Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/e4ccb1-ca25-4099-8273-3993aa324e1f/1/mcJtpG7YOupodFY0SPO2LP7gQzU.roa
File:                     mcJtpG7YOupodFY0SPO2LP7gQzU.roa (raw, json)
Hash identifier:          msLO5kC4Sci96Lc9ryZ2YTdJYCT9/yydCJZ7yg9VtwE=
Subject key identifier:   99:C2:6D:A4:6E:D8:3A:EA:68:74:56:34:48:F3:B6:2C:FE:E0:43:35
Certificate issuer:       /CN=6ce97cf4d8d0bc17b3af1d62c4d71488661bd212
Certificate serial:       018CC8DEEC87CFE6CAFD6EFDB980C78D6675
Authority key identifier: 6C:E9:7C:F4:D8:D0:BC:17:B3:AF:1D:62:C4:D7:14:88:66:1B:D2:12
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bOl89NjQvBezrx1ixNcUiGYb0hI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/e4ccb1-ca25-4099-8273-3993aa324e1f/1/mcJtpG7YOupodFY0SPO2LP7gQzU.roa
Signing time:             Tue 02 Jan 2024 06:31:41 +0000
ROA not before:           Tue 02 Jan 2024 06:31:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197501
IP address blocks:        2a0a:2c0:8::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/e4ccb1-ca25-4099-8273-3993aa324e1f/1/bOl89NjQvBezrx1ixNcUiGYb0hI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/e4ccb1-ca25-4099-8273-3993aa324e1f/1/bOl89NjQvBezrx1ixNcUiGYb0hI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bOl89NjQvBezrx1ixNcUiGYb0hI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Jun 2024 14:00:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:ec:87:cf:e6:ca:fd:6e:fd:b9:80:c7:8d:66:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ce97cf4d8d0bc17b3af1d62c4d71488661bd212
        Validity
            Not Before: Jan  2 06:31:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=99c26da46ed83aea6874563448f3b62cfee04335
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:f5:7b:65:e0:e4:c9:fc:89:c3:0a:3a:00:da:
                    20:5d:ab:57:15:e1:37:e2:ca:c7:56:67:a6:31:49:
                    f8:9d:ce:69:8f:e5:2c:51:f3:cd:f9:dc:c4:ba:bf:
                    5a:d9:f7:85:ff:ac:39:e6:6f:75:2c:41:4f:d3:a6:
                    d7:ec:19:f5:7a:13:7e:a2:59:9b:b7:12:5b:ea:27:
                    0d:e1:df:39:66:b2:a4:da:4d:fe:bd:56:d6:1a:ac:
                    84:af:6a:cd:cc:b5:66:df:44:28:f3:87:16:33:e3:
                    e5:1b:4d:18:db:e0:bc:d8:fc:74:7b:a6:71:46:1d:
                    b4:4e:fb:37:a3:be:05:62:33:d8:8c:e6:b6:ec:b7:
                    a1:e2:9d:98:b6:e2:46:e6:72:dd:91:0b:b5:2b:4e:
                    80:13:28:b8:15:ce:3e:9e:d2:36:1c:8f:a7:ea:6e:
                    a0:f4:ae:13:9e:e5:7e:76:5d:d8:12:97:51:69:e8:
                    7f:52:44:a6:f4:52:5f:ab:c7:b0:29:b7:30:2b:7a:
                    27:d4:32:29:1e:60:9c:e2:3f:0b:03:07:9e:f9:d8:
                    60:7d:e8:a6:e6:dd:1a:11:b7:93:0e:e7:5e:8f:4a:
                    96:7d:8a:f1:cb:c5:1a:a4:69:d3:a4:a9:af:82:aa:
                    d8:86:5e:48:13:67:37:6f:60:af:7d:b7:97:2e:26:
                    ff:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:C2:6D:A4:6E:D8:3A:EA:68:74:56:34:48:F3:B6:2C:FE:E0:43:35
            X509v3 Authority Key Identifier:
                keyid:6C:E9:7C:F4:D8:D0:BC:17:B3:AF:1D:62:C4:D7:14:88:66:1B:D2:12

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bOl89NjQvBezrx1ixNcUiGYb0hI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/e4ccb1-ca25-4099-8273-3993aa324e1f/1/mcJtpG7YOupodFY0SPO2LP7gQzU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/e4ccb1-ca25-4099-8273-3993aa324e1f/1/bOl89NjQvBezrx1ixNcUiGYb0hI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0a:2c0:8::/48

    Signature Algorithm: sha256WithRSAEncryption
         20:30:6c:79:e6:83:83:4b:da:48:e0:89:91:1d:b9:ef:dd:9b:
         69:09:0d:7e:0b:48:d1:63:dd:a4:bf:02:75:d8:88:25:91:29:
         1d:3e:a2:9d:80:1e:04:a4:dd:b1:ce:1a:b3:1a:1a:06:f1:75:
         b8:1a:de:35:c0:51:b8:d6:ca:50:09:b7:9e:22:b1:75:d4:79:
         15:21:f4:1d:e9:9a:e2:f3:31:71:3d:f4:aa:6f:04:f0:8e:f7:
         5f:41:54:e0:58:3b:c7:68:7d:aa:6b:c6:9a:30:b3:c6:3e:a6:
         51:3d:72:77:2e:b5:0e:8c:de:45:98:0a:3c:8d:84:37:d1:1f:
         0b:7e:e0:19:62:21:02:dc:33:0f:65:c3:20:95:13:47:73:ba:
         79:ee:8e:a3:c3:9c:ab:4f:a5:51:71:02:9d:57:a6:70:f1:ec:
         2b:03:f3:56:6d:17:f6:aa:07:fb:06:6f:e3:c3:33:6d:29:a1:
         e1:db:90:90:37:b1:ee:c1:ee:2d:48:4b:3f:8e:9c:14:33:4a:
         6b:bf:34:21:6c:a5:24:56:68:97:62:94:b0:65:b7:5e:a9:f4:
         24:b2:a7:6d:be:ef:0e:6e:f6:27:09:dd:4f:39:8e:41:8f:4b:
         fc:6a:0e:cd:ff:ca:31:a4:cb:4d:9a:a0:3a:0b:78:0d:a9:c5:
         3e:b1:92:d9
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzI3uyHz+bK/W79uYDHjWZ1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjZTk3Y2Y0ZDhkMGJjMTdiM2FmMWQ2MmM0ZDcxNDg4NjYx
YmQyMTIwHhcNMjQwMTAyMDYzMTQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OWMyNmRhNDZlZDgzYWVhNjg3NDU2MzQ0OGYzYjYyY2ZlZTA0MzM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoPV7ZeDkyfyJwwo6ANogXatXFeE3
4srHVmemMUn4nc5pj+UsUfPN+dzEur9a2feF/6w55m91LEFP06bX7Bn1ehN+olmb
txJb6icN4d85ZrKk2k3+vVbWGqyEr2rNzLVm30Qo84cWM+PlG00Y2+C82Px0e6Zx
Rh20Tvs3o74FYjPYjOa27Leh4p2YtuJG5nLdkQu1K06AEyi4Fc4+ntI2HI+n6m6g
9K4TnuV+dl3YEpdRaeh/UkSm9FJfq8ewKbcwK3on1DIpHmCc4j8LAwee+dhgfeim
5t0aEbeTDudej0qWfYrxy8UapGnTpKmvgqrYhl5IE2c3b2CvfbeXLib/IQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFJnCbaRu2DrqaHRWNEjztiz+4EM1MB8GA1UdIwQY
MBaAFGzpfPTY0LwXs68dYsTXFIhmG9ISMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYk9sODlOalF2QmV6cngxaXhOY1VpR1liMGhJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS9lNGNjYjEtY2EyNS00MDk5LTgyNzMt
Mzk5M2FhMzI0ZTFmLzEvbWNKdHBHN1lPdXBvZEZZMFNQTzJMUDdnUXpVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS9lNGNjYjEtY2EyNS00MDk5LTgyNzMtMzk5M2FhMzI0ZTFm
LzEvYk9sODlOalF2QmV6cngxaXhOY1VpR1liMGhJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgoCwAAI
MA0GCSqGSIb3DQEBCwUAA4IBAQAgMGx55oODS9pI4ImRHbnv3ZtpCQ1+C0jRY92k
vwJ12IglkSkdPqKdgB4EpN2xzhqzGhoG8XW4Gt41wFG41spQCbeeIrF11HkVIfQd
6Zri8zFxPfSqbwTwjvdfQVTgWDvHaH2qa8aaMLPGPqZRPXJ3LrUOjN5FmAo8jYQ3
0R8LfuAZYiEC3DMPZcMglRNHc7p57o6jw5yrT6VRcQKdV6Zw8ewrA/NWbRf2qgf7
Bm/jwzNtKaHh25CQN7Huwe4tSEs/jpwUM0prvzQhbKUkVmiXYpSwZbdeqfQksqdt
vu8ObvYnCd1POY5Bj0v8ag7N/8oxpMtNmqA6C3gNqcU+sZLZ
-----END CERTIFICATE-----