Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/61/4d089e-5d1c-4e34-9465-fa6348f695b5/1/0rGuUCTPs2XSIqnKTcFntpAk66c.roa
File:                     0rGuUCTPs2XSIqnKTcFntpAk66c.roa (raw, json)
Hash identifier:          02bYBZRQ4sb4D01/R+f++o5lRB3QdApEPaxDqbfy2rA=
Subject key identifier:   D2:B1:AE:50:24:CF:B3:65:D2:22:A9:CA:4D:C1:67:B6:90:24:EB:A7
Certificate issuer:       /CN=e4b1306101cc9ec9fce985280c1db0f37c135a3a
Certificate serial:       018CC9BCE13D17EDEBB1279EC3E27F4AD8E1
Authority key identifier: E4:B1:30:61:01:CC:9E:C9:FC:E9:85:28:0C:1D:B0:F3:7C:13:5A:3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5LEwYQHMnsn86YUoDB2w83wTWjo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/61/4d089e-5d1c-4e34-9465-fa6348f695b5/1/0rGuUCTPs2XSIqnKTcFntpAk66c.roa
Signing time:             Tue 02 Jan 2024 10:34:07 +0000
ROA not before:           Tue 02 Jan 2024 10:34:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47246
IP address blocks:        2a02:ddc3::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/61/4d089e-5d1c-4e34-9465-fa6348f695b5/1/5LEwYQHMnsn86YUoDB2w83wTWjo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/61/4d089e-5d1c-4e34-9465-fa6348f695b5/1/5LEwYQHMnsn86YUoDB2w83wTWjo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5LEwYQHMnsn86YUoDB2w83wTWjo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 May 2024 08:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:e1:3d:17:ed:eb:b1:27:9e:c3:e2:7f:4a:d8:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e4b1306101cc9ec9fce985280c1db0f37c135a3a
        Validity
            Not Before: Jan  2 10:34:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d2b1ae5024cfb365d222a9ca4dc167b69024eba7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:39:d5:ba:c0:49:2f:f8:b9:9b:af:53:df:67:
                    96:08:7b:7b:44:c2:a8:fb:5f:38:5a:16:f3:fd:dd:
                    81:f7:1b:fc:38:a3:bc:90:32:15:54:7f:e6:4c:e6:
                    47:04:fe:b1:3b:4e:35:ee:e8:c4:6a:a3:0b:73:f9:
                    53:bb:38:c6:c5:e8:31:7f:c2:a2:f0:95:31:30:f0:
                    d0:7c:34:64:de:a6:25:2f:b6:d7:5a:83:ce:34:86:
                    aa:50:9d:a5:e1:13:4a:09:e8:ff:36:52:19:aa:f3:
                    36:b2:e6:5b:7d:24:50:a5:a1:ea:c8:e9:69:b8:38:
                    02:7f:15:2b:13:39:81:14:aa:68:ce:de:21:1e:50:
                    76:7e:4a:e6:bb:4c:21:2a:c6:52:7d:56:f7:2e:23:
                    de:cf:be:e6:a4:97:7d:17:45:5d:ae:a1:ae:df:48:
                    18:5b:2d:a8:50:f6:f8:6c:a0:a7:de:74:e4:c7:56:
                    bb:fe:7a:51:d5:9b:68:40:ea:b8:43:85:97:af:25:
                    d0:dd:f7:0b:d5:37:a7:5a:03:3c:f9:f0:ab:03:fa:
                    2e:13:80:17:b6:60:f2:b2:c5:78:91:6c:5b:8f:c1:
                    50:f5:da:a6:d1:88:52:0e:f3:b1:70:dd:02:09:11:
                    bb:bc:f0:94:ee:48:3e:8a:a9:b8:78:1f:68:cf:49:
                    b6:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:B1:AE:50:24:CF:B3:65:D2:22:A9:CA:4D:C1:67:B6:90:24:EB:A7
            X509v3 Authority Key Identifier:
