Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/U0FQgrVnP50XmOXLYcQm46KtpM0.roa
File:                     U0FQgrVnP50XmOXLYcQm46KtpM0.roa (raw, json)
Hash identifier:          XXW9ntvwFXoEBbWYdUYEL33ubcoxwCDsWgnzE/wZmb4=
Subject key identifier:   53:41:50:82:B5:67:3F:9D:17:98:E5:CB:61:C4:26:E3:A2:AD:A4:CD
Certificate issuer:       /CN=ccd76159bfd9e337523ee930f3df111d6bae7306
Certificate serial:       018CC8DE2E897F9CC2F11D60DBAB72C20F7E
Authority key identifier: CC:D7:61:59:BF:D9:E3:37:52:3E:E9:30:F3:DF:11:1D:6B:AE:73:06
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zNdhWb_Z4zdSPukw898RHWuucwY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/U0FQgrVnP50XmOXLYcQm46KtpM0.roa
Signing time:             Tue 02 Jan 2024 06:30:53 +0000
ROA not before:           Tue 02 Jan 2024 06:30:53 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     19318
IP address blocks:        2a0a:b382::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/zNdhWb_Z4zdSPukw898RHWuucwY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/zNdhWb_Z4zdSPukw898RHWuucwY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zNdhWb_Z4zdSPukw898RHWuucwY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:2e:89:7f:9c:c2:f1:1d:60:db:ab:72:c2:0f:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ccd76159bfd9e337523ee930f3df111d6bae7306
        Validity
            Not Before: Jan  2 06:30:53 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=53415082b5673f9d1798e5cb61c426e3a2ada4cd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:33:6c:d3:b2:65:5f:8b:dc:f6:37:b3:af:4f:
                    0b:fc:77:d4:f9:b8:2e:22:84:ac:ee:2c:37:d0:87:
                    44:36:d3:96:66:e4:76:3d:6f:4c:be:bf:ba:f4:1f:
                    f9:17:fd:80:18:3b:7f:12:d0:06:02:45:1c:52:ae:
                    48:24:82:e3:30:dc:94:1e:ee:72:94:9c:7f:82:ac:
                    7d:e1:45:f4:af:fe:19:0d:06:cf:53:b6:c1:e3:21:
                    82:78:44:8a:80:61:21:1b:0e:25:f6:53:5e:e2:ef:
                    32:6e:34:62:86:6d:37:9e:94:b0:12:15:4b:74:88:
                    88:d7:b4:93:12:4d:0c:86:38:a6:a2:94:74:44:37:
                    d3:dd:8d:98:15:e1:a2:fc:d2:c4:84:f6:48:b4:a5:
                    2e:22:6e:92:33:8a:f6:5d:03:ff:2d:9f:7b:1d:90:
                    b9:ef:89:0a:e4:33:93:24:8c:94:11:f9:c1:12:f8:
                    3d:dd:b1:cc:dc:1f:3f:a9:94:4b:df:6a:e1:0d:2d:
                    76:b7:2b:7f:7a:ef:f1:85:61:5f:5d:4b:4c:f1:f0:
                    5e:d1:57:1b:f6:a3:ab:9f:36:e0:6c:18:6d:13:80:
                    bd:e1:20:70:f0:fc:65:28:a1:92:c7:00:ab:20:95:
                    79:f1:0d:4b:2d:3d:51:41:8d:0e:7d:f8:cc:5d:55:
                    d9:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:41:50:82:B5:67:3F:9D:17:98:E5:CB:61:C4:26:E3:A2:AD:A4:CD
            X509v3 Authority Key Identifier:
                keyid:CC:D7:61:59:BF:D9:E3:37:52:3E:E9:30:F3:DF:11:1D:6B:AE:73:06

