Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ad/979296-ef7a-4bac-8c15-67771359a2b3/1/BeXILkXb1WfJiV1XZIMafDdt0g4.roa
File:                     BeXILkXb1WfJiV1XZIMafDdt0g4.roa (raw, json)
Hash identifier:          METyn6pfRbiAcAegPEmWPmyK6uvX8YEtt4IffjKeRnk=
Subject key identifier:   05:E5:C8:2E:45:DB:D5:67:C9:89:5D:57:64:83:1A:7C:37:6D:D2:0E
Certificate issuer:       /CN=20c5ee02d2e05861dd906fe06b3844f04d378c73
Certificate serial:       01919364CD2CBB940B5E730296B380D3A945
Authority key identifier: 20:C5:EE:02:D2:E0:58:61:DD:90:6F:E0:6B:38:44:F0:4D:37:8C:73
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IMXuAtLgWGHdkG_gazhE8E03jHM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ad/979296-ef7a-4bac-8c15-67771359a2b3/1/BeXILkXb1WfJiV1XZIMafDdt0g4.roa
Signing time:             Tue 27 Aug 2024 10:32:22 +0000
ROA not before:           Tue 27 Aug 2024 10:32:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60337
IP address blocks:        2a0a:7d80:1001::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ad/979296-ef7a-4bac-8c15-67771359a2b3/1/IMXuAtLgWGHdkG_gazhE8E03jHM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ad/979296-ef7a-4bac-8c15-67771359a2b3/1/IMXuAtLgWGHdkG_gazhE8E03jHM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IMXuAtLgWGHdkG_gazhE8E03jHM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:93:64:cd:2c:bb:94:0b:5e:73:02:96:b3:80:d3:a9:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=20c5ee02d2e05861dd906fe06b3844f04d378c73
        Validity
            Not Before: Aug 27 10:32:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=05e5c82e45dbd567c9895d5764831a7c376dd20e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:45:5e:49:64:55:6a:ef:9c:62:fb:19:f3:4e:
                    ea:4c:9b:c1:2e:9d:61:be:70:1f:fe:64:16:cf:49:
                    42:6d:4a:6c:e3:4c:67:e6:8e:d6:65:51:9f:55:00:
                    16:88:26:15:40:a7:51:ec:64:7d:70:cd:be:c4:ad:
                    f0:db:ab:8c:80:6d:c8:33:39:77:49:48:ee:e2:48:
                    5f:a4:e5:94:ac:7d:0a:33:03:a7:0e:c8:cb:1c:2a:
                    84:d7:95:66:cc:11:f1:38:29:de:1e:a7:23:eb:cc:
                    54:23:de:d8:be:02:12:3c:d4:fd:cd:cb:69:3e:a4:
                    48:89:52:f5:22:1d:ee:9d:04:23:e3:66:9e:48:5b:
                    b2:94:56:c5:62:26:c2:de:f6:54:9e:8b:33:df:bc:
                    75:05:2f:e0:a6:ec:c5:92:86:3b:00:3e:9d:a3:80:
                    eb:5b:c8:16:42:5b:64:bb:49:1c:66:2d:9c:51:10:
                    76:01:bf:32:dc:81:f0:64:56:2d:a4:cd:2f:11:25:
                    24:d0:ea:34:c6:77:62:6a:3e:02:5b:f0:95:53:d6:
                    11:90:39:6f:17:79:14:6d:6c:c2:ce:ac:d1:3f:ca:
                    3e:e4:f9:fe:8f:ff:36:be:d5:0e:04:b2:05:b3:e5:
                    08:94