Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/84/962fb1-3df0-4ec2-b50a-b36a24d39427/1/epzWTh5FM5gke40MBT0XAH0amuY.roa
File:                     epzWTh5FM5gke40MBT0XAH0amuY.roa (raw, json)
Hash identifier:          RUc8kcjdXBmDb4AsfAvimX/JcfmVc6SMjt0uyu+jKKw=
Subject key identifier:   7A:9C:D6:4E:1E:45:33:98:24:7B:8D:0C:05:3D:17:00:7D:1A:9A:E6
Certificate issuer:       /CN=835bc9bb547e27788d221bc8bbd5fb02e024480f
Certificate serial:       018CC727584E7168D1931CC6109115A47774
Authority key identifier: 83:5B:C9:BB:54:7E:27:78:8D:22:1B:C8:BB:D5:FB:02:E0:24:48:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/g1vJu1R-J3iNIhvIu9X7AuAkSA8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/84/962fb1-3df0-4ec2-b50a-b36a24d39427/1/epzWTh5FM5gke40MBT0XAH0amuY.roa
Signing time:             Mon 01 Jan 2024 22:31:33 +0000
ROA not before:           Mon 01 Jan 2024 22:31:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212232
IP address blocks:        2a0b:6b86:d00::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/84/962fb1-3df0-4ec2-b50a-b36a24d39427/1/g1vJu1R-J3iNIhvIu9X7AuAkSA8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/84/962fb1-3df0-4ec2-b50a-b36a24d39427/1/g1vJu1R-J3iNIhvIu9X7AuAkSA8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/g1vJu1R-J3iNIhvIu9X7AuAkSA8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 00:09:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:58:4e:71:68:d1:93:1c:c6:10:91:15:a4:77:74
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=835bc9bb547e27788d221bc8bbd5fb02e024480f
        Validity
            Not Before: Jan  1 22:31:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7a9cd64e1e453398247b8d0c053d17007d1a9ae6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:4c:82:30:f7:ee:c3:8f:09:38:61:5a:cd:86:
                    2f:c1:53:79:b5:cd:b7:34:61:09:19:0e:66:a0:f4:
                    c5:76:ce:1a:e8:45:98:c6:8d:f1:f8:d1:20:3d:c3:
                    69:65:a0:35:ba:db:da:8a:ab:0f:b6:7f:c0:0f:2a:
                    6d:eb:16:df:de:18:13:c3:c9:55:73:ef:72:cf:f3:
                    41:f3:f0:af:99:dc:ab:cf:e6:e4:c5:90:f1:0c:15:
                    2c:aa:6c:6c:a6:5f:ae:0b:3a:47:e9:21:5b:8b:83:
                    43:b2:b2:57:ef:4b:cd:78:51:27:b8:09:1a:5a:ab:
                    37:08:b0:06:47:2e:81:f6:04:09:51:72:84:22:b2:
                    31:ee:82:fc:aa:30:17:fa:79:f1:b9:1b:a8:71:f6:
                    93:cd:2c:73:b2:d5:93:22:8b:20:22:62:5c:c0:4e:
                    0a:c3:c3:9d:bf:72:d2:e3:06:ad:d6:60:21:79:8d:
                    bb:15:d0:8d:6d:77:16:e5:06:5d:00:ed:04:8d:2c:
                    15:23:71:3d:ab:be:28:87:26:af:f8:49:1e:4d:7a:
                    1b:54:58:99:09:d1:b3:5a:94:3d:65:b1:bd:cc:6e:
                    32:1e:8a:b0:18:45:60:bf:1b:5a:c7:92:f0:77:4f:
                    fe:c8:73:50:9c:a1:11:67:fd:b1:d1:ab:0d:52:18:
                    cc:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7A:9C:D6:4E:1E:45:33:98:24:7B:8D:0C:05:3D:17:00:7D:1A:9A:E6
            X509v3 Authority Key Identifier:
                keyid:83:5B:C9:BB:54:7E:27:78:8D:22:1B:C8:BB:D5:FB:02:E0:24:48:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/g1vJu1R-J3iNIhvIu9X7AuAkSA8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/84/962fb1-3df0-4ec2-b50a-b36a24d39427/1/epzWTh5FM5gke40MBT0XAH0amuY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/84/962fb1-3df0-4ec2-b50a-b36a24d39427/1/g1vJu1R-J3iNIhvIu9X7AuAkSA8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:6b86:d00::/40

    Signature Algorithm: sha256WithRSAEncryption
         b1:61:db:bd:24:f2:01:a2:3b:6f:c9:57:3e:ca:9b:f0:51:14:
         a5:54:0b:cd:a9:d1:22:39:1c:75:f7:0d:c4:b9:06:a8:42:cc:
         86:6c:d3:d5:ea:4f:6d:49:81:86:da:2d:ea:0e:50:35:cf:1f:
         43:2c:8f:80:92:3d:9f:46:8a:26:6b:f2:51:10:4a:57:72:2e:
         61:06:e9:6b:3a:0c:dc:e2:37:5d:19:62:1c:5e:b3:f0:0e:d0:
         f2:fd:9e:90:47:a1:ef:b2:7f:c0:9e:20:8f:bc:ad:5b:3b:bb:
         38:ae:36:58:98:de:eb:64:3a:8a:32:15:f3:7d:31:eb:a8:8c:
         00:52:52:51:d0:3c:a3:1f:3e:3e:1e:e7:c5:6a:12:2d:86:80:
         5a:56:52:3a:9c:fa:6d:3e:61:39:2c:57:0a:bf:cb:3e:ce:74:
         0d:b4:a1:e6:df:1a:ee:bb:53:ca:bf:7e:2b:09:74:c4:0f:69:
         5a:67:ae:5b:53:1b:9d:23:f1:a9:03:7e:99:f0:33:26:14:cc:
         ad:de:12:bf:e5:ab:18:23:f6:a8:36:16:89:fe:3a:30:43:0e:
         8b:ce:28:84:5c:26:d3:69:d4:cb:bf:65:7a:89:01:e6:9a:a4:
         87:22:e5:dc:c1:01:78:71:74:63:3e:cd:58:80:09:c4:f6:8f:
         c9:9d:7a:e9
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzHJ1hOcWjRkxzGEJEVpHd0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzNWJjOWJiNTQ3ZTI3Nzg4ZDIyMWJjOGJiZDVmYjAyZTAy
NDQ4MGYwHhcNMjQwMTAxMjIzMTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YTljZDY0ZTFlNDUzMzk4MjQ3YjhkMGMwNTNkMTcwMDdkMWE5YWU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj0yCMPfuw48JOGFazYYvwVN5tc23
NGEJGQ5moPTFds4a6EWYxo3x+NEgPcNpZaA1utvaiqsPtn/ADypt6xbf3hgTw8lV
c+9yz/NB8/Cvmdyrz+bkxZDxDBUsqmxspl+uCzpH6SFbi4NDsrJX70vNeFEnuAka
Wqs3CLAGRy6B9gQJUXKEIrIx7oL8qjAX+nnxuRuocfaTzSxzstWTIosgImJcwE4K
w8Odv3LS4wat1mAheY27FdCNbXcW5QZdAO0EjSwVI3E9q74ohyav+EkeTXobVFiZ
CdGzWpQ9ZbG9zG4yHoqwGEVgvxtax5Lwd0/+yHNQnKERZ/2x0asNUhjM4wIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFHqc1k4eRTOYJHuNDAU9FwB9GprmMB8GA1UdIwQY
MBaAFINbybtUfid4jSIbyLvV+wLgJEgPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZzF2SnUxUi1KM2lOSWh2SXU5WDdBdUFrU0E4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NC85NjJmYjEtM2RmMC00ZWMyLWI1MGEt
YjM2YTI0ZDM5NDI3LzEvZXB6V1RoNUZNNWdrZTQwTUJUMFhBSDBhbXVZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NC85NjJmYjEtM2RmMC00ZWMyLWI1MGEtYjM2YTI0ZDM5NDI3
LzEvZzF2SnUxUi1KM2lOSWh2SXU5WDdBdUFrU0E4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKgtrhg0w
DQYJKoZIhvcNAQELBQADggEBALFh270k8gGiO2/JVz7Km/BRFKVUC82p0SI5HHX3
DcS5BqhCzIZs09XqT21JgYbaLeoOUDXPH0Msj4CSPZ9GiiZr8lEQSldyLmEG6Ws6
DNziN10ZYhxes/AO0PL9npBHoe+yf8CeII+8rVs7uziuNliY3utkOooyFfN9Meuo
jABSUlHQPKMfPj4e58VqEi2GgFpWUjqc+m0+YTksVwq/yz7OdA20oebfGu67U8q/
fisJdMQPaVpnrltTG50j8akDfpnwMyYUzK3eEr/lqxgj9qg2Fon+OjBDDovOKIRc
JtNp1Mu/ZXqJAeaapIci5dzBAXhxdGM+zViACcT2j8mdeuk=
-----END CERTIFICATE-----