Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/56/8c51cb-a3bd-476d-880f-a96c6266abdb/1/hOgmjSkvYwrDW0adh-_qd7BDIGA.roa
File:                     hOgmjSkvYwrDW0adh-_qd7BDIGA.roa (raw, json)
Hash identifier:          mv275G6EtgA0vJdzem6de8I4AkD/WJ0gzONm9F6BTuo=
Subject key identifier:   84:E8:26:8D:29:2F:63:0A:C3:5B:46:9D:87:EF:EA:77:B0:43:20:60
Certificate issuer:       /CN=57182aab5ad9efa380a6c6f06c016e158be977bc
Certificate serial:       018CC64B4B1DB85B5C5D684A9AEC962BF4A8
Authority key identifier: 57:18:2A:AB:5A:D9:EF:A3:80:A6:C6:F0:6C:01:6E:15:8B:E9:77:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Vxgqq1rZ76OApsbwbAFuFYvpd7w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/56/8c51cb-a3bd-476d-880f-a96c6266abdb/1/hOgmjSkvYwrDW0adh-_qd7BDIGA.roa
Signing time:             Mon 01 Jan 2024 18:31:12 +0000
ROA not before:           Mon 01 Jan 2024 18:31:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43193
IP address blocks:        2a02:1140:100::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/56/8c51cb-a3bd-476d-880f-a96c6266abdb/1/Vxgqq1rZ76OApsbwbAFuFYvpd7w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/56/8c51cb-a3bd-476d-880f-a96c6266abdb/1/Vxgqq1rZ76OApsbwbAFuFYvpd7w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Vxgqq1rZ76OApsbwbAFuFYvpd7w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:4b:1d:b8:5b:5c:5d:68:4a:9a:ec:96:2b:f4:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=57182aab5ad9efa380a6c6f06c016e158be977bc
        Validity
            Not Before: Jan  1 18:31:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=84e8268d292f630ac35b469d87efea77b0432060
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:15:82:0c:e5:5e:09:2c:df:2b:22:c9:44:1f:
                    08:fa:35:1b:ee:32:76:23:97:59:5a:d0:d9:eb:fa:
                    51:5d:dc:7c:31:9d:b3:d6:08:93:4a:ac:1f:b3:87:
                    5d:b2:fe:7c:cb:82:b8:d3:c0:a2:f3:f9:cf:45:4f:
                    5b:d5:92:27:c8:ef:5b:0c:4c:80:97:df:bc:72:34:
                    4e:3e:d4:8f:2c:75:4f:7f:22:46:23:9d:a4:7a:77:
                    1a:b0:e5:16:13:4a:77:ca:41:0e:1e:7b:00:d6:a7:
                    b8:13:40:f3:b8:f9:48:21:10:47:d6:ab:fa:f1:e6:
                    03:91:fb:cf:4f:55:c2:32:65:99:db:bf:9e:f0:59:
                    71:b0:c8:87:d6:f3:b8:ad:37:ef:28:ea:e2:aa:42:
                    77:42:73:1e:69:76:be:b7:d6:3d:c0:fc:0e:6b:bc:
                    03:26:d8:80:3d:26:db:dc:49:0f:5e:6d:be:22:2f:
                    8d:08:3e:8d:36:95:7f:9c:40:39:93:3e:28:84:b9:
                    8a:6a:e3:96:5d:e1:d5:8f:76:b3:ea:c0:bb:ad:4d:
                    57:05:21:aa:8b:02:2d:a4:61:30:e0:01:48:dc:01:
                    34:6b:ce:1d:5c:d5:12:90:e8:81:33:86:49:19:4c:
                    d0:bb:85:cc:6f:82:b0:a5:ba:6f:fd:b5:df:a6:4f:
                    54:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:E8:26:8D:29:2F:63:0A:C3:5B:46:9D:87:EF:EA:77:B0:43:20:60
            X509v3 Authority Key Identifier:
