Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/77/06eab0-6c6e-4c95-bbdc-916047062a22/1/_eyAsEk8KjzB9qxu-LIq_K1zcXw.roa
File:                     _eyAsEk8KjzB9qxu-LIq_K1zcXw.roa (raw, json)
Hash identifier:          /fBAWwiV95g44vBniC1RXrxoInOrJKoHojRaEri343Y=
Subject key identifier:   FD:EC:80:B0:49:3C:2A:3C:C1:F6:AC:6E:F8:B2:2A:FC:AD:73:71:7C
Certificate issuer:       /CN=9c1cd1b3c8772956fa85535a8464b4ca19663ade
Certificate serial:       018CE471635A7ED8C2BDA293D9758B816AAB
Authority key identifier: 9C:1C:D1:B3:C8:77:29:56:FA:85:53:5A:84:64:B4:CA:19:66:3A:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nBzRs8h3KVb6hVNahGS0yhlmOt4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/77/06eab0-6c6e-4c95-bbdc-916047062a22/1/_eyAsEk8KjzB9qxu-LIq_K1zcXw.roa
Signing time:             Sun 07 Jan 2024 15:01:25 +0000
ROA not before:           Sun 07 Jan 2024 15:01:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202685
IP address blocks:        2a06:ff80::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/77/06eab0-6c6e-4c95-bbdc-916047062a22/1/nBzRs8h3KVb6hVNahGS0yhlmOt4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/77/06eab0-6c6e-4c95-bbdc-916047062a22/1/nBzRs8h3KVb6hVNahGS0yhlmOt4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nBzRs8h3KVb6hVNahGS0yhlmOt4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 23 May 2024 23:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:e4:71:63:5a:7e:d8:c2:bd:a2:93:d9:75:8b:81:6a:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9c1cd1b3c8772956fa85535a8464b4ca19663ade
        Validity
            Not Before: Jan  7 15:01:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fdec80b0493c2a3cc1f6ac6ef8b22afcad73717c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:af:88:16:34:e6:41:b3:84:e0:8e:30:e1:6c:
                    c3:b3:e3:16:ef:77:e0:67:a3:e5:f6:89:26:bb:6d:
                    09:82:aa:66:55:08:9b:8b:72:cb:15:54:2b:36:e1:
                    a5:45:86:5b:b3:2b:a1:d8:a7:bd:89:3b:bd:79:c1:
                    07:96:cd:f3:8c:2f:04:5b:43:de:75:5f:3d:15:c9:
                    41:6a:69:2a:37:c2:c1:01:9e:ef:55:1c:f2:7a:c1:
                    c1:57:93:a1:59:cf:df:de:0a:86:63:e5:c4:ee:65:
                    12:39:97:07:5a:a0:19:5a:9b:61:81:9c:4f:53:81:
                    4c:31:9f:2e:e3:96:f9:58:34:61:7c:f7:b9:83:48:
                    34:51:c0:fe:3b:01:9d:65:87:65:f6:08:05:4c:50:
                    f7:ac:bf:04:6d:dc:6e:07:47:b7:d5:2f:fc:66:92:
                    35:26:d4:d6:b5:9c:ab:84:12:08:6a:50:f4:f4:9b:
                    49:11:27:21:55:24:67:01:6a:be:19:24:3b:d2:cb:
                    84:a3:62:e6:93:08:04:b4:23:0e:d9:57:58:ab:5d:
                    99:4a:19:86:96:0d:56:5c:dd:61:62:05:2f:58:7d:
                    8f:b4:1c:2d:3b:25:de:7b:d7:84:a0:1e:52:9a:f4:
                    9a:0e:61:ac:bd:7d:99:95:9d:cc:23:0d:0e:94:d7:
                    11:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:EC:80:B0:49:3C:2A:3C:C1:F6:AC:6E:F8:B2:2A:FC:AD:73:71:7C
            X509v3 Authority Key Identifier:
