7sCc0n9Qj8UC6hTR8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0a:4540:220::/48
                  2a0a:4540:1000::/48

    Signature Algorithm: sha256WithRSAEncryption
         28:ab:66:95:7f:3f:22:0c:ab:33:3a:85:d9:c0:24:7f:33:63:
         72:9b:67:3d:8e:c8:9d:04:58:95:3d:ce:31:9b:96:5f:27:b2:
         e0:f6:e3:e4:7d:01:18:29:71:38:00:9a:80:53:37:b9:f5:27:
         53:04:80:be:56:2a:6f:4e:17:4a:a1:ca:39:6e:bd:3f:85:d6:
         86:c7:df:6e:16:8e:f3:27:0c:c7:42:8c:0f:97:1c:db:cc:a6:
         f8:82:66:b5:b2:c9:87:dd:c7:60:25:7d:6d:60:b5:f0:6a:a7:
         ae:86:2f:d1:ed:42:5a:a3:4d:d4:14:03:a2:8a:ac:5a:79:a9:
         a8:52:68:4d:f3:eb:ce:03:4d:4a:be:de:ad:53:d2:86:8e:5d:
         ae:82:3a:c1:e6:10:b6:ac:9d:e8:47:05:ec:68:c2:ef:1c:09:
         7f:50:65:a9:9a:4b:cf:36:8d:61:7e:00:f2:66:25:0e:c8:7c:
         b1:71:14:b0:5e:24:2a:58:c9:81:1f:0d:51:8b:0d:c5:e7:0b:
         ce:e3:12:de:64:7a:92:ea:e5:29:b8:33:9b:97:a9:fa:6f:aa:
         7e:56:c4:5e:95:45:aa:d8:8b:be:f9:d7:5d:3a:ef:ed:e5:f6:
         b4:70:ff:47:07:a0:da:8f:92:f3:4e:de:3d:7e:0f:91:ab:6c:
         0b:eb:32:9c
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAYzGt5/Ft0zKaidSR0cw5vU5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZiYWM1MGYxOWQ5OTMwYWVlYzA5Y2QyN2Y1MDhmYzUwMmVh
MTRkMWYwHhcNMjQwMTAxMjAyOTMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YWU1YzdjM2RlZWJjNmRhYjQ5NzRkOTA2NDg3ZmExOGM1NWFjZTE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhjCAzyUt0WqzxjUqcmw5XZ5UoQiY
X4fslWUpYljMwj6djikcHkHg6aOBLoZfJmZ/KryO0PpjkqFlMUpeNVmvxQkr8J18
F/W2r2DssWdhVluEen5URhjua4u+BFNGDLXFz69v0TlWJXqar/XeP3AcVhK7dzJS
3S9LeWGWOHsL5ddHLXNTRCUwMIcigM4wRcI+2813Hnsyip/k62XH1yf26GNr5A3l
qKH55y91GJGN2f/uDJDG7wIAAKCPLeNA06kVw44dt6G1OgB3l7F7SDlBK/8qnBm8
+eEl9D3lgH3IQB4QcmBR9reOKkHzy/dvW7Ln5Zn70PjR0Ywfkrmya5co0wIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFGrlx8Pe68batJdNkGSH+hjFWs4WMB8GA1UdIwQY
MBaAFPusUPGdmTCu7AnNJ/UI/FAuoU0fMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS02eFE4WjJaTUs3c0NjMG45UWo4VUM2aFRSOC5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNGUvOGZjMDlkLTdkMjUtNDI1Yy04Yjkx
LWQ2MmU0NTRiZjM3Zi8xL2F1WEh3OTdyeHRxMGwwMlFaSWY2R01WYXpoWS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNGUvOGZjMDlkLTdkMjUtNDI1Yy04YjkxLWQ2MmU0NTRiZjM3
Zi8xLzEtNnhROFoyWk1LN3NDYzBuOVFqOFVDNmhUUjguY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgACMBIDBwAqCkVA
AiADBwAqCkVAEAAwDQYJKoZIhvcNAQELBQADggEBACirZpV/PyIMqzM6hdnAJH8z
Y3KbZz2OyJ0EWJU9zjGbll8nsuD24+R9ARgpcTgAmoBTN7n1J1MEgL5WKm9OF0qh
yjluvT+F1obH324WjvMnDMdCjA+XHNvMpviCZrWyyYfdx2AlfW1gtfBqp66GL9Ht
QlqjTdQUA6KKrFp5qahSaE3z684DTUq+3q1T0oaOXa6COsHmELasnehHBexowu8c
CX9QZamaS882jWF+APJmJQ7IfLFxFLBeJCpYyYEfDVGLDcXnC87jEt5kepLq5Sm4
M5uXqfpvqn5WxF6VRarYi77511067+3l9rRw/0cHoNqPkvNO3j1+D5GrbAvrMpw=
-----END CERTIFICATE-----