Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6e/fcad2d-86d9-42b1-b115-2fcf396253b8/1/PriQXgeaPtFKO9HjKSaK3JtfPo0.roa
File:                     PriQXgeaPtFKO9HjKSaK3JtfPo0.roa (raw, json)
Hash identifier:          w5a4F2gzUADU5Sa3ZtpULUlXMGOtzyuN/+hK1Oc+66s=
Subject key identifier:   3E:B8:90:5E:07:9A:3E:D1:4A:3B:D1:E3:29:26:8A:DC:9B:5F:3E:8D
Certificate issuer:       /CN=36f76211f3c58f6c98af99cf65a6f1e8ff7c43ba
Certificate serial:       018CE48C4A23540EAADB9D6BE815A65A5CF8
Authority key identifier: 36:F7:62:11:F3:C5:8F:6C:98:AF:99:CF:65:A6:F1:E8:FF:7C:43:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NvdiEfPFj2yYr5nPZabx6P98Q7o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6e/fcad2d-86d9-42b1-b115-2fcf396253b8/1/PriQXgeaPtFKO9HjKSaK3JtfPo0.roa
Signing time:             Sun 07 Jan 2024 15:30:48 +0000
ROA not before:           Sun 07 Jan 2024 15:30:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202685
IP address blocks:        2a10:7dc0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6e/fcad2d-86d9-42b1-b115-2fcf396253b8/1/NvdiEfPFj2yYr5nPZabx6P98Q7o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6e/fcad2d-86d9-42b1-b115-2fcf396253b8/1/NvdiEfPFj2yYr5nPZabx6P98Q7o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NvdiEfPFj2yYr5nPZabx6P98Q7o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 23 May 2024 22:35:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:e4:8c:4a:23:54:0e:aa:db:9d:6b:e8:15:a6:5a:5c:f8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36f76211f3c58f6c98af99cf65a6f1e8ff7c43ba
        Validity
            Not Before: Jan  7 15:30:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3eb8905e079a3ed14a3bd1e329268adc9b5f3e8d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:c4:b8:dd:84:bc:e7:96:04:01:ee:6b:8f:78:
                    35:c2:f9:95:0a:00:63:96:82:1e:52:e5:b9:19:93:
                    64:73:4b:0a:08:ea:2f:9c:3b:81:fe:90:f9:48:ba:
                    56:74:98:c5:db:a0:37:79:a0:1c:9f:af:15:a7:70:
                    08:1b:d6:93:49:df:3e:cb:da:8f:b7:8d:a0:68:ab:
                    91:35:3b:be:c7:9c:03:48:cc:d1:f1:21:20:4d:e8:
                    7c:33:66:14:f5:60:bb:bc:28:f8:fa:62:20:52:06:
                    5b:7e:7b:ca:ba:bc:b9:67:de:34:1b:ef:73:0b:52:
                    b5:d3:27:11:a5:0c:86:67:0e:29:f9:0c:99:1d:eb:
                    fa:74:40:8c:cc:ef:e5:f5:d0:c3:31:8c:ac:cd:2d:
                    51:15:aa:8f:38:cf:ae:84:2c:ac:39:fd:19:0d:37:
                    5e:a2:a8:9c:d7:ae:21:7c:1b:dc:12:84:b0:c8:4e:
                    79:97:db:e7:3e:d0:71:98:b7:de:fe:19:3e:d4:61:
                    47:f0:2b:09:2a:a3:b9:94:76:0d:a3:38:02:d7:f6:
                    4a:4b:ab:b7:2a:4a:5c:fa:8f:91:5d:3a:65:a5:01:
                    dd:0d:7d:d3:41:1f:a6:41:f4:32:de:94:a3:7a:1e:
                    cc:65:97:7f:bf:c3:fd:0b:f0:55:2a:ec:64:99:68:
                    af:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:B8:90:5E:07:9A:3E:D1:4A:3B:D1:E3:29:26:8A:DC:9B:5F:3E:8D
            X509v3 Authority Key Identifier:
                keyid:36:F7:62:11:F3:C5:8F:6C:98:AF:99:CF:65:A6:F1:E8:FF:7C:43:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NvdiEfPFj2yYr5nPZabx6P98Q7o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/fcad2d-86d9-42b1-b115-2fcf396253b8/1/PriQXgeaPtFKO9HjKSaK3JtfPo0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/fcad2d-86d9-42b1-b115-2fcf396253b8/1/NvdiEfPFj2yYr5nPZabx6P98Q7o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:7dc0::/29

    Signature Algorithm: sha256WithRSAEncryption
         01:99:cd:c6:2e:82:14:b8:a7:ee:78:cf:15:d0:a9:42:b7:78:
         02:14:ff:2d:64:4c:01:6b:07:65:0d:b3:8a:bc:91:76:a4:96:
         bc:ee:79:16:f9:ec:a5:b9:d7:1c:af:0d:6e:cf:c4:8c:58:dc:
         a1:37:2a:0f:73:44:40:cb:bc:53:e5:08:d5:2d:18:5b:aa:07:
         b7:bf:93:e0:6c:1b:a2:30:a4:a4:ab:1a:6f:e8:6c:14:8a:31:
         6a:89:76:a5:f2:2c:30:d8:b5:c3:01:6e:42:5b:c7:92:32:56:
         07:b9:d1:5b:09:53:ee:f7:85:a0:86:74:e8:4c:15:fc:77:c6:
         dd:b2:27:9c:cd:b0:13:02:47:1f:9b:64:53:bd:5b:3d:25:4a:
         c9:74:12:52:97:5c:cc:dd:88:db:55:2b:fc:16:76:02:29:c0:
         54:a1:40:8b:38:db:4e:2c:3c:e7:0a:52:bd:d5:c7:cf:3b:5c:
         9a:21:38:06:4e:19:45:6b:d9:80:6c:19:77:d6:c7:a3:9e:47:
         e1:b1:76:3d:de:a6:86:86:be:d9:03:54:76:a0:bc:7a:20:bb:
         83:ab:8f:b7:ef:bd:05:fc:b7:43:4c:cf:02:51:aa:f8:f1:11:
         50:8d:50:53:c2:d7:93:85:04:f7:b7:a6:21:37:c5:6f:da:5b:
         06:38:ea:b8
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzkjEojVA6q251r6BWmWlz4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2Zjc2MjExZjNjNThmNmM5OGFmOTljZjY1YTZmMWU4ZmY3
YzQzYmEwHhcNMjQwMTA3MTUzMDQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZWI4OTA1ZTA3OWEzZWQxNGEzYmQxZTMyOTI2OGFkYzliNWYzZThkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgsS43YS855YEAe5rj3g1wvmVCgBj
loIeUuW5GZNkc0sKCOovnDuB/pD5SLpWdJjF26A3eaAcn68Vp3AIG9aTSd8+y9qP
t42gaKuRNTu+x5wDSMzR8SEgTeh8M2YU9WC7vCj4+mIgUgZbfnvKury5Z940G+9z
C1K10ycRpQyGZw4p+QyZHev6dECMzO/l9dDDMYyszS1RFaqPOM+uhCysOf0ZDTde
oqic164hfBvcEoSwyE55l9vnPtBxmLfe/hk+1GFH8CsJKqO5lHYNozgC1/ZKS6u3
Kkpc+o+RXTplpQHdDX3TQR+mQfQy3pSjeh7MZZd/v8P9C/BVKuxkmWivTwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFD64kF4Hmj7RSjvR4ykmitybXz6NMB8GA1UdIwQY
MBaAFDb3YhHzxY9smK+Zz2Wm8ej/fEO6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnZkaUVmUEZqMnlZcjVuUFphYng2UDk4UTdvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZS9mY2FkMmQtODZkOS00MmIxLWIxMTUt
MmZjZjM5NjI1M2I4LzEvUHJpUVhnZWFQdEZLTzlIaktTYUszSnRmUG8wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZS9mY2FkMmQtODZkOS00MmIxLWIxMTUtMmZjZjM5NjI1M2I4
LzEvTnZkaUVmUEZqMnlZcjVuUFphYng2UDk4UTdvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhB9wDAN
BgkqhkiG9w0BAQsFAAOCAQEAAZnNxi6CFLin7njPFdCpQrd4AhT/LWRMAWsHZQ2z
iryRdqSWvO55FvnspbnXHK8Nbs/EjFjcoTcqD3NEQMu8U+UI1S0YW6oHt7+T4Gwb
ojCkpKsab+hsFIoxaol2pfIsMNi1wwFuQlvHkjJWB7nRWwlT7veFoIZ06EwV/HfG
3bInnM2wEwJHH5tkU71bPSVKyXQSUpdczN2I21Ur/BZ2AinAVKFAizjbTiw85wpS
vdXHzztcmiE4Bk4ZRWvZgGwZd9bHo55H4bF2Pd6mhoa+2QNUdqC8eiC7g6uPt++9
Bfy3Q0zPAlGq+PERUI1QU8LXk4UE97emITfFb9pbBjjquA==
-----END CERTIFICATE-----