Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/ikZFGyJyrpDm_nksQoQf9kbXpoY.roa
File:                     ikZFGyJyrpDm_nksQoQf9kbXpoY.roa (raw, json)
Hash identifier:          h3JiQi/eKsWO6DRhvtNfNLagYRhsA6pW/OZ757OLao8=
Subject key identifier:   8A:46:45:1B:22:72:AE:90:E6:FE:79:2C:42:84:1F:F6:46:D7:A6:86
Certificate issuer:       /CN=9361b5cd696825b74fccba7d97c3d0a2724ef3aa
Certificate serial:       018CC26D358220EA435F2A51A76A60FD17D9
Authority key identifier: 93:61:B5:CD:69:68:25:B7:4F:CC:BA:7D:97:C3:D0:A2:72:4E:F3:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/ikZFGyJyrpDm_nksQoQf9kbXpoY.roa
Signing time:             Mon 01 Jan 2024 00:29:46 +0000
ROA not before:           Mon 01 Jan 2024 00:29:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208679
IP address blocks:        2a0e:aa07:e035::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:35:82:20:ea:43:5f:2a:51:a7:6a:60:fd:17:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9361b5cd696825b74fccba7d97c3d0a2724ef3aa
        Validity
            Not Before: Jan  1 00:29:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8a46451b2272ae90e6fe792c42841ff646d7a686
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:b4:01:cd:63:9b:03:da:cd:be:72:93:5d:44:
                    20:66:a1:97:0d:07:aa:d7:4a:29:d6:9d:54:48:66:
                    62:d9:f8:f0:e1:e3:c4:e4:32:de:3a:59:72:3f:99:
                    b6:58:69:f8:a9:73:08:21:a9:47:24:9b:de:10:50:
                    72:c8:42:4c:61:ad:4e:82:7b:4e:b4:66:e3:0a:85:
                    84:e3:d7:c9:1e:ba:34:b5:72:92:e5:98:f3:b2:0a:
                    af:bf:ff:ed:7f:c3:b2:32:32:67:ba:f9:0b:56:34:
                    b4:b0:ce:f3:61:19:1c:b6:fc:41:0d:a2:5a:06:57:
                    07:e4:e7:fa:f7:bb:e7:f3:65:8d:2f:7c:b7:4c:d3:
                    44:9e:5b:be:ff:84:db:3d:8f:f0:11:1f:2f:c0:63:
                    c2:80:b9:75:23:57:15:70:64:5d:6b:60:81:ee:46:
                    97:c2:60:e5:5b:28:8d:ab:34:16:d3:da:8e:83:e6:
                    bf:ae:b3:be:50:f6:f7:2c:48:69:ce:84:e8:52:3c:
                    9c:97:cc:79:96:af:9d:d4:10:d7:05:eb:3c:8c:ad:
                    19:50:da:73:7e:4d:96:4b:82:34:94:0c:97:97:48:
                    74:04:a6:64:ec:eb:0a:69:57:ee:2b:e8:36:ca:3f:
                    67:f5:ec:b4:65:12:ca:a0:b7:18:6a:77:c2:22:df:
                    72:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:46:45:1B:22:72:AE:90:E6:FE:79:2C:42:84:1F:F6:46:D7:A6:86
            X509v3 Authority Key Identifier:
                keyid:93:61:B5:CD:69:68:25:B7:4F:CC:BA:7D:97:C3:D0:A2:72:4E:F3:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/ikZFGyJyrpDm_nksQoQf9kbXpoY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:aa07:e035::/48