                keyid:9C:1C:D1:B3:C8:77:29:56:FA:85:53:5A:84:64:B4:CA:19:66:3A:DE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nBzRs8h3KVb6hVNahGS0yhlmOt4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/77/06eab0-6c6e-4c95-bbdc-916047062a22/1/_eyAsEk8KjzB9qxu-LIq_K1zcXw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/77/06eab0-6c6e-4c95-bbdc-916047062a22/1/nBzRs8h3KVb6hVNahGS0yhlmOt4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:ff80::/29

    Signature Algorithm: sha256WithRSAEncryption
         a2:9f:17:ba:e7:26:d6:dd:a8:a5:12:6f:0c:18:85:9e:69:8d:
         29:35:a8:fe:dd:4f:b8:4a:fe:73:81:e4:af:ae:de:75:dd:26:
         c3:69:91:0a:4e:39:6d:8c:b2:30:b3:73:93:e5:cf:c1:ab:10:
         8f:24:12:06:d5:78:36:37:9d:bd:b7:ee:02:59:54:4d:03:c0:
         e4:82:84:6a:98:e6:2b:ac:4a:2e:42:4b:ca:a0:17:0d:18:bb:
         eb:d4:d8:f1:c0:9e:9d:7d:38:d1:36:12:57:38:02:47:64:fd:
         c1:40:2f:bd:e5:51:8c:14:6d:32:21:5b:16:e6:bf:4e:51:3c:
         87:56:9d:c1:5f:d4:8f:b0:89:b4:3b:93:16:d0:f8:c7:9a:6f:
         27:62:1b:80:3c:71:3c:38:58:cb:08:f5:e2:3c:72:11:af:14:
         c7:ae:98:91:81:3c:b1:a5:98:d8:91:1d:41:1c:83:48:a9:03:
         3b:fe:43:58:d8:b9:d9:89:c6:c6:f7:da:9f:4d:dc:f7:d4:17:
         d8:f7:b3:eb:ea:32:fa:fe:e4:c2:fd:ab:ac:a3:5a:4e:bc:cc:
         ed:d6:7b:0b:27:8e:57:d6:d8:af:7a:60:da:0d:03:07:cb:5d:
         1f:d1:b8:b9:4e:50:fb:72:6b:fa:9e:3c:49:fe:70:2a:27:44:
         88:fb:6e:4e
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzkcWNaftjCvaKT2XWLgWqrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDljMWNkMWIzYzg3NzI5NTZmYTg1NTM1YTg0NjRiNGNhMTk2
NjNhZGUwHhcNMjQwMTA3MTUwMTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZGVjODBiMDQ5M2MyYTNjYzFmNmFjNmVmOGIyMmFmY2FkNzM3MTdjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk6+IFjTmQbOE4I4w4WzDs+MW73fg
Z6Pl9okmu20JgqpmVQibi3LLFVQrNuGlRYZbsyuh2Ke9iTu9ecEHls3zjC8EW0Pe
dV89FclBamkqN8LBAZ7vVRzyesHBV5OhWc/f3gqGY+XE7mUSOZcHWqAZWpthgZxP
U4FMMZ8u45b5WDRhfPe5g0g0UcD+OwGdZYdl9ggFTFD3rL8EbdxuB0e31S/8ZpI1
JtTWtZyrhBIIalD09JtJESchVSRnAWq+GSQ70suEo2LmkwgEtCMO2VdYq12ZShmG
lg1WXN1hYgUvWH2PtBwtOyXee9eEoB5SmvSaDmGsvX2ZlZ3MIw0OlNcRzwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFP3sgLBJPCo8wfasbviyKvytc3F8MB8GA1UdIwQY
MBaAFJwc0bPIdylW+oVTWoRktMoZZjreMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbkJ6UnM4aDNLVmI2aFZOYWhHUzB5aGxtT3Q0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ny8wNmVhYjAtNmM2ZS00Yzk1LWJiZGMt
OTE2MDQ3MDYyYTIyLzEvX2V5QXNFazhLanpCOXF4dS1MSXFfSzF6Y1h3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ny8wNmVhYjAtNmM2ZS00Yzk1LWJiZGMtOTE2MDQ3MDYyYTIy
LzEvbkJ6UnM4aDNLVmI2aFZOYWhHUzB5aGxtT3Q0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKgb/gDAN
BgkqhkiG9w0BAQsFAAOCAQEAop8Xuucm1t2opRJvDBiFnmmNKTWo/t1PuEr+c4Hk
r67edd0mw2mRCk45bYyyMLNzk+XPwasQjyQSBtV4NjedvbfuAllUTQPA5IKEapjm
K6xKLkJLyqAXDRi769TY8cCenX040TYSVzgCR2T9wUAvveVRjBRtMiFbFua/TlE8
h1adwV/Uj7CJtDuTFtD4x5pvJ2IbgDxxPDhYywj14jxyEa8Ux66YkYE8saWY2JEd
QRyDSKkDO/5DWNi52YnGxvfan03c99QX2Pez6+oy+v7kwv2rrKNaTrzM7dZ7CyeO
V9bYr3pg2g0DB8tdH9G4uU5Q+3Jr+p48Sf5wKidEiPtuTg==
-----END CERTIFICATE-----