Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/72/2a942a-f1bf-43e2-b92a-1dec40584806/1/A_CtcBykO5XYF57u5axkxEyzebs.roa
File:                     A_CtcBykO5XYF57u5axkxEyzebs.roa (raw, json)
Hash identifier:          7K54WOZjFHcAIZQrlwJP0R3uO4PlpRUlYXxv+EtPDIA=
Subject key identifier:   03:F0:AD:70:1C:A4:3B:95:D8:17:9E:EE:E5:AC:64:C4:4C:B3:79:BB
Certificate issuer:       /CN=3691d2950145dceac00c0ca4eb536d92867b38d3
Certificate serial:       018D5BCA95DA2DAFCC21601500D14F131733
Authority key identifier: 36:91:D2:95:01:45:DC:EA:C0:0C:0C:A4:EB:53:6D:92:86:7B:38:D3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NpHSlQFF3OrADAyk61NtkoZ7ONM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/72/2a942a-f1bf-43e2-b92a-1dec40584806/1/A_CtcBykO5XYF57u5axkxEyzebs.roa
Signing time:             Tue 30 Jan 2024 19:13:39 +0000
ROA not before:           Tue 30 Jan 2024 19:13:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57483
IP address blocks:        2a0c:2f04:100::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/72/2a942a-f1bf-43e2-b92a-1dec40584806/1/NpHSlQFF3OrADAyk61NtkoZ7ONM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/72/2a942a-f1bf-43e2-b92a-1dec40584806/1/NpHSlQFF3OrADAyk61NtkoZ7ONM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NpHSlQFF3OrADAyk61NtkoZ7ONM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 15:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:5b:ca:95:da:2d:af:cc:21:60:15:00:d1:4f:13:17:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3691d2950145dceac00c0ca4eb536d92867b38d3
        Validity
            Not Before: Jan 30 19:13:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=03f0ad701ca43b95d8179eeee5ac64c44cb379bb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:65:0c:51:98:d8:1f:53:5f:55:f2:d1:eb:14:
                    b6:1e:18:47:91:62:c5:44:31:7e:4b:1e:7a:6c:61:
                    70:b9:85:a0:8c:a3:ad:3d:3d:9d:c2:43:0b:12:c9:
                    32:69:88:a4:82:91:c9:d6:27:09:16:1a:1c:44:9e:
                    ad:8d:e4:b2:ef:b1:32:2c:e3:54:69:17:74:d2:4d:
                    25:d5:ac:2a:c5:01:b1:52:9f:69:87:ad:b2:e3:ce:
                    5a:84:f0:4d:2f:90:50:2b:c0:b0:3a:00:f4:ef:89:
                    ea:f7:aa:83:f3:77:ca:f0:6d:3a:f6:2b:d2:fb:3f:
                    65:b3:13:75:93:25:c5:24:fd:7f:a4:fc:7b:6b:12:
                    ce:d9:d9:8b:36:c8:40:74:4f:69:5e:74:85:62:21:
                    e6:08:36:8f:73:88:38:d5:cb:30:c8:99:7a:5b:96:
                    04:0c:93:86:88:1e:53:2f:d5:46:e9:3d:01:49:3c:
                    97:8c:77:1c:c6:51:e4:ac:87:ad:af:a4:36:ed:79:
                    85:00:20:31:6a:1c:6d:1b:43:81:91:58:f8:bf:16:
                    3a:f3:bc:98:6c:d0:b8:1b:b7:be:a1:75:66:51:eb:
                    cf:53:ae:83:0b:97:c6:10:1e:52:5c:5b:0f:35:23:
                    8a:80:ca:98:d1:66:af:b9:23:26:ce:10:34:88:ce:
                    fd:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:F0:AD:70:1C:A4:3B:95:D8:17:9E:EE:E5:AC:64:C4:4C:B3:79:BB
            X509v3 Authority Key Identifier:
