Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/h4agqpBlfpOfxscHRIUL1xFkBRs.roa
File:                     h4agqpBlfpOfxscHRIUL1xFkBRs.roa (raw, json)
Hash identifier:          oX2Ls3rRqHV2L00yLBBr/GqoMcxVFJ5VRw495Ht8JKU=
Subject key identifier:   87:86:A0:AA:90:65:7E:93:9F:C6:C7:07:44:85:0B:D7:11:64:05:1B
Certificate issuer:       /CN=9361b5cd696825b74fccba7d97c3d0a2724ef3aa
Certificate serial:       018CC26D351E6D6EA872AE46B0CA885F71D4
Authority key identifier: 93:61:B5:CD:69:68:25:B7:4F:CC:BA:7D:97:C3:D0:A2:72:4E:F3:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/h4agqpBlfpOfxscHRIUL1xFkBRs.roa
Signing time:             Mon 01 Jan 2024 00:29:46 +0000
ROA not before:           Mon 01 Jan 2024 00:29:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208618
IP address blocks:        2a0e:aa06:470::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 09:01:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:35:1e:6d:6e:a8:72:ae:46:b0:ca:88:5f:71:d4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9361b5cd696825b74fccba7d97c3d0a2724ef3aa
        Validity
            Not Before: Jan  1 00:29:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8786a0aa90657e939fc6c70744850bd71164051b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:ae:da:1d:3c:8f:3b:81:d7:f0:40:7a:74:18:
                    b2:79:dc:f8:8e:e2:e5:64:90:7d:75:35:6b:c4:d1:
                    68:40:34:cd:ab:0f:36:1a:25:7f:44:7c:b0:53:0e:
                    6a:82:8c:e9:44:84:bb:be:91:a4:c6:be:bd:df:96:
                    77:97:da:8d:bb:1f:2d:90:1f:37:1d:47:50:0e:de:
                    57:28:78:db:f1:fe:0a:0a:9b:92:72:1b:f7:04:20:
                    fd:00:12:06:1b:d6:01:b9:f6:24:32:e1:e2:96:2d:
                    5a:d0:92:bc:54:86:90:cf:3e:b0:ca:b3:94:1e:a0:
                    3d:77:6e:45:34:59:3c:e2:1e:1b:cd:19:bc:6b:78:
                    9e:fa:8a:c5:f4:ec:55:57:5e:0e:24:53:41:d7:f1:
                    d9:28:2c:2f:bd:f1:21:f9:98:14:a5:f8:d1:fd:ad:
                    2d:12:40:1f:aa:18:cd:e5:93:48:d3:f9:1e:b2:ad:
                    1b:ec:f8:e0:d0:67:0f:a1:2f:64:d6:0f:4f:cf:13:
                    5c:dd:f5:8d:04:e8:e7:f0:e1:51:88:33:fc:01:c3:
                    aa:36:8f:49:7b:c9:39:5c:2b:49:f2:7a:58:8d:a4:
                    c3:09:df:64:c9:f3:45:91:7f:f6:64:9b:dc:e2:e5:
                    ed:4a:96:58:9f:46:e6:0f:d8:86:65:03:51:75:99:
                    bc:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:86:A0:AA:90:65:7E:93:9F:C6:C7:07:44:85:0B:D7:11:64:05:1B
            X509v3 Authority Key Identifier:
                keyid:93:61:B5:CD:69:68:25:B7:4F:CC:BA:7D:97:C3:D0:A2:72:4E:F3:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/h4agqpBlfpOfxscHRIUL1xFkBRs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:aa06:470::/44

