Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9f/f0f70c-06e7-41ac-a2b8-858dce57fcdb/1/RaBs_Yj3i9V3dwc6fjAnBfythKc.roa
File:                     RaBs_Yj3i9V3dwc6fjAnBfythKc.roa (raw, json)
Hash identifier:          xxhGz0S9OD//YWGhiMfQzFwAuy9++9pGzI87N3/byps=
Subject key identifier:   45:A0:6C:FD:88:F7:8B:D5:77:77:07:3A:7E:30:27:05:FC:AD:84:A7
Certificate issuer:       /CN=370e5450d1486780aba54f045ec4802f19f0b4f7
Certificate serial:       018CC64B66198EAAE215F45970A3F7F5BF7A
Authority key identifier: 37:0E:54:50:D1:48:67:80:AB:A5:4F:04:5E:C4:80:2F:19:F0:B4:F7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Nw5UUNFIZ4CrpU8EXsSALxnwtPc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9f/f0f70c-06e7-41ac-a2b8-858dce57fcdb/1/RaBs_Yj3i9V3dwc6fjAnBfythKc.roa
Signing time:             Mon 01 Jan 2024 18:31:19 +0000
ROA not before:           Mon 01 Jan 2024 18:31:19 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     142632
IP address blocks:        2a0e:46c4:10d::/48 maxlen: 48
                          2a0e:46c4:10b::/48 maxlen: 48
                          2a0e:46c4:10c::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9f/f0f70c-06e7-41ac-a2b8-858dce57fcdb/1/Nw5UUNFIZ4CrpU8EXsSALxnwtPc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9f/f0f70c-06e7-41ac-a2b8-858dce57fcdb/1/Nw5UUNFIZ4CrpU8EXsSALxnwtPc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Nw5UUNFIZ4CrpU8EXsSALxnwtPc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:66:19:8e:aa:e2:15:f4:59:70:a3:f7:f5:bf:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=370e5450d1486780aba54f045ec4802f19f0b4f7
        Validity
            Not Before: Jan  1 18:31:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=45a06cfd88f78bd57777073a7e302705fcad84a7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:aa:e0:a4:22:d1:c4:ad:91:c0:46:21:c9:35:
                    e7:93:4a:b4:75:93:c3:cf:32:0d:9b:80:19:46:9e:
                    06:33:c4:cf:b5:f7:54:88:4b:cd:9f:48:f3:44:5c:
                    68:c7:cf:c1:4b:99:87:03:db:48:7f:eb:a4:c7:83:
                    44:af:ab:1f:d9:20:46:84:d7:a9:d3:78:7f:42:7d:
                    56:ee:0a:13:7e:97:29:5c:47:93:d2:4a:ed:1f:8a:
                    0b:d9:ef:c2:99:9e:38:9a:3e:c7:4f:1a:80:bc:19:
                    76:bb:3c:35:f9:69:1a:f1:46:ec:5f:fb:df:72:dc:
                    19:ed:e2:62:59:35:41:17:83:8d:ba:99:cb:29:55:
                    13:c2:f0:88:11:16:82:e6:bc:00:a1:a7:ad:42:58:
                    00:56:02:26:02:96:62:9d:1e:22:bc:ee:e6:2f:83:
                    92:21:c8:d4:93:32:4f:d2:1f:b3:7d:f7:0b:32:25:
                    74:87:91:2c:33:d9:94:5f:10:ba:6c:52:e2:fe:e7:
                    0e:61:45:42:f7:25:84:ff:25:a3:da:9d:ee:47:db:
                    e8:b5:fd:8b:c5:9c:5e:82:cb:40:c6:4a:98:74:ef:
                    27:76:d7:6a:9f:00:ff:84:5e:eb:f7:92:a9:a5:4b:
                    97:32:df:52:48:d5:19:0e:2b:b5:0f:0f:a5:24:7f:
                    65:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:A0:6C:FD:88:F7:8B:D5:77:77:07:3A:7E:30:27:05:FC:AD:84:A7
            X509v3 Authority Key Identifier:
                keyid:37:0E:54:50:D1:48:67:80:AB:A5:4F:04:5E:C4:80:2F:19:F0:B4:F7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Nw5UUNFIZ4CrpU8EXsSALxnwtPc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/f0f70c-06e7-41ac-a2b8-858dce57fcdb/1/RaBs_Yj3i9V3dwc6fjAnBfythKc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/f0f70c-06e7-41ac-a2b8-858dce57fcdb/1/Nw5UUNFIZ4CrpU8EXsSALxnwtPc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:46c4:10b::-2a0e:46c4:10d:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         31:6c:05:48:3a:2a:44:cb:35:a8:50:05:ab:dc:d7:70:67:fe:
         19:35:73:3a:cc:90:0e:b0:53:dd:11:80:21:8f:cc:ac:34:fe:
         c5:f6:d4:fd:38:5e:52:1d:15:69:71:61:dc:5e:a6:de:55:09:
         c1:a8:a6:2e:48:a6:d0:8f:50:65:c2:94:e1:4d:92:d8:e3:52:
         ef:93:91:28:a5:01:9f:f6:20:01:20:79:85:1b:aa:77:71:43:
         72:d0:ff:96:da:ec:b0:58:73:a1:cf:5f:ab:6f:bf:b5:e2:21:
         60:86:be:0f:01:c9:a6:01:f8:c6:56:d2:75:53:67:d8:18:ec:
         bc:6e:47:bf:99:ef:38:e0:e3:48:51:6c:05:67:77:fc:2c:19:
         06:84:3a:b8:bb:15:41:8f:13:db:38:8c:87:27:d8:5f:59:a2:
         88:86:7e:11:a8:2a:70:cf:1d:19:62:10:1c:e6:80:69:ee:64:
         5f:b0:16:99:e4:aa:fe:f9:a5:41:e6:81:f1:a7:c5:9d:03:cd:
         b8:f3:3e:f2:97:f7:2b:e1:d7:39:ae:16:19:ec:ad:71:22:db:
         a8:68:d4:b1:01:02:e7:85:2b:4d:1f:06:b4:30:92:be:8e:a5:
         ed:ac:95:97:2d:52:75:ba:16:a3:f8:ca:dd:cd:27:73:72:d3:
         31:4e:be:6d
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAYzGS2YZjqriFfRZcKP39b96MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM3MGU1NDUwZDE0ODY3ODBhYmE1NGYwNDVlYzQ4MDJmMTlm
MGI0ZjcwHhcNMjQwMTAxMTgzMTE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NWEwNmNmZDg4Zjc4YmQ1Nzc3NzA3M2E3ZTMwMjcwNWZjYWQ4NGE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoKrgpCLRxK2RwEYhyTXnk0q0dZPD
zzINm4AZRp4GM8TPtfdUiEvNn0jzRFxox8/BS5mHA9tIf+ukx4NEr6sf2SBGhNep
03h/Qn1W7goTfpcpXEeT0krtH4oL2e/CmZ44mj7HTxqAvBl2uzw1+Wka8UbsX/vf
ctwZ7eJiWTVBF4ONupnLKVUTwvCIERaC5rwAoaetQlgAVgImApZinR4ivO7mL4OS
IcjUkzJP0h+zffcLMiV0h5EsM9mUXxC6bFLi/ucOYUVC9yWE/yWj2p3uR9votf2L
xZxegstAxkqYdO8ndtdqnwD/hF7r95KppUuXMt9SSNUZDiu1Dw+lJH9lGQIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFEWgbP2I94vVd3cHOn4wJwX8rYSnMB8GA1UdIwQY
MBaAFDcOVFDRSGeAq6VPBF7EgC8Z8LT3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnc1VVVORklaNENycFU4RVhzU0FMeG53dFBjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Zi9mMGY3MGMtMDZlNy00MWFjLWEyYjgt
ODU4ZGNlNTdmY2RiLzEvUmFCc19ZajNpOVYzZHdjNmZqQW5CZnl0aEtjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Zi9mMGY3MGMtMDZlNy00MWFjLWEyYjgtODU4ZGNlNTdmY2Ri
LzEvTnc1VVVORklaNENycFU4RVhzU0FMeG53dFBjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAAjAUMBIDBwAqDkbE
AQsDBwEqDkbEAQwwDQYJKoZIhvcNAQELBQADggEBADFsBUg6KkTLNahQBavc13Bn
/hk1czrMkA6wU90RgCGPzKw0/sX21P04XlIdFWlxYdxept5VCcGopi5IptCPUGXC
lOFNktjjUu+TkSilAZ/2IAEgeYUbqndxQ3LQ/5ba7LBYc6HPX6tvv7XiIWCGvg8B
yaYB+MZW0nVTZ9gY7LxuR7+Z7zjg40hRbAVnd/wsGQaEOri7FUGPE9s4jIcn2F9Z
ooiGfhGoKnDPHRliEBzmgGnuZF+wFpnkqv75pUHmgfGnxZ0DzbjzPvKX9yvh1zmu
FhnsrXEi26ho1LEBAueFK00fBrQwkr6Ope2slZctUnW6FqP4yt3NJ3Ny0zFOvm0=
-----END CERTIFICATE-----