                keyid:36:91:D2:95:01:45:DC:EA:C0:0C:0C:A4:EB:53:6D:92:86:7B:38:D3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NpHSlQFF3OrADAyk61NtkoZ7ONM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/72/2a942a-f1bf-43e2-b92a-1dec40584806/1/A_CtcBykO5XYF57u5axkxEyzebs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/72/2a942a-f1bf-43e2-b92a-1dec40584806/1/NpHSlQFF3OrADAyk61NtkoZ7ONM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:2f04:100::/40

    Signature Algorithm: sha256WithRSAEncryption
         1d:c0:04:08:76:ab:bc:98:18:bd:86:c7:8b:c1:28:c2:08:c4:
         0c:90:4e:01:05:03:77:a7:5e:bf:49:55:27:8d:41:e5:8d:17:
         d6:d6:8e:7e:80:b4:53:53:83:10:28:00:79:63:77:e6:ca:1a:
         2c:13:4d:5b:ae:90:a0:e7:1e:17:3d:fe:59:92:3d:06:fe:38:
         d2:45:c7:28:70:9d:04:f9:6c:c6:7d:43:aa:8c:72:64:ad:db:
         4a:87:5f:9e:4f:3d:3c:0f:1d:35:31:9d:02:0f:8a:c7:ff:ff:
         c1:9c:a6:40:89:32:61:91:7f:39:32:33:bb:a8:92:b0:ce:e5:
         4b:db:8c:e5:40:73:3d:51:49:f0:11:30:cb:eb:f6:bf:26:cb:
         6f:c5:1c:24:32:a9:60:18:e5:fd:7f:c1:20:f8:cd:36:44:70:
         a0:f7:ab:05:74:f9:d1:83:c9:0b:57:70:76:94:a9:cf:79:5c:
         f6:d2:c6:45:bb:8e:54:86:56:34:c3:0c:b2:a1:3c:08:8f:69:
         af:65:37:16:ad:b5:e8:39:88:85:b4:2d:61:1e:11:5c:5d:d2:
         40:b0:4c:bf:81:bb:53:66:46:a8:ca:1b:75:58:8a:f4:98:47:
         ff:04:ae:e8:c4:78:53:c8:27:c2:3f:e0:cf:2e:01:7a:b6:45:
         c7:6d:dc:7a
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAY1bypXaLa/MIWAVANFPExczMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2OTFkMjk1MDE0NWRjZWFjMDBjMGNhNGViNTM2ZDkyODY3
YjM4ZDMwHhcNMjQwMTMwMTkxMzM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwM2YwYWQ3MDFjYTQzYjk1ZDgxNzllZWVlNWFjNjRjNDRjYjM3OWJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiWUMUZjYH1NfVfLR6xS2HhhHkWLF
RDF+Sx56bGFwuYWgjKOtPT2dwkMLEskyaYikgpHJ1icJFhocRJ6tjeSy77EyLONU
aRd00k0l1awqxQGxUp9ph62y485ahPBNL5BQK8CwOgD074nq96qD83fK8G069ivS
+z9lsxN1kyXFJP1/pPx7axLO2dmLNshAdE9pXnSFYiHmCDaPc4g41cswyJl6W5YE
DJOGiB5TL9VG6T0BSTyXjHccxlHkrIetr6Q27XmFACAxahxtG0OBkVj4vxY687yY
bNC4G7e+oXVmUevPU66DC5fGEB5SXFsPNSOKgMqY0WavuSMmzhA0iM79WwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFAPwrXAcpDuV2Bee7uWsZMRMs3m7MB8GA1UdIwQY
MBaAFDaR0pUBRdzqwAwMpOtTbZKGezjTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnBIU2xRRkYzT3JBREF5azYxTnRrb1o3T05NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Mi8yYTk0MmEtZjFiZi00M2UyLWI5MmEt
MWRlYzQwNTg0ODA2LzEvQV9DdGNCeWtPNVhZRjU3dTVheGt4RXl6ZWJzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Mi8yYTk0MmEtZjFiZi00M2UyLWI5MmEtMWRlYzQwNTg0ODA2
LzEvTnBIU2xRRkYzT3JBREF5azYxTnRrb1o3T05NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKgwvBAEw
DQYJKoZIhvcNAQELBQADggEBAB3ABAh2q7yYGL2Gx4vBKMIIxAyQTgEFA3enXr9J
VSeNQeWNF9bWjn6AtFNTgxAoAHljd+bKGiwTTVuukKDnHhc9/lmSPQb+ONJFxyhw
nQT5bMZ9Q6qMcmSt20qHX55PPTwPHTUxnQIPisf//8GcpkCJMmGRfzkyM7uokrDO
5UvbjOVAcz1RSfARMMvr9r8my2/FHCQyqWAY5f1/wSD4zTZEcKD3qwV0+dGDyQtX
cHaUqc95XPbSxkW7jlSGVjTDDLKhPAiPaa9lNxatteg5iIW0LWEeEVxd0kCwTL+B
u1NmRqjKG3VYivSYR/8ErujEeFPIJ8I/4M8uAXq2Rcdt3Ho=
-----END CERTIFICATE-----