Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/fef2e0-ba37-4812-95ad-411a2712164d/1/IkOZvLt_lD2otewh2GnLpKQ0ErY.roa
File:                     IkOZvLt_lD2otewh2GnLpKQ0ErY.roa (raw, json)
Hash identifier:          L2oelXZf+GRgIXsRy9ECPN7TjmtT6+oi/FkpfMHJKvk=
Subject key identifier:   22:43:99:BC:BB:7F:94:3D:A8:B5:EC:21:D8:69:CB:A4:A4:34:12:B6
Certificate issuer:       /CN=53c35ca83fcdf71b244ed803ac468e1453d8268f
Certificate serial:       018CC8DF30EE62B21D7C6D2EA1D9EA81EC6F
Authority key identifier: 53:C3:5C:A8:3F:CD:F7:1B:24:4E:D8:03:AC:46:8E:14:53:D8:26:8F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/U8NcqD_N9xskTtgDrEaOFFPYJo8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a7/fef2e0-ba37-4812-95ad-411a2712164d/1/IkOZvLt_lD2otewh2GnLpKQ0ErY.roa
Signing time:             Tue 02 Jan 2024 06:31:59 +0000
ROA not before:           Tue 02 Jan 2024 06:31:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203647
IP address blocks:        2a12:e340::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a7/fef2e0-ba37-4812-95ad-411a2712164d/1/U8NcqD_N9xskTtgDrEaOFFPYJo8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a7/fef2e0-ba37-4812-95ad-411a2712164d/1/U8NcqD_N9xskTtgDrEaOFFPYJo8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/U8NcqD_N9xskTtgDrEaOFFPYJo8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 19 Jun 2024 06:01:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:30:ee:62:b2:1d:7c:6d:2e:a1:d9:ea:81:ec:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=53c35ca83fcdf71b244ed803ac468e1453d8268f
        Validity
            Not Before: Jan  2 06:31:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=224399bcbb7f943da8b5ec21d869cba4a43412b6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:06:e1:55:3a:fd:93:fc:b8:6c:6b:a3:c9:84:
                    e7:9c:77:a4:b3:97:ed:f8:2b:1d:e1:c0:dc:cf:b9:
                    51:55:73:5f:4c:51:32:bf:4d:f0:82:6c:f8:6e:21:
                    8c:a5:a8:00:c5:0c:e0:4a:7b:9c:67:b4:e3:2c:a0:
                    ae:b4:76:56:aa:f3:d6:f5:81:e9:68:32:fa:5e:85:
                    f6:a5:88:27:e3:02:ea:e7:96:c4:96:eb:da:f2:c6:
                    9d:44:54:5e:57:75:b4:0f:02:a0:87:98:61:0c:09:
                    3b:0c:2a:ed:91:47:76:53:1e:12:d6:4f:10:41:38:
                    c4:bf:bd:15:20:01:93:7f:ac:4b:3f:1e:e2:a5:5f:
                    d0:bc:f7:1d:9e:2f:98:7a:bb:5e:4a:17:8e:98:fc:
                    af:9e:3a:92:cb:45:32:30:28:f8:e1:3b:65:7c:fd:
                    ab:92:28:d0:7a:b6:c3:a0:11:be:0b:7c:59:d4:c0:
                    e0:4f:a8:fb:6b:8d:c3:44:df:d3:c0:4f:b0:82:8e:
                    82:00:11:01:8d:2e:c3:fd:2b:39:35:1e:4d:67:24:
                    cf:75:7d:a3:69:3f:d1:0a:8d:f1:3e:d1:eb:5c:f7:
                    b6:1f:51:e3:c9:70:b6:ee:14:8c:5d:d5:4a:d7:e9:
                    33:6a:fc:32:49:11:81:b7:d8:eb:b3:be:a5:ce:0b:
                    38:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:43:99:BC:BB:7F:94:3D:A8:B5:EC:21:D8:69:CB:A4:A4:34:12:B6
            X509v3 Authority Key Identifier:
