Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/gi3g9lMZqk5LsCUgiLcraEGfl6A.roa
File:                     gi3g9lMZqk5LsCUgiLcraEGfl6A.roa (raw, json)
Hash identifier:          h4Urw5Saf0kr5tR/QvGZIcGQErZllYDwAdh3ZVNABcs=
Subject key identifier:   82:2D:E0:F6:53:19:AA:4E:4B:B0:25:20:88:B7:2B:68:41:9F:97:A0
Certificate issuer:       /CN=5da3941c27cfe5c234c4bf221ecb2a579b2deaab
Certificate serial:       018EEC10C63B4ECBC9C74A6BD2FCB6CB706B
Authority key identifier: 5D:A3:94:1C:27:CF:E5:C2:34:C4:BF:22:1E:CB:2A:57:9B:2D:EA:AB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XaOUHCfP5cI0xL8iHssqV5st6qs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/gi3g9lMZqk5LsCUgiLcraEGfl6A.roa
Signing time:             Wed 17 Apr 2024 12:38:26 +0000
ROA not before:           Wed 17 Apr 2024 12:38:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44812
IP address blocks:        2a0e:4bc5::/32 maxlen: 32
                          2a0e:8083::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/XaOUHCfP5cI0xL8iHssqV5st6qs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/XaOUHCfP5cI0xL8iHssqV5st6qs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XaOUHCfP5cI0xL8iHssqV5st6qs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 09 Jun 2024 06:01:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:ec:10:c6:3b:4e:cb:c9:c7:4a:6b:d2:fc:b6:cb:70:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5da3941c27cfe5c234c4bf221ecb2a579b2deaab
        Validity
            Not Before: Apr 17 12:38:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=822de0f65319aa4e4bb0252088b72b68419f97a0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:2d:1e:6b:18:c2:fb:85:c1:54:92:24:0c:85:
                    fa:dd:7c:59:9a:67:c6:4e:99:fb:b1:9f:3e:13:8f:
                    33:4e:b5:16:3a:e1:5a:80:f3:56:1d:3d:5d:05:f3:
                    45:4a:81:1f:34:1e:e4:16:d1:5a:b8:12:3c:68:a4:
                    5d:6b:b3:bc:e8:5a:34:31:05:a0:c7:01:17:a1:8f:
                    5f:71:60:70:e0:75:9c:f5:f7:92:85:9e:a7:3c:f7:
                    0a:88:6d:ba:33:12:c3:41:a4:14:28:eb:35:5a:81:
                    d6:9e:e6:64:f1:f5:28:da:ab:bf:f1:ab:40:81:8d:
                    07:28:62:67:9c:0c:b7:c1:cf:fb:fa:de:4a:56:22:
                    c5:74:8f:9e:c2:6c:53:a4:bc:1d:24:a2:3a:9f:f9:
                    a6:64:60:6d:6b:ae:2e:2b:7b:a7:bf:e1:b1:39:00:
                    ad:8f:5f:55:c0:32:a6:d3:f7:15:36:21:8d:ec:9d:
                    38:4b:a9:be:d0:44:cb:60:12:b9:52:a9:4e:18:a6:
                    bf:f6:bc:ef:cc:68:91:e7:2c:90:5e:70:9c:e2:d8:
                    55:f7:3b:c6:bf:24:68:df:7a:8a:2a:7f:38:a2:69:
                    01:e4:d8:22:56:e1:84:c8:16:92:a6:ba:d5:75:44:
                    fb:42:d9:30:8c:8e:9c:8b:cf:6c:2c:c4:09:7e:b8:
                    be:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:2D:E0:F6:53:19:AA:4E:4B:B0:25:20:88:B7:2B:68:41:9F:97:A0
            X509v3 Authority Key Identifier:
