Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/93/2923ab-3ff8-4aa9-9220-5e292aa544af/1/ThNfs3ocJo2fVSMtJO4f7DwcJ2w.roa
File:                     ThNfs3ocJo2fVSMtJO4f7DwcJ2w.roa (raw, json)
Hash identifier:          cP9VbfvNVwKg5IHbP8jh60kAJOPfIVccaDLHV0R2qYw=
Subject key identifier:   4E:13:5F:B3:7A:1C:26:8D:9F:55:23:2D:24:EE:1F:EC:3C:1C:27:6C
Certificate issuer:       /CN=4516eb0ee37a71076461ec6cba8b925ac5e28a04
Certificate serial:       018CC3B6EBB8AF7C0246944F63BA5AB405B6
Authority key identifier: 45:16:EB:0E:E3:7A:71:07:64:61:EC:6C:BA:8B:92:5A:C5:E2:8A:04
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RRbrDuN6cQdkYexsuouSWsXiigQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/93/2923ab-3ff8-4aa9-9220-5e292aa544af/1/ThNfs3ocJo2fVSMtJO4f7DwcJ2w.roa
Signing time:             Mon 01 Jan 2024 06:29:54 +0000
ROA not before:           Mon 01 Jan 2024 06:29:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51574
IP address blocks:        2a13:5a07:fe::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/93/2923ab-3ff8-4aa9-9220-5e292aa544af/1/RRbrDuN6cQdkYexsuouSWsXiigQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/93/2923ab-3ff8-4aa9-9220-5e292aa544af/1/RRbrDuN6cQdkYexsuouSWsXiigQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RRbrDuN6cQdkYexsuouSWsXiigQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:eb:b8:af:7c:02:46:94:4f:63:ba:5a:b4:05:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4516eb0ee37a71076461ec6cba8b925ac5e28a04
        Validity
            Not Before: Jan  1 06:29:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4e135fb37a1c268d9f55232d24ee1fec3c1c276c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:b2:08:6a:de:cc:da:95:5d:9f:11:93:8f:5c:
                    99:cf:73:fe:f4:10:18:99:6b:25:39:52:87:be:74:
                    de:af:a8:94:6d:8e:00:7b:43:ed:28:12:a4:3b:e9:
                    cb:e8:d1:f1:04:46:f5:67:c3:3c:21:56:d7:f8:50:
                    be:76:bd:83:5b:53:a8:ea:f7:73:7b:78:fe:f7:7b:
                    39:c8:9c:42:83:de:99:6d:78:8c:bf:f8:70:b8:3e:
                    95:8b:36:e1:4b:b2:cf:6a:60:4e:33:96:2f:0d:bc:
                    ad:01:88:c8:c8:8b:f9:b6:b3:97:20:fd:f3:74:45:
                    c4:c8:79:f2:2c:97:55:ab:6e:c5:7c:c8:55:16:57:
                    66:6d:78:e5:95:26:71:65:b2:80:65:a5:11:78:dd:
                    ab:be:b6:be:97:73:63:cb:f5:5a:75:66:0a:20:7b:
                    ce:8b:e6:61:7e:d9:bf:84:ec:9c:27:83:48:47:95:
                    0e:bb:0d:2f:65:6d:0e:1a:de:ee:fa:2b:ca:74:9e:
                    2f:99:03:87:a3:b0:9d:d6:79:f5:f4:ef:62:4d:43:
                    bd:ff:44:31:5a:f2:08:74:6d:1a:a4:9c:55:e6:0d:
                    25:07:7d:c6:34:ab:b0:ad:63:4a:f1:65:00:73:b5:
                    48:56:39:0a:24:c9:3e:ce:7c:22:03:57:23:13:b9:
                    30:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:13:5F:B3:7A:1C:26:8D:9F:55:23:2D:24:EE:1F:EC:3C:1C:27:6C
            X509v3 Authority Key Identifier:
                keyid:45:16:EB:0E:E3:7A:71:07:64:61:EC:6C:BA:8B:92:5A:C5:E2:8A:04

