Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a4/8d7e85-00c0-40e0-aa80-c7dcc2391cc9/1/aiF-iiChJDIHf6vh9LAuIO09m3Q.roa
File:                     aiF-iiChJDIHf6vh9LAuIO09m3Q.roa (raw, json)
Hash identifier:          IhROaTic0aVmghW8vHvMnHxZpHhAI1tWGh6AygnToxc=
Subject key identifier:   6A:21:7E:8A:20:A1:24:32:07:7F:AB:E1:F4:B0:2E:20:ED:3D:9B:74
Certificate issuer:       /CN=aeb76321c8d469ee3ba023920b372ccda5de9e0f
Certificate serial:       018CC348B93256411B19B94E00E7596DD719
Authority key identifier: AE:B7:63:21:C8:D4:69:EE:3B:A0:23:92:0B:37:2C:CD:A5:DE:9E:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rrdjIcjUae47oCOSCzcszaXeng8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a4/8d7e85-00c0-40e0-aa80-c7dcc2391cc9/1/aiF-iiChJDIHf6vh9LAuIO09m3Q.roa
Signing time:             Mon 01 Jan 2024 04:29:32 +0000
ROA not before:           Mon 01 Jan 2024 04:29:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     1152
IP address blocks:        2a0f:d980::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a4/8d7e85-00c0-40e0-aa80-c7dcc2391cc9/1/rrdjIcjUae47oCOSCzcszaXeng8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a4/8d7e85-00c0-40e0-aa80-c7dcc2391cc9/1/rrdjIcjUae47oCOSCzcszaXeng8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rrdjIcjUae47oCOSCzcszaXeng8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 19:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:b9:32:56:41:1b:19:b9:4e:00:e7:59:6d:d7:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aeb76321c8d469ee3ba023920b372ccda5de9e0f
        Validity
            Not Before: Jan  1 04:29:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6a217e8a20a12432077fabe1f4b02e20ed3d9b74
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:9e:fe:7f:77:58:ef:e4:29:c9:ea:6b:2a:53:
                    95:5f:12:46:1d:d4:c2:ed:de:34:61:25:82:3c:45:
                    ff:0e:b4:61:58:e6:27:36:cb:9e:d4:0d:56:d1:1a:
                    22:14:0e:e8:73:dd:a8:ec:a6:79:69:71:54:c8:0b:
                    44:df:a8:e5:69:1a:f7:04:75:a3:e7:9a:14:8d:9c:
                    c7:38:f9:d8:9b:39:91:15:4e:03:4b:6b:a4:2d:13:
                    c6:2a:63:74:d2:b8:72:3d:ab:79:ec:4a:1a:46:c1:
                    59:13:1a:bc:03:86:ac:19:db:17:85:71:d2:64:49:
                    8b:32:e3:0a:42:63:59:d0:0c:ef:22:37:92:38:e7:
                    3e:9b:03:ab:59:12:55:0d:21:ac:5a:31:d4:e0:99:
                    ec:6c:ac:d2:62:a4:d5:f3:01:c1:de:44:1c:5e:b8:
                    b0:38:1f:1c:fc:83:4f:1d:a8:8a:aa:46:f2:88:aa:
                    9e:f9:39:f5:dc:96:36:92:50:f3:1a:10:75:18:14:
                    92:1b:06:e8:09:aa:27:88:1f:e7:4b:fe:19:4f:8c:
                    43:5e:35:22:1e:d9:8b:4c:ac:9f:9e:e5:37:0a:c6:
                    45:6a:3d:1e:8f:d6:14:14:b3:9e:bb:f8:37:0e:ff:
                    b3:2a:63:f7:6f:8d:eb:81:30:e7:d7:47:03:75:ee:
                    cf:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:21:7E:8A:20:A1:24:32:07:7F:AB:E1:F4:B0:2E:20:ED:3D:9B:74
            X509v3 Authority Key Identifier:
