Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/Gq2Y9NzbMMPdk4zOc2zV3xs025U.roa
File:                     Gq2Y9NzbMMPdk4zOc2zV3xs025U.roa (raw, json)
Hash identifier:          7hv8tTZCMAFAKnrnxVaU+1rEGTNSsP24X43HNiH9+1g=
Subject key identifier:   1A:AD:98:F4:DC:DB:30:C3:DD:93:8C:CE:73:6C:D5:DF:1B:34:DB:95
Certificate issuer:       /CN=4a644c1156851803f37adeec0876ccf989d5aef0
Certificate serial:       018CC2DB0D49AEF95B714A18469E204B552E
Authority key identifier: 4A:64:4C:11:56:85:18:03:F3:7A:DE:EC:08:76:CC:F9:89:D5:AE:F0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SmRMEVaFGAPzet7sCHbM-YnVrvA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/Gq2Y9NzbMMPdk4zOc2zV3xs025U.roa
Signing time:             Mon 01 Jan 2024 02:29:44 +0000
ROA not before:           Mon 01 Jan 2024 02:29:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213377
IP address blocks:        2a0f:5707:aa70::/44 maxlen: 44

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/SmRMEVaFGAPzet7sCHbM-YnVrvA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/SmRMEVaFGAPzet7sCHbM-YnVrvA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SmRMEVaFGAPzet7sCHbM-YnVrvA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:0d:49:ae:f9:5b:71:4a:18:46:9e:20:4b:55:2e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4a644c1156851803f37adeec0876ccf989d5aef0
        Validity
            Not Before: Jan  1 02:29:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1aad98f4dcdb30c3dd938cce736cd5df1b34db95
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:e0:b0:16:f2:ba:d9:fa:93:31:b0:d0:45:ec:
                    58:21:d5:c3:c0:1a:15:49:fb:ee:91:d8:56:7d:3e:
                    4a:99:94:b8:f9:b8:7c:04:f7:19:b9:be:0a:12:0b:
                    10:1c:95:ee:e3:e2:c3:3e:ef:56:47:52:fe:30:4d:
                    83:20:7a:2c:01:ff:28:8c:07:bd:d7:89:77:a7:b5:
                    72:87:60:96:85:cb:ca:2d:fb:70:d2:ed:08:bf:96:
                    ff:56:0e:e6:8a:27:fb:ab:f4:a9:5f:25:dc:90:3d:
                    b4:71:33:24:1f:5d:f4:76:9b:ab:86:2c:31:92:42:
                    e2:06:fc:f1:a0:9a:3d:88:07:3e:93:f5:24:69:de:
                    98:0e:8b:63:d0:41:63:dc:f2:eb:01:c1:82:e5:ba:
                    61:65:6e:b8:44:b9:43:11:26:9f:e1:d8:0a:b3:4c:
                    4f:b3:50:25:3d:91:ee:9d:39:d0:3d:a9:c3:6f:7f:
                    fc:53:05:25:d1:81:1c:51:46:17:b6:94:3a:45:47:
                    83:42:ee:73:ff:26:3a:f6:45:ef:89:90:42:08:34:
                    6b:42:d4:8c:0d:27:31:af:2c:0f:ac:27:39:ad:08:
                    9e:97:fd:ee:df:b9:ae:b3:8e:c8:6e:7b:3a:c2:f8:
                    22:e1:22:46:76:c2:f1:81:ff:77:60:98:c3:e4:7f:
                    bf:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:AD:98:F4:DC:DB:30:C3:DD:93:8C:CE:73:6C:D5:DF:1B:34:DB:95
            X509v3 Authority Key Identifier:
