Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/RswnIb17eM7STuZz1KFIPY-KMHs.roa
File:                     RswnIb17eM7STuZz1KFIPY-KMHs.roa (raw, json)
Hash identifier:          Pv/TcckYg1rx6o01/VHE+dGxAZj8k4tNIfRXZFgvCFY=
Subject key identifier:   46:CC:27:21:BD:7B:78:CE:D2:4E:E6:73:D4:A1:48:3D:8F:8A:30:7B
Certificate issuer:       /CN=b8074b419ead4cefea2f2ad2c259d978c5ed7954
Certificate serial:       018CCA2A52FD2651DA35F87C28957AB8842D
Authority key identifier: B8:07:4B:41:9E:AD:4C:EF:EA:2F:2A:D2:C2:59:D9:78:C5:ED:79:54
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/RswnIb17eM7STuZz1KFIPY-KMHs.roa
Signing time:             Tue 02 Jan 2024 12:33:40 +0000
ROA not before:           Tue 02 Jan 2024 12:33:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204909
IP address blocks:        2a06:e881:3700::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:52:fd:26:51:da:35:f8:7c:28:95:7a:b8:84:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b8074b419ead4cefea2f2ad2c259d978c5ed7954
        Validity
            Not Before: Jan  2 12:33:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=46cc2721bd7b78ced24ee673d4a1483d8f8a307b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:8f:82:ff:ce:45:2d:c4:72:34:7d:5c:f1:18:
                    9e:9b:35:84:4f:1b:0e:7e:f3:67:2f:11:50:fd:a6:
                    9d:68:97:4b:8b:2c:38:9d:d5:06:77:92:7c:24:39:
                    25:b8:52:0f:63:76:2e:28:0d:a3:44:7e:3b:fb:4f:
                    7a:70:90:88:ac:d4:9e:ae:f3:01:38:79:65:00:07:
                    58:6a:3f:0c:95:11:5a:3a:a2:92:a1:0b:34:a0:69:
                    df:13:0b:04:38:9d:5c:88:7c:0e:65:56:12:93:14:
                    e8:ca:43:36:b4:36:22:bc:95:f2:76:77:5d:30:f1:
                    33:2c:e6:73:fb:0b:32:d1:6c:48:65:2d:d4:3a:30:
                    66:09:03:9a:d8:9a:eb:5e:8c:ca:d1:61:fb:fd:38:
                    cc:a3:85:ba:03:1c:e7:01:69:5c:63:52:e1:e7:3d:
                    76:5b:d1:16:ec:f8:0d:f3:2e:44:46:4a:9d:1e:a3:
                    f7:ab:49:ea:ba:8f:c4:9d:23:0a:df:41:27:1b:0d:
                    18:31:c3:82:22:09:4a:d6:bb:ee:d5:8e:37:94:b4:
                    20:5c:86:4e:9c:dd:9a:5c:3e:af:b7:47:14:65:3b:
                    5d:ca:85:a4:11:55:68:47:8c:07:2b:6f:e6:70:ac:
                    b7:3c:97:9d:ce:e9:0c:89:c7:2c:91:fe:dc:2c:c9:
                    8f:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:CC:27:21:BD:7B:78:CE:D2:4E:E6:73:D4:A1:48:3D:8F:8A:30:7B
            X509v3 Authority Key Identifier:
                keyid:B8:07:4B:41:9E:AD:4C:EF:EA:2F:2A:D2:C2:59:D9:78:C5:ED:79:54

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/RswnIb17eM7STuZz1KFIPY-KMHs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:e881:3700::/44

