Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a8/a7068a-92ba-42ea-9966-2054d4e903bc/1/gMywK8GBuS7t0WWwYty--_URnzc.roa
File:                     gMywK8GBuS7t0WWwYty--_URnzc.roa (raw, json)
Hash identifier:          I92p/GLjO70SE43OmT0vbKApelAzF86kJFdC4R6AtaA=
Subject key identifier:   80:CC:B0:2B:C1:81:B9:2E:ED:D1:65:B0:62:DC:BE:FB:F5:11:9F:37
Certificate issuer:       /CN=b2e448b4a08f0e4c58a283d80735a8a803e10d4e
Certificate serial:       018CC26D83A945FEAF0D7728A6A94D73B1FA
Authority key identifier: B2:E4:48:B4:A0:8F:0E:4C:58:A2:83:D8:07:35:A8:A8:03:E1:0D:4E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/suRItKCPDkxYooPYBzWoqAPhDU4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a8/a7068a-92ba-42ea-9966-2054d4e903bc/1/gMywK8GBuS7t0WWwYty--_URnzc.roa
Signing time:             Mon 01 Jan 2024 00:30:06 +0000
ROA not before:           Mon 01 Jan 2024 00:30:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44628
IP address blocks:        2a00:1908:faca::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a8/a7068a-92ba-42ea-9966-2054d4e903bc/1/suRItKCPDkxYooPYBzWoqAPhDU4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a8/a7068a-92ba-42ea-9966-2054d4e903bc/1/suRItKCPDkxYooPYBzWoqAPhDU4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/suRItKCPDkxYooPYBzWoqAPhDU4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 01:00:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:83:a9:45:fe:af:0d:77:28:a6:a9:4d:73:b1:fa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b2e448b4a08f0e4c58a283d80735a8a803e10d4e
        Validity
            Not Before: Jan  1 00:30:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=80ccb02bc181b92eedd165b062dcbefbf5119f37
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:c0:ed:46:6c:32:4d:d3:e0:c5:51:ed:cf:58:
                    d5:9c:18:9b:0c:b6:05:39:77:7e:a3:9b:3a:d2:70:
                    b4:b5:9c:7f:79:69:f8:ce:4d:14:0e:94:e5:b5:c3:
                    af:4d:a8:7a:d6:e4:67:ac:f7:8c:03:27:dc:ab:0a:
                    f3:5f:14:a5:a2:e1:36:63:c7:38:dc:09:58:c0:7d:
                    ab:7f:10:ab:44:49:f2:17:e1:86:21:70:fc:80:bf:
                    09:9b:53:8b:f6:11:32:66:4c:ee:c6:4b:68:9a:76:
                    56:72:3c:b6:c0:7f:b7:45:bd:23:ee:98:fa:2e:0e:
                    34:5c:9b:0d:e5:95:e6:de:1c:44:c1:8d:df:ab:5f:
                    3e:82:36:04:c8:e6:27:b4:95:1b:9f:75:4f:ba:93:
                    94:8b:09:46:49:f5:3d:50:2e:35:6a:f2:03:39:20:
                    fa:da:9b:65:11:fb:30:1a:b0:5b:2f:5c:67:5a:6b:
                    bb:1d:b5:57:43:f1:ab:62:02:76:c1:e7:5b:7a:5d:
                    21:da:fd:a3:be:18:d2:fc:e7:20:97:44:29:c9:b0:
                    d1:83:bc:59:56:14:ae:ef:25:cb:ac:3e:91:bf:eb:
                    ca:76:9e:1b:79:7d:a6:be:f9:ec:59:2e:1b:74:57:
                    3b:f3:bf:14:e6:52:eb:76:6f:03:26:c5:0c:4f:97:
                    d2:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                80:CC:B0:2B:C1:81:B9:2E:ED:D1:65:B0:62:DC:BE:FB:F5:11:9F:37
            X509v3 Authority Key Identifier:
                keyid:B2:E4:48:B4:A0:8F:0E:4C:58:A2:83:D8:07:35:A8:A8:03:E1:0D:4E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/suRItKCPDkxYooPYBzWoqAPhDU4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/a7068a-92ba-42ea-9966-2054d4e903bc/1/gMywK8GBuS7t0WWwYty--_URnzc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/a7068a-92ba-42ea-9966-2054d4e903bc/1/suRItKCPDkxYooPYBzWoqAPhDU4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a00:1908:faca::/48

    Signature Algorithm: sha256WithRSAEncryption
         04:ba:80:ad:ea:55:aa:57:b5:d4:a6:32:f7:01:e9:68:1f:06:
         5c:a2:2e:14:8b:2a:15:0f:82:88:c7:2b:1a:5b:8f:e4:b5:ff:
         c4:7e:3d:3a:02:f4:31:4a:ec:90:1d:50:7e:bf:eb:4a:2a:3f:
         35:0c:98:53:04:30:8b:eb:a6:79:4f:ac:8e:43:5b:50:cc:20:
         80:3c:0d:a8:a7:96:e2:94:3c:3b:a0:37:fa:21:7b:43:be:44:
         de:02:9f:8a:5c:3b:f5:dd:fb:11:e2:3c:28:2c:88:04:d0:88:
         39:a1:79:bf:9e:b9:ab:72:1e:08:fd:5f:d7:8b:af:3d:e7:b5:
         58:76:2f:5f:6b:71:28:fd:59:aa:f4:02:72:45:47:d4:43:6f:
         8e:60:b3:ab:ca:f9:28:c5:f5:7c:0a:2e:e2:3c:9f:8f:fe:b8:
         fc:9b:52:c7:63:37:ae:96:31:ef:7d:82:80:56:50:9a:38:9b:
         1a:14:92:01:3a:b8:29:68:b7:5e:bf:f7:df:ef:49:e7:5b:51:
         96:8f:b7:3a:e7:a8:cc:01:c9:09:5b:f4:3b:cd:9b:5f:eb:0e:
         72:32:07:71:b0:a9:2c:f4:a4:27:ab:09:78:bf:c8:be:56:ea:
         bb:ff:09:c5:52:8b:bb:8f:ac:64:a8:fb:13:50:ea:65:36:18:
         d4:65:d3:47
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzCbYOpRf6vDXcopqlNc7H6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIyZTQ0OGI0YTA4ZjBlNGM1OGEyODNkODA3MzVhOGE4MDNl
MTBkNGUwHhcNMjQwMTAxMDAzMDA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MGNjYjAyYmMxODFiOTJlZWRkMTY1YjA2MmRjYmVmYmY1MTE5ZjM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAucDtRmwyTdPgxVHtz1jVnBibDLYF
OXd+o5s60nC0tZx/eWn4zk0UDpTltcOvTah61uRnrPeMAyfcqwrzXxSlouE2Y8c4
3AlYwH2rfxCrREnyF+GGIXD8gL8Jm1OL9hEyZkzuxktomnZWcjy2wH+3Rb0j7pj6
Lg40XJsN5ZXm3hxEwY3fq18+gjYEyOYntJUbn3VPupOUiwlGSfU9UC41avIDOSD6
2ptlEfswGrBbL1xnWmu7HbVXQ/GrYgJ2wedbel0h2v2jvhjS/Ocgl0QpybDRg7xZ
VhSu7yXLrD6Rv+vKdp4beX2mvvnsWS4bdFc7878U5lLrdm8DJsUMT5fSqwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFIDMsCvBgbku7dFlsGLcvvv1EZ83MB8GA1UdIwQY
MBaAFLLkSLSgjw5MWKKD2Ac1qKgD4Q1OMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc3VSSXRLQ1BEa3hZb29QWUJ6V29xQVBoRFU0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOC9hNzA2OGEtOTJiYS00MmVhLTk5NjYt
MjA1NGQ0ZTkwM2JjLzEvZ015d0s4R0J1Uzd0MFdXd1l0eS0tX1VSbnpjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOC9hNzA2OGEtOTJiYS00MmVhLTk5NjYtMjA1NGQ0ZTkwM2Jj
LzEvc3VSSXRLQ1BEa3hZb29QWUJ6V29xQVBoRFU0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgAZCPrK
MA0GCSqGSIb3DQEBCwUAA4IBAQAEuoCt6lWqV7XUpjL3AeloHwZcoi4UiyoVD4KI
xysaW4/ktf/Efj06AvQxSuyQHVB+v+tKKj81DJhTBDCL66Z5T6yOQ1tQzCCAPA2o
p5bilDw7oDf6IXtDvkTeAp+KXDv13fsR4jwoLIgE0Ig5oXm/nrmrch4I/V/Xi689
57VYdi9fa3Eo/Vmq9AJyRUfUQ2+OYLOryvkoxfV8Ci7iPJ+P/rj8m1LHYzeuljHv
fYKAVlCaOJsaFJIBOrgpaLdev/ff70nnW1GWj7c656jMAckJW/Q7zZtf6w5yMgdx
sKks9KQnqwl4v8i+Vuq7/wnFUou7j6xkqPsTUOplNhjUZdNH
-----END CERTIFICATE-----