Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/8CYdn0zyo8OVv9oHa4IgrkfKrH0.roa
File:                     8CYdn0zyo8OVv9oHa4IgrkfKrH0.roa (raw, json)
Hash identifier:          JvqKRHO1LEmYVZTXz5jyjMtt0KZPAQpI2syi06L/TJ4=
Subject key identifier:   F0:26:1D:9F:4C:F2:A3:C3:95:BF:DA:07:6B:82:20:AE:47:CA:AC:7D
Certificate issuer:       /CN=4a644c1156851803f37adeec0876ccf989d5aef0
Certificate serial:       018CC2DB083AD0FCFEFCA2DCDE9600959F42
Authority key identifier: 4A:64:4C:11:56:85:18:03:F3:7A:DE:EC:08:76:CC:F9:89:D5:AE:F0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SmRMEVaFGAPzet7sCHbM-YnVrvA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/8CYdn0zyo8OVv9oHa4IgrkfKrH0.roa
Signing time:             Mon 01 Jan 2024 02:29:43 +0000
ROA not before:           Mon 01 Jan 2024 02:29:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210633
IP address blocks:        2a0f:5707:b130::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/SmRMEVaFGAPzet7sCHbM-YnVrvA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/SmRMEVaFGAPzet7sCHbM-YnVrvA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SmRMEVaFGAPzet7sCHbM-YnVrvA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:08:3a:d0:fc:fe:fc:a2:dc:de:96:00:95:9f:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4a644c1156851803f37adeec0876ccf989d5aef0
        Validity
            Not Before: Jan  1 02:29:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f0261d9f4cf2a3c395bfda076b8220ae47caac7d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:90:42:80:c9:02:6a:a6:89:af:a7:a7:0e:49:
                    44:46:78:37:3e:ee:92:66:78:bf:85:ce:78:12:d5:
                    16:79:97:4f:d7:95:dd:9c:f1:3a:44:9e:a3:84:a8:
                    54:71:35:f7:35:48:b5:08:00:05:ca:d8:68:29:18:
                    88:5d:7e:0e:54:6f:2a:e9:19:22:15:87:39:3f:06:
                    80:4b:ed:fa:86:dc:43:5c:95:b7:78:4e:e5:25:c8:
                    fc:d9:40:f0:fe:82:5e:63:9f:a8:d5:c2:f5:44:49:
                    47:4a:3b:70:bc:4d:c9:08:ce:a1:19:8b:d2:ba:2c:
                    99:6c:76:fa:9c:e6:c3:41:27:7e:d6:1a:1e:fa:5a:
                    64:d2:cb:9c:92:8a:55:38:78:6d:99:ce:68:04:8b:
                    da:79:20:75:4d:4a:da:b6:8a:2b:f2:10:09:9b:ca:
                    aa:90:63:93:3f:04:11:36:a3:1f:ea:fc:1b:d4:63:
                    a1:d5:e9:d3:51:a1:61:fc:78:d9:b9:e1:30:f4:3a:
                    05:ba:22:32:a7:67:cf:8c:17:cf:b8:5a:b4:34:38:
                    27:6e:b4:47:51:9e:10:a1:93:76:33:94:ed:cc:38:
                    b7:80:bc:84:db:78:5c:ac:0f:b5:44:d1:85:00:1f:
                    d2:58:ad:4c:57:c3:30:39:c8:5d:8e:7e:46:db:57:
                    4d:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:26:1D:9F:4C:F2:A3:C3:95:BF:DA:07:6B:82:20:AE:47:CA:AC:7D
            X509v3 Authority Key Identifier:
                keyid:4A:64:4C:11:56:85:18:03:F3:7A:DE:EC:08:76:CC:F9:89:D5:AE:F0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SmRMEVaFGAPzet7sCHbM-YnVrvA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/8CYdn0zyo8OVv9oHa4IgrkfKrH0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/SmRMEVaFGAPzet7sCHbM-YnVrvA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:5707:b130::/44

    Signature Algorithm: sha256WithRSAEncryption
         75:4e:f2:82:45:28:f0:df:92:4e:6e:e6:4f:cc:89:f9:ed:9e:
         93:d4:f9:62:01:dd:48:b8:ae:a6:5a:51:71:4c:fa:70:17:0d:
         8c:56:2e:9d:29:01:26:a9:9e:4c:8c:22:5f:79:81:5c:08:1d:
         00:1c:d4:ac:19:bb:80:3b:33:52:b7:5c:a5:f0:07:4a:57:60:
         d4:7d:42:9b:91:c5:cf:46:5a:c9:6a:99:a3:18:4b:6b:98:65:
         03:68:f1:e7:66:40:eb:42:7c:ad:28:5d:1f:f0:9b:c4:06:44:
         dc:33:8b:cd:43:00:c3:dd:8b:e7:af:76:16:e1:2b:e3:fa:91:
         84:e7:93:55:25:48:b5:bd:c3:b3:e7:29:56:9c:21:43:4f:e2:
         9c:92:5b:e1:94:1a:52:79:29:ca:ed:6b:c7:d9:e2:59:74:85:
         2e:a4:60:9c:a5:86:a4:a5:e1:b7:2e:12:29:6c:c3:72:03:4a:
         3b:b0:3b:71:59:cd:82:13:94:13:3c:dc:ff:59:c9:4e:13:f4:
         84:c9:05:de:e4:88:71:da:a6:1c:fa:97:e2:b4:fe:8b:9e:8f:
         5c:8c:29:83:0f:0d:f3:c5:ec:80:a6:9f:cc:bf:75:71:c7:3b:
         56:f8:60:69:37:81:55:e4:11:96:4e:61:36:80:ae:ad:3c:0f:
         93:10:9a:9a
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzC2wg60Pz+/KLc3pYAlZ9CMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRhNjQ0YzExNTY4NTE4MDNmMzdhZGVlYzA4NzZjY2Y5ODlk
NWFlZjAwHhcNMjQwMTAxMDIyOTQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMDI2MWQ5ZjRjZjJhM2MzOTViZmRhMDc2YjgyMjBhZTQ3Y2FhYzdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgpBCgMkCaqaJr6enDklERng3Pu6S
Zni/hc54EtUWeZdP15XdnPE6RJ6jhKhUcTX3NUi1CAAFythoKRiIXX4OVG8q6Rki
FYc5PwaAS+36htxDXJW3eE7lJcj82UDw/oJeY5+o1cL1RElHSjtwvE3JCM6hGYvS
uiyZbHb6nObDQSd+1hoe+lpk0suckopVOHhtmc5oBIvaeSB1TUratoor8hAJm8qq
kGOTPwQRNqMf6vwb1GOh1enTUaFh/HjZueEw9DoFuiIyp2fPjBfPuFq0NDgnbrRH
UZ4QoZN2M5TtzDi3gLyE23hcrA+1RNGFAB/SWK1MV8MwOchdjn5G21dNSwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFPAmHZ9M8qPDlb/aB2uCIK5Hyqx9MB8GA1UdIwQY
MBaAFEpkTBFWhRgD83re7Ah2zPmJ1a7wMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU21STUVWYUZHQVB6ZXQ3c0NIYk0tWW5WcnZBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOS82YjA3OTgtM2Q0Zi00MGU2LWI3Mzkt
Y2MxYzliNWY2NjQwLzEvOENZZG4wenlvOE9WdjlvSGE0SWdya2ZLckgwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOS82YjA3OTgtM2Q0Zi00MGU2LWI3MzktY2MxYzliNWY2NjQw
LzEvU21STUVWYUZHQVB6ZXQ3c0NIYk0tWW5WcnZBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg9XB7Ew
MA0GCSqGSIb3DQEBCwUAA4IBAQB1TvKCRSjw35JObuZPzIn57Z6T1PliAd1IuK6m
WlFxTPpwFw2MVi6dKQEmqZ5MjCJfeYFcCB0AHNSsGbuAOzNSt1yl8AdKV2DUfUKb
kcXPRlrJapmjGEtrmGUDaPHnZkDrQnytKF0f8JvEBkTcM4vNQwDD3Yvnr3YW4Svj
+pGE55NVJUi1vcOz5ylWnCFDT+KcklvhlBpSeSnK7WvH2eJZdIUupGCcpYakpeG3
LhIpbMNyA0o7sDtxWc2CE5QTPNz/WclOE/SEyQXe5Ihx2qYc+pfitP6Lno9cjCmD
Dw3zxeyApp/Mv3VxxztW+GBpN4FV5BGWTmE2gK6tPA+TEJqa
-----END CERTIFICATE-----