    Signature Algorithm: sha256WithRSAEncryption
         ae:e2:f2:42:03:02:c2:67:8f:61:87:a6:c0:39:1e:98:36:c2:
         b1:30:94:05:9e:56:14:38:ab:ed:29:d7:bd:a3:39:78:67:fe:
         0f:0a:82:e3:c6:be:22:53:a8:90:99:8c:bc:b6:e0:55:50:ce:
         45:b5:f6:c6:91:25:9e:e4:d1:3a:1c:70:6e:6f:40:07:8e:4b:
         11:0b:52:ac:63:2d:e6:40:37:d7:c3:5b:c0:5d:18:54:71:b8:
         26:8d:34:dd:b9:1a:c8:90:a7:b3:12:41:1f:c3:f4:e3:b5:08:
         c9:ba:8b:18:d9:18:8f:f0:e3:ed:71:32:47:7a:63:ee:ca:e3:
         fc:f1:aa:05:f2:60:90:69:1c:08:fe:12:6a:79:d6:9f:fc:44:
         e5:8b:2a:1d:22:fb:46:55:3e:41:8a:98:61:be:f3:8a:0b:b6:
         5c:cf:0a:94:59:66:fe:b4:fc:b8:2e:d7:46:df:a6:33:37:3b:
         e7:b8:a4:fe:a8:28:4f:a6:23:f4:f8:7b:6f:2b:cf:04:97:83:
         ac:4c:50:64:c9:42:0b:17:7f:c2:4a:1c:8a:f4:71:77:e6:fc:
         4a:3f:ea:ce:b4:8b:7f:ac:48:94:a4:5e:7e:2e:16:44:ce:0a:
         86:66:85:e1:a7:8c:65:ba:fc:af:a2:72:29:16:9b:85:62:9f:
         4b:b8:23:dc
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzCbTWCIOpDXypRp2pg/RfZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzNjFiNWNkNjk2ODI1Yjc0ZmNjYmE3ZDk3YzNkMGEyNzI0
ZWYzYWEwHhcNMjQwMTAxMDAyOTQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YTQ2NDUxYjIyNzJhZTkwZTZmZTc5MmM0Mjg0MWZmNjQ2ZDdhNjg2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmrQBzWObA9rNvnKTXUQgZqGXDQeq
10op1p1USGZi2fjw4ePE5DLeOllyP5m2WGn4qXMIIalHJJveEFByyEJMYa1OgntO
tGbjCoWE49fJHro0tXKS5Zjzsgqvv//tf8OyMjJnuvkLVjS0sM7zYRkctvxBDaJa
BlcH5Of697vn82WNL3y3TNNEnlu+/4TbPY/wER8vwGPCgLl1I1cVcGRda2CB7kaX
wmDlWyiNqzQW09qOg+a/rrO+UPb3LEhpzoToUjycl8x5lq+d1BDXBes8jK0ZUNpz
fk2WS4I0lAyXl0h0BKZk7OsKaVfuK+g2yj9n9ey0ZRLKoLcYanfCIt9yvwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFIpGRRsicq6Q5v55LEKEH/ZG16aGMB8GA1UdIwQY
MBaAFJNhtc1paCW3T8y6fZfD0KJyTvOqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazJHMXpXbG9KYmRQekxwOWw4UFFvbkpPODZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi83MmJmMmYtOGUzNC00OGEyLTg0OWEt
YTU0MWQxYmNlZTE5LzEvaWtaRkd5SnlycERtX25rc1FvUWY5a2JYcG9ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi83MmJmMmYtOGUzNC00OGEyLTg0OWEtYTU0MWQxYmNlZTE5
LzEvazJHMXpXbG9KYmRQekxwOWw4UFFvbkpPODZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg6qB+A1
MA0GCSqGSIb3DQEBCwUAA4IBAQCu4vJCAwLCZ49hh6bAOR6YNsKxMJQFnlYUOKvt
Kde9ozl4Z/4PCoLjxr4iU6iQmYy8tuBVUM5FtfbGkSWe5NE6HHBub0AHjksRC1Ks
Yy3mQDfXw1vAXRhUcbgmjTTduRrIkKezEkEfw/TjtQjJuosY2RiP8OPtcTJHemPu
yuP88aoF8mCQaRwI/hJqedaf/ETliyodIvtGVT5BiphhvvOKC7ZczwqUWWb+tPy4
LtdG36YzNzvnuKT+qChPpiP0+HtvK88El4OsTFBkyUILF3/CShyK9HF35vxKP+rO
tIt/rEiUpF5+LhZEzgqGZoXhp4xluvyvonIpFpuFYp9LuCPc
-----END CERTIFICATE-----