Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/67/566cb1-7915-4ffd-8570-6b93af613d7d/1/FI0JWuaVEk0I33dPjpCPQyJHvdE.roa
File:                     FI0JWuaVEk0I33dPjpCPQyJHvdE.roa (raw, json)
Hash identifier:          SKOVKW0j0Um2W/lvrQFABiFhdhvYNjkPXCbSaFvw3sw=
Subject key identifier:   14:8D:09:5A:E6:95:12:4D:08:DF:77:4F:8E:90:8F:43:22:47:BD:D1
Certificate issuer:       /CN=8d3f356a02d9679ce890b5d51e0dec2f3f363361
Certificate serial:       018CC56EF9651BB49D25E4043BB79B7A329C
Authority key identifier: 8D:3F:35:6A:02:D9:67:9C:E8:90:B5:D5:1E:0D:EC:2F:3F:36:33:61
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jT81agLZZ5zokLXVHg3sLz82M2E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/67/566cb1-7915-4ffd-8570-6b93af613d7d/1/FI0JWuaVEk0I33dPjpCPQyJHvdE.roa
Signing time:             Mon 01 Jan 2024 14:30:33 +0000
ROA not before:           Mon 01 Jan 2024 14:30:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210490
IP address blocks:        2a11:4e07:f001::/48 maxlen: 48
                          2a11:4e07:f000::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/67/566cb1-7915-4ffd-8570-6b93af613d7d/1/jT81agLZZ5zokLXVHg3sLz82M2E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/67/566cb1-7915-4ffd-8570-6b93af613d7d/1/jT81agLZZ5zokLXVHg3sLz82M2E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jT81agLZZ5zokLXVHg3sLz82M2E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 02:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:f9:65:1b:b4:9d:25:e4:04:3b:b7:9b:7a:32:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8d3f356a02d9679ce890b5d51e0dec2f3f363361
        Validity
            Not Before: Jan  1 14:30:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=148d095ae695124d08df774f8e908f432247bdd1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:6c:e0:9b:2e:f7:22:79:18:1a:e6:25:b8:c7:
                    67:85:45:2e:0e:cf:0b:96:14:b9:9d:56:e3:3c:e4:
                    68:90:b5:04:38:51:6b:52:6b:68:f8:19:00:f1:b8:
                    b6:75:39:e6:df:20:fd:88:37:c9:30:b7:28:03:d9:
                    ef:15:49:67:12:fb:fb:24:2a:b7:1a:52:e1:f6:a4:
                    bb:a7:2f:77:b5:e2:03:1f:b8:77:7a:fb:ad:dd:26:
                    b6:b5:da:56:44:8b:78:fc:8f:e3:3c:5a:f9:50:11:
                    78:a8:b9:9a:3e:ca:88:38:bc:94:c6:a8:98:8f:89:
                    a3:19:b5:17:e3:f4:9c:df:fa:7a:83:09:40:21:60:
                    6c:d6:61:07:81:c7:68:53:2f:82:93:ac:71:0b:01:
                    26:0f:c8:99:47:63:6f:82:5d:5d:af:75:91:e5:80:
                    26:61:f7:b9:b3:46:47:80:de:80:8e:8e:d2:18:d8:
                    46:5f:45:0f:e4:8c:0a:2a:e7:90:0f:72:c5:7d:83:
                    1d:33:35:03:d5:80:41:56:22:12:7b:a5:33:ae:f0:
                    df:c5:fd:00:32:60:8e:78:e1:fb:dd:76:90:fb:7b:
                    c6:0a:c0:ad:ca:f5:4d:52:3d:13:4e:fe:1c:cf:f4:
                    b5:57:f0:e3:bf:d3:a1:cb:94:0a:45:78:84:86:aa:
                    d1:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:8D:09:5A:E6:95:12:4D:08:DF:77:4F:8E:90:8F:43:22:47:BD:D1
            X509v3 Authority Key Identifier:
