Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/60/439a10-60c4-4c28-91bf-88d2df10d15b/1/h_6HW4N4oDY3gd7lh8jIXZRlbRg.roa
File:                     h_6HW4N4oDY3gd7lh8jIXZRlbRg.roa (raw, json)
Hash identifier:          YO0bF72T74QpxBoEWqPlNJaD/rfZ5PXrro2QjUO7ryE=
Subject key identifier:   87:FE:87:5B:83:78:A0:36:37:81:DE:E5:87:C8:C8:5D:94:65:6D:18
Certificate issuer:       /CN=c45c683cb1eb9c0f49b967e3bd9b8b84cf099bb8
Certificate serial:       018CC8DE8162EACCA0465802C6964553CDCF
Authority key identifier: C4:5C:68:3C:B1:EB:9C:0F:49:B9:67:E3:BD:9B:8B:84:CF:09:9B:B8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xFxoPLHrnA9JuWfjvZuLhM8Jm7g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/60/439a10-60c4-4c28-91bf-88d2df10d15b/1/h_6HW4N4oDY3gd7lh8jIXZRlbRg.roa
Signing time:             Tue 02 Jan 2024 06:31:14 +0000
ROA not before:           Tue 02 Jan 2024 06:31:14 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15585
IP address blocks:        2a07:2904::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/60/439a10-60c4-4c28-91bf-88d2df10d15b/1/xFxoPLHrnA9JuWfjvZuLhM8Jm7g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/60/439a10-60c4-4c28-91bf-88d2df10d15b/1/xFxoPLHrnA9JuWfjvZuLhM8Jm7g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xFxoPLHrnA9JuWfjvZuLhM8Jm7g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:03:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:81:62:ea:cc:a0:46:58:02:c6:96:45:53:cd:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c45c683cb1eb9c0f49b967e3bd9b8b84cf099bb8
        Validity
            Not Before: Jan  2 06:31:14 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=87fe875b8378a0363781dee587c8c85d94656d18
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:7b:31:a1:9f:80:f7:21:aa:24:d3:23:cf:6d:
                    c8:19:90:03:2b:9d:e2:fa:48:ce:4e:11:c9:f9:c8:
                    d4:94:6b:9b:53:c4:ca:0b:96:c6:ea:ae:cb:bb:2d:
                    28:00:4f:91:f9:76:6d:a5:0a:e3:ce:9a:e6:4e:6f:
                    00:a3:06:6d:a4:0c:c8:2e:b2:70:36:44:81:d6:bd:
                    e5:0f:c1:08:56:76:ed:2e:e6:11:29:d0:c7:30:33:
                    15:98:97:1d:b3:6e:fd:ea:30:3b:87:2a:f6:82:bf:
                    3b:1c:14:66:c3:3b:98:27:73:bf:1e:a9:0e:ff:1c:
                    d0:02:fe:53:69:97:4a:bc:3f:3c:a2:d8:d8:7e:e8:
                    ed:15:1f:6d:c7:94:46:0e:3f:51:3b:21:29:ca:c9:
                    67:e8:5a:b8:2b:79:e9:a0:2d:dc:b6:9f:86:c0:3b:
                    db:2f:ec:ce:cd:d6:0d:78:fc:9e:d6:ae:a2:78:c7:
                    6f:58:49:68:0e:d5:be:61:8d:bc:20:a1:43:35:e9:
                    3b:54:a9:59:cd:f9:c2:dc:06:10:cc:fd:d1:67:53:
                    ce:fb:46:91:78:48:47:2f:52:82:ab:54:68:2c:ca:
                    40:90:eb:aa:1f:59:52:4d:01:16:ca:b1:cf:64:a4:
                    dc:d7:65:eb:6d:8f:39:78:3f:1e:68:4a:21:32:eb:
                    bc:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:FE:87:5B:83:78:A0:36:37:81:DE:E5:87:C8:C8:5D:94:65:6D:18
            X509v3 Authority Key Identifier:
                keyid:C4:5C:68:3C:B1:EB:9C:0F:49:B9:67:E3:BD:9B:8B:84:CF:09:9B:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xFxoPLHrnA9JuWfjvZuLhM8Jm7g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/60/439a10-60c4-4c28-91bf-88d2df10d15b/1/h_6HW4N4oDY3gd7lh8jIXZRlbRg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/60/439a10-60c4-4c28-91bf-88d2df10d15b/1/xFxoPLHrnA9JuWfjvZuLhM8Jm7g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a07:2904::/32

    Signature Algorithm: sha256WithRSAEncryption
         84:69:31:b7:63:6c:9e:36:b8:d6:d8:cb:e5:94:f7:20:ea:9d:
         21:2b:1b:2d:b4:d5:bb:41:02:c7:59:0b:71:9d:45:60:52:59:
         29:f4:b0:48:d9:89:fe:a4:a9:32:38:7f:b0:8d:01:ae:91:91:
         ff:2f:f4:4e:bb:97:2a:eb:0b:07:92:83:cd:9d:5a:28:66:9e:
         8b:62:5e:7e:b5:a6:64:a6:ef:7f:4d:ed:4f:94:a1:34:34:16:
         46:e1:81:72:6d:a2:06:ab:1c:15:b5:10:79:ee:ae:49:aa:f6:
         68:b9:7e:98:f5:3f:e0:37:51:05:cd:6a:ef:dd:cd:43:25:9e:
         81:c6:11:66:4f:30:b4:e6:dc:8d:ff:dc:ad:db:95:f6:e0:df:
         42:de:ef:d0:bc:12:3d:b8:9a:70:ce:3b:16:ca:64:e2:e7:d0:
         6b:ed:a3:f6:a2:93:4b:ed:ae:ea:25:b9:b6:be:f3:3d:0c:7a:
         6d:82:ca:c0:b4:85:17:39:05:0a:36:55:b0:bb:cc:d7:2b:dc:
         5c:89:a5:ee:3c:12:79:58:56:61:2b:74:ab:11:64:22:81:0d:
         c4:b1:d9:5e:5a:7e:a6:4b:77:77:c7:a3:a4:8c:4e:a0:b5:2e:
         a5:3a:ba:1d:d1:7e:68:a4:08:5a:3e:98:19:e1:74:b7:98:dd:
         67:04:4a:11
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzI3oFi6sygRlgCxpZFU83PMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM0NWM2ODNjYjFlYjljMGY0OWI5NjdlM2JkOWI4Yjg0Y2Yw
OTliYjgwHhcNMjQwMTAyMDYzMTE0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4N2ZlODc1YjgzNzhhMDM2Mzc4MWRlZTU4N2M4Yzg1ZDk0NjU2ZDE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiHsxoZ+A9yGqJNMjz23IGZADK53i
+kjOThHJ+cjUlGubU8TKC5bG6q7Luy0oAE+R+XZtpQrjzprmTm8AowZtpAzILrJw
NkSB1r3lD8EIVnbtLuYRKdDHMDMVmJcds2796jA7hyr2gr87HBRmwzuYJ3O/HqkO
/xzQAv5TaZdKvD88otjYfujtFR9tx5RGDj9ROyEpysln6Fq4K3npoC3ctp+GwDvb
L+zOzdYNePye1q6ieMdvWEloDtW+YY28IKFDNek7VKlZzfnC3AYQzP3RZ1PO+0aR
eEhHL1KCq1RoLMpAkOuqH1lSTQEWyrHPZKTc12XrbY85eD8eaEohMuu8KwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFIf+h1uDeKA2N4He5YfIyF2UZW0YMB8GA1UdIwQY
MBaAFMRcaDyx65wPSbln472bi4TPCZu4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveEZ4b1BMSHJuQTlKdVdmanZadUxoTThKbTdnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MC80MzlhMTAtNjBjNC00YzI4LTkxYmYt
ODhkMmRmMTBkMTViLzEvaF82SFc0TjRvRFkzZ2Q3bGg4aklYWlJsYlJnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MC80MzlhMTAtNjBjNC00YzI4LTkxYmYtODhkMmRmMTBkMTVi
LzEveEZ4b1BMSHJuQTlKdVdmanZadUxoTThKbTdnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgcpBDAN
BgkqhkiG9w0BAQsFAAOCAQEAhGkxt2Nsnja41tjL5ZT3IOqdISsbLbTVu0ECx1kL
cZ1FYFJZKfSwSNmJ/qSpMjh/sI0BrpGR/y/0TruXKusLB5KDzZ1aKGaei2JefrWm
ZKbvf03tT5ShNDQWRuGBcm2iBqscFbUQee6uSar2aLl+mPU/4DdRBc1q793NQyWe
gcYRZk8wtObcjf/crduV9uDfQt7v0LwSPbiacM47Fspk4ufQa+2j9qKTS+2u6iW5
tr7zPQx6bYLKwLSFFzkFCjZVsLvM1yvcXIml7jwSeVhWYSt0qxFkIoENxLHZXlp+
pkt3d8ejpIxOoLUupTq6HdF+aKQIWj6YGeF0t5jdZwRKEQ==
-----END CERTIFICATE-----