Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/EIOqO6i0-JpoouTYNpU2cZv_w5Y.roa
File:                     EIOqO6i0-JpoouTYNpU2cZv_w5Y.roa (raw, json)
Hash identifier:          RPMGg9+I+30o8R+3Qn9cp79U2rguGE+TRi6n/eMv0gk=
Subject key identifier:   10:83:AA:3B:A8:B4:F8:9A:68:A2:E4:D8:36:95:36:71:9B:FF:C3:96
Certificate issuer:       /CN=4a644c1156851803f37adeec0876ccf989d5aef0
Certificate serial:       018CC2DB005D3ED2BEEA98F0B256F26AE64A
Authority key identifier: 4A:64:4C:11:56:85:18:03:F3:7A:DE:EC:08:76:CC:F9:89:D5:AE:F0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SmRMEVaFGAPzet7sCHbM-YnVrvA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/EIOqO6i0-JpoouTYNpU2cZv_w5Y.roa
Signing time:             Mon 01 Jan 2024 02:29:41 +0000
ROA not before:           Mon 01 Jan 2024 02:29:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205413
IP address blocks:        2a0f:5707:caca::/48 maxlen: 48
                          2a0f:5707:ca00::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/SmRMEVaFGAPzet7sCHbM-YnVrvA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/SmRMEVaFGAPzet7sCHbM-YnVrvA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SmRMEVaFGAPzet7sCHbM-YnVrvA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 17:00:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:00:5d:3e:d2:be:ea:98:f0:b2:56:f2:6a:e6:4a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4a644c1156851803f37adeec0876ccf989d5aef0
        Validity
            Not Before: Jan  1 02:29:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1083aa3ba8b4f89a68a2e4d8369536719bffc396
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:44:59:71:36:f2:03:74:4e:3b:fa:75:5e:3c:
                    b6:7a:e3:6a:5f:21:5e:7b:21:4f:ed:3a:a7:b2:55:
                    95:09:4b:a0:b4:b9:ed:ab:f4:0e:e6:76:59:3c:7a:
                    f5:5d:3c:d5:e8:db:37:a4:b6:01:5a:fc:ab:ab:ba:
                    9e:4e:fd:c5:62:30:b1:5a:d9:d8:ec:6d:fe:92:bb:
                    4c:29:6e:a2:0a:5c:45:03:32:a5:b9:3a:87:07:f1:
                    b8:aa:f2:cc:b9:26:63:20:29:9e:7b:6e:d3:6a:a4:
                    b7:5c:31:18:1e:fe:72:1b:90:3f:d4:e8:25:62:be:
                    14:ff:c3:6a:20:1b:c8:af:2f:a1:70:e4:6d:7f:8c:
                    2e:eb:55:f7:aa:30:b0:f1:0f:83:34:29:77:7a:a1:
                    56:22:9f:f2:e5:ae:c7:e4:55:f4:cd:4f:ac:fe:b8:
                    f1:65:ae:07:69:ad:96:88:4a:cc:25:67:48:12:35:
                    53:a7:bf:5e:70:7c:96:3d:10:03:71:a8:40:ac:50:
                    09:be:64:a0:b7:f8:83:94:7e:32:95:28:27:21:66:
                    74:74:81:1d:45:73:ad:1f:8e:b2:3b:df:24:79:d1:
                    c5:6c:b4:f4:1d:43:0a:ac:70:30:bf:e8:87:2a:b6:
                    2d:cb:48:31:a1:07:b7:06:d3:f3:78:81:49:7c:07:
                    fc:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                10:83:AA:3B:A8:B4:F8:9A:68:A2:E4:D8:36:95:36:71:9B:FF:C3:96
            X509v3 Authority Key Identifier:
