Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9d/2406ab-3bcb-41bc-a942-368608385883/1/GMSOfNJP17ZaHVED8srW6wiWyKc.roa
File:                     GMSOfNJP17ZaHVED8srW6wiWyKc.roa (raw, json)
Hash identifier:          k1LIyvtoqpacCiHGkRQqCTJMq+NiYrAi4BcxJUzIDQw=
Subject key identifier:   18:C4:8E:7C:D2:4F:D7:B6:5A:1D:51:03:F2:CA:D6:EB:08:96:C8:A7
Certificate issuer:       /CN=c0747fbe26c9cdd7628adfedb57b78be8de75e29
Certificate serial:       018CC8DE7D0C8F5075A28A798B4B9844CA54
Authority key identifier: C0:74:7F:BE:26:C9:CD:D7:62:8A:DF:ED:B5:7B:78:BE:8D:E7:5E:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wHR_vibJzddiit_ttXt4vo3nXik.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9d/2406ab-3bcb-41bc-a942-368608385883/1/GMSOfNJP17ZaHVED8srW6wiWyKc.roa
Signing time:             Tue 02 Jan 2024 06:31:13 +0000
ROA not before:           Tue 02 Jan 2024 06:31:13 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15169
IP address blocks:        2a00:79e1:380::/42 maxlen: 48
                          2a00:79e1:f00::/40 maxlen: 48
                          2a00:79e0::/31 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9d/2406ab-3bcb-41bc-a942-368608385883/1/wHR_vibJzddiit_ttXt4vo3nXik.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9d/2406ab-3bcb-41bc-a942-368608385883/1/wHR_vibJzddiit_ttXt4vo3nXik.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wHR_vibJzddiit_ttXt4vo3nXik.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 16:46:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:7d:0c:8f:50:75:a2:8a:79:8b:4b:98:44:ca:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c0747fbe26c9cdd7628adfedb57b78be8de75e29
        Validity
            Not Before: Jan  2 06:31:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=18c48e7cd24fd7b65a1d5103f2cad6eb0896c8a7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:fe:18:f1:17:c9:44:c9:da:42:0e:45:aa:00:
                    e7:be:c8:b8:f3:d9:42:89:f7:ee:47:6b:b4:30:1f:
                    49:53:6a:72:61:c9:d6:30:e5:9d:3e:f9:87:11:fe:
                    34:9b:f8:a9:80:12:cc:c2:58:dc:da:6f:98:f2:f4:
                    27:e6:28:dc:43:fe:57:ef:3a:5d:73:82:89:ae:77:
                    8a:df:4b:37:ce:24:71:d4:c9:ee:8b:70:12:10:a7:
                    ac:e7:38:4a:47:e7:fd:21:e2:e7:d5:2b:2a:df:62:
                    9c:48:50:10:25:5f:27:7a:62:bb:8b:02:fb:e9:16:
                    fd:a0:03:6c:b5:62:22:08:81:39:f5:ba:de:15:e8:
                    cd:b9:f1:0a:87:65:d4:b1:2b:63:f0:76:d6:f4:6c:
                    d0:fd:22:dd:11:ad:bb:91:79:96:4a:e0:85:ad:94:
                    f3:c9:fb:e2:91:7b:84:9d:e1:b9:81:6d:f5:d5:c8:
                    25:a0:70:cc:20:86:13:f6:3e:1e:80:86:52:3c:f0:
                    ed:ae:11:96:0e:c5:ca:43:08:11:d3:a7:f9:7c:83:
                    48:3a:f9:de:06:d4:1e:f0:ad:b3:d0:f0:19:22:ed:
                    d6:15:3a:c8:b3:7b:a4:cb:df:95:34:57:1e:50:58:
                    f3:97:95:1a:f7:3e:93:9e:27:a2:4d:84:7d:4e:03:
                    9e:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:C4:8E:7C:D2:4F:D7:B6:5A:1D:51:03:F2:CA:D6:EB:08:96:C8:A7
            X509v3 Authority Key Identifier:
                keyid:C0:74:7F:BE:26:C9:CD:D7:62:8A:DF:ED:B5:7B:78:BE:8D:E7:5E:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wHR_vibJzddiit_ttXt4vo3nXik.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9d/2406ab-3bcb-41bc-a942-368608385883/1/GMSOfNJP17ZaHVED8srW6wiWyKc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9d/2406ab-3bcb-41bc-a942-368608385883/1/wHR_vibJzddiit_ttXt4vo3nXik.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a00:79e0::/31

    Signature Algorithm: sha256WithRSAEncryption
         62:e1:3b:ca:e7:dc:47:52:20:da:ab:6e:23:23:6e:f6:a3:4b:
         72:22:88:44:0a:e6:bf:53:cc:bd:96:ce:12:1b:a4:03:02:b7:
         81:dd:26:4c:ac:be:0f:8c:f3:60:4b:28:91:09:26:34:95:88:
         26:9d:73:48:f5:c1:e7:6a:0d:8b:ab:50:a3:05:b9:1d:3b:e1:
         f0:9d:5c:fb:1d:5f:aa:2d:79:61:ab:14:83:5c:48:8e:27:a8:
         b5:31:db:ab:5f:1b:25:b6:da:78:a6:e7:7b:86:7f:1c:6a:dd:
         34:39:ee:a8:98:a6:61:ec:dd:15:1c:20:47:cf:64:0c:96:c7:
         d0:3c:b3:c6:02:89:5a:7b:f8:17:2b:88:7d:36:64:b5:6a:6d:
         45:74:e2:1e:48:b0:51:4f:50:3e:e0:16:67:c0:9e:80:67:b0:
         1f:c0:e1:74:04:d8:87:37:ed:74:41:41:55:58:ae:77:6c:54:
         d9:83:38:48:6b:e3:d5:cc:8b:b5:01:0b:d1:03:ba:42:b2:8c:
         99:27:87:6c:72:28:56:56:0b:3c:e9:57:ac:31:49:4c:c2:05:
         7b:11:01:09:c1:1e:6d:f6:ae:f0:cc:0c:84:2b:ed:21:43:32:
         2e:41:65:12:84:0f:91:c1:9a:f2:df:3f:39:cd:50:29:50:61:
         9f:36:57:42
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzI3n0Mj1B1oop5i0uYRMpUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMwNzQ3ZmJlMjZjOWNkZDc2MjhhZGZlZGI1N2I3OGJlOGRl
NzVlMjkwHhcNMjQwMTAyMDYzMTEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOGM0OGU3Y2QyNGZkN2I2NWExZDUxMDNmMmNhZDZlYjA4OTZjOGE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr/4Y8RfJRMnaQg5FqgDnvsi489lC
iffuR2u0MB9JU2pyYcnWMOWdPvmHEf40m/ipgBLMwljc2m+Y8vQn5ijcQ/5X7zpd
c4KJrneK30s3ziRx1Mnui3ASEKes5zhKR+f9IeLn1Ssq32KcSFAQJV8nemK7iwL7
6Rb9oANstWIiCIE59breFejNufEKh2XUsStj8HbW9GzQ/SLdEa27kXmWSuCFrZTz
yfvikXuEneG5gW311cgloHDMIIYT9j4egIZSPPDtrhGWDsXKQwgR06f5fINIOvne
BtQe8K2z0PAZIu3WFTrIs3uky9+VNFceUFjzl5Ua9z6TnieiTYR9TgOenQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFBjEjnzST9e2Wh1RA/LK1usIlsinMB8GA1UdIwQY
MBaAFMB0f74myc3XYorf7bV7eL6N514pMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd0hSX3ZpYkp6ZGRpaXRfdHRYdDR2bzNuWGlrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85ZC8yNDA2YWItM2JjYi00MWJjLWE5NDIt
MzY4NjA4Mzg1ODgzLzEvR01TT2ZOSlAxN1phSFZFRDhzclc2d2lXeUtjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85ZC8yNDA2YWItM2JjYi00MWJjLWE5NDItMzY4NjA4Mzg1ODgz
LzEvd0hSX3ZpYkp6ZGRpaXRfdHRYdDR2bzNuWGlrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUBKgB54DAN
BgkqhkiG9w0BAQsFAAOCAQEAYuE7yufcR1Ig2qtuIyNu9qNLciKIRArmv1PMvZbO
EhukAwK3gd0mTKy+D4zzYEsokQkmNJWIJp1zSPXB52oNi6tQowW5HTvh8J1c+x1f
qi15YasUg1xIjieotTHbq18bJbbaeKbne4Z/HGrdNDnuqJimYezdFRwgR89kDJbH
0DyzxgKJWnv4FyuIfTZktWptRXTiHkiwUU9QPuAWZ8CegGewH8DhdATYhzftdEFB
VViud2xU2YM4SGvj1cyLtQEL0QO6QrKMmSeHbHIoVlYLPOlXrDFJTMIFexEBCcEe
bfau8MwMhCvtIUMyLkFlEoQPkcGa8t8/Oc1QKVBhnzZXQg==
-----END CERTIFICATE-----