Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/vTGWGEM7-2xB49UcKvRcJfixX0A.roa
File:                     vTGWGEM7-2xB49UcKvRcJfixX0A.roa (raw, json)
Hash identifier:          bMmq3GO7ziAc2A9/lXwmln8MATAoac7MJDIHjqNj0L0=
Subject key identifier:   BD:31:96:18:43:3B:FB:6C:41:E3:D5:1C:2A:F4:5C:25:F8:B1:5F:40
Certificate issuer:       /CN=9361b5cd696825b74fccba7d97c3d0a2724ef3aa
Certificate serial:       018CC26D3174A973F7CB45A27069A98D8DFA
Authority key identifier: 93:61:B5:CD:69:68:25:B7:4F:CC:BA:7D:97:C3:D0:A2:72:4E:F3:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/vTGWGEM7-2xB49UcKvRcJfixX0A.roa
Signing time:             Mon 01 Jan 2024 00:29:45 +0000
ROA not before:           Mon 01 Jan 2024 00:29:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205825
IP address blocks:        2a0e:aa07:e03a::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 18:01:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:31:74:a9:73:f7:cb:45:a2:70:69:a9:8d:8d:fa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9361b5cd696825b74fccba7d97c3d0a2724ef3aa
        Validity
            Not Before: Jan  1 00:29:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bd319618433bfb6c41e3d51c2af45c25f8b15f40
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:12:7c:40:0f:89:c7:78:e3:80:b5:90:00:5a:
                    9d:96:d3:ac:1e:d8:e8:dc:f0:e1:36:14:12:c9:2f:
                    45:d6:6e:59:e3:11:dc:23:ca:17:df:7c:1b:f4:4e:
                    5a:d3:87:42:fe:bf:8b:02:99:60:2d:70:54:88:72:
                    30:e2:05:0e:0d:8c:ce:4f:86:e9:3d:5b:d6:2e:ef:
                    3a:23:85:a7:7a:b6:6c:ae:42:44:51:a0:a6:96:bf:
                    cc:45:0c:f4:a3:64:cf:54:ab:a8:74:12:f0:d3:53:
                    e1:f1:b4:3c:fc:92:4a:1f:42:97:a9:d9:ab:19:19:
                    dc:10:fe:8f:c8:d5:c2:e4:71:cd:26:25:33:8f:8c:
                    fd:09:f3:ff:60:1a:b5:cf:84:96:3c:3c:51:5b:38:
                    ce:76:c0:a5:60:08:4f:92:0c:c7:c0:df:f2:6b:2a:
                    6b:a9:64:68:7d:a2:d0:47:a3:a1:7d:51:cd:2f:d4:
                    fa:93:f6:55:12:f4:32:9b:0e:21:fc:19:3d:63:68:
                    8f:d1:ce:21:c5:78:7a:db:03:99:77:ed:47:e8:df:
                    ba:0d:a3:04:0a:15:89:da:07:af:08:b6:5c:32:33:
                    40:ad:56:89:ef:b7:db:1d:8c:c0:d3:91:05:98:c0:
                    7e:b9:eb:66:54:98:54:94:8e:2e:bd:9f:f4:90:b7:
                    09:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:31:96:18:43:3B:FB:6C:41:E3:D5:1C:2A:F4:5C:25:F8:B1:5F:40
            X509v3 Authority Key Identifier:
                keyid:93:61:B5:CD:69:68:25:B7:4F:CC:BA:7D:97:C3:D0:A2:72:4E:F3:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/vTGWGEM7-2xB49UcKvRcJfixX0A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:aa07:e03a::/48