                keyid:4A:64:4C:11:56:85:18:03:F3:7A:DE:EC:08:76:CC:F9:89:D5:AE:F0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SmRMEVaFGAPzet7sCHbM-YnVrvA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/EIOqO6i0-JpoouTYNpU2cZv_w5Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/SmRMEVaFGAPzet7sCHbM-YnVrvA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:5707:ca00::/44
                  2a0f:5707:caca::/48

    Signature Algorithm: sha256WithRSAEncryption
         91:69:b4:be:a6:16:f8:f3:bf:ef:c3:7b:a1:41:9c:c4:70:7d:
         5b:ef:5b:43:05:c0:f4:67:3e:01:6a:7e:cf:20:73:35:0b:f4:
         82:a4:64:29:eb:ac:8d:f8:63:59:5f:33:b8:48:38:af:e2:c1:
         9d:15:98:0f:6f:c1:58:41:8f:64:17:92:39:94:b7:b0:e0:dc:
         a4:a2:91:60:32:82:64:66:a5:47:91:c5:8e:89:ed:e6:d8:64:
         80:e0:4e:e6:af:93:e8:7f:d5:7c:e7:f5:01:fe:35:a2:46:16:
         3d:48:44:f1:58:39:ff:bd:f8:94:4a:04:63:4a:94:d7:d8:6f:
         bb:3b:38:66:f7:60:7c:55:b3:08:c4:a2:f2:7e:67:97:f7:0d:
         b3:b3:2f:7f:23:23:8b:d2:1e:5a:71:1f:ce:95:aa:b4:52:fd:
         17:9b:ee:51:aa:2f:0d:14:0e:96:11:25:3f:d2:7f:7a:53:db:
         dc:dd:d7:bc:66:3a:65:05:3a:5a:ae:af:0d:9c:c2:e7:f1:39:
         7e:44:b6:a1:76:bc:49:a7:12:91:7f:42:32:8f:8f:c0:1d:fd:
         e2:69:65:3c:6b:27:39:aa:cf:7a:b0:3a:12:3a:ac:1c:23:26:
         3e:43:09:c6:27:b0:ab:aa:5a:88:e8:74:01:0e:5d:41:3c:41:
         20:dd:21:50
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzC2wBdPtK+6pjwslbyauZKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRhNjQ0YzExNTY4NTE4MDNmMzdhZGVlYzA4NzZjY2Y5ODlk
NWFlZjAwHhcNMjQwMTAxMDIyOTQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMDgzYWEzYmE4YjRmODlhNjhhMmU0ZDgzNjk1MzY3MTliZmZjMzk2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl0RZcTbyA3ROO/p1Xjy2euNqXyFe
eyFP7TqnslWVCUugtLntq/QO5nZZPHr1XTzV6Ns3pLYBWvyrq7qeTv3FYjCxWtnY
7G3+krtMKW6iClxFAzKluTqHB/G4qvLMuSZjICmee27TaqS3XDEYHv5yG5A/1Ogl
Yr4U/8NqIBvIry+hcORtf4wu61X3qjCw8Q+DNCl3eqFWIp/y5a7H5FX0zU+s/rjx
Za4Haa2WiErMJWdIEjVTp79ecHyWPRADcahArFAJvmSgt/iDlH4ylSgnIWZ0dIEd
RXOtH46yO98kedHFbLT0HUMKrHAwv+iHKrYty0gxoQe3BtPzeIFJfAf8owIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFBCDqjuotPiaaKLk2DaVNnGb/8OWMB8GA1UdIwQY
MBaAFEpkTBFWhRgD83re7Ah2zPmJ1a7wMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU21STUVWYUZHQVB6ZXQ3c0NIYk0tWW5WcnZBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOS82YjA3OTgtM2Q0Zi00MGU2LWI3Mzkt
Y2MxYzliNWY2NjQwLzEvRUlPcU82aTAtSnBvb3VUWU5wVTJjWnZfdzVZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOS82YjA3OTgtM2Q0Zi00MGU2LWI3MzktY2MxYzliNWY2NjQw
LzEvU21STUVWYUZHQVB6ZXQ3c0NIYk0tWW5WcnZBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcEKg9XB8oA
AwcAKg9XB8rKMA0GCSqGSIb3DQEBCwUAA4IBAQCRabS+phb487/vw3uhQZzEcH1b
71tDBcD0Zz4Ban7PIHM1C/SCpGQp66yN+GNZXzO4SDiv4sGdFZgPb8FYQY9kF5I5
lLew4NykopFgMoJkZqVHkcWOie3m2GSA4E7mr5Pof9V85/UB/jWiRhY9SETxWDn/
vfiUSgRjSpTX2G+7Ozhm92B8VbMIxKLyfmeX9w2zsy9/IyOL0h5acR/Olaq0Uv0X
m+5Rqi8NFA6WESU/0n96U9vc3de8ZjplBTparq8NnMLn8Tl+RLahdrxJpxKRf0Iy
j4/AHf3iaWU8ayc5qs96sDoSOqwcIyY+QwnGJ7CrqlqI6HQBDl1BPEEg3SFQ
-----END CERTIFICATE-----