Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/0KQWHs7luDI3Aa9fMcf60Tb3Itg.roa
File:                     0KQWHs7luDI3Aa9fMcf60Tb3Itg.roa (raw, json)
Hash identifier:          6mXPYHKQoco3PdVAXHJtaVMFRvCoN3qGX/d3gwS21N8=
Subject key identifier:   D0:A4:16:1E:CE:E5:B8:32:37:01:AF:5F:31:C7:FA:D1:36:F7:22:D8
Certificate issuer:       /CN=b8074b419ead4cefea2f2ad2c259d978c5ed7954
Certificate serial:       018EC9F344033E57FC097B3778EB8D2DA5CF
Authority key identifier: B8:07:4B:41:9E:AD:4C:EF:EA:2F:2A:D2:C2:59:D9:78:C5:ED:79:54
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/0KQWHs7luDI3Aa9fMcf60Tb3Itg.roa
Signing time:             Wed 10 Apr 2024 21:39:06 +0000
ROA not before:           Wed 10 Apr 2024 21:39:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202197
IP address blocks:        2a0a:79c7:ff00::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:c9:f3:44:03:3e:57:fc:09:7b:37:78:eb:8d:2d:a5:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b8074b419ead4cefea2f2ad2c259d978c5ed7954
        Validity
            Not Before: Apr 10 21:39:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d0a4161ecee5b8323701af5f31c7fad136f722d8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:ed:9a:82:76:d0:3b:4b:c6:39:21:56:dc:3f:
                    fc:e1:eb:4d:8f:f8:5f:13:5b:9a:7f:47:23:90:c5:
                    17:e0:3e:52:e4:2f:77:15:03:c3:a5:05:72:22:78:
                    bb:50:ba:48:2e:5f:98:ed:24:a6:e3:e0:ff:d3:1c:
                    72:33:98:8b:33:db:56:4b:17:b8:95:34:4a:7e:b4:
                    2f:ce:c8:c3:80:81:85:be:01:55:30:ec:0b:b2:eb:
                    f7:f7:fc:c3:63:1b:e8:87:52:a4:25:8c:cf:df:10:
                    29:27:93:89:ed:44:8e:2b:64:31:bf:2e:99:d1:4f:
                    86:56:26:ee:f6:4d:1f:43:8b:29:a0:0e:be:52:b9:
                    5b:a2:d7:cc:42:74:70:56:bb:b5:00:5f:71:7f:75:
                    c0:9a:02:f8:05:07:f8:2d:3e:c5:28:90:da:8c:e9:
                    b7:bb:eb:8f:5a:72:cd:ed:ff:fb:9d:0d:6a:c4:e0:
                    ee:84:ca:41:f1:b6:d6:f0:c1:af:d6:65:bb:17:6b:
                    79:cd:56:d3:11:69:08:21:b3:21:c6:92:fe:f7:68:
                    cb:b1:b2:78:cc:af:e5:f4:f1:b2:4c:47:0b:6e:85:
                    16:c2:66:6f:46:ba:48:53:b0:29:dd:82:e4:d7:0d:
                    e9:9e:3c:25:a6:a9:df:91:8d:0a:ff:26:a4:bf:0e:
                    2d:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:A4:16:1E:CE:E5:B8:32:37:01:AF:5F:31:C7:FA:D1:36:F7:22:D8
            X509v3 Authority Key Identifier:
                keyid:B8:07:4B:41:9E:AD:4C:EF:EA:2F:2A:D2:C2:59:D9:78:C5:ED:79:54

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/0KQWHs7luDI3Aa9fMcf60Tb3Itg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0a:79c7:ff00::/40