    Signature Algorithm: sha256WithRSAEncryption
         03:8c:42:2e:6d:47:56:f1:89:1f:37:73:3f:85:01:ee:db:0a:
         7f:70:2b:f7:e4:63:77:90:db:ac:79:7b:f6:a3:8d:50:88:43:
         38:8c:0b:44:3a:8d:e1:c2:9c:7d:20:ea:7b:82:bb:51:22:94:
         2b:ce:fe:4a:e5:50:12:9a:f0:28:58:16:e0:5d:65:35:0b:71:
         6f:d5:b6:a9:af:88:43:b6:f2:71:2e:a6:8a:99:f0:8b:5a:f2:
         39:97:66:f6:70:77:45:6f:08:e6:2c:19:b2:6a:bd:76:e0:51:
         c3:12:8d:00:6d:17:47:8b:0c:69:bc:2c:eb:20:f3:93:c7:94:
         57:c2:b0:51:8a:86:3f:04:0b:69:6b:5b:e1:2a:ab:a7:d0:e7:
         42:81:c8:a9:66:11:fb:46:53:b1:d6:56:23:75:46:15:f8:09:
         6a:0d:d4:77:3a:b4:17:47:e7:2e:92:9e:46:66:ba:cd:c6:34:
         78:5a:ce:3b:8a:71:47:b3:d3:31:c6:f5:9a:01:44:2d:a3:f2:
         25:66:6b:b0:d5:1c:9a:7c:bf:d4:0a:ae:cf:73:ee:66:34:8f:
         8b:6b:a0:c9:7f:6f:fb:48:3e:6e:af:f0:9b:cd:db:04:85:23:
         50:68:8e:54:d9:f9:7f:4f:e6:3d:ae:f9:c2:65:b1:79:a8:be:
         19:32:a7:30
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzCbTF0qXP3y0WicGmpjY36MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzNjFiNWNkNjk2ODI1Yjc0ZmNjYmE3ZDk3YzNkMGEyNzI0
ZWYzYWEwHhcNMjQwMTAxMDAyOTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZDMxOTYxODQzM2JmYjZjNDFlM2Q1MWMyYWY0NWMyNWY4YjE1ZjQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhRJ8QA+Jx3jjgLWQAFqdltOsHtjo
3PDhNhQSyS9F1m5Z4xHcI8oX33wb9E5a04dC/r+LAplgLXBUiHIw4gUODYzOT4bp
PVvWLu86I4WnerZsrkJEUaCmlr/MRQz0o2TPVKuodBLw01Ph8bQ8/JJKH0KXqdmr
GRncEP6PyNXC5HHNJiUzj4z9CfP/YBq1z4SWPDxRWzjOdsClYAhPkgzHwN/yaypr
qWRofaLQR6OhfVHNL9T6k/ZVEvQymw4h/Bk9Y2iP0c4hxXh62wOZd+1H6N+6DaME
ChWJ2gevCLZcMjNArVaJ77fbHYzA05EFmMB+uetmVJhUlI4uvZ/0kLcJKwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFL0xlhhDO/tsQePVHCr0XCX4sV9AMB8GA1UdIwQY
MBaAFJNhtc1paCW3T8y6fZfD0KJyTvOqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazJHMXpXbG9KYmRQekxwOWw4UFFvbkpPODZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi83MmJmMmYtOGUzNC00OGEyLTg0OWEt
YTU0MWQxYmNlZTE5LzEvdlRHV0dFTTctMnhCNDlVY0t2UmNKZml4WDBBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi83MmJmMmYtOGUzNC00OGEyLTg0OWEtYTU0MWQxYmNlZTE5
LzEvazJHMXpXbG9KYmRQekxwOWw4UFFvbkpPODZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg6qB+A6
MA0GCSqGSIb3DQEBCwUAA4IBAQADjEIubUdW8YkfN3M/hQHu2wp/cCv35GN3kNus
eXv2o41QiEM4jAtEOo3hwpx9IOp7grtRIpQrzv5K5VASmvAoWBbgXWU1C3Fv1bap
r4hDtvJxLqaKmfCLWvI5l2b2cHdFbwjmLBmyar124FHDEo0AbRdHiwxpvCzrIPOT
x5RXwrBRioY/BAtpa1vhKqun0OdCgcipZhH7RlOx1lYjdUYV+AlqDdR3OrQXR+cu
kp5GZrrNxjR4Ws47inFHs9MxxvWaAUQto/IlZmuw1RyafL/UCq7Pc+5mNI+La6DJ
f2/7SD5ur/CbzdsEhSNQaI5U2fl/T+Y9rvnCZbF5qL4ZMqcw
-----END CERTIFICATE-----