                keyid:4A:64:4C:11:56:85:18:03:F3:7A:DE:EC:08:76:CC:F9:89:D5:AE:F0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SmRMEVaFGAPzet7sCHbM-YnVrvA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/Gq2Y9NzbMMPdk4zOc2zV3xs025U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/SmRMEVaFGAPzet7sCHbM-YnVrvA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:5707:aa70::/44

    Signature Algorithm: sha256WithRSAEncryption
         6a:8b:12:69:cd:d1:0d:1e:19:7b:4d:84:83:53:9a:0d:47:a2:
         b9:71:d0:04:da:67:01:f7:c1:fa:e1:83:a2:aa:32:bf:b6:8b:
         9e:dc:85:50:10:80:7f:c5:d2:2a:ac:58:c2:a7:0a:85:0f:6e:
         5e:6d:22:b8:69:4e:7c:92:07:f6:1b:7c:9e:09:0b:a2:d7:b3:
         6f:26:0f:71:31:8d:8a:fa:e2:56:77:fd:00:df:c6:0f:2a:b5:
         57:af:bb:3b:7b:a6:0c:f1:77:8b:87:98:2d:aa:bf:25:76:83:
         fd:8c:24:60:e7:60:02:6f:15:a9:5a:47:d7:05:85:5b:7f:d6:
         9d:a7:4f:d6:dc:eb:57:c1:c9:13:95:d7:3d:71:ed:77:5b:b7:
         10:66:c9:ee:e4:ab:dc:49:25:13:9a:d5:a5:8c:8d:44:4c:62:
         54:d9:96:ed:3a:bc:ad:40:8b:cf:c0:4c:bb:0c:b6:c8:67:c2:
         98:e0:a4:a7:b6:dd:19:2f:ba:05:8d:95:f9:3d:96:4c:d5:cf:
         b0:8e:ee:b3:c0:77:c1:7c:69:3f:0a:fe:b4:72:98:3e:1b:10:
         4c:18:e5:da:86:43:a6:e9:e4:e1:9c:cd:49:b2:37:c7:8c:f4:
         31:37:2d:02:31:25:05:b6:ed:12:56:92:8e:75:2e:34:4e:8b:
         a0:cf:26:4b
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzC2w1JrvlbcUoYRp4gS1UuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRhNjQ0YzExNTY4NTE4MDNmMzdhZGVlYzA4NzZjY2Y5ODlk
NWFlZjAwHhcNMjQwMTAxMDIyOTQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYWFkOThmNGRjZGIzMGMzZGQ5MzhjY2U3MzZjZDVkZjFiMzRkYjk1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAieCwFvK62fqTMbDQRexYIdXDwBoV
SfvukdhWfT5KmZS4+bh8BPcZub4KEgsQHJXu4+LDPu9WR1L+ME2DIHosAf8ojAe9
14l3p7Vyh2CWhcvKLftw0u0Iv5b/Vg7miif7q/SpXyXckD20cTMkH130dpurhiwx
kkLiBvzxoJo9iAc+k/Ukad6YDotj0EFj3PLrAcGC5bphZW64RLlDESaf4dgKs0xP
s1AlPZHunTnQPanDb3/8UwUl0YEcUUYXtpQ6RUeDQu5z/yY69kXviZBCCDRrQtSM
DScxrywPrCc5rQiel/3u37mus47Ibns6wvgi4SJGdsLxgf93YJjD5H+/QwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFBqtmPTc2zDD3ZOMznNs1d8bNNuVMB8GA1UdIwQY
MBaAFEpkTBFWhRgD83re7Ah2zPmJ1a7wMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU21STUVWYUZHQVB6ZXQ3c0NIYk0tWW5WcnZBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOS82YjA3OTgtM2Q0Zi00MGU2LWI3Mzkt
Y2MxYzliNWY2NjQwLzEvR3EyWTlOemJNTVBkazR6T2MyelYzeHMwMjVVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOS82YjA3OTgtM2Q0Zi00MGU2LWI3MzktY2MxYzliNWY2NjQw
LzEvU21STUVWYUZHQVB6ZXQ3c0NIYk0tWW5WcnZBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg9XB6pw
MA0GCSqGSIb3DQEBCwUAA4IBAQBqixJpzdENHhl7TYSDU5oNR6K5cdAE2mcB98H6
4YOiqjK/toue3IVQEIB/xdIqrFjCpwqFD25ebSK4aU58kgf2G3yeCQui17NvJg9x
MY2K+uJWd/0A38YPKrVXr7s7e6YM8XeLh5gtqr8ldoP9jCRg52ACbxWpWkfXBYVb
f9adp0/W3OtXwckTldc9ce13W7cQZsnu5KvcSSUTmtWljI1ETGJU2ZbtOrytQIvP
wEy7DLbIZ8KY4KSntt0ZL7oFjZX5PZZM1c+wju6zwHfBfGk/Cv60cpg+GxBMGOXa
hkOm6eThnM1JsjfHjPQxNy0CMSUFtu0SVpKOdS40TougzyZL
-----END CERTIFICATE-----