Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/95/3060bd-feb2-4986-b9e3-3c9ebc456623/1/1-NoeJyR79VUxSWackKaKkNFH4fo.roa
File:                     1-NoeJyR79VUxSWackKaKkNFH4fo.roa (raw, json)
Hash identifier:          tGnQU/D+2XUYPSQiqqDAzPNfuXpkL1gYlDc50oQelws=
Subject key identifier:   F8:DA:1E:27:24:7B:F5:55:31:49:66:9C:90:A6:8A:90:D1:47:E1:FA
Certificate issuer:       /CN=8ecc229e5699105828564b78509f3b72f3090a21
Certificate serial:       018CC86F1B331B623A6F2534E827C6D9666F
Authority key identifier: 8E:CC:22:9E:56:99:10:58:28:56:4B:78:50:9F:3B:72:F3:09:0A:21
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jswinlaZEFgoVkt4UJ87cvMJCiE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/95/3060bd-feb2-4986-b9e3-3c9ebc456623/1/1-NoeJyR79VUxSWackKaKkNFH4fo.roa
Signing time:             Tue 02 Jan 2024 04:29:33 +0000
ROA not before:           Tue 02 Jan 2024 04:29:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205056
IP address blocks:        2a02:7080:2000::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/95/3060bd-feb2-4986-b9e3-3c9ebc456623/1/jswinlaZEFgoVkt4UJ87cvMJCiE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/95/3060bd-feb2-4986-b9e3-3c9ebc456623/1/jswinlaZEFgoVkt4UJ87cvMJCiE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jswinlaZEFgoVkt4UJ87cvMJCiE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:1b:33:1b:62:3a:6f:25:34:e8:27:c6:d9:66:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8ecc229e5699105828564b78509f3b72f3090a21
        Validity
            Not Before: Jan  2 04:29:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f8da1e27247bf5553149669c90a68a90d147e1fa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:5b:2b:39:b7:45:90:93:d1:df:c1:84:51:a3:
                    f2:3b:ed:36:fe:4d:2a:45:b3:d3:cd:d0:ef:f4:fd:
                    a3:08:a2:cc:67:bb:b9:6a:59:f3:4d:19:e0:cf:20:
                    08:1c:ea:f7:dd:00:2a:b8:87:c2:16:96:56:aa:3f:
                    6d:a7:d0:89:ea:c9:c0:88:bf:60:e1:2a:68:3c:39:
                    9c:8c:f6:48:86:04:64:0c:7f:68:6f:a2:41:5d:a6:
                    7e:e5:6a:4c:1e:33:06:91:cc:61:b5:8a:e6:37:87:
                    1c:1d:34:90:e5:b9:7b:81:e1:cd:bb:33:56:a1:54:
                    dd:03:76:62:3c:d0:bb:8d:dd:e0:e1:6a:18:d4:d9:
                    af:e1:09:21:4b:78:34:25:d3:6a:61:d1:0d:f1:5a:
                    e0:78:79:1f:60:c1:68:9b:aa:c4:68:b0:f9:b9:cc:
                    dd:73:ed:7a:df:f7:6e:62:cc:69:31:0c:86:eb:22:
                    d0:38:26:67:1a:8b:05:79:6c:b0:cc:e8:03:90:8b:
                    b7:0f:34:2f:7e:03:a6:9e:81:ce:23:ef:dc:17:41:
                    62:9d:5a:f2:b7:c6:a0:57:4c:07:29:b5:45:ab:08:
                    87:5f:29:f0:cc:28:b1:9c:2f:b3:eb:23:53:82:e6:
                    ec:f7:7e:7f:6c:02:ff:cd:c0:f1:56:d3:16:eb:29:
                    c3:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F8:DA:1E:27:24:7B:F5:55:31:49:66:9C:90:A6:8A:90:D1:47:E1:FA
            X509v3 Authority Key Identifier:
                keyid:8E:CC:22:9E:56:99:10:58:28:56:4B:78:50:9F:3B:72:F3:09:0A:21