    Signature Algorithm: sha256WithRSAEncryption
         2d:13:8a:10:43:24:90:fc:6f:a0:d1:d8:1c:9d:5a:34:b8:71:
         dd:8c:07:c2:f1:a9:e8:f8:0e:ce:ea:fd:00:f0:ca:41:59:4f:
         6b:4e:57:37:7d:5c:07:3a:57:bd:73:c8:d1:cc:3b:b8:1f:a8:
         39:de:b9:16:0f:69:3a:b5:b4:e6:06:fd:eb:4b:33:8c:7e:e8:
         6c:01:f9:0d:18:91:52:3c:ac:19:dd:e9:37:22:e0:6a:14:38:
         97:21:0d:f8:9e:c8:83:6a:95:aa:09:d5:da:0c:9e:86:06:f6:
         56:2e:44:0f:a4:68:7c:92:06:75:ca:7a:aa:83:c4:40:a6:1d:
         18:23:a9:96:14:b4:97:dc:71:c0:71:4f:4e:15:a7:b6:53:28:
         df:3a:e1:7d:38:d0:f5:e2:02:7f:05:d6:71:37:8b:fe:dd:63:
         f2:9e:15:b3:6e:42:63:8e:7e:ab:30:3d:6b:16:21:da:3c:e0:
         23:2e:de:2e:21:bf:6f:51:e4:cd:dd:c0:76:f8:b9:c1:22:85:
         fa:0a:fb:ca:62:9c:13:bf:e9:65:30:d4:02:0d:e3:e1:c5:fb:
         cd:f1:34:33:76:cc:0a:53:74:83:aa:7a:30:9f:af:db:d5:e3:
         4e:93:bb:a5:8e:c7:73:f1:df:ee:c7:5a:a4:0b:79:4c:db:94:
         a8:db:2b:ab
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAY7J80QDPlf8CXs3eOuNLaXPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI4MDc0YjQxOWVhZDRjZWZlYTJmMmFkMmMyNTlkOTc4YzVl
ZDc5NTQwHhcNMjQwNDEwMjEzOTA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMGE0MTYxZWNlZTViODMyMzcwMWFmNWYzMWM3ZmFkMTM2ZjcyMmQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi+2agnbQO0vGOSFW3D/84etNj/hf
E1uaf0cjkMUX4D5S5C93FQPDpQVyIni7ULpILl+Y7SSm4+D/0xxyM5iLM9tWSxe4
lTRKfrQvzsjDgIGFvgFVMOwLsuv39/zDYxvoh1KkJYzP3xApJ5OJ7USOK2Qxvy6Z
0U+GVibu9k0fQ4spoA6+UrlbotfMQnRwVru1AF9xf3XAmgL4BQf4LT7FKJDajOm3
u+uPWnLN7f/7nQ1qxODuhMpB8bbW8MGv1mW7F2t5zVbTEWkIIbMhxpL+92jLsbJ4
zK/l9PGyTEcLboUWwmZvRrpIU7Ap3YLk1w3pnjwlpqnfkY0K/yakvw4tjQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFNCkFh7O5bgyNwGvXzHH+tE29yLYMB8GA1UdIwQY
MBaAFLgHS0GerUzv6i8q0sJZ2XjF7XlUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdUFkTFFaNnRUT19xTHlyU3dsblplTVh0ZVZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yi8xZTQzZTQtZDA2ZS00YTU1LWJkYjYt
M2Q5MWVkZTViMmIxLzEvMEtRV0hzN2x1REkzQWE5Zk1jZjYwVGIzSXRnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yi8xZTQzZTQtZDA2ZS00YTU1LWJkYjYtM2Q5MWVkZTViMmIx
LzEvdUFkTFFaNnRUT19xTHlyU3dsblplTVh0ZVZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKgp5x/8w
DQYJKoZIhvcNAQELBQADggEBAC0TihBDJJD8b6DR2BydWjS4cd2MB8Lxqej4Ds7q
/QDwykFZT2tOVzd9XAc6V71zyNHMO7gfqDneuRYPaTq1tOYG/etLM4x+6GwB+Q0Y
kVI8rBnd6Tci4GoUOJchDfieyINqlaoJ1doMnoYG9lYuRA+kaHySBnXKeqqDxECm
HRgjqZYUtJfcccBxT04Vp7ZTKN864X040PXiAn8F1nE3i/7dY/KeFbNuQmOOfqsw
PWsWIdo84CMu3i4hv29R5M3dwHb4ucEihfoK+8pinBO/6WUw1AIN4+HF+83xNDN2
zApTdIOqejCfr9vV406Tu6WOx3Px3+7HWqQLeUzblKjbK6s=
-----END CERTIFICATE-----