Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/56/efb8ee-c5c4-4467-a0cc-88a3c41faee2/1/JOtsAqkGqZs3b42BoenDLzsykQc.roa
File:                     JOtsAqkGqZs3b42BoenDLzsykQc.roa (raw, json)
Hash identifier:          gAA7Jfz7dYQxbn11Cl/s0WTYlsNz/Z5xYxyfGqB3zYo=
Subject key identifier:   24:EB:6C:02:A9:06:A9:9B:37:6F:8D:81:A1:E9:C3:2F:3B:32:91:07
Certificate issuer:       /CN=ab8c6c58b607ff23ae7175a61682c75480f1e214
Certificate serial:       018CC8DCD78609B5BBFD0FAC712867633FFC
Authority key identifier: AB:8C:6C:58:B6:07:FF:23:AE:71:75:A6:16:82:C7:54:80:F1:E2:14
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/q4xsWLYH_yOucXWmFoLHVIDx4hQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/56/efb8ee-c5c4-4467-a0cc-88a3c41faee2/1/JOtsAqkGqZs3b42BoenDLzsykQc.roa
Signing time:             Tue 02 Jan 2024 06:29:25 +0000
ROA not before:           Tue 02 Jan 2024 06:29:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50819
IP address blocks:        2a00:1480:3::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/56/efb8ee-c5c4-4467-a0cc-88a3c41faee2/1/q4xsWLYH_yOucXWmFoLHVIDx4hQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/56/efb8ee-c5c4-4467-a0cc-88a3c41faee2/1/q4xsWLYH_yOucXWmFoLHVIDx4hQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/q4xsWLYH_yOucXWmFoLHVIDx4hQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 09 Jun 2024 03:01:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:dc:d7:86:09:b5:bb:fd:0f:ac:71:28:67:63:3f:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab8c6c58b607ff23ae7175a61682c75480f1e214
        Validity
            Not Before: Jan  2 06:29:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=24eb6c02a906a99b376f8d81a1e9c32f3b329107
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:d1:16:29:e7:80:bf:84:7f:ab:5c:87:4e:c9:
                    9d:2b:b1:14:76:fe:33:12:1e:54:2c:eb:b7:92:9c:
                    27:6b:89:5d:71:ad:42:9f:4f:d4:ab:cf:92:ca:81:
                    19:90:35:1a:01:d3:ac:fa:96:21:88:c1:12:1e:66:
                    6d:f6:a3:01:6a:43:5a:bf:1a:f4:81:6a:5f:8d:a8:
                    b3:0c:7d:c1:d3:14:c6:74:c1:9b:51:f7:13:7b:a4:
                    ae:c7:76:5e:80:d9:63:9c:b5:2c:95:80:a1:db:68:
                    bb:59:8e:91:93:c9:cf:df:b7:af:74:33:35:24:83:
                    45:45:f4:c6:33:cb:74:e6:c4:40:ed:fd:28:80:34:
                    0a:a4:50:3a:8d:2b:b7:cd:ba:c6:5d:7f:23:1d:4e:
                    c8:25:b8:4c:67:a2:ee:1d:a1:8c:b7:f9:f0:58:1b:
                    37:27:cd:d1:c9:94:bc:1e:ed:91:20:80:ac:09:82:
                    7c:14:f8:88:14:be:5d:cc:f0:64:25:9c:f6:aa:52:
                    2a:0d:98:c7:cf:17:18:a6:97:11:96:32:77:f5:ac:
                    71:3e:21:82:16:e1:63:65:c1:e4:03:29:c1:6a:33:
                    e0:2c:0c:76:e7:fc:87:a3:a1:7b:44:9b:4f:e5:3f:
                    2e:60:a7:c7:ce:9d:af:fc:50:5e:f5:b1:a5:45:d0:
                    90:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:EB:6C:02:A9:06:A9:9B:37:6F:8D:81:A1:E9:C3:2F:3B:32:91:07
            X509v3 Authority Key Identifier:
                keyid:AB:8C:6C:58:B6:07:FF:23:AE:71:75:A6:16:82:C7:54:80:F1:E2:14

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/q4xsWLYH_yOucXWmFoLHVIDx4hQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/56/efb8ee-c5c4-4467-a0cc-88a3c41faee2/1/JOtsAqkGqZs3b42BoenDLzsykQc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/56/efb8ee-c5c4-4467-a0cc-88a3c41faee2/1/q4xsWLYH_yOucXWmFoLHVIDx4hQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a00:1480:3::/48

    Signature Algorithm: sha256WithRSAEncryption
         4a:95:89:e0:f3:50:14:6c:72:ef:51:64:c2:1f:7b:31:4e:a2:
         1e:13:72:48:f3:7d:cf:8d:1e:90:e6:de:60:f0:17:ee:23:4f:
         9e:b5:ed:f7:3c:95:b1:e8:88:1d:13:02:84:8f:52:0f:00:7a:
         7f:d5:d3:4d:0e:10:57:28:f7:2a:3b:6c:2b:9d:9f:83:d7:11:
         41:30:24:fd:0f:63:d6:54:68:a4:80:d2:83:97:7d:42:40:cb:
         af:f7:74:2d:13:0a:60:f8:0b:92:96:ca:fa:6f:62:98:3b:4a:
         72:6b:65:55:77:c8:19:c5:e6:0d:1b:28:94:87:3e:ca:be:b9:
         2f:47:f2:2b:c0:4d:5f:98:0f:fe:5a:55:18:b8:a9:9f:a3:fa:
         5b:2e:c1:8e:6b:76:46:bc:77:f6:f4:6d:e7:97:e1:d8:47:d6:
         d7:bc:c8:76:af:e0:44:1a:6a:44:16:71:da:a4:8d:bf:ee:01:
         ab:66:49:34:56:79:dd:a6:2b:25:30:fe:9c:b3:cf:5a:da:aa:
         72:21:63:fa:59:1c:82:ed:53:68:ad:b3:f4:d5:11:a4:0d:5e:
         a9:95:20:a0:de:a6:ac:93:ff:52:06:f9:82:fc:14:c3:79:71:
         8c:92:04:14:ff:fa:0a:5f:b1:0c:79:f2:e0:04:cd:a1:b6:43:
         31:f2:bf:57
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzI3NeGCbW7/Q+scShnYz/8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiOGM2YzU4YjYwN2ZmMjNhZTcxNzVhNjE2ODJjNzU0ODBm
MWUyMTQwHhcNMjQwMTAyMDYyOTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNGViNmMwMmE5MDZhOTliMzc2ZjhkODFhMWU5YzMyZjNiMzI5MTA3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk9EWKeeAv4R/q1yHTsmdK7EUdv4z
Eh5ULOu3kpwna4ldca1Cn0/Uq8+SyoEZkDUaAdOs+pYhiMESHmZt9qMBakNavxr0
gWpfjaizDH3B0xTGdMGbUfcTe6Sux3ZegNljnLUslYCh22i7WY6Rk8nP37evdDM1
JINFRfTGM8t05sRA7f0ogDQKpFA6jSu3zbrGXX8jHU7IJbhMZ6LuHaGMt/nwWBs3
J83RyZS8Hu2RIICsCYJ8FPiIFL5dzPBkJZz2qlIqDZjHzxcYppcRljJ39axxPiGC
FuFjZcHkAynBajPgLAx25/yHo6F7RJtP5T8uYKfHzp2v/FBe9bGlRdCQOQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFCTrbAKpBqmbN2+NgaHpwy87MpEHMB8GA1UdIwQY
MBaAFKuMbFi2B/8jrnF1phaCx1SA8eIUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcTR4c1dMWUhfeU91Y1hXbUZvTEhWSUR4NGhRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ni9lZmI4ZWUtYzVjNC00NDY3LWEwY2Mt
ODhhM2M0MWZhZWUyLzEvSk90c0Fxa0dxWnMzYjQyQm9lbkRMenN5a1FjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ni9lZmI4ZWUtYzVjNC00NDY3LWEwY2MtODhhM2M0MWZhZWUy
LzEvcTR4c1dMWUhfeU91Y1hXbUZvTEhWSUR4NGhRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgAUgAAD
MA0GCSqGSIb3DQEBCwUAA4IBAQBKlYng81AUbHLvUWTCH3sxTqIeE3JI833PjR6Q
5t5g8BfuI0+ete33PJWx6IgdEwKEj1IPAHp/1dNNDhBXKPcqO2wrnZ+D1xFBMCT9
D2PWVGikgNKDl31CQMuv93QtEwpg+AuSlsr6b2KYO0pya2VVd8gZxeYNGyiUhz7K
vrkvR/IrwE1fmA/+WlUYuKmfo/pbLsGOa3ZGvHf29G3nl+HYR9bXvMh2r+BEGmpE
FnHapI2/7gGrZkk0VnndpislMP6cs89a2qpyIWP6WRyC7VNorbP01RGkDV6plSCg
3qask/9SBvmC/BTDeXGMkgQU//oKX7EMefLgBM2htkMx8r9X
-----END CERTIFICATE-----