Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/59/edad2d-95cc-49d0-86f4-3ce3cf8b1c49/1/sVnNDfZXn8hu2SGx_M-0fLwnYik.roa
File:                     sVnNDfZXn8hu2SGx_M-0fLwnYik.roa (raw, json)
Hash identifier:          mdVF5t93lXdNfMwvalI/e4k2KbUbxy1r2Jk5vChinTw=
Subject key identifier:   B1:59:CD:0D:F6:57:9F:C8:6E:D9:21:B1:FC:CF:B4:7C:BC:27:62:29
Certificate issuer:       /CN=259490c5dbcfbf590da33bfbd37970a0763469c9
Certificate serial:       018CC3B691E2E66473C70F724354BB9842AE
Authority key identifier: 25:94:90:C5:DB:CF:BF:59:0D:A3:3B:FB:D3:79:70:A0:76:34:69:C9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JZSQxdvPv1kNozv703lwoHY0ack.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/59/edad2d-95cc-49d0-86f4-3ce3cf8b1c49/1/sVnNDfZXn8hu2SGx_M-0fLwnYik.roa
Signing time:             Mon 01 Jan 2024 06:29:31 +0000
ROA not before:           Mon 01 Jan 2024 06:29:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     7018
IP address blocks:        2a0e:ec01::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/59/edad2d-95cc-49d0-86f4-3ce3cf8b1c49/1/JZSQxdvPv1kNozv703lwoHY0ack.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/59/edad2d-95cc-49d0-86f4-3ce3cf8b1c49/1/JZSQxdvPv1kNozv703lwoHY0ack.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JZSQxdvPv1kNozv703lwoHY0ack.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 23:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:91:e2:e6:64:73:c7:0f:72:43:54:bb:98:42:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=259490c5dbcfbf590da33bfbd37970a0763469c9
        Validity
            Not Before: Jan  1 06:29:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b159cd0df6579fc86ed921b1fccfb47cbc276229
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:87:d2:d0:0a:79:f5:02:5c:1c:95:fb:9d:bd:
                    19:63:bc:2a:09:2a:fd:41:c3:6d:fb:05:e6:1c:7e:
                    15:0e:55:fd:d6:6a:f9:70:51:aa:10:51:9d:55:2d:
                    ea:01:fd:8f:f1:cd:91:1e:a7:38:ba:fd:e6:53:5d:
                    0b:c2:90:b5:bc:98:6c:55:47:69:4f:47:d1:fc:f2:
                    b4:7e:b9:06:97:4a:ec:26:78:5e:c4:44:91:f5:70:
                    25:cc:9e:bc:68:e0:27:1e:5e:35:b5:1f:db:dd:ce:
                    f7:3b:40:12:6a:31:48:f3:4f:0d:b0:ac:6a:9a:14:
                    11:6d:22:35:cc:a5:6b:18:10:f9:9d:7b:34:2e:27:
                    1c:9c:14:48:06:36:99:95:0c:90:cc:bc:77:d6:7b:
                    56:04:5c:e0:cf:6a:cb:61:e5:55:5c:d3:d1:5e:bf:
                    6d:0d:ff:b9:ed:da:67:a8:a8:c1:0e:cb:9a:6f:41:
                    6d:84:75:96:d1:52:eb:c9:78:db:e9:45:2c:28:6d:
                    ce:1c:f3:40:d0:71:d8:e2:69:f1:a8:7b:13:81:98:
                    ae:9d:e1:f9:b2:e5:e7:63:7e:b4:5e:c8:48:4c:65:
                    99:33:b8:14:f8:85:40:b4:53:e9:c7:13:61:3d:fe:
                    01:a7:d3:19:5d:a6:a6:0c:d7:68:77:2d:89:78:71:
                    3a:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:59:CD:0D:F6:57:9F:C8:6E:D9:21:B1:FC:CF:B4:7C:BC:27:62:29
            X509v3 Authority Key Identifier:
                keyid:25:94:90:C5:DB:CF:BF:59:0D:A3:3B:FB:D3:79:70:A0:76:34:69:C9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JZSQxdvPv1kNozv703lwoHY0ack.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/edad2d-95cc-49d0-86f4-3ce3cf8b1c49/1/sVnNDfZXn8hu2SGx_M-0fLwnYik.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/59/edad2d-95cc-49d0-86f4-3ce3cf8b1c49/1/JZSQxdvPv1kNozv703lwoHY0ack.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:ec01::/32

    Signature Algorithm: sha256WithRSAEncryption
         9d:91:e9:ec:30:c0:e3:13:4b:be:4f:5e:b5:3c:46:b6:4d:af:
         21:9d:93:b5:bb:6f:c3:23:25:06:14:ad:68:b8:7d:91:49:bd:
         b2:15:bb:87:c8:5a:54:fc:71:9e:9e:9e:23:28:4e:01:d0:47:
         c4:05:7c:79:c3:dd:e7:ad:b7:75:3b:83:16:1d:73:c4:bc:bb:
         ce:95:fd:dd:9e:dd:26:59:86:f4:da:4b:61:6e:f8:8d:2a:1c:
         bf:2a:88:46:ae:ae:bf:39:98:e4:c7:64:33:9c:2a:9a:9c:48:
         4a:1d:73:79:42:ce:c1:c2:88:97:73:14:b6:01:d5:57:f2:67:
         6b:a1:c8:10:33:2f:22:f9:29:37:51:c1:43:ad:86:5b:2d:01:
         87:14:be:00:00:0e:d5:50:df:a7:9e:21:a8:ea:75:34:f4:5e:
         f1:5e:5c:0e:cf:9c:bc:0e:63:00:84:e6:ab:a9:fb:7b:eb:fc:
         51:da:aa:9b:0c:f1:f3:4a:96:35:36:78:eb:37:95:d6:d1:eb:
         b5:b7:1e:42:ce:8d:3c:c2:9a:57:e7:0e:a6:0b:a1:6d:95:35:
         91:91:e4:92:46:01:60:00:5c:60:00:c2:c4:23:5c:75:df:22:
         38:f8:c7:65:6f:5d:d3:bb:cb:f8:1d:f3:22:49:5a:5a:97:34:
         63:b8:13:f2
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzDtpHi5mRzxw9yQ1S7mEKuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI1OTQ5MGM1ZGJjZmJmNTkwZGEzM2JmYmQzNzk3MGEwNzYz
NDY5YzkwHhcNMjQwMTAxMDYyOTMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMTU5Y2QwZGY2NTc5ZmM4NmVkOTIxYjFmY2NmYjQ3Y2JjMjc2MjI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn4fS0Ap59QJcHJX7nb0ZY7wqCSr9
QcNt+wXmHH4VDlX91mr5cFGqEFGdVS3qAf2P8c2RHqc4uv3mU10LwpC1vJhsVUdp
T0fR/PK0frkGl0rsJnhexESR9XAlzJ68aOAnHl41tR/b3c73O0ASajFI808NsKxq
mhQRbSI1zKVrGBD5nXs0LiccnBRIBjaZlQyQzLx31ntWBFzgz2rLYeVVXNPRXr9t
Df+57dpnqKjBDsuab0FthHWW0VLryXjb6UUsKG3OHPNA0HHY4mnxqHsTgZiuneH5
suXnY360XshITGWZM7gU+IVAtFPpxxNhPf4Bp9MZXaamDNdody2JeHE6GwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFLFZzQ32V5/IbtkhsfzPtHy8J2IpMB8GA1UdIwQY
MBaAFCWUkMXbz79ZDaM7+9N5cKB2NGnJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSlpTUXhkdlB2MWtOb3p2NzAzbHdvSFkwYWNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OS9lZGFkMmQtOTVjYy00OWQwLTg2ZjQt
M2NlM2NmOGIxYzQ5LzEvc1ZuTkRmWlhuOGh1MlNHeF9NLTBmTHduWWlrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OS9lZGFkMmQtOTVjYy00OWQwLTg2ZjQtM2NlM2NmOGIxYzQ5
LzEvSlpTUXhkdlB2MWtOb3p2NzAzbHdvSFkwYWNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKg7sATAN
BgkqhkiG9w0BAQsFAAOCAQEAnZHp7DDA4xNLvk9etTxGtk2vIZ2TtbtvwyMlBhSt
aLh9kUm9shW7h8haVPxxnp6eIyhOAdBHxAV8ecPd5623dTuDFh1zxLy7zpX93Z7d
JlmG9NpLYW74jSocvyqIRq6uvzmY5MdkM5wqmpxISh1zeULOwcKIl3MUtgHVV/Jn
a6HIEDMvIvkpN1HBQ62GWy0BhxS+AAAO1VDfp54hqOp1NPRe8V5cDs+cvA5jAITm
q6n7e+v8Udqqmwzx80qWNTZ46zeV1tHrtbceQs6NPMKaV+cOpguhbZU1kZHkkkYB
YABcYADCxCNcdd8iOPjHZW9d07vL+B3zIklaWpc0Y7gT8g==
-----END CERTIFICATE-----