    Signature Algorithm: sha256WithRSAEncryption
         b3:33:e4:cf:dc:b4:3b:4a:52:50:64:4b:ed:25:8b:71:78:7e:
         74:d1:6b:fd:d0:06:75:6f:7d:fa:09:df:f1:e1:e0:b1:5f:5b:
         a0:e8:71:34:e7:43:20:47:ae:05:95:e6:58:30:9d:42:27:ed:
         50:3e:52:c4:c5:2a:35:55:45:53:5f:ad:62:88:61:dd:72:ef:
         de:c1:dd:0e:c0:20:c4:08:9e:93:f1:52:57:bb:08:b7:16:7c:
         84:8a:a9:e3:ce:24:de:7c:19:f7:79:cf:ab:2a:33:af:ea:0b:
         62:07:4f:3f:fa:ce:3e:d3:cf:aa:90:ea:08:5d:e5:02:f9:77:
         e4:e6:b2:ab:cd:7f:73:3f:56:ac:06:e1:18:7d:47:6a:fd:d7:
         9a:03:cf:1b:62:43:3d:21:2a:de:fb:14:8f:90:fa:a0:b4:79:
         0e:3f:73:48:29:c9:b0:86:c6:63:12:9d:26:0a:b1:81:75:86:
         04:d8:b5:93:0f:f8:d4:f7:62:be:d8:c8:60:d1:dc:59:6d:d8:
         3e:a0:ea:3d:e0:c7:e7:e9:d8:92:4d:3f:77:dc:c4:3e:8f:ce:
         8f:7c:0a:40:ab:83:ab:4e:19:bc:f8:c5:5c:e3:00:31:58:81:
         50:8b:9b:ef:89:30:4b:9e:4c:b0:39:02:47:8e:d2:14:b7:a6:
         8f:44:ad:92
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzKKlL9JlHaNfh8KJV6uIQtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI4MDc0YjQxOWVhZDRjZWZlYTJmMmFkMmMyNTlkOTc4YzVl
ZDc5NTQwHhcNMjQwMTAyMTIzMzQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NmNjMjcyMWJkN2I3OGNlZDI0ZWU2NzNkNGExNDgzZDhmOGEzMDdiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAro+C/85FLcRyNH1c8RiemzWETxsO
fvNnLxFQ/aadaJdLiyw4ndUGd5J8JDkluFIPY3YuKA2jRH47+096cJCIrNServMB
OHllAAdYaj8MlRFaOqKSoQs0oGnfEwsEOJ1ciHwOZVYSkxToykM2tDYivJXydndd
MPEzLOZz+wsy0WxIZS3UOjBmCQOa2JrrXozK0WH7/TjMo4W6AxznAWlcY1Lh5z12
W9EW7PgN8y5ERkqdHqP3q0nquo/EnSMK30EnGw0YMcOCIglK1rvu1Y43lLQgXIZO
nN2aXD6vt0cUZTtdyoWkEVVoR4wHK2/mcKy3PJedzukMiccskf7cLMmPtQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFEbMJyG9e3jO0k7mc9ShSD2PijB7MB8GA1UdIwQY
MBaAFLgHS0GerUzv6i8q0sJZ2XjF7XlUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdUFkTFFaNnRUT19xTHlyU3dsblplTVh0ZVZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yi8xZTQzZTQtZDA2ZS00YTU1LWJkYjYt
M2Q5MWVkZTViMmIxLzEvUnN3bkliMTdlTTdTVHVaejFLRklQWS1LTUhzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yi8xZTQzZTQtZDA2ZS00YTU1LWJkYjYtM2Q5MWVkZTViMmIx
LzEvdUFkTFFaNnRUT19xTHlyU3dsblplTVh0ZVZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgbogTcA
MA0GCSqGSIb3DQEBCwUAA4IBAQCzM+TP3LQ7SlJQZEvtJYtxeH500Wv90AZ1b336
Cd/x4eCxX1ug6HE050MgR64FleZYMJ1CJ+1QPlLExSo1VUVTX61iiGHdcu/ewd0O
wCDECJ6T8VJXuwi3FnyEiqnjziTefBn3ec+rKjOv6gtiB08/+s4+08+qkOoIXeUC
+Xfk5rKrzX9zP1asBuEYfUdq/deaA88bYkM9ISre+xSPkPqgtHkOP3NIKcmwhsZj
Ep0mCrGBdYYE2LWTD/jU92K+2Mhg0dxZbdg+oOo94Mfn6diSTT933MQ+j86PfApA
q4OrThm8+MVc4wAxWIFQi5vviTBLnkywOQJHjtIUt6aPRK2S
-----END CERTIFICATE-----