                keyid:5D:A3:94:1C:27:CF:E5:C2:34:C4:BF:22:1E:CB:2A:57:9B:2D:EA:AB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XaOUHCfP5cI0xL8iHssqV5st6qs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/gi3g9lMZqk5LsCUgiLcraEGfl6A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/XaOUHCfP5cI0xL8iHssqV5st6qs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:4bc5::/32
                  2a0e:8083::/32

    Signature Algorithm: sha256WithRSAEncryption
         47:65:d4:f2:01:e5:87:9b:92:b4:48:09:61:25:e0:08:3d:f1:
         fe:fa:e1:9c:51:dc:95:95:eb:f4:cc:27:e7:ba:63:d4:2c:85:
         13:29:0a:24:b5:eb:e4:03:61:12:c7:a6:02:7e:89:90:a0:45:
         62:2d:d9:69:5a:91:2a:56:01:2b:eb:ee:c3:49:78:eb:95:09:
         59:58:c9:89:39:85:72:47:3c:69:27:21:fe:23:97:7f:4e:99:
         57:a4:9a:3c:97:82:d5:81:f8:77:e4:4c:af:71:df:ac:13:ae:
         95:9b:f8:c7:8d:f0:02:c7:15:8f:ae:db:5c:04:f7:ff:8e:31:
         bc:24:51:1e:ea:dc:b6:f4:01:db:e0:ed:25:09:93:a6:68:2e:
         02:52:75:dc:c9:9c:c3:10:3c:a3:41:19:eb:81:7d:28:77:ee:
         a5:41:8c:bb:bd:d9:9f:1b:5e:b2:bd:41:13:8a:69:66:d8:bd:
         d8:e8:b6:ac:b7:d2:73:3e:6f:56:df:38:aa:7c:95:c1:ff:83:
         df:8e:76:5f:3b:db:b8:d6:56:60:0c:5f:9d:35:48:9e:19:b3:
         c6:9e:0a:89:f3:1d:bf:ec:c2:5b:29:e3:2d:20:37:ba:20:c9:
         1e:fc:a2:b0:f1:57:a2:7e:1e:1f:a3:cd:fe:a3:6c:14:3c:36:
         84:aa:fa:22
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAY7sEMY7TsvJx0pr0vy2y3BrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVkYTM5NDFjMjdjZmU1YzIzNGM0YmYyMjFlY2IyYTU3OWIy
ZGVhYWIwHhcNMjQwNDE3MTIzODI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MjJkZTBmNjUzMTlhYTRlNGJiMDI1MjA4OGI3MmI2ODQxOWY5N2EwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhi0eaxjC+4XBVJIkDIX63XxZmmfG
Tpn7sZ8+E48zTrUWOuFagPNWHT1dBfNFSoEfNB7kFtFauBI8aKRda7O86Fo0MQWg
xwEXoY9fcWBw4HWc9feShZ6nPPcKiG26MxLDQaQUKOs1WoHWnuZk8fUo2qu/8atA
gY0HKGJnnAy3wc/7+t5KViLFdI+ewmxTpLwdJKI6n/mmZGBta64uK3unv+GxOQCt
j19VwDKm0/cVNiGN7J04S6m+0ETLYBK5UqlOGKa/9rzvzGiR5yyQXnCc4thV9zvG
vyRo33qKKn84omkB5NgiVuGEyBaSprrVdUT7QtkwjI6ci89sLMQJfri+3wIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFIIt4PZTGapOS7AlIIi3K2hBn5egMB8GA1UdIwQY
MBaAFF2jlBwnz+XCNMS/Ih7LKlebLeqrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWGFPVUhDZlA1Y0kweEw4aUhzc3FWNXN0NnFzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC8zMGVkM2UtYzRjNC00ZGU4LWI0ZjEt
ZjExYTM5ZjI2YzNiLzEvZ2kzZzlsTVpxazVMc0NVZ2lMY3JhRUdmbDZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC8zMGVkM2UtYzRjNC00ZGU4LWI0ZjEtZjExYTM5ZjI2YzNi
LzEvWGFPVUhDZlA1Y0kweEw4aUhzc3FWNXN0NnFzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAAjAOAwUAKg5LxQMF
ACoOgIMwDQYJKoZIhvcNAQELBQADggEBAEdl1PIB5YebkrRICWEl4Ag98f764ZxR
3JWV6/TMJ+e6Y9QshRMpCiS16+QDYRLHpgJ+iZCgRWIt2WlakSpWASvr7sNJeOuV
CVlYyYk5hXJHPGknIf4jl39OmVekmjyXgtWB+HfkTK9x36wTrpWb+MeN8ALHFY+u
21wE9/+OMbwkUR7q3Lb0Advg7SUJk6ZoLgJSddzJnMMQPKNBGeuBfSh37qVBjLu9
2Z8bXrK9QROKaWbYvdjotqy30nM+b1bfOKp8lcH/g9+Odl8727jWVmAMX501SJ4Z
s8aeConzHb/swlsp4y0gN7ogyR78orDxV6J+Hh+jzf6jbBQ8NoSq+iI=
-----END CERTIFICATE-----