Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/U7L9BQRf-HQyVLP2ivxAsU0IDSM.roa
File:                     U7L9BQRf-HQyVLP2ivxAsU0IDSM.roa (raw, json)
Hash identifier:          z1Rf4YxrxddcIRSX4O72Eas/nbjBA9Gzih2m6h59FKE=
Subject key identifier:   53:B2:FD:05:04:5F:F8:74:32:54:B3:F6:8A:FC:40:B1:4D:08:0D:23
Certificate issuer:       /CN=a576eb2cc462e6e4bf0de69b9f634875debbaae2
Certificate serial:       018CC801DF242E3008040B39511C31AB95E8
Authority key identifier: A5:76:EB:2C:C4:62:E6:E4:BF:0D:E6:9B:9F:63:48:75:DE:BB:AA:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pXbrLMRi5uS_Deabn2NIdd67quI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/U7L9BQRf-HQyVLP2ivxAsU0IDSM.roa
Signing time:             Tue 02 Jan 2024 02:30:15 +0000
ROA not before:           Tue 02 Jan 2024 02:30:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205758
IP address blocks:        2a09:7:2006::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/pXbrLMRi5uS_Deabn2NIdd67quI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/pXbrLMRi5uS_Deabn2NIdd67quI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pXbrLMRi5uS_Deabn2NIdd67quI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 20:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:df:24:2e:30:08:04:0b:39:51:1c:31:ab:95:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a576eb2cc462e6e4bf0de69b9f634875debbaae2
        Validity
            Not Before: Jan  2 02:30:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=53b2fd05045ff8743254b3f68afc40b14d080d23
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:10:cb:ca:34:35:e5:13:e8:7f:55:63:56:f4:
                    77:f7:0d:49:88:91:c8:63:d6:61:c1:cb:03:f4:53:
                    34:db:bd:79:18:0d:15:6b:79:91:ba:57:6a:a3:5f:
                    e8:a5:d7:ce:22:f2:b3:33:a9:0e:03:cf:a1:9b:d0:
                    a7:aa:ab:c4:87:d0:bb:0c:01:bc:b1:76:2d:2d:a3:
                    96:3b:a3:84:6e:db:ae:8c:e1:85:62:7e:2a:03:39:
                    f0:5f:7a:65:de:f6:21:d4:c5:cd:bc:56:12:bb:83:
                    9b:da:28:66:d3:ab:ba:28:81:92:4c:ea:88:85:50:
                    59:94:e3:3b:b2:33:3f:c3:2f:0b:18:9e:25:04:bf:
                    00:0f:4d:8c:37:25:20:31:17:bd:9f:fa:85:28:c4:
                    83:f0:f4:7d:a5:52:86:74:49:ba:9b:a3:af:50:3d:
                    db:88:d9:d1:55:38:c8:bc:21:09:da:af:f5:89:de:
                    2a:01:99:3e:40:b0:c2:05:11:57:ac:49:df:45:ed:
                    b5:93:57:c3:4c:31:fb:05:52:73:b8:c1:82:21:24:
                    ed:62:17:fb:ae:c8:9f:c6:b2:87:46:a5:a0:4a:5c:
                    5f:6b:16:9e:28:3e:04:9e:6c:81:2d:20:6e:2b:cd:
                    1e:cb:9f:6a:45:4f:e6:50:89:a5:e6:2a:9b:de:7a:
                    8a:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:B2:FD:05:04:5F:F8:74:32:54:B3:F6:8A:FC:40:B1:4D:08:0D:23
            X509v3 Authority Key Identifier:
                keyid:A5:76:EB:2C:C4:62:E6:E4:BF:0D:E6:9B:9F:63:48:75:DE:BB:AA:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pXbrLMRi5uS_Deabn2NIdd67quI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/U7L9BQRf-HQyVLP2ivxAsU0IDSM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/pXbrLMRi5uS_Deabn2NIdd67quI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a09:7:2006::/48

    Signature Algorithm: sha256WithRSAEncryption
         26:77:b7:30:35:df:cc:5b:e0:fd:e4:ec:5f:5f:9f:09:2d:e9:
         be:f9:4b:14:9e:80:17:a1:80:87:bd:ff:e4:dd:dc:37:79:4e:
         45:5d:fa:2d:3c:ba:15:66:27:fd:73:cd:77:21:e8:bd:77:f2:
         6b:ff:ff:7a:de:a1:33:bc:ba:e2:39:85:c8:97:8b:89:07:de:
         02:bc:bc:b8:19:92:9a:9a:66:a5:8e:fe:53:35:8f:a7:79:cb:
         a8:92:ed:c6:7c:88:ce:e2:53:d6:a3:21:1f:7c:25:65:be:d5:
         0b:b0:ac:38:98:fe:02:de:fe:08:8a:72:5d:61:1f:fe:96:20:
         dc:8f:d5:d0:91:5b:ef:1c:e1:f1:c5:76:de:b8:2c:a7:3f:f0:
         0e:93:1e:03:8f:a7:ca:1d:c6:78:4d:a0:3e:7e:64:e0:95:54:
         bf:2c:b2:3e:aa:ba:1f:8d:94:6d:7e:af:5c:a0:5b:1f:f9:cb:
         ca:21:d4:75:08:b9:9b:90:0c:5c:36:b0:61:c8:ca:7f:02:b6:
         c2:f3:37:34:25:ae:d0:b7:b3:f9:0c:bc:f6:f5:08:e9:d4:ea:
         a7:04:ee:44:07:43:c1:1d:18:23:d8:4e:67:51:1c:04:2c:d4:
         f6:a2:62:ae:0e:ca:10:40:88:0f:33:fe:82:21:19:58:c6:3a:
         b8:a6:f2:c4
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzIAd8kLjAIBAs5URwxq5XoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE1NzZlYjJjYzQ2MmU2ZTRiZjBkZTY5YjlmNjM0ODc1ZGVi
YmFhZTIwHhcNMjQwMTAyMDIzMDE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1M2IyZmQwNTA0NWZmODc0MzI1NGIzZjY4YWZjNDBiMTRkMDgwZDIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkhDLyjQ15RPof1VjVvR39w1JiJHI
Y9ZhwcsD9FM02715GA0Va3mRuldqo1/opdfOIvKzM6kOA8+hm9CnqqvEh9C7DAG8
sXYtLaOWO6OEbtuujOGFYn4qAznwX3pl3vYh1MXNvFYSu4Ob2ihm06u6KIGSTOqI
hVBZlOM7sjM/wy8LGJ4lBL8AD02MNyUgMRe9n/qFKMSD8PR9pVKGdEm6m6OvUD3b
iNnRVTjIvCEJ2q/1id4qAZk+QLDCBRFXrEnfRe21k1fDTDH7BVJzuMGCISTtYhf7
rsifxrKHRqWgSlxfaxaeKD4EnmyBLSBuK80ey59qRU/mUIml5iqb3nqKywIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFFOy/QUEX/h0MlSz9or8QLFNCA0jMB8GA1UdIwQY
MBaAFKV26yzEYubkvw3mm59jSHXeu6riMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcFhickxNUmk1dVNfRGVhYm4yTklkZDY3cXVJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny85MzE5MjctOWYzOC00MWI2LTg3ZmEt
MjU0YWNkOTJiNGUxLzEvVTdMOUJRUmYtSFF5VkxQMml2eEFzVTBJRFNNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny85MzE5MjctOWYzOC00MWI2LTg3ZmEtMjU0YWNkOTJiNGUx
LzEvcFhickxNUmk1dVNfRGVhYm4yTklkZDY3cXVJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgkAByAG
MA0GCSqGSIb3DQEBCwUAA4IBAQAmd7cwNd/MW+D95OxfX58JLem++UsUnoAXoYCH
vf/k3dw3eU5FXfotPLoVZif9c813Iei9d/Jr//963qEzvLriOYXIl4uJB94CvLy4
GZKammaljv5TNY+necuoku3GfIjO4lPWoyEffCVlvtULsKw4mP4C3v4IinJdYR/+
liDcj9XQkVvvHOHxxXbeuCynP/AOkx4Dj6fKHcZ4TaA+fmTglVS/LLI+qrofjZRt
fq9coFsf+cvKIdR1CLmbkAxcNrBhyMp/ArbC8zc0Ja7Qt7P5DLz29Qjp1OqnBO5E
B0PBHRgj2E5nURwELNT2omKuDsoQQIgPM/6CIRlYxjq4pvLE
-----END CERTIFICATE-----