Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/94/09cafd-68bc-41a2-8bab-80b84e4f20c9/1/8ZF30T14MYe8rC-miATh_yS5DCE.roa
File:                     8ZF30T14MYe8rC-miATh_yS5DCE.roa (raw, json)
Hash identifier:          p/bPhIuGL21v5f301xPUVEWs2I7YkrZqG7+4yFdOxcI=
Subject key identifier:   F1:91:77:D1:3D:78:31:87:BC:AC:2F:A6:88:04:E1:FF:24:B9:0C:21
Certificate issuer:       /CN=10773f32d3cb4e13e43f10a3dc422f1f3271bfba
Certificate serial:       018CC4922DD29B488C10E751E14FF03ED875
Authority key identifier: 10:77:3F:32:D3:CB:4E:13:E4:3F:10:A3:DC:42:2F:1F:32:71:BF:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EHc_MtPLThPkPxCj3EIvHzJxv7o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/94/09cafd-68bc-41a2-8bab-80b84e4f20c9/1/8ZF30T14MYe8rC-miATh_yS5DCE.roa
Signing time:             Mon 01 Jan 2024 10:29:23 +0000
ROA not before:           Mon 01 Jan 2024 10:29:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200280
IP address blocks:        2a0a:4a40:2270::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/94/09cafd-68bc-41a2-8bab-80b84e4f20c9/1/EHc_MtPLThPkPxCj3EIvHzJxv7o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/94/09cafd-68bc-41a2-8bab-80b84e4f20c9/1/EHc_MtPLThPkPxCj3EIvHzJxv7o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EHc_MtPLThPkPxCj3EIvHzJxv7o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 01:02:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:92:2d:d2:9b:48:8c:10:e7:51:e1:4f:f0:3e:d8:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=10773f32d3cb4e13e43f10a3dc422f1f3271bfba
        Validity
            Not Before: Jan  1 10:29:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f19177d13d783187bcac2fa68804e1ff24b90c21
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:f7:b9:14:37:e4:ef:91:df:5a:ef:b7:0c:6f:
                    5c:3c:3b:6c:28:f2:fe:d4:d8:15:3d:4e:d1:16:95:
                    ba:bc:5c:a0:dc:25:a0:f4:d4:14:02:f5:73:d9:37:
                    e5:93:0f:02:5d:0d:d0:8f:42:ba:86:3e:b9:fd:e6:
                    b9:23:e7:bd:7a:65:bd:e3:5e:6f:00:af:85:47:31:
                    12:87:0b:86:fe:06:08:cc:9f:84:85:8a:75:c2:27:
                    8f:94:74:f7:2b:ac:08:23:6a:88:66:50:23:c5:bc:
                    ad:0f:dc:d7:e9:35:79:38:61:30:44:2b:41:fd:7f:
                    eb:02:49:cd:ff:6d:49:a6:99:3e:d7:52:0e:67:f2:
                    ac:48:14:14:c1:8a:70:ec:11:9c:6b:17:9a:0c:bd:
                    d6:03:13:7d:5a:2a:62:a5:09:e8:62:79:1e:90:28:
                    c8:75:a0:b0:ab:90:dd:9f:d9:1a:c1:bb:6c:82:a3:
                    7a:dc:b4:8e:72:ac:11:16:54:5f:33:97:7c:50:69:
                    8a:a0:ea:30:a3:91:04:ed:c8:ab:58:95:9b:b7:08:
                    9f:91:e0:3a:62:4e:36:52:f5:e6:16:a2:c7:6f:a7:
                    90:93:92:82:e8:7f:1f:03:c6:86:a6:d6:12:1e:17:
                    dd:76:c7:de:0d:cf:cf:e7:68:5c:15:ea:3e:c8:b9:
                    1c:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:91:77:D1:3D:78:31:87:BC:AC:2F:A6:88:04:E1:FF:24:B9:0C:21
            X509v3 Authority Key Identifier:
                keyid:10:77:3F:32:D3:CB:4E:13:E4:3F:10:A3:DC:42:2F:1F:32:71:BF:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EHc_MtPLThPkPxCj3EIvHzJxv7o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/94/09cafd-68bc-41a2-8bab-80b84e4f20c9/1/8ZF30T14MYe8rC-miATh_yS5DCE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/94/09cafd-68bc-41a2-8bab-80b84e4f20c9/1/EHc_MtPLThPkPxCj3EIvHzJxv7o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0a:4a40:2270::/44

    Signature Algorithm: sha256WithRSAEncryption
         c4:fc:53:ba:34:5d:3d:21:5c:82:82:e2:7f:33:81:a3:cd:05:
         a6:30:49:0b:c7:05:5e:4c:9b:2c:98:7f:32:32:7f:19:04:60:
         6b:64:be:8a:b1:05:db:d2:36:56:a7:f6:b9:45:35:9b:3e:43:
         4c:69:d3:f9:18:2d:fe:3c:83:ba:12:0e:6e:e9:c4:8a:b8:d4:
         dd:21:67:7e:97:d3:18:08:43:8d:7b:c5:24:f0:18:35:6e:0c:
         65:4b:e8:f9:d8:d8:83:5e:18:63:0d:9d:62:38:7c:eb:64:1e:
         d1:69:f5:f7:a9:05:25:b5:96:fe:78:04:83:a9:41:c3:23:0d:
         fc:84:9b:20:2d:25:b1:a8:f2:b1:cb:3c:4c:3e:9e:b0:8f:bd:
         32:45:80:42:8a:18:7f:a7:be:a4:85:11:99:ff:ec:18:1d:69:
         b1:18:4f:50:88:d1:a7:58:6e:a1:38:09:88:ce:2c:da:a2:54:
         ef:e5:a5:3d:50:5e:b4:9f:c0:da:e8:e1:55:aa:8e:de:41:58:
         6b:c0:6e:b3:02:33:cb:95:f7:1e:76:c2:a1:42:bd:0d:af:87:
         a2:a0:e5:62:89:d7:14:3b:fe:81:c0:22:e0:2c:0f:21:fd:66:
         9e:ba:3c:2d:69:cb:ce:47:91:e3:3b:3d:6e:4b:66:cc:1c:a0:
         82:3c:30:ba
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzEki3Sm0iMEOdR4U/wPth1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEwNzczZjMyZDNjYjRlMTNlNDNmMTBhM2RjNDIyZjFmMzI3
MWJmYmEwHhcNMjQwMTAxMTAyOTIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMTkxNzdkMTNkNzgzMTg3YmNhYzJmYTY4ODA0ZTFmZjI0YjkwYzIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApve5FDfk75HfWu+3DG9cPDtsKPL+
1NgVPU7RFpW6vFyg3CWg9NQUAvVz2Tflkw8CXQ3Qj0K6hj65/ea5I+e9emW9415v
AK+FRzEShwuG/gYIzJ+EhYp1wiePlHT3K6wII2qIZlAjxbytD9zX6TV5OGEwRCtB
/X/rAknN/21Jppk+11IOZ/KsSBQUwYpw7BGcaxeaDL3WAxN9WipipQnoYnkekCjI
daCwq5Ddn9kawbtsgqN63LSOcqwRFlRfM5d8UGmKoOowo5EE7cirWJWbtwifkeA6
Yk42UvXmFqLHb6eQk5KC6H8fA8aGptYSHhfddsfeDc/P52hcFeo+yLkc8QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFPGRd9E9eDGHvKwvpogE4f8kuQwhMB8GA1UdIwQY
MBaAFBB3PzLTy04T5D8Qo9xCLx8ycb+6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRUhjX010UExUaFBrUHhDajNFSXZIekp4djdvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85NC8wOWNhZmQtNjhiYy00MWEyLThiYWIt
ODBiODRlNGYyMGM5LzEvOFpGMzBUMTRNWWU4ckMtbWlBVGhfeVM1RENFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85NC8wOWNhZmQtNjhiYy00MWEyLThiYWItODBiODRlNGYyMGM5
LzEvRUhjX010UExUaFBrUHhDajNFSXZIekp4djdvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgpKQCJw
MA0GCSqGSIb3DQEBCwUAA4IBAQDE/FO6NF09IVyCguJ/M4GjzQWmMEkLxwVeTJss
mH8yMn8ZBGBrZL6KsQXb0jZWp/a5RTWbPkNMadP5GC3+PIO6Eg5u6cSKuNTdIWd+
l9MYCEONe8Uk8Bg1bgxlS+j52NiDXhhjDZ1iOHzrZB7RafX3qQUltZb+eASDqUHD
Iw38hJsgLSWxqPKxyzxMPp6wj70yRYBCihh/p76khRGZ/+wYHWmxGE9QiNGnWG6h
OAmIzizaolTv5aU9UF60n8Da6OFVqo7eQVhrwG6zAjPLlfcedsKhQr0Nr4eioOVi
idcUO/6BwCLgLA8h/WaeujwtacvOR5HjOz1uS2bMHKCCPDC6
-----END CERTIFICATE-----