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jswinlaZEFgoVkt4UJ87cvMJCiE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/95/3060bd-feb2-4986-b9e3-3c9ebc456623/1/1-NoeJyR79VUxSWackKaKkNFH4fo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/95/3060bd-feb2-4986-b9e3-3c9ebc456623/1/jswinlaZEFgoVkt4UJ87cvMJCiE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a02:7080:2000::/48

    Signature Algorithm: sha256WithRSAEncryption
         9e:48:1c:3f:b7:17:62:80:cb:f5:fe:95:1f:6f:aa:cd:96:0d:
         6d:f9:05:a5:97:19:1d:db:a8:12:6d:21:f8:8d:23:45:25:19:
         09:f4:8c:bc:33:04:88:4e:fd:cd:45:04:9d:08:1c:ee:59:21:
         5d:a2:43:e9:32:43:ca:b1:55:19:4a:ad:3f:b0:24:b5:19:9c:
         42:79:c1:03:9d:d1:94:77:41:f1:76:5c:be:42:e5:9f:22:39:
         48:a5:0f:12:f5:9e:7d:93:67:45:66:a4:38:3d:56:ec:b6:8a:
         dd:c7:31:6a:3d:3f:a9:e4:e6:9b:71:1c:41:03:63:64:b3:55:
         cd:1f:8f:24:ea:50:82:30:cf:30:7d:76:28:91:3c:6f:0e:e4:
         d8:c5:24:8f:53:00:a5:09:01:b8:3d:13:ab:71:18:53:b4:6f:
         a4:03:45:89:10:9e:d0:d2:06:f6:ee:ed:80:59:bc:69:87:d4:
         71:ff:34:dd:9f:52:8c:f1:37:bb:b4:20:57:8f:56:3b:a1:68:
         05:d6:77:65:61:5f:cf:c6:63:ec:36:29:4c:5b:a1:2e:24:7b:
         a8:07:13:44:da:60:d6:03:23:7a:9e:3b:b6:ff:2c:e4:d7:17:
         3e:d0:f4:81:2f:04:82:7c:5b:15:92:82:27:c7:ac:63:fb:b1:
         dd:e1:76:36
-----BEGIN CERTIFICATE-----
MIIFATCCA+mgAwIBAgISAYzIbxszG2I6byU06CfG2WZvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhlY2MyMjllNTY5OTEwNTgyODU2NGI3ODUwOWYzYjcyZjMw
OTBhMjEwHhcNMjQwMTAyMDQyOTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOGRhMWUyNzI0N2JmNTU1MzE0OTY2OWM5MGE2OGE5MGQxNDdlMWZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmlsrObdFkJPR38GEUaPyO+02/k0q
RbPTzdDv9P2jCKLMZ7u5alnzTRngzyAIHOr33QAquIfCFpZWqj9tp9CJ6snAiL9g
4SpoPDmcjPZIhgRkDH9ob6JBXaZ+5WpMHjMGkcxhtYrmN4ccHTSQ5bl7geHNuzNW
oVTdA3ZiPNC7jd3g4WoY1Nmv4QkhS3g0JdNqYdEN8VrgeHkfYMFom6rEaLD5uczd
c+163/duYsxpMQyG6yLQOCZnGosFeWywzOgDkIu3DzQvfgOmnoHOI+/cF0FinVry
t8agV0wHKbVFqwiHXynwzCixnC+z6yNTgubs935/bAL/zcDxVtMW6ynDNwIDAQAB
o4ICDTCCAgkwHQYDVR0OBBYEFPjaHicke/VVMUlmnJCmipDRR+H6MB8GA1UdIwQY
MBaAFI7MIp5WmRBYKFZLeFCfO3LzCQohMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvanN3aW5sYVpFRmdvVmt0NFVKODdjdk1KQ2lFLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85NS8zMDYwYmQtZmViMi00OTg2LWI5ZTMt
M2M5ZWJjNDU2NjIzLzEvMS1Ob2VKeVI3OVZVeFNXYWNrS2FLa05GSDRmby5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvOTUvMzA2MGJkLWZlYjItNDk4Ni1iOWUzLTNjOWViYzQ1NjYy
My8xL2pzd2lubGFaRUZnb1ZrdDRVSjg3Y3ZNSkNpRS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoCcIAg
ADANBgkqhkiG9w0BAQsFAAOCAQEAnkgcP7cXYoDL9f6VH2+qzZYNbfkFpZcZHduo
Em0h+I0jRSUZCfSMvDMEiE79zUUEnQgc7lkhXaJD6TJDyrFVGUqtP7AktRmcQnnB
A53RlHdB8XZcvkLlnyI5SKUPEvWefZNnRWakOD1W7LaK3ccxaj0/qeTmm3EcQQNj
ZLNVzR+PJOpQgjDPMH12KJE8bw7k2MUkj1MApQkBuD0Tq3EYU7RvpANFiRCe0NIG
9u7tgFm8aYfUcf803Z9SjPE3u7QgV49WO6FoBdZ3ZWFfz8Zj7DYpTFuhLiR7qAcT
RNpg1gMjep47tv8s5NcXPtD0gS8EgnxbFZKCJ8esY/ux3eF2Ng==
-----END CERTIFICATE-----