Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/iDEgL7X8RHAhpfGiV5H0rfW057Q.roa
File:                     iDEgL7X8RHAhpfGiV5H0rfW057Q.roa (raw, json)
Hash identifier:          xJfEuGxOvaSzW1UxnBbEL38fyKWSEyz6/IBvjnVTTT4=
Subject key identifier:   88:31:20:2F:B5:FC:44:70:21:A5:F1:A2:57:91:F4:AD:F5:B4:E7:B4
Certificate issuer:       /CN=9361b5cd696825b74fccba7d97c3d0a2724ef3aa
Certificate serial:       018DEF7EEA65818668AD2B33D0B19FAB2704
Authority key identifier: 93:61:B5:CD:69:68:25:B7:4F:CC:BA:7D:97:C3:D0:A2:72:4E:F3:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/iDEgL7X8RHAhpfGiV5H0rfW057Q.roa
Signing time:             Wed 28 Feb 2024 11:34:48 +0000
ROA not before:           Wed 28 Feb 2024 11:34:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215410
IP address blocks:        2a0e:aa07:e180::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 20:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:ef:7e:ea:65:81:86:68:ad:2b:33:d0:b1:9f:ab:27:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9361b5cd696825b74fccba7d97c3d0a2724ef3aa
        Validity
            Not Before: Feb 28 11:34:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8831202fb5fc447021a5f1a25791f4adf5b4e7b4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:3a:b1:cc:b1:8e:92:37:b7:6a:58:49:8f:11:
                    9c:75:f4:5b:74:ae:bf:82:82:26:25:bc:13:60:63:
                    dc:f9:a1:5a:ff:ab:5b:2c:8b:cf:05:fb:5f:ed:45:
                    e5:13:be:e8:60:18:26:0e:ea:a8:c2:cf:48:52:90:
                    1f:d4:51:1d:b4:c9:2f:0e:c7:0a:93:45:d9:f8:e2:
                    98:41:93:23:03:ee:54:0d:4b:b4:a6:1d:24:61:87:
                    0c:da:f0:b2:eb:1e:9d:66:0d:35:0c:38:c4:a9:a4:
                    5e:f7:90:02:30:56:23:57:38:d2:f5:27:b1:81:10:
                    38:91:de:9c:00:9c:b4:aa:d5:16:89:4b:20:df:0e:
                    9a:b7:57:18:c3:8c:14:ba:f4:d1:e5:ac:bb:99:2b:
                    5f:6e:9e:11:1a:af:7e:85:40:f0:21:4a:8d:ca:74:
                    5c:10:af:4d:11:24:f5:77:dc:40:f4:b8:8b:00:a1:
                    d0:5d:a6:f5:7b:37:f5:d8:c4:e3:54:8d:c9:0a:be:
                    cc:e2:45:49:28:50:17:bf:57:79:af:e9:c0:0f:d2:
                    a7:43:17:72:bd:d2:93:3d:71:8d:ff:18:f8:10:41:
                    b5:99:a3:70:87:65:09:0c:3d:4b:12:af:22:f7:cb:
                    8f:68:88:95:9c:22:ec:17:63:ca:be:16:cf:0c:79:
                    df:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:31:20:2F:B5:FC:44:70:21:A5:F1:A2:57:91:F4:AD:F5:B4:E7:B4
            X509v3 Authority Key Identifier:
                keyid:93:61:B5:CD:69:68:25:B7:4F:CC:BA:7D:97:C3:D0:A2:72:4E:F3:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/iDEgL7X8RHAhpfGiV5H0rfW057Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:aa07:e180::/44

