Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7d/388fd8-c81f-4e71-af52-c0b1ad435b95/1/cD818lkQO-1Wu10LA_LvgD76Y_Y.roa
File:                     cD818lkQO-1Wu10LA_LvgD76Y_Y.roa (raw, json)
Hash identifier:          rUyxcMcVJQWkq84OVNwzqkYtyTOS2SWxoXeO0KHF9UE=
Subject key identifier:   70:3F:35:F2:59:10:3B:ED:56:BB:5D:0B:03:F2:EF:80:3E:FA:63:F6
Certificate issuer:       /CN=a7fd3f89335dcf828666b28fad8ae993bd448878
Certificate serial:       018CC3B743ABE70B4E552D891BD94783D059
Authority key identifier: A7:FD:3F:89:33:5D:CF:82:86:66:B2:8F:AD:8A:E9:93:BD:44:88:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/p_0_iTNdz4KGZrKPrYrpk71EiHg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7d/388fd8-c81f-4e71-af52-c0b1ad435b95/1/cD818lkQO-1Wu10LA_LvgD76Y_Y.roa
Signing time:             Mon 01 Jan 2024 06:30:16 +0000
ROA not before:           Mon 01 Jan 2024 06:30:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57327
IP address blocks:        2a0a:3507::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7d/388fd8-c81f-4e71-af52-c0b1ad435b95/1/p_0_iTNdz4KGZrKPrYrpk71EiHg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7d/388fd8-c81f-4e71-af52-c0b1ad435b95/1/p_0_iTNdz4KGZrKPrYrpk71EiHg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/p_0_iTNdz4KGZrKPrYrpk71EiHg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:43:ab:e7:0b:4e:55:2d:89:1b:d9:47:83:d0:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a7fd3f89335dcf828666b28fad8ae993bd448878
        Validity
            Not Before: Jan  1 06:30:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=703f35f259103bed56bb5d0b03f2ef803efa63f6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:62:ae:0c:85:88:5a:08:51:3c:02:25:d5:2f:
                    57:e4:91:25:5d:59:5c:33:6c:f6:9b:1a:e5:2e:eb:
                    11:4c:45:06:29:88:92:c1:90:77:0b:15:99:39:fa:
                    ed:f3:4b:97:7a:a5:6d:f8:28:6d:8f:c3:88:3a:47:
                    27:0c:5a:2e:1c:ae:7c:90:5c:5c:a2:62:56:b2:f5:
                    ce:ce:d6:d8:ea:13:58:e0:dc:8b:18:9b:aa:10:cb:
                    a8:92:a6:f2:80:d4:78:28:b9:7d:0c:fa:3d:64:a6:
                    9d:70:2e:8e:27:41:07:b7:54:e7:9c:e4:86:f2:79:
                    45:8f:4a:55:8f:ac:14:36:99:dd:f2:3d:5d:1c:ef:
                    0f:f9:2e:fc:bf:b6:aa:27:f7:2c:bb:2c:4b:46:2c:
                    70:34:8c:f8:86:bd:29:6f:db:57:9c:78:65:4c:3d:
                    02:fa:4d:82:f0:d6:25:61:23:29:96:e0:e6:2e:6d:
                    95:3a:d5:b6:7d:fc:a3:60:72:63:e2:28:09:f1:4a:
                    fa:b9:d3:9d:74:7b:fd:79:9c:28:ff:6d:17:30:60:
                    50:e3:b8:dc:62:26:27:28:22:9f:c9:8e:5f:6f:42:
                    24:18:01:25:23:85:83:4e:c4:bc:94:b7:aa:66:ec:
                    ef:e4:13:15:d4:fc:c5:b9:9c:96:0f:a2:65:ff:18:
                    c0:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:3F:35:F2:59:10:3B:ED:56:BB:5D:0B:03:F2:EF:80:3E:FA:63:F6
            X509v3 Authority Key Identifier:
                keyid:A7:FD:3F:89:33:5D:CF:82:86:66:B2:8F:AD:8A:E9:93:BD:44:88:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/p_0_iTNdz4KGZrKPrYrpk71EiHg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/388fd8-c81f-4e71-af52-c0b1ad435b95/1/cD818lkQO-1Wu10LA_LvgD76Y_Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/388fd8-c81f-4e71-af52-c0b1ad435b95/1/p_0_iTNdz4KGZrKPrYrpk71EiHg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0a:3507::/48

    Signature Algorithm: sha256WithRSAEncryption
         31:7a:b5:de:ca:fc:a8:93:41:a0:61:7a:a8:af:eb:6b:ca:2d:
         9d:c8:c6:36:18:0b:1e:4d:a8:fd:d7:c8:da:85:0c:24:95:0d:
         08:0f:d1:8b:fc:24:6c:55:7c:80:fa:67:d0:83:76:2d:6f:46:
         24:0f:05:f6:9d:ce:46:67:51:d1:3c:05:38:da:25:7f:8d:2d:
         07:2b:3a:73:08:32:25:19:87:27:14:03:6f:12:4e:ff:38:80:
         1b:3f:af:6a:69:dd:cc:be:d6:48:46:fa:e8:1c:94:77:27:df:
         9c:08:89:6c:e4:35:46:92:81:24:32:62:1b:83:61:72:46:bb:
         aa:b0:9a:45:12:2b:e2:5e:1c:69:e3:53:14:0b:84:5e:9e:41:
         63:03:23:d5:a0:d3:38:84:26:d3:c2:75:23:8f:ca:e4:47:f5:
         34:25:fd:6e:10:da:22:73:e7:93:68:45:b0:b5:8a:a8:ab:bd:
         07:38:94:0b:7b:a1:56:e7:94:8a:b0:9d:31:8b:a5:79:e5:80:
         67:f3:5b:11:5d:b6:08:c2:88:8f:7f:a4:29:93:75:34:ca:d3:
         e8:1b:0b:ec:7c:c8:24:d3:6c:d4:a9:b5:91:01:ce:43:f5:01:
         c9:86:b6:fc:06:b5:8e:2b:d6:25:d1:f6:0d:aa:e5:b6:1d:c6:
         35:d5:70:e4
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzDt0Or5wtOVS2JG9lHg9BZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE3ZmQzZjg5MzM1ZGNmODI4NjY2YjI4ZmFkOGFlOTkzYmQ0
NDg4NzgwHhcNMjQwMTAxMDYzMDE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MDNmMzVmMjU5MTAzYmVkNTZiYjVkMGIwM2YyZWY4MDNlZmE2M2Y2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgWKuDIWIWghRPAIl1S9X5JElXVlc
M2z2mxrlLusRTEUGKYiSwZB3CxWZOfrt80uXeqVt+Chtj8OIOkcnDFouHK58kFxc
omJWsvXOztbY6hNY4NyLGJuqEMuokqbygNR4KLl9DPo9ZKadcC6OJ0EHt1TnnOSG
8nlFj0pVj6wUNpnd8j1dHO8P+S78v7aqJ/csuyxLRixwNIz4hr0pb9tXnHhlTD0C
+k2C8NYlYSMpluDmLm2VOtW2ffyjYHJj4igJ8Ur6udOddHv9eZwo/20XMGBQ47jc
YiYnKCKfyY5fb0IkGAElI4WDTsS8lLeqZuzv5BMV1PzFuZyWD6Jl/xjAnwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFHA/NfJZEDvtVrtdCwPy74A++mP2MB8GA1UdIwQY
MBaAFKf9P4kzXc+Chmayj62K6ZO9RIh4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcF8wX2lUTmR6NEtHWnJLUHJZcnBrNzFFaUhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZC8zODhmZDgtYzgxZi00ZTcxLWFmNTIt
YzBiMWFkNDM1Yjk1LzEvY0Q4MThsa1FPLTFXdTEwTEFfTHZnRDc2WV9ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZC8zODhmZDgtYzgxZi00ZTcxLWFmNTItYzBiMWFkNDM1Yjk1
LzEvcF8wX2lUTmR6NEtHWnJLUHJZcnBrNzFFaUhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgo1BwAA
MA0GCSqGSIb3DQEBCwUAA4IBAQAxerXeyvyok0GgYXqor+tryi2dyMY2GAseTaj9
18jahQwklQ0ID9GL/CRsVXyA+mfQg3Ytb0YkDwX2nc5GZ1HRPAU42iV/jS0HKzpz
CDIlGYcnFANvEk7/OIAbP69qad3MvtZIRvroHJR3J9+cCIls5DVGkoEkMmIbg2Fy
RruqsJpFEiviXhxp41MUC4RenkFjAyPVoNM4hCbTwnUjj8rkR/U0Jf1uENoic+eT
aEWwtYqoq70HOJQLe6FW55SKsJ0xi6V55YBn81sRXbYIwoiPf6Qpk3U0ytPoGwvs
fMgk02zUqbWRAc5D9QHJhrb8BrWOK9Yl0fYNquW2HcY11XDk
-----END CERTIFICATE-----