                keyid:E4:B1:30:61:01:CC:9E:C9:FC:E9:85:28:0C:1D:B0:F3:7C:13:5A:3A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5LEwYQHMnsn86YUoDB2w83wTWjo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/61/4d089e-5d1c-4e34-9465-fa6348f695b5/1/0rGuUCTPs2XSIqnKTcFntpAk66c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/61/4d089e-5d1c-4e34-9465-fa6348f695b5/1/5LEwYQHMnsn86YUoDB2w83wTWjo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a02:ddc3::/48

    Signature Algorithm: sha256WithRSAEncryption
         3e:f9:e1:56:dd:05:e5:7c:cd:f2:35:91:fb:fc:e0:aa:f6:ae:
         ab:96:96:6f:68:aa:42:56:bd:34:30:f0:d3:9e:f5:7e:16:cc:
         77:9f:33:0b:00:58:4e:30:ac:7c:f3:66:0c:ef:4f:3c:8f:f1:
         ac:17:c9:2d:ec:da:ac:fe:cd:e4:8d:f4:ae:f4:af:e7:72:d9:
         c1:15:98:11:f1:b0:38:0f:63:9e:a8:59:52:a2:c9:b3:1c:3a:
         e0:f8:d2:b7:30:63:69:2b:5d:9c:76:37:02:e1:c0:31:f1:77:
         07:bb:ff:a9:d8:93:3c:b7:e6:da:26:e6:dd:0f:ba:6f:e1:5a:
         cf:a1:4d:2a:a9:aa:49:f9:62:14:3f:91:06:e6:ae:d2:a9:85:
         69:b3:4c:d9:a4:8c:90:2c:44:b7:0f:5b:7e:9c:49:fa:99:85:
         54:78:99:fa:b7:1d:b5:6e:6c:25:47:4c:a5:20:10:7d:90:b9:
         ee:74:67:9d:d1:58:71:ac:4f:2a:45:6a:53:4e:45:c7:c6:6d:
         f6:66:f5:7d:79:cc:60:52:05:8d:45:42:5b:b3:35:77:ad:97:
         af:82:c2:fa:2f:82:b5:66:29:81:f6:c2:6e:2b:16:e9:18:ff:
         91:28:ec:6d:58:d2:77:4a:fb:2d:eb:62:f7:f7:06:82:d9:3d:
         1b:0d:6d:9f
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzJvOE9F+3rsSeew+J/StjhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU0YjEzMDYxMDFjYzllYzlmY2U5ODUyODBjMWRiMGYzN2Mx
MzVhM2EwHhcNMjQwMTAyMTAzNDA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMmIxYWU1MDI0Y2ZiMzY1ZDIyMmE5Y2E0ZGMxNjdiNjkwMjRlYmE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxjnVusBJL/i5m69T32eWCHt7RMKo
+184Whbz/d2B9xv8OKO8kDIVVH/mTOZHBP6xO0417ujEaqMLc/lTuzjGxegxf8Ki
8JUxMPDQfDRk3qYlL7bXWoPONIaqUJ2l4RNKCej/NlIZqvM2suZbfSRQpaHqyOlp
uDgCfxUrEzmBFKpozt4hHlB2fkrmu0whKsZSfVb3LiPez77mpJd9F0VdrqGu30gY
Wy2oUPb4bKCn3nTkx1a7/npR1ZtoQOq4Q4WXryXQ3fcL1TenWgM8+fCrA/ouE4AX
tmDyssV4kWxbj8FQ9dqm0YhSDvOxcN0CCRG7vPCU7kg+iqm4eB9oz0m2QwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFNKxrlAkz7Nl0iKpyk3BZ7aQJOunMB8GA1UdIwQY
MBaAFOSxMGEBzJ7J/OmFKAwdsPN8E1o6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNUxFd1lRSE1uc244NllVb0RCMnc4M3dUV2pvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MS80ZDA4OWUtNWQxYy00ZTM0LTk0NjUt
ZmE2MzQ4ZjY5NWI1LzEvMHJHdVVDVFBzMlhTSXFuS1RjRm50cEFrNjZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MS80ZDA4OWUtNWQxYy00ZTM0LTk0NjUtZmE2MzQ4ZjY5NWI1
LzEvNUxFd1lRSE1uc244NllVb0RCMnc4M3dUV2pvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgLdwwAA
MA0GCSqGSIb3DQEBCwUAA4IBAQA++eFW3QXlfM3yNZH7/OCq9q6rlpZvaKpCVr00
MPDTnvV+Fsx3nzMLAFhOMKx882YM7088j/GsF8kt7Nqs/s3kjfSu9K/nctnBFZgR
8bA4D2OeqFlSosmzHDrg+NK3MGNpK12cdjcC4cAx8XcHu/+p2JM8t+baJubdD7pv
4VrPoU0qqapJ+WIUP5EG5q7SqYVps0zZpIyQLES3D1t+nEn6mYVUeJn6tx21bmwl
R0ylIBB9kLnudGed0VhxrE8qRWpTTkXHxm32ZvV9ecxgUgWNRUJbszV3rZevgsL6
L4K1ZimB9sJuKxbpGP+RKOxtWNJ3Svst62L39waC2T0bDW2f
-----END CERTIFICATE-----