                keyid:8D:3F:35:6A:02:D9:67:9C:E8:90:B5:D5:1E:0D:EC:2F:3F:36:33:61

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jT81agLZZ5zokLXVHg3sLz82M2E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/67/566cb1-7915-4ffd-8570-6b93af613d7d/1/FI0JWuaVEk0I33dPjpCPQyJHvdE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/67/566cb1-7915-4ffd-8570-6b93af613d7d/1/jT81agLZZ5zokLXVHg3sLz82M2E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a11:4e07:f000::/47

    Signature Algorithm: sha256WithRSAEncryption
         72:aa:17:2e:3a:a8:8f:76:4b:60:d0:78:7a:1c:17:1e:c8:b5:
         74:63:ce:c8:c5:00:9d:62:2d:90:f7:2e:4b:95:5f:81:04:aa:
         b3:d4:e5:bd:43:b0:c3:a6:be:cf:f9:3c:f2:6d:94:c1:4f:e6:
         bb:dc:47:1f:5d:31:af:0f:2a:c0:f4:0a:48:52:9e:ea:55:ef:
         be:8e:b7:d7:83:38:6b:61:0c:61:f8:0f:bd:62:9c:b7:f4:d9:
         5c:6e:7a:36:7a:2e:e1:3d:15:08:89:91:13:5c:64:3c:45:82:
         c7:b5:6a:06:1e:75:6f:33:e5:ed:de:6c:af:10:53:9e:82:aa:
         38:bc:f0:a3:98:4e:7e:23:29:35:a7:8f:56:ca:df:9a:83:1b:
         c6:c6:66:f8:7a:fb:77:84:2b:ed:35:d1:90:99:2e:1f:26:68:
         1d:a0:73:59:f6:14:1e:c7:d6:17:02:36:9c:ae:f8:2d:2c:be:
         1f:73:aa:28:8f:66:3b:cb:e4:c6:d7:74:53:68:b0:28:6a:f5:
         69:01:84:3e:c1:47:71:40:1d:c3:2a:c0:b1:33:c3:e7:6e:6b:
         d6:f6:70:09:b5:70:c7:ed:71:0d:1e:36:2a:28:44:b5:0c:11:
         7d:ec:b4:9e:8f:9d:e1:40:0e:ef:a0:15:af:2c:09:09:47:bc:
         79:60:e8:6b
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzFbvllG7SdJeQEO7ebejKcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkM2YzNTZhMDJkOTY3OWNlODkwYjVkNTFlMGRlYzJmM2Yz
NjMzNjEwHhcNMjQwMTAxMTQzMDMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNDhkMDk1YWU2OTUxMjRkMDhkZjc3NGY4ZTkwOGY0MzIyNDdiZGQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAimzgmy73InkYGuYluMdnhUUuDs8L
lhS5nVbjPORokLUEOFFrUmto+BkA8bi2dTnm3yD9iDfJMLcoA9nvFUlnEvv7JCq3
GlLh9qS7py93teIDH7h3evut3Sa2tdpWRIt4/I/jPFr5UBF4qLmaPsqIOLyUxqiY
j4mjGbUX4/Sc3/p6gwlAIWBs1mEHgcdoUy+Ck6xxCwEmD8iZR2Nvgl1dr3WR5YAm
Yfe5s0ZHgN6Ajo7SGNhGX0UP5IwKKueQD3LFfYMdMzUD1YBBViISe6UzrvDfxf0A
MmCOeOH73XaQ+3vGCsCtyvVNUj0TTv4cz/S1V/Djv9Ohy5QKRXiEhqrRMQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFBSNCVrmlRJNCN93T46Qj0MiR73RMB8GA1UdIwQY
MBaAFI0/NWoC2Wec6JC11R4N7C8/NjNhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvalQ4MWFnTFpaNXpva0xYVkhnM3NMejgyTTJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ny81NjZjYjEtNzkxNS00ZmZkLTg1NzAt
NmI5M2FmNjEzZDdkLzEvRkkwSld1YVZFazBJMzNkUGpwQ1BReUpIdmRFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ny81NjZjYjEtNzkxNS00ZmZkLTg1NzAtNmI5M2FmNjEzZDdk
LzEvalQ4MWFnTFpaNXpva0xYVkhnM3NMejgyTTJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcBKhFOB/AA
MA0GCSqGSIb3DQEBCwUAA4IBAQByqhcuOqiPdktg0Hh6HBceyLV0Y87IxQCdYi2Q
9y5LlV+BBKqz1OW9Q7DDpr7P+TzybZTBT+a73EcfXTGvDyrA9ApIUp7qVe++jrfX
gzhrYQxh+A+9Ypy39Nlcbno2ei7hPRUIiZETXGQ8RYLHtWoGHnVvM+Xt3myvEFOe
gqo4vPCjmE5+Iyk1p49Wyt+agxvGxmb4evt3hCvtNdGQmS4fJmgdoHNZ9hQex9YX
AjacrvgtLL4fc6ooj2Y7y+TG13RTaLAoavVpAYQ+wUdxQB3DKsCxM8PnbmvW9nAJ
tXDH7XENHjYqKES1DBF97LSej53hQA7voBWvLAkJR7x5YOhr
-----END CERTIFICATE-----