Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7d/f0172e-69c2-422f-8296-9e80d0d87c2d/1/SSeI0rZuyYQoOR-82lgDckQuuJs.roa
File:                     SSeI0rZuyYQoOR-82lgDckQuuJs.roa (raw, json)
Hash identifier:          jui0iRacIMNRCDqjnmT+Fat6GJgErVM1DDSgns8HWps=
Subject key identifier:   49:27:88:D2:B6:6E:C9:84:28:39:1F:BC:DA:58:03:72:44:2E:B8:9B
Certificate issuer:       /CN=73975d5da9da8a074b33fbcb5c09d503a3b443a1
Certificate serial:       018CC56EABB900C1F1D2F9E2CD29049DA9D1
Authority key identifier: 73:97:5D:5D:A9:DA:8A:07:4B:33:FB:CB:5C:09:D5:03:A3:B4:43:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/c5ddXanaigdLM_vLXAnVA6O0Q6E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7d/f0172e-69c2-422f-8296-9e80d0d87c2d/1/SSeI0rZuyYQoOR-82lgDckQuuJs.roa
Signing time:             Mon 01 Jan 2024 14:30:13 +0000
ROA not before:           Mon 01 Jan 2024 14:30:13 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41051
IP address blocks:        2a01:20e::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7d/f0172e-69c2-422f-8296-9e80d0d87c2d/1/c5ddXanaigdLM_vLXAnVA6O0Q6E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7d/f0172e-69c2-422f-8296-9e80d0d87c2d/1/c5ddXanaigdLM_vLXAnVA6O0Q6E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/c5ddXanaigdLM_vLXAnVA6O0Q6E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:ab:b9:00:c1:f1:d2:f9:e2:cd:29:04:9d:a9:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=73975d5da9da8a074b33fbcb5c09d503a3b443a1
        Validity
            Not Before: Jan  1 14:30:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=492788d2b66ec98428391fbcda580372442eb89b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:95:39:90:68:54:a5:08:04:6a:ec:c5:49:5d:
                    74:b0:79:6f:b9:a9:36:0f:5e:e3:8b:2e:8c:e2:a3:
                    e0:13:ca:42:64:e2:e6:74:04:9b:5f:c5:b0:07:54:
                    3b:57:0f:02:fe:a7:84:d8:d4:5b:89:8c:93:47:ce:
                    09:c3:72:d8:6e:fc:00:f1:fa:27:2e:9b:89:1f:2d:
                    8c:e9:31:70:da:01:6b:28:50:41:fc:f0:15:6c:5e:
                    fc:f6:8c:b9:6e:97:63:0b:eb:9a:74:7d:7b:b1:11:
                    df:02:27:82:fa:9e:cc:27:38:d5:01:ee:f9:d6:7e:
                    27:a3:50:8b:c2:fd:5d:92:d0:69:36:d6:b5:27:27:
                    f7:04:91:42:0e:3e:f8:04:b5:5e:34:8c:a8:86:8c:
                    6a:7d:2b:59:3d:5c:d6:12:f5:ba:a9:92:a9:d8:0a:
                    4e:73:63:2d:ce:62:9c:06:5f:d8:0e:47:89:f3:91:
                    29:fa:e4:ba:d3:f6:22:67:b9:cb:4f:cb:53:c5:55:
                    8d:ec:cb:37:96:da:80:5f:b3:83:8f:74:bc:f2:ea:
                    15:11:f4:4f:9e:3c:f6:1d:79:96:68:7f:13:fa:85:
                    c9:91:1b:da:21:e5:61:cf:92:f2:4c:14:02:6d:ea:
                    90:40:95:e9:d4:e0:bc:37:b3:da:97:fa:3e:0b:38:
                    95:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                49:27:88:D2:B6:6E:C9:84:28:39:1F:BC:DA:58:03:72:44:2E:B8:9B
            X509v3 Authority Key Identifier:
                keyid:73:97:5D:5D:A9:DA:8A:07:4B:33:FB:CB:5C:09:D5:03:A3:B4:43:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5ddXanaigdLM_vLXAnVA6O0Q6E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/f0172e-69c2-422f-8296-9e80d0d87c2d/1/SSeI0rZuyYQoOR-82lgDckQuuJs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/f0172e-69c2-422f-8296-9e80d0d87c2d/1/c5ddXanaigdLM_vLXAnVA6O0Q6E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:20e::/32

    Signature Algorithm: sha256WithRSAEncryption
         22:e1:ed:ed:12:7b:86:a2:0f:bc:0c:2e:b2:0c:54:69:52:4a:
         23:a4:24:3a:90:1e:97:76:68:88:d9:d4:40:6c:e3:62:62:17:
         15:58:07:79:52:18:21:8b:58:82:57:f2:2f:b4:a6:c2:d5:93:
         57:be:0f:dc:4b:76:38:d9:8f:f4:9a:54:24:33:6f:d7:69:c5:
         0b:b8:51:eb:9b:32:21:15:ea:df:03:d9:f9:e3:c0:e8:7a:b0:
         4e:75:73:66:a6:d6:45:ec:73:97:e0:07:3c:33:e9:22:b6:65:
         d1:45:61:cb:c1:a7:21:09:d7:b9:ec:1a:f6:63:f0:14:5c:34:
         7a:5e:6b:a2:b1:84:25:86:6a:56:0c:53:1c:ea:a7:8a:a1:46:
         7d:81:38:00:07:b6:06:91:e2:81:27:06:94:03:1e:b4:5c:c1:
         fd:81:26:95:92:48:b4:6b:fe:c6:61:ba:bc:76:cb:0a:64:4f:
         9d:9b:9a:d9:1a:95:00:98:73:be:25:ba:29:46:88:a8:f5:0c:
         ac:ab:d8:5d:65:82:4e:a4:b4:7d:08:a7:5e:f2:01:a8:10:d2:
         5b:91:5f:9b:9e:f5:78:1e:ac:41:c1:94:ba:73:9b:bd:df:9e:
         50:74:05:5b:7b:cf:4a:3b:8b:c1:45:60:6c:15:06:65:fe:3f:
         0e:a0:7a:90
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzFbqu5AMHx0vnizSkEnanRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDczOTc1ZDVkYTlkYThhMDc0YjMzZmJjYjVjMDlkNTAzYTNi
NDQzYTEwHhcNMjQwMTAxMTQzMDEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OTI3ODhkMmI2NmVjOTg0MjgzOTFmYmNkYTU4MDM3MjQ0MmViODliMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhZU5kGhUpQgEauzFSV10sHlvuak2
D17jiy6M4qPgE8pCZOLmdASbX8WwB1Q7Vw8C/qeE2NRbiYyTR84Jw3LYbvwA8fon
LpuJHy2M6TFw2gFrKFBB/PAVbF789oy5bpdjC+uadH17sRHfAieC+p7MJzjVAe75
1n4no1CLwv1dktBpNta1Jyf3BJFCDj74BLVeNIyohoxqfStZPVzWEvW6qZKp2ApO
c2MtzmKcBl/YDkeJ85Ep+uS60/YiZ7nLT8tTxVWN7Ms3ltqAX7ODj3S88uoVEfRP
njz2HXmWaH8T+oXJkRvaIeVhz5LyTBQCbeqQQJXp1OC8N7Pal/o+CziVNQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFEkniNK2bsmEKDkfvNpYA3JELribMB8GA1UdIwQY
MBaAFHOXXV2p2ooHSzP7y1wJ1QOjtEOhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYzVkZFhhbmFpZ2RMTV92TFhBblZBNk8wUTZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZC9mMDE3MmUtNjljMi00MjJmLTgyOTYt
OWU4MGQwZDg3YzJkLzEvU1NlSTByWnV5WVFvT1ItODJsZ0Rja1F1dUpzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZC9mMDE3MmUtNjljMi00MjJmLTgyOTYtOWU4MGQwZDg3YzJk
LzEvYzVkZFhhbmFpZ2RMTV92TFhBblZBNk8wUTZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgECDjAN
BgkqhkiG9w0BAQsFAAOCAQEAIuHt7RJ7hqIPvAwusgxUaVJKI6QkOpAel3ZoiNnU
QGzjYmIXFVgHeVIYIYtYglfyL7SmwtWTV74P3Et2ONmP9JpUJDNv12nFC7hR65sy
IRXq3wPZ+ePA6HqwTnVzZqbWRexzl+AHPDPpIrZl0UVhy8GnIQnXuewa9mPwFFw0
el5rorGEJYZqVgxTHOqniqFGfYE4AAe2BpHigScGlAMetFzB/YEmlZJItGv+xmG6
vHbLCmRPnZua2RqVAJhzviW6KUaIqPUMrKvYXWWCTqS0fQinXvIBqBDSW5Ffm571
eB6sQcGUunObvd+eUHQFW3vPSjuLwUVgbBUGZf4/DqB6kA==
-----END CERTIFICATE-----