Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/99/2ece62-1d8c-450c-91e8-8eeb757cf545/1/sy0TYoXuL0Hz8DIGwy3rz_e-tZs.roa
File:                     sy0TYoXuL0Hz8DIGwy3rz_e-tZs.roa (raw, json)
Hash identifier:          5GusHLC5gSab0J6A1QYWk8PsA40CWk+3VnxiN3/265w=
Subject key identifier:   B3:2D:13:62:85:EE:2F:41:F3:F0:32:06:C3:2D:EB:CF:F7:BE:B5:9B
Certificate issuer:       /CN=d673d849b7d5047376d57e6f796f0018b70b4506
Certificate serial:       018CC4930A25A06B99DAA17208BA6604E747
Authority key identifier: D6:73:D8:49:B7:D5:04:73:76:D5:7E:6F:79:6F:00:18:B7:0B:45:06
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1nPYSbfVBHN21X5veW8AGLcLRQY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/99/2ece62-1d8c-450c-91e8-8eeb757cf545/1/sy0TYoXuL0Hz8DIGwy3rz_e-tZs.roa
Signing time:             Mon 01 Jan 2024 10:30:19 +0000
ROA not before:           Mon 01 Jan 2024 10:30:19 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44753
IP address blocks:        2a01:190:15ef::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/99/2ece62-1d8c-450c-91e8-8eeb757cf545/1/1nPYSbfVBHN21X5veW8AGLcLRQY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/99/2ece62-1d8c-450c-91e8-8eeb757cf545/1/1nPYSbfVBHN21X5veW8AGLcLRQY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1nPYSbfVBHN21X5veW8AGLcLRQY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 26 May 2024 02:00:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:0a:25:a0:6b:99:da:a1:72:08:ba:66:04:e7:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d673d849b7d5047376d57e6f796f0018b70b4506
        Validity
            Not Before: Jan  1 10:30:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b32d136285ee2f41f3f03206c32debcff7beb59b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:75:06:99:48:13:09:f9:94:dd:e6:a0:c8:06:
                    6b:33:da:f8:6e:60:b0:5c:cc:20:03:f6:02:c7:88:
                    06:db:96:5c:5e:c9:25:20:6b:ba:a5:e4:69:2d:5c:
                    17:da:c0:3c:68:19:9b:e7:27:96:7e:bb:b2:0a:4b:
                    2c:5a:e6:cd:c7:e6:de:18:cc:68:32:39:61:69:3b:
                    dc:f4:29:6f:a5:6e:df:20:a7:a7:04:51:7f:75:87:
                    d8:52:d9:42:91:3e:ec:a0:2e:af:4f:b9:55:84:a1:
                    c1:d9:e0:f6:ca:10:73:9e:3d:97:83:f5:5f:4a:8f:
                    e3:4b:4c:7a:de:c6:15:f2:c6:d1:8e:27:83:79:87:
                    bb:58:c6:8f:6e:a3:49:b0:4a:06:0f:00:91:3b:d6:
                    98:33:a1:e7:ec:61:1c:46:99:a2:e7:da:ae:cd:a7:
                    cb:af:40:59:60:8f:17:73:e6:48:dd:7f:d3:09:d2:
                    6f:7c:32:14:4f:95:b8:5d:89:77:16:6e:fc:c2:9c:
                    a4:08:bf:cf:a0:8e:1d:1d:a6:83:11:76:fc:36:50:
                    8e:d5:58:92:0e:4e:cc:b4:f5:d1:2d:96:cc:b5:38:
                    35:57:30:6f:98:ff:89:f1:eb:a6:a1:e9:a3:ef:71:
                    c6:06:ab:f6:f8:aa:15:77:fd:54:93:54:fb:a5:cf:
                    4a:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:2D:13:62:85:EE:2F:41:F3:F0:32:06:C3:2D:EB:CF:F7:BE:B5:9B
            X509v3 Authority Key Identifier:
                keyid:D6:73:D8:49:B7:D5:04:73:76:D5:7E:6F:79:6F:00:18:B7:0B:45:06

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1nPYSbfVBHN21X5veW8AGLcLRQY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/99/2ece62-1d8c-450c-91e8-8eeb757cf545/1/sy0TYoXuL0Hz8DIGwy3rz_e-tZs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/99/2ece62-1d8c-450c-91e8-8eeb757cf545/1/1nPYSbfVBHN21X5veW8AGLcLRQY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:190:15ef::/48

    Signature Algorithm: sha256WithRSAEncryption
         3d:5c:e0:17:4f:76:3f:2a:8a:d2:20:11:16:4f:2b:b3:3a:12:
         76:bd:bd:fc:4b:08:e0:76:e6:7a:65:a4:32:23:bb:3d:b6:12:
         83:48:dc:90:af:65:3c:d5:e4:c1:44:71:e5:70:03:59:d5:90:
         c0:bb:5b:14:93:ab:ee:35:6f:cb:f6:33:4b:da:21:3b:be:7e:
         d2:7a:fe:63:95:35:81:ff:5c:60:c7:02:f3:d2:10:0f:e9:ba:
         9b:68:55:e1:8c:de:a5:8f:65:d5:8d:92:45:d7:fb:75:36:e9:
         9a:ed:da:ef:36:d6:25:b0:f3:8e:c6:cb:cf:92:26:a7:09:e4:
         29:05:df:8b:13:2b:fa:aa:9f:24:f8:d4:ce:3c:22:c5:f9:ab:
         06:b4:2d:ac:d1:98:54:b3:fb:0b:d2:f4:d5:d7:e5:bb:dc:d0:
         da:5f:2b:75:cd:2d:43:79:6e:4e:22:7d:98:7a:ca:9b:a8:8c:
         98:ed:74:d8:9a:24:98:8d:16:8e:6a:fb:84:54:6f:1c:38:fd:
         88:68:3f:64:be:70:73:53:7a:6e:d3:b8:0d:10:03:3c:bf:13:
         9b:c5:e8:4e:b9:c0:5b:a2:ca:4c:fa:07:91:25:29:d6:63:74:
         77:55:32:72:41:5e:35:65:f8:5d:e3:ce:50:48:88:f2:58:f2:
         44:73:ce:71
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzEkwoloGuZ2qFyCLpmBOdHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ2NzNkODQ5YjdkNTA0NzM3NmQ1N2U2Zjc5NmYwMDE4Yjcw
YjQ1MDYwHhcNMjQwMTAxMTAzMDE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMzJkMTM2Mjg1ZWUyZjQxZjNmMDMyMDZjMzJkZWJjZmY3YmViNTliMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2HUGmUgTCfmU3eagyAZrM9r4bmCw
XMwgA/YCx4gG25ZcXsklIGu6peRpLVwX2sA8aBmb5yeWfruyCkssWubNx+beGMxo
MjlhaTvc9ClvpW7fIKenBFF/dYfYUtlCkT7soC6vT7lVhKHB2eD2yhBznj2Xg/Vf
So/jS0x63sYV8sbRjieDeYe7WMaPbqNJsEoGDwCRO9aYM6Hn7GEcRpmi59quzafL
r0BZYI8Xc+ZI3X/TCdJvfDIUT5W4XYl3Fm78wpykCL/PoI4dHaaDEXb8NlCO1ViS
Dk7MtPXRLZbMtTg1VzBvmP+J8eumoemj73HGBqv2+KoVd/1Uk1T7pc9K9wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFLMtE2KF7i9B8/AyBsMt68/3vrWbMB8GA1UdIwQY
MBaAFNZz2Em31QRzdtV+b3lvABi3C0UGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMW5QWVNiZlZCSE4yMVg1dmVXOEFHTGNMUlFZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OS8yZWNlNjItMWQ4Yy00NTBjLTkxZTgt
OGVlYjc1N2NmNTQ1LzEvc3kwVFlvWHVMMEh6OERJR3d5M3J6X2UtdFpzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OS8yZWNlNjItMWQ4Yy00NTBjLTkxZTgtOGVlYjc1N2NmNTQ1
LzEvMW5QWVNiZlZCSE4yMVg1dmVXOEFHTGNMUlFZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgEBkBXv
MA0GCSqGSIb3DQEBCwUAA4IBAQA9XOAXT3Y/KorSIBEWTyuzOhJ2vb38SwjgduZ6
ZaQyI7s9thKDSNyQr2U81eTBRHHlcANZ1ZDAu1sUk6vuNW/L9jNL2iE7vn7Sev5j
lTWB/1xgxwLz0hAP6bqbaFXhjN6lj2XVjZJF1/t1Numa7drvNtYlsPOOxsvPkian
CeQpBd+LEyv6qp8k+NTOPCLF+asGtC2s0ZhUs/sL0vTV1+W73NDaXyt1zS1DeW5O
In2YesqbqIyY7XTYmiSYjRaOavuEVG8cOP2IaD9kvnBzU3pu07gNEAM8vxObxehO
ucBbospM+geRJSnWY3R3VTJyQV41Zfhd485QSIjyWPJEc85x
-----END CERTIFICATE-----