    Signature Algorithm: sha256WithRSAEncryption
         47:1f:7c:37:dd:dd:0c:84:92:95:c2:fa:a1:27:d3:35:c5:c9:
         ed:da:9c:60:ea:bd:b8:ea:a2:9b:f7:18:40:7e:1b:42:1e:c4:
         e3:3a:79:e7:d8:97:71:9e:a7:bc:3f:c1:be:64:38:a1:dc:83:
         49:37:b4:b8:5f:7c:5a:de:23:e3:83:3d:68:f3:90:c1:6e:6f:
         19:fc:bf:af:9d:fb:86:d3:f8:3b:1e:7b:a9:1d:ed:4e:3e:da:
         a6:84:9a:d2:98:7e:f1:b5:85:bc:cb:ca:74:5a:98:ea:26:5f:
         b4:f4:f5:e5:63:9f:eb:e9:86:bb:16:77:c1:a7:d0:4a:eb:de:
         28:9b:42:da:df:65:84:5a:3d:a1:40:f8:56:2b:01:a5:de:9c:
         ed:30:13:1b:79:93:af:4e:c5:d4:cb:fe:43:9e:0e:2b:16:bb:
         5e:a5:03:83:4c:19:95:3d:05:d1:04:e4:17:12:1f:f3:54:50:
         8a:25:2e:31:58:ce:6e:ad:69:27:14:1d:e5:5b:91:64:b9:a3:
         75:77:01:be:33:57:d4:be:df:7a:33:6c:e7:80:f5:3d:d0:da:
         e5:7e:13:b7:d7:5a:d5:26:ab:6d:ae:4e:95:ed:80:98:a3:d2:
         01:fe:ef:f7:fe:ca:4c:03:ac:a0:62:b4:bb:13:13:e6:eb:94:
         78:cf:5e:a1
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzCbTUebW6ocq5GsMqIX3HUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzNjFiNWNkNjk2ODI1Yjc0ZmNjYmE3ZDk3YzNkMGEyNzI0
ZWYzYWEwHhcNMjQwMTAxMDAyOTQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4Nzg2YTBhYTkwNjU3ZTkzOWZjNmM3MDc0NDg1MGJkNzExNjQwNTFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw67aHTyPO4HX8EB6dBiyedz4juLl
ZJB9dTVrxNFoQDTNqw82GiV/RHywUw5qgozpRIS7vpGkxr6935Z3l9qNux8tkB83
HUdQDt5XKHjb8f4KCpuSchv3BCD9ABIGG9YBufYkMuHili1a0JK8VIaQzz6wyrOU
HqA9d25FNFk84h4bzRm8a3ie+orF9OxVV14OJFNB1/HZKCwvvfEh+ZgUpfjR/a0t
EkAfqhjN5ZNI0/kesq0b7Pjg0GcPoS9k1g9PzxNc3fWNBOjn8OFRiDP8AcOqNo9J
e8k5XCtJ8npYjaTDCd9kyfNFkX/2ZJvc4uXtSpZYn0bmD9iGZQNRdZm8/QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFIeGoKqQZX6Tn8bHB0SFC9cRZAUbMB8GA1UdIwQY
MBaAFJNhtc1paCW3T8y6fZfD0KJyTvOqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazJHMXpXbG9KYmRQekxwOWw4UFFvbkpPODZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi83MmJmMmYtOGUzNC00OGEyLTg0OWEt
YTU0MWQxYmNlZTE5LzEvaDRhZ3FwQmxmcE9meHNjSFJJVUwxeEZrQlJzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi83MmJmMmYtOGUzNC00OGEyLTg0OWEtYTU0MWQxYmNlZTE5
LzEvazJHMXpXbG9KYmRQekxwOWw4UFFvbkpPODZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6qBgRw
MA0GCSqGSIb3DQEBCwUAA4IBAQBHH3w33d0MhJKVwvqhJ9M1xcnt2pxg6r246qKb
9xhAfhtCHsTjOnnn2Jdxnqe8P8G+ZDih3INJN7S4X3xa3iPjgz1o85DBbm8Z/L+v
nfuG0/g7HnupHe1OPtqmhJrSmH7xtYW8y8p0WpjqJl+09PXlY5/r6Ya7FnfBp9BK
694om0La32WEWj2hQPhWKwGl3pztMBMbeZOvTsXUy/5Dng4rFrtepQODTBmVPQXR
BOQXEh/zVFCKJS4xWM5urWknFB3lW5FkuaN1dwG+M1fUvt96M2zngPU90NrlfhO3
11rVJqttrk6V7YCYo9IB/u/3/spMA6ygYrS7ExPm65R4z16h
-----END CERTIFICATE-----