                keyid:57:18:2A:AB:5A:D9:EF:A3:80:A6:C6:F0:6C:01:6E:15:8B:E9:77:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Vxgqq1rZ76OApsbwbAFuFYvpd7w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/56/8c51cb-a3bd-476d-880f-a96c6266abdb/1/hOgmjSkvYwrDW0adh-_qd7BDIGA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/56/8c51cb-a3bd-476d-880f-a96c6266abdb/1/Vxgqq1rZ76OApsbwbAFuFYvpd7w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a02:1140:100::/40

    Signature Algorithm: sha256WithRSAEncryption
         41:5c:75:17:c6:be:5a:ed:ad:2d:4f:41:2b:c8:a4:0b:f0:56:
         49:2d:7f:ed:3c:04:50:cb:73:64:54:d6:20:ca:01:1e:1b:f2:
         6c:7f:17:67:32:81:56:33:92:c3:52:2d:9b:09:e8:03:e0:5e:
         69:78:d9:5f:83:11:b2:53:ea:f9:cd:9f:9c:3f:9e:1e:9c:b0:
         d3:03:ef:f5:4b:89:12:4e:7b:ba:d9:7b:85:e9:94:ba:b8:d1:
         63:12:ca:80:ea:04:f1:fc:2f:f2:f3:f2:f3:b8:f7:14:b0:f2:
         59:91:71:59:c6:17:cc:09:2e:59:ba:d0:d3:11:27:74:b1:6c:
         e0:f3:d7:e7:7e:e6:8c:f9:ff:b5:8e:2c:3c:f4:85:bc:c3:08:
         e6:12:f8:c2:ef:cc:6b:13:9b:2e:ea:02:ab:13:c4:42:83:31:
         90:56:24:58:9f:87:ae:8a:6e:38:96:ca:ba:d8:92:cd:c4:f0:
         3d:6a:c7:70:a2:e6:cd:2a:eb:2b:c9:0d:10:d2:f3:8c:b8:c1:
         5b:59:9e:aa:f4:e4:1d:ce:98:e2:30:ef:74:8b:ff:e5:46:c7:
         09:54:de:56:c4:22:0a:27:f0:b1:2a:ce:45:86:db:c8:0c:49:
         7d:03:59:81:8e:45:1a:b1:ac:78:ca:13:ca:3b:85:97:6b:7d:
         a8:ea:f7:d6
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzGS0sduFtcXWhKmuyWK/SoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU3MTgyYWFiNWFkOWVmYTM4MGE2YzZmMDZjMDE2ZTE1OGJl
OTc3YmMwHhcNMjQwMTAxMTgzMTEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NGU4MjY4ZDI5MmY2MzBhYzM1YjQ2OWQ4N2VmZWE3N2IwNDMyMDYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvRWCDOVeCSzfKyLJRB8I+jUb7jJ2
I5dZWtDZ6/pRXdx8MZ2z1giTSqwfs4ddsv58y4K408Ci8/nPRU9b1ZInyO9bDEyA
l9+8cjROPtSPLHVPfyJGI52kencasOUWE0p3ykEOHnsA1qe4E0DzuPlIIRBH1qv6
8eYDkfvPT1XCMmWZ27+e8FlxsMiH1vO4rTfvKOriqkJ3QnMeaXa+t9Y9wPwOa7wD
JtiAPSbb3EkPXm2+Ii+NCD6NNpV/nEA5kz4ohLmKauOWXeHVj3az6sC7rU1XBSGq
iwItpGEw4AFI3AE0a84dXNUSkOiBM4ZJGUzQu4XMb4Kwpbpv/bXfpk9U0QIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFIToJo0pL2MKw1tGnYfv6newQyBgMB8GA1UdIwQY
MBaAFFcYKqta2e+jgKbG8GwBbhWL6Xe8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVnhncXExclo3Nk9BcHNid2JBRnVGWXZwZDd3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ni84YzUxY2ItYTNiZC00NzZkLTg4MGYt
YTk2YzYyNjZhYmRiLzEvaE9nbWpTa3ZZd3JEVzBhZGgtX3FkN0JESUdBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ni84YzUxY2ItYTNiZC00NzZkLTg4MGYtYTk2YzYyNjZhYmRi
LzEvVnhncXExclo3Nk9BcHNid2JBRnVGWXZwZDd3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKgIRQAEw
DQYJKoZIhvcNAQELBQADggEBAEFcdRfGvlrtrS1PQSvIpAvwVkktf+08BFDLc2RU
1iDKAR4b8mx/F2cygVYzksNSLZsJ6APgXml42V+DEbJT6vnNn5w/nh6csNMD7/VL
iRJOe7rZe4XplLq40WMSyoDqBPH8L/Lz8vO49xSw8lmRcVnGF8wJLlm60NMRJ3Sx
bODz1+d+5oz5/7WOLDz0hbzDCOYS+MLvzGsTmy7qAqsTxEKDMZBWJFifh66KbjiW
yrrYks3E8D1qx3Ci5s0q6yvJDRDS84y4wVtZnqr05B3OmOIw73SL/+VGxwlU3lbE
Igon8LEqzkWG28gMSX0DWYGORRqxrHjKE8o7hZdrfajq99Y=
-----END CERTIFICATE-----