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zNdhWb_Z4zdSPukw898RHWuucwY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/U0FQgrVnP50XmOXLYcQm46KtpM0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/zNdhWb_Z4zdSPukw898RHWuucwY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0a:b382::/32

    Signature Algorithm: sha256WithRSAEncryption
         b8:02:a0:b8:31:1b:7d:a6:72:dd:60:c5:ea:7b:a3:0f:64:dc:
         70:67:1a:a6:59:99:cf:d0:f5:e8:db:98:e0:13:fc:ce:89:c7:
         c2:40:6c:7b:a7:e0:4c:3d:29:e7:bc:59:90:b7:eb:cc:69:57:
         63:5e:25:32:46:25:55:29:0a:78:17:4f:15:7c:41:4d:a5:69:
         93:80:42:5b:06:fb:a8:ef:80:aa:5d:2d:2c:c2:e2:e0:b3:b1:
         98:80:9c:e1:b3:ca:55:59:82:ba:bf:6c:81:29:ec:c8:4b:74:
         7a:f8:74:0e:4d:f5:09:a0:88:1d:80:42:3d:b3:ab:12:2f:aa:
         bc:9d:e6:39:a0:2a:f3:77:63:49:43:75:41:8c:30:46:d2:23:
         87:a1:bb:e2:d1:cf:48:7d:41:cf:a7:3c:28:81:3f:4a:45:2b:
         96:8b:0b:9b:e5:16:94:c4:89:55:ff:8e:38:39:82:bf:9c:5b:
         0a:5d:1c:0a:36:95:bd:16:5c:f0:77:23:dc:31:23:92:9c:34:
         6b:a5:8f:e2:f7:fb:4b:7b:d1:e9:e6:51:e8:4d:48:e9:e3:fb:
         55:d8:37:6b:32:da:1e:dc:da:9e:40:d1:33:99:d0:22:b4:ad:
         f5:39:d4:30:86:37:92:fc:aa:2f:94:fa:23:cc:0f:5c:29:94:
         fa:ac:c4:1a
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzI3i6Jf5zC8R1g26tywg9+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNjZDc2MTU5YmZkOWUzMzc1MjNlZTkzMGYzZGYxMTFkNmJh
ZTczMDYwHhcNMjQwMTAyMDYzMDUzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MzQxNTA4MmI1NjczZjlkMTc5OGU1Y2I2MWM0MjZlM2EyYWRhNGNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmjNs07JlX4vc9jezr08L/HfU+bgu
IoSs7iw30IdENtOWZuR2PW9Mvr+69B/5F/2AGDt/EtAGAkUcUq5IJILjMNyUHu5y
lJx/gqx94UX0r/4ZDQbPU7bB4yGCeESKgGEhGw4l9lNe4u8ybjRihm03npSwEhVL
dIiI17STEk0MhjimopR0RDfT3Y2YFeGi/NLEhPZItKUuIm6SM4r2XQP/LZ97HZC5
74kK5DOTJIyUEfnBEvg93bHM3B8/qZRL32rhDS12tyt/eu/xhWFfXUtM8fBe0Vcb
9qOrnzbgbBhtE4C94SBw8PxlKKGSxwCrIJV58Q1LLT1RQY0OffjMXVXZJQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFFNBUIK1Zz+dF5jly2HEJuOiraTNMB8GA1UdIwQY
MBaAFMzXYVm/2eM3Uj7pMPPfER1rrnMGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvek5kaFdiX1o0emRTUHVrdzg5OFJIV3V1Y3dZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MC9mNmFkYTEtN2U4YS00YjNlLWI3ZTgt
Zjg1ODlmNjgyNjkxLzEvVTBGUWdyVm5QNTBYbU9YTFljUW00Nkt0cE0wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MC9mNmFkYTEtN2U4YS00YjNlLWI3ZTgtZjg1ODlmNjgyNjkx
LzEvek5kaFdiX1o0emRTUHVrdzg5OFJIV3V1Y3dZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgqzgjAN
BgkqhkiG9w0BAQsFAAOCAQEAuAKguDEbfaZy3WDF6nujD2TccGcaplmZz9D16NuY
4BP8zonHwkBse6fgTD0p57xZkLfrzGlXY14lMkYlVSkKeBdPFXxBTaVpk4BCWwb7
qO+Aql0tLMLi4LOxmICc4bPKVVmCur9sgSnsyEt0evh0Dk31CaCIHYBCPbOrEi+q
vJ3mOaAq83djSUN1QYwwRtIjh6G74tHPSH1Bz6c8KIE/SkUrlosLm+UWlMSJVf+O
ODmCv5xbCl0cCjaVvRZc8Hcj3DEjkpw0a6WP4vf7S3vR6eZR6E1I6eP7Vdg3azLa
HtzankDRM5nQIrSt9TnUMIY3kvyqL5T6I8wPXCmU+qzEGg==
-----END CERTIFICATE-----