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RRbrDuN6cQdkYexsuouSWsXiigQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/93/2923ab-3ff8-4aa9-9220-5e292aa544af/1/ThNfs3ocJo2fVSMtJO4f7DwcJ2w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/93/2923ab-3ff8-4aa9-9220-5e292aa544af/1/RRbrDuN6cQdkYexsuouSWsXiigQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:5a07:fe::/48

    Signature Algorithm: sha256WithRSAEncryption
         40:a4:4f:b5:ee:ee:35:35:32:6e:24:70:c8:f4:c4:48:30:db:
         8e:0b:62:8e:27:aa:ee:a7:5c:3f:b2:cb:63:fc:fc:48:2b:e5:
         c6:28:9d:65:0c:af:94:9c:92:3b:c1:c0:84:45:60:b3:38:44:
         62:ad:ba:01:68:e1:52:02:c2:d3:31:bb:d2:45:a5:20:32:bb:
         80:e0:62:f5:c1:0c:75:a1:76:38:44:3f:9e:9c:24:f7:78:82:
         e0:66:25:5e:a5:71:9a:dd:59:f7:18:d3:1d:fc:40:43:25:f8:
         7b:61:4a:ed:25:75:52:d3:0f:a8:ff:3d:5b:04:e7:4f:a9:29:
         da:e3:ec:74:cd:2b:a6:2b:d3:93:9c:1d:d0:7b:da:f6:55:f7:
         eb:9d:65:47:50:1d:16:3e:3e:5a:8a:6c:dd:06:5d:60:c2:56:
         9b:9d:8e:9d:5a:76:6a:ba:6d:27:f8:e8:56:9f:7f:a9:01:95:
         17:06:aa:24:9c:26:6a:30:eb:88:0a:8a:3f:a0:be:14:b5:98:
         0d:94:2b:54:7b:97:3f:d6:28:a0:61:b8:7c:30:78:24:77:09:
         d6:bc:95:9a:f1:2f:d6:a3:ac:e8:ca:bb:f1:79:30:7b:6b:38:
         b2:5c:08:d1:35:29:7d:d1:7d:6a:97:1d:8f:04:d2:f1:35:e8:
         08:1c:7c:0d
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzDtuu4r3wCRpRPY7patAW2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ1MTZlYjBlZTM3YTcxMDc2NDYxZWM2Y2JhOGI5MjVhYzVl
MjhhMDQwHhcNMjQwMTAxMDYyOTU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZTEzNWZiMzdhMWMyNjhkOWY1NTIzMmQyNGVlMWZlYzNjMWMyNzZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjLIIat7M2pVdnxGTj1yZz3P+9BAY
mWslOVKHvnTer6iUbY4Ae0PtKBKkO+nL6NHxBEb1Z8M8IVbX+FC+dr2DW1Oo6vdz
e3j+93s5yJxCg96ZbXiMv/hwuD6VizbhS7LPamBOM5YvDbytAYjIyIv5trOXIP3z
dEXEyHnyLJdVq27FfMhVFldmbXjllSZxZbKAZaUReN2rvra+l3Njy/VadWYKIHvO
i+Zhftm/hOycJ4NIR5UOuw0vZW0OGt7u+ivKdJ4vmQOHo7Cd1nn19O9iTUO9/0Qx
WvIIdG0apJxV5g0lB33GNKuwrWNK8WUAc7VIVjkKJMk+znwiA1cjE7kwTwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFE4TX7N6HCaNn1UjLSTuH+w8HCdsMB8GA1UdIwQY
MBaAFEUW6w7jenEHZGHsbLqLklrF4ooEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUlJickR1TjZjUWRrWWV4c3VvdVNXc1hpaWdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85My8yOTIzYWItM2ZmOC00YWE5LTkyMjAt
NWUyOTJhYTU0NGFmLzEvVGhOZnMzb2NKbzJmVlNNdEpPNGY3RHdjSjJ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85My8yOTIzYWItM2ZmOC00YWE5LTkyMjAtNWUyOTJhYTU0NGFm
LzEvUlJickR1TjZjUWRrWWV4c3VvdVNXc1hpaWdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhNaBwD+
MA0GCSqGSIb3DQEBCwUAA4IBAQBApE+17u41NTJuJHDI9MRIMNuOC2KOJ6rup1w/
sstj/PxIK+XGKJ1lDK+UnJI7wcCERWCzOERirboBaOFSAsLTMbvSRaUgMruA4GL1
wQx1oXY4RD+enCT3eILgZiVepXGa3Vn3GNMd/EBDJfh7YUrtJXVS0w+o/z1bBOdP
qSna4+x0zSumK9OTnB3Qe9r2VffrnWVHUB0WPj5aimzdBl1gwlabnY6dWnZqum0n
+OhWn3+pAZUXBqoknCZqMOuICoo/oL4UtZgNlCtUe5c/1iigYbh8MHgkdwnWvJWa
8S/Wo6zoyrvxeTB7aziyXAjRNSl90X1qlx2PBNLxNegIHHwN
-----END CERTIFICATE-----