    Signature Algorithm: sha256WithRSAEncryption
         62:fc:03:3f:29:bd:86:44:d2:9a:70:d9:de:17:76:b9:23:49:
         07:e2:b3:8c:70:5e:30:fe:59:d0:f8:b3:72:96:d6:54:00:4f:
         17:af:e1:3d:11:14:36:8a:f5:9e:a0:29:2c:26:a4:50:0d:a9:
         7d:a4:8f:18:9b:6c:15:85:60:2b:b9:0d:23:39:7c:38:f9:42:
         63:1e:ba:f7:50:c7:99:31:95:b0:1b:65:77:4c:80:9d:c2:e1:
         2a:f4:76:38:b3:42:9d:42:2d:6e:68:58:73:a9:44:a5:f3:93:
         43:c4:21:00:42:95:8d:a0:b3:06:c8:d6:63:f6:06:42:2f:98:
         c9:63:87:fe:68:b3:ae:9c:34:d2:5b:b7:1b:63:1e:4f:b0:80:
         da:59:90:db:0c:e2:8a:50:82:a3:e9:b6:a4:b5:21:a4:33:c7:
         df:31:10:0f:0a:95:bb:91:6d:7a:0f:3d:d2:8b:14:64:88:46:
         eb:4f:95:40:2a:1e:e8:64:e0:ff:42:1b:b6:d0:aa:5f:f5:aa:
         f8:ec:31:a6:b6:01:be:b6:50:39:bf:dc:e2:b1:0f:e9:fc:ed:
         3a:82:a3:b6:c9:38:0b:d1:0d:f1:22:fe:a9:67:61:db:5b:ba:
         ed:c2:6b:01:d9:01:04:bf:d6:8c:0a:ea:30:aa:40:68:25:05:
         e1:e8:56:04
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY3vfuplgYZorSsz0LGfqycEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzNjFiNWNkNjk2ODI1Yjc0ZmNjYmE3ZDk3YzNkMGEyNzI0
ZWYzYWEwHhcNMjQwMjI4MTEzNDQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ODMxMjAyZmI1ZmM0NDcwMjFhNWYxYTI1NzkxZjRhZGY1YjRlN2I0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmjqxzLGOkje3alhJjxGcdfRbdK6/
goImJbwTYGPc+aFa/6tbLIvPBftf7UXlE77oYBgmDuqows9IUpAf1FEdtMkvDscK
k0XZ+OKYQZMjA+5UDUu0ph0kYYcM2vCy6x6dZg01DDjEqaRe95ACMFYjVzjS9Sex
gRA4kd6cAJy0qtUWiUsg3w6at1cYw4wUuvTR5ay7mStfbp4RGq9+hUDwIUqNynRc
EK9NEST1d9xA9LiLAKHQXab1ezf12MTjVI3JCr7M4kVJKFAXv1d5r+nAD9KnQxdy
vdKTPXGN/xj4EEG1maNwh2UJDD1LEq8i98uPaIiVnCLsF2PKvhbPDHnfIwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFIgxIC+1/ERwIaXxoleR9K31tOe0MB8GA1UdIwQY
MBaAFJNhtc1paCW3T8y6fZfD0KJyTvOqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazJHMXpXbG9KYmRQekxwOWw4UFFvbkpPODZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi83MmJmMmYtOGUzNC00OGEyLTg0OWEt
YTU0MWQxYmNlZTE5LzEvaURFZ0w3WDhSSEFocGZHaVY1SDByZlcwNTdRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi83MmJmMmYtOGUzNC00OGEyLTg0OWEtYTU0MWQxYmNlZTE5
LzEvazJHMXpXbG9KYmRQekxwOWw4UFFvbkpPODZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6qB+GA
MA0GCSqGSIb3DQEBCwUAA4IBAQBi/AM/Kb2GRNKacNneF3a5I0kH4rOMcF4w/lnQ
+LNyltZUAE8Xr+E9ERQ2ivWeoCksJqRQDal9pI8Ym2wVhWAruQ0jOXw4+UJjHrr3
UMeZMZWwG2V3TICdwuEq9HY4s0KdQi1uaFhzqUSl85NDxCEAQpWNoLMGyNZj9gZC
L5jJY4f+aLOunDTSW7cbYx5PsIDaWZDbDOKKUIKj6baktSGkM8ffMRAPCpW7kW16
Dz3SixRkiEbrT5VAKh7oZOD/Qhu20Kpf9ar47DGmtgG+tlA5v9zisQ/p/O06gqO2
yTgL0Q3xIv6pZ2HbW7rtwmsB2QEEv9aMCuowqkBoJQXh6FYE
-----END CERTIFICATE-----