                keyid:53:C3:5C:A8:3F:CD:F7:1B:24:4E:D8:03:AC:46:8E:14:53:D8:26:8F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/U8NcqD_N9xskTtgDrEaOFFPYJo8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/fef2e0-ba37-4812-95ad-411a2712164d/1/IkOZvLt_lD2otewh2GnLpKQ0ErY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/fef2e0-ba37-4812-95ad-411a2712164d/1/U8NcqD_N9xskTtgDrEaOFFPYJo8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:e340::/32

    Signature Algorithm: sha256WithRSAEncryption
         bc:cb:99:f4:ea:96:45:26:1b:88:66:04:10:b3:d5:1f:20:de:
         5f:0f:78:f7:e1:bf:9c:3d:34:31:a5:fa:5b:2c:55:f8:72:74:
         07:5b:36:75:a8:8a:d3:1c:45:80:76:21:b7:b4:4f:51:b0:6a:
         07:85:2b:eb:9e:98:5b:3d:0a:80:9d:a4:67:9b:0b:28:bb:87:
         3e:5c:77:c6:f7:86:c3:ba:c1:80:37:be:8a:62:3b:92:3f:99:
         91:11:b0:32:d6:3d:1f:44:54:d6:04:85:2c:26:ca:fd:83:43:
         3f:03:e8:7c:c8:6b:52:0a:b9:cd:8e:7e:e4:4a:db:97:13:1f:
         ba:e5:5a:81:95:80:4d:a9:4c:0d:34:2f:0e:20:85:04:ed:97:
         01:9a:5c:a3:11:74:ee:19:8f:13:d9:f7:02:3c:97:af:83:ce:
         5e:55:33:c5:bb:8a:bb:04:8e:ad:35:9a:71:f6:b4:b1:51:93:
         fa:08:52:95:a6:9d:f7:73:b8:2b:c8:00:7a:f3:3a:04:12:2e:
         44:8f:8f:a2:35:4b:47:3d:cd:53:44:41:25:25:99:81:04:12:
         fb:16:f5:06:17:21:06:1f:b8:b8:08:8c:ce:6c:d0:7f:c0:e1:
         b5:c6:5b:cf:fd:51:ee:b1:fc:ec:d2:8f:0c:3e:c9:b4:9d:ef:
         c0:b1:2e:4d
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzI3zDuYrIdfG0uodnqgexvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUzYzM1Y2E4M2ZjZGY3MWIyNDRlZDgwM2FjNDY4ZTE0NTNk
ODI2OGYwHhcNMjQwMTAyMDYzMTU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMjQzOTliY2JiN2Y5NDNkYThiNWVjMjFkODY5Y2JhNGE0MzQxMmI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuQbhVTr9k/y4bGujyYTnnHeks5ft
+Csd4cDcz7lRVXNfTFEyv03wgmz4biGMpagAxQzgSnucZ7TjLKCutHZWqvPW9YHp
aDL6XoX2pYgn4wLq55bEluva8sadRFReV3W0DwKgh5hhDAk7DCrtkUd2Ux4S1k8Q
QTjEv70VIAGTf6xLPx7ipV/QvPcdni+YerteSheOmPyvnjqSy0UyMCj44TtlfP2r
kijQerbDoBG+C3xZ1MDgT6j7a43DRN/TwE+wgo6CABEBjS7D/Ss5NR5NZyTPdX2j
aT/RCo3xPtHrXPe2H1HjyXC27hSMXdVK1+kzavwySRGBt9jrs76lzgs4HQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFCJDmby7f5Q9qLXsIdhpy6SkNBK2MB8GA1UdIwQY
MBaAFFPDXKg/zfcbJE7YA6xGjhRT2CaPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVThOY3FEX045eHNrVHRnRHJFYU9GRlBZSm84LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy9mZWYyZTAtYmEzNy00ODEyLTk1YWQt
NDExYTI3MTIxNjRkLzEvSWtPWnZMdF9sRDJvdGV3aDJHbkxwS1EwRXJZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy9mZWYyZTAtYmEzNy00ODEyLTk1YWQtNDExYTI3MTIxNjRk
LzEvVThOY3FEX045eHNrVHRnRHJFYU9GRlBZSm84LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhLjQDAN
BgkqhkiG9w0BAQsFAAOCAQEAvMuZ9OqWRSYbiGYEELPVHyDeXw949+G/nD00MaX6
WyxV+HJ0B1s2daiK0xxFgHYht7RPUbBqB4Ur656YWz0KgJ2kZ5sLKLuHPlx3xveG
w7rBgDe+imI7kj+ZkRGwMtY9H0RU1gSFLCbK/YNDPwPofMhrUgq5zY5+5ErblxMf
uuVagZWATalMDTQvDiCFBO2XAZpcoxF07hmPE9n3AjyXr4POXlUzxbuKuwSOrTWa
cfa0sVGT+ghSlaad93O4K8gAevM6BBIuRI+PojVLRz3NU0RBJSWZgQQS+xb1Bhch
Bh+4uAiMzmzQf8DhtcZbz/1R7rH87NKPDD7JtJ3vwLEuTQ==
-----END CERTIFICATE-----