                keyid:AE:B7:63:21:C8:D4:69:EE:3B:A0:23:92:0B:37:2C:CD:A5:DE:9E:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rrdjIcjUae47oCOSCzcszaXeng8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/8d7e85-00c0-40e0-aa80-c7dcc2391cc9/1/aiF-iiChJDIHf6vh9LAuIO09m3Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/8d7e85-00c0-40e0-aa80-c7dcc2391cc9/1/rrdjIcjUae47oCOSCzcszaXeng8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:d980::/32

    Signature Algorithm: sha256WithRSAEncryption
         3b:79:21:c2:e8:d7:21:bb:c1:e3:c2:35:be:a0:92:d1:29:ca:
         dd:25:7f:3e:2f:f6:b2:19:fe:93:87:cf:91:15:f5:95:3e:b9:
         d9:4c:37:53:af:52:2c:b7:c3:b8:b6:1f:4c:b4:a9:11:a7:63:
         fa:da:f2:87:74:54:10:94:64:59:76:36:a8:b7:0b:2d:3d:f2:
         cf:98:54:79:8a:e9:5b:4b:80:55:ad:5f:6e:e4:28:5c:0b:59:
         61:9b:07:ff:48:28:8f:2d:b2:65:b5:a6:ed:ab:24:93:2c:4b:
         ac:2c:98:51:d1:3b:9b:7c:e3:bd:46:a7:af:14:71:a4:4b:e0:
         cd:1c:c7:b0:84:19:ff:a7:f9:97:aa:b9:8e:62:31:b9:ef:c2:
         0a:87:85:4b:ad:25:24:7d:d7:ea:a4:7e:59:9d:97:c0:6d:5a:
         e9:b2:97:47:85:34:b5:c5:c1:f7:55:68:62:46:fc:7e:34:bb:
         54:0c:e5:7a:dd:c2:75:ee:d0:a3:87:01:8e:2d:a4:90:c7:f8:
         60:b9:ee:0e:9c:02:e1:7c:ce:51:a9:d3:f7:49:41:c9:85:ee:
         78:82:e0:84:06:ed:d8:53:f0:c5:39:5b:e9:1a:73:85:57:e6:
         16:4c:27:e3:62:19:25:0a:0e:26:90:3b:3b:d4:fd:b9:96:ec:
         3f:da:3b:6f
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzDSLkyVkEbGblOAOdZbdcZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFlYjc2MzIxYzhkNDY5ZWUzYmEwMjM5MjBiMzcyY2NkYTVk
ZTllMGYwHhcNMjQwMTAxMDQyOTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YTIxN2U4YTIwYTEyNDMyMDc3ZmFiZTFmNGIwMmUyMGVkM2Q5Yjc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA157+f3dY7+QpyeprKlOVXxJGHdTC
7d40YSWCPEX/DrRhWOYnNsue1A1W0RoiFA7oc92o7KZ5aXFUyAtE36jlaRr3BHWj
55oUjZzHOPnYmzmRFU4DS2ukLRPGKmN00rhyPat57EoaRsFZExq8A4asGdsXhXHS
ZEmLMuMKQmNZ0AzvIjeSOOc+mwOrWRJVDSGsWjHU4JnsbKzSYqTV8wHB3kQcXriw
OB8c/INPHaiKqkbyiKqe+Tn13JY2klDzGhB1GBSSGwboCaoniB/nS/4ZT4xDXjUi
HtmLTKyfnuU3CsZFaj0ej9YUFLOeu/g3Dv+zKmP3b43rgTDn10cDde7PkQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFGohfoogoSQyB3+r4fSwLiDtPZt0MB8GA1UdIwQY
MBaAFK63YyHI1GnuO6Ajkgs3LM2l3p4PMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcnJkakljalVhZTQ3b0NPU0N6Y3N6YVhlbmc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNC84ZDdlODUtMDBjMC00MGUwLWFhODAt
YzdkY2MyMzkxY2M5LzEvYWlGLWlpQ2hKRElIZjZ2aDlMQXVJTzA5bTNRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNC84ZDdlODUtMDBjMC00MGUwLWFhODAtYzdkY2MyMzkxY2M5
LzEvcnJkakljalVhZTQ3b0NPU0N6Y3N6YVhlbmc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKg/ZgDAN
BgkqhkiG9w0BAQsFAAOCAQEAO3khwujXIbvB48I1vqCS0SnK3SV/Pi/2shn+k4fP
kRX1lT652Uw3U69SLLfDuLYfTLSpEadj+tryh3RUEJRkWXY2qLcLLT3yz5hUeYrp
W0uAVa1fbuQoXAtZYZsH/0gojy2yZbWm7askkyxLrCyYUdE7m3zjvUanrxRxpEvg
zRzHsIQZ/6f5l6q5jmIxue/CCoeFS60lJH3X6qR+WZ2XwG1a6bKXR4U0tcXB91Vo
Ykb8fjS7VAzlet3Cde7Qo4cBji2kkMf4YLnuDpwC4XzOUanT90lByYXueILghAbt
2FPwxTlb6RpzhVfmFkwn42IZJQoOJpA7O9T9uZbsP9o7bw==
-----END CERTIFICATE-----