Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7d/ab3156-b061-49fc-b1f0-00ca3126b3fe/1/h0wYIk4jMJ6xxoRJApjYNlq8HQI.roa
File:                     h0wYIk4jMJ6xxoRJApjYNlq8HQI.roa (raw, json)
Hash identifier:          6wqPeJn12neL++n1RHKCur0qOWEaXMp1v26M0t1l4jA=
Subject key identifier:   87:4C:18:22:4E:23:30:9E:B1:C6:84:49:02:98:D8:36:5A:BC:1D:02
Certificate issuer:       /CN=2b6d7e5191f81ff0a19f102b1718ab4f9e0ea3a0
Certificate serial:       018CC34935AA27EB01991D78799A56865E77
Authority key identifier: 2B:6D:7E:51:91:F8:1F:F0:A1:9F:10:2B:17:18:AB:4F:9E:0E:A3:A0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/K21-UZH4H_ChnxArFxirT54Oo6A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7d/ab3156-b061-49fc-b1f0-00ca3126b3fe/1/h0wYIk4jMJ6xxoRJApjYNlq8HQI.roa
Signing time:             Mon 01 Jan 2024 04:30:04 +0000
ROA not before:           Mon 01 Jan 2024 04:30:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61992
IP address blocks:        2a0e:eac0:2030::/44 maxlen: 44
                          2a0e:eac0:1003::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7d/ab3156-b061-49fc-b1f0-00ca3126b3fe/1/K21-UZH4H_ChnxArFxirT54Oo6A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7d/ab3156-b061-49fc-b1f0-00ca3126b3fe/1/K21-UZH4H_ChnxArFxirT54Oo6A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/K21-UZH4H_ChnxArFxirT54Oo6A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:35:aa:27:eb:01:99:1d:78:79:9a:56:86:5e:77
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2b6d7e5191f81ff0a19f102b1718ab4f9e0ea3a0
        Validity
            Not Before: Jan  1 04:30:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=874c18224e23309eb1c684490298d8365abc1d02
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:2e:6f:b9:da:dc:24:77:b8:2e:ee:b5:38:45:
                    3f:43:3e:23:be:97:01:42:d9:d9:e3:55:a4:83:0b:
                    c7:6f:89:48:fd:a2:d0:a2:1f:fa:f4:7f:16:35:8e:
                    0d:28:5b:90:93:08:61:a0:46:67:2e:78:4c:03:59:
                    a0:a4:f3:ed:4a:3c:02:a6:dc:04:57:0c:7f:fe:67:
                    1e:10:d8:da:55:cf:a7:24:6b:70:f9:32:51:67:0a:
                    f0:af:73:a3:9b:17:43:dd:24:73:8a:08:bf:24:9f:
                    26:60:f4:4c:e1:7f:17:7b:94:71:d7:db:b0:ac:3d:
                    7b:ec:5a:0a:2e:a8:c5:17:3b:88:12:83:de:00:89:
                    dc:0f:b0:cc:5f:ee:b4:8b:01:69:3c:c9:36:2d:24:
                    66:5f:f4:40:02:12:49:84:b5:78:23:ab:d9:73:53:
                    2f:e9:63:58:0e:69:40:0f:9d:ee:92:f6:6a:40:36:
                    33:e0:82:ca:77:78:4a:f4:ba:de:7b:d1:04:29:75:
                    21:20:62:61:a8:c2:95:5b:a9:2d:4b:08:6c:bf:7a:
                    71:31:c4:83:28:4d:ce:c2:66:15:32:e9:6e:5b:26:
                    95:95:ca:2d:ba:05:75:aa:d7:16:17:97:3a:72:f8:
                    18:93:27:0f:a2:ba:3c:3a:63:b7:55:2a:04:e8:ce:
                    40:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:4C:18:22:4E:23:30:9E:B1:C6:84:49:02:98:D8:36:5A:BC:1D:02
            X509v3 Authority Key Identifier:
                keyid:2B:6D:7E:51:91:F8:1F:F0:A1:9F:10:2B:17:18:AB:4F:9E:0E:A3:A0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/K21-UZH4H_ChnxArFxirT54Oo6A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/ab3156-b061-49fc-b1f0-00ca3126b3fe/1/h0wYIk4jMJ6xxoRJApjYNlq8HQI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/ab3156-b061-49fc-b1f0-00ca3126b3fe/1/K21-UZH4H_ChnxArFxirT54Oo6A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:eac0:1003::/48
                  2a0e:eac0:2030::/44

    Signature Algorithm: sha256WithRSAEncryption
         03:66:b0:ca:1a:48:d4:59:a5:1b:38:2e:0a:73:6c:b9:c2:ef:
         56:83:43:e0:70:ae:ea:4f:ed:c2:57:05:80:63:a0:6a:ff:9e:
         11:c9:33:8c:ca:33:7b:40:5a:aa:b3:59:8a:0a:11:1d:95:72:
         23:15:06:0d:4b:7b:2e:4a:08:25:e4:d4:6b:24:b1:df:5d:d7:
         65:6a:ac:c2:a7:cb:d3:f5:8e:23:1e:24:ea:5d:1c:e7:5e:27:
         05:37:d6:a8:94:99:83:df:eb:a0:96:52:bd:5a:81:e6:d6:e5:
         92:78:9e:d1:2c:db:87:71:67:8b:79:bc:93:de:bd:61:ad:ae:
         a3:76:0c:03:ef:80:9e:5d:6e:9d:8c:84:52:0b:43:cc:82:c7:
         c8:a2:b2:df:d1:95:11:72:ee:6a:d8:2e:93:14:1d:6c:dc:33:
         01:39:27:36:36:19:27:ec:54:73:71:6c:d5:8b:79:e6:07:0b:
         cf:17:a1:2d:4e:24:ec:fa:75:ba:ff:1d:b1:d5:5f:20:32:6f:
         37:c4:32:dd:7e:7c:4d:13:93:07:4b:86:1b:2f:5d:dd:fb:08:
         94:b3:56:61:c2:46:3b:46:a1:79:93:4f:22:f6:0d:dc:e5:6d:
         7f:59:8c:ba:36:d2:ea:62:4e:42:67:ce:8f:f1:be:fd:a0:0e:
         aa:04:2e:85
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzDSTWqJ+sBmR14eZpWhl53MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJiNmQ3ZTUxOTFmODFmZjBhMTlmMTAyYjE3MThhYjRmOWUw
ZWEzYTAwHhcNMjQwMTAxMDQzMDA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NzRjMTgyMjRlMjMzMDllYjFjNjg0NDkwMjk4ZDgzNjVhYmMxZDAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArS5vudrcJHe4Lu61OEU/Qz4jvpcB
QtnZ41WkgwvHb4lI/aLQoh/69H8WNY4NKFuQkwhhoEZnLnhMA1mgpPPtSjwCptwE
Vwx//mceENjaVc+nJGtw+TJRZwrwr3OjmxdD3SRzigi/JJ8mYPRM4X8Xe5Rx19uw
rD177FoKLqjFFzuIEoPeAIncD7DMX+60iwFpPMk2LSRmX/RAAhJJhLV4I6vZc1Mv
6WNYDmlAD53ukvZqQDYz4ILKd3hK9Lree9EEKXUhIGJhqMKVW6ktSwhsv3pxMcSD
KE3OwmYVMuluWyaVlcotugV1qtcWF5c6cvgYkycPoro8OmO3VSoE6M5AqwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFIdMGCJOIzCescaESQKY2DZavB0CMB8GA1UdIwQY
MBaAFCttflGR+B/woZ8QKxcYq0+eDqOgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSzIxLVVaSDRIX0NobnhBckZ4aXJUNTRPbzZBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZC9hYjMxNTYtYjA2MS00OWZjLWIxZjAt
MDBjYTMxMjZiM2ZlLzEvaDB3WUlrNGpNSjZ4eG9SSkFwallObHE4SFFJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZC9hYjMxNTYtYjA2MS00OWZjLWIxZjAtMDBjYTMxMjZiM2Zl
LzEvSzIxLVVaSDRIX0NobnhBckZ4aXJUNTRPbzZBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcAKg7qwBAD
AwcEKg7qwCAwMA0GCSqGSIb3DQEBCwUAA4IBAQADZrDKGkjUWaUbOC4Kc2y5wu9W
g0PgcK7qT+3CVwWAY6Bq/54RyTOMyjN7QFqqs1mKChEdlXIjFQYNS3suSggl5NRr
JLHfXddlaqzCp8vT9Y4jHiTqXRznXicFN9aolJmD3+ugllK9WoHm1uWSeJ7RLNuH
cWeLebyT3r1hra6jdgwD74CeXW6djIRSC0PMgsfIorLf0ZURcu5q2C6TFB1s3DMB
OSc2Nhkn7FRzcWzVi3nmBwvPF6EtTiTs+nW6/x2x1V8gMm83xDLdfnxNE5MHS4Yb
L13d+wiUs1ZhwkY7RqF5k08i9g3c5W1/WYy6NtLqYk5CZ86P8b79oA6qBC6F
-----END CERTIFICATE-----