Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8c/cc94c8-72e4-4398-b37b-71169567e39c/1/RcCB0fcvU7BWfIcb8Lw4Ikg073w.roa
File:                     RcCB0fcvU7BWfIcb8Lw4Ikg073w.roa (raw, json)
Hash identifier:          8+PoidiuKmCT96spvgWnbgAgxYwUQ1KIynj4S9XSP+I=
Subject key identifier:   45:C0:81:D1:F7:2F:53:B0:56:7C:87:1B:F0:BC:38:22:48:34:EF:7C
Certificate issuer:       /CN=08953a5f11a8279cdf8798960de1e22eb1227d95
Certificate serial:       018CC9BC4F47E2889634968233A8D6EC21D8
Authority key identifier: 08:95:3A:5F:11:A8:27:9C:DF:87:98:96:0D:E1:E2:2E:B1:22:7D:95
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CJU6XxGoJ5zfh5iWDeHiLrEifZU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8c/cc94c8-72e4-4398-b37b-71169567e39c/1/RcCB0fcvU7BWfIcb8Lw4Ikg073w.roa
Signing time:             Tue 02 Jan 2024 10:33:30 +0000
ROA not before:           Tue 02 Jan 2024 10:33:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48460
IP address blocks:        2a07:69c0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8c/cc94c8-72e4-4398-b37b-71169567e39c/1/CJU6XxGoJ5zfh5iWDeHiLrEifZU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8c/cc94c8-72e4-4398-b37b-71169567e39c/1/CJU6XxGoJ5zfh5iWDeHiLrEifZU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CJU6XxGoJ5zfh5iWDeHiLrEifZU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 May 2024 14:49:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:4f:47:e2:88:96:34:96:82:33:a8:d6:ec:21:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=08953a5f11a8279cdf8798960de1e22eb1227d95
        Validity
            Not Before: Jan  2 10:33:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=45c081d1f72f53b0567c871bf0bc38224834ef7c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:6a:52:a3:f4:66:94:47:29:f8:7d:69:ce:a4:
                    5d:9e:11:b6:10:14:2c:c3:27:97:d9:18:e9:ad:e6:
                    05:83:88:9d:aa:a6:a5:8a:23:db:3f:0c:e0:d2:c4:
                    c6:c3:10:57:dd:77:3a:df:45:35:91:e9:07:ed:07:
                    5a:c4:cd:78:8e:ae:47:7b:ab:a7:4c:d4:5d:fa:21:
                    02:64:8f:85:45:06:54:39:4d:d8:4e:e3:91:88:6b:
                    9f:98:7e:b3:cc:36:c2:e8:23:f8:24:9f:a5:72:04:
                    65:91:ca:c5:44:fa:15:0b:a4:38:87:5f:ee:3e:ae:
                    85:4e:8b:f6:f5:fe:f5:81:e3:cf:71:db:f6:f1:77:
                    d1:5f:ac:50:19:90:04:d9:6b:0d:f5:4c:06:7c:c2:
                    5b:a7:e7:0f:49:0f:eb:20:b7:16:fb:5a:04:8f:18:
                    9a:b4:c1:60:a8:af:93:03:4b:e5:db:f2:a3:37:5e:
                    f0:bb:da:0c:75:b3:5d:e5:13:ba:51:42:7e:92:ab:
                    de:8d:0e:3d:1a:ea:40:81:4e:c3:32:5f:a7:6f:41:
                    1f:37:1f:a4:fe:ee:c7:7b:6a:ed:19:a3:79:ec:02:
                    bc:c6:f0:28:f7:ad:98:6f:eb:9e:27:ed:0c:82:4b:
                    37:f9:2e:dc:fb:5c:4b:3c:80:05:dc:11:2c:0b:53:
                    2d:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:C0:81:D1:F7:2F:53:B0:56:7C:87:1B:F0:BC:38:22:48:34:EF:7C
            X509v3 Authority Key Identifier:
                keyid:08:95:3A:5F:11:A8:27:9C:DF:87:98:96:0D:E1:E2:2E:B1:22:7D:95

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CJU6XxGoJ5zfh5iWDeHiLrEifZU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8c/cc94c8-72e4-4398-b37b-71169567e39c/1/RcCB0fcvU7BWfIcb8Lw4Ikg073w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8c/cc94c8-72e4-4398-b37b-71169567e39c/1/CJU6XxGoJ5zfh5iWDeHiLrEifZU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a07:69c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         2a:ac:ad:12:2f:db:49:59:02:cf:b8:3d:80:f7:ba:c4:c9:87:
         67:41:65:d6:da:e2:db:3b:c9:f5:c3:41:bf:67:4a:b2:23:af:
         bf:94:6c:39:53:82:1f:9e:87:81:31:04:f7:07:06:cd:47:2a:
         80:82:0e:5e:d9:4e:ba:a7:96:e3:5c:c5:2f:9f:0c:b9:6b:40:
         3f:39:f1:20:c0:01:de:62:dd:2f:1d:c4:75:1a:e0:83:1a:8b:
         9e:a4:05:f4:9d:2c:b9:ec:3f:d0:8e:7b:5c:e2:76:81:e4:b1:
         8b:20:98:c9:a1:b0:50:c4:44:e2:d6:3b:1e:6b:9a:19:11:96:
         b9:4a:b1:78:7c:ce:e9:4a:7b:65:64:62:f8:0c:5d:06:c0:f3:
         82:db:d9:17:65:2d:cc:04:7a:5e:b0:c8:a6:48:dd:22:ac:1c:
         45:29:60:d9:7b:7a:4c:6c:c5:64:f4:d9:f5:f2:71:f6:88:6e:
         e4:c8:28:71:ea:c5:85:f8:39:4d:41:79:52:c2:c2:14:38:b9:
         23:7e:a6:c2:23:a4:22:45:3b:16:76:f7:1f:11:6e:4d:6f:c3:
         c5:cd:51:7d:c5:f8:53:f3:ad:f5:8c:9f:dc:10:e7:98:1a:4e:
         61:9c:84:a3:89:8f:9d:bc:93:29:17:99:ac:d3:ef:ad:46:03:
         78:77:41:2f
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzJvE9H4oiWNJaCM6jW7CHYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4OTUzYTVmMTFhODI3OWNkZjg3OTg5NjBkZTFlMjJlYjEy
MjdkOTUwHhcNMjQwMTAyMTAzMzMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NWMwODFkMWY3MmY1M2IwNTY3Yzg3MWJmMGJjMzgyMjQ4MzRlZjdjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjGpSo/RmlEcp+H1pzqRdnhG2EBQs
wyeX2RjpreYFg4idqqaliiPbPwzg0sTGwxBX3Xc630U1kekH7QdaxM14jq5He6un
TNRd+iECZI+FRQZUOU3YTuORiGufmH6zzDbC6CP4JJ+lcgRlkcrFRPoVC6Q4h1/u
Pq6FTov29f71gePPcdv28XfRX6xQGZAE2WsN9UwGfMJbp+cPSQ/rILcW+1oEjxia
tMFgqK+TA0vl2/KjN17wu9oMdbNd5RO6UUJ+kqvejQ49GupAgU7DMl+nb0EfNx+k
/u7He2rtGaN57AK8xvAo962Yb+ueJ+0Mgks3+S7c+1xLPIAF3BEsC1MtrQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFEXAgdH3L1OwVnyHG/C8OCJINO98MB8GA1UdIwQY
MBaAFAiVOl8RqCec34eYlg3h4i6xIn2VMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0pVNlh4R29KNXpmaDVpV0RlSGlMckVpZlpVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yy9jYzk0YzgtNzJlNC00Mzk4LWIzN2It
NzExNjk1NjdlMzljLzEvUmNDQjBmY3ZVN0JXZkljYjhMdzRJa2cwNzN3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yy9jYzk0YzgtNzJlNC00Mzk4LWIzN2ItNzExNjk1NjdlMzlj
LzEvQ0pVNlh4R29KNXpmaDVpV0RlSGlMckVpZlpVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKgdpwDAN
BgkqhkiG9w0BAQsFAAOCAQEAKqytEi/bSVkCz7g9gPe6xMmHZ0Fl1tri2zvJ9cNB
v2dKsiOvv5RsOVOCH56HgTEE9wcGzUcqgIIOXtlOuqeW41zFL58MuWtAPznxIMAB
3mLdLx3EdRrggxqLnqQF9J0suew/0I57XOJ2geSxiyCYyaGwUMRE4tY7HmuaGRGW
uUqxeHzO6Up7ZWRi+AxdBsDzgtvZF2UtzAR6XrDIpkjdIqwcRSlg2Xt6TGzFZPTZ
9fJx9ohu5MgocerFhfg5TUF5UsLCFDi5I36mwiOkIkU7Fnb3HxFuTW/Dxc1RfcX4
U/Ot9Yyf3BDnmBpOYZyEo4mPnbyTKReZrNPvrUYDeHdBLw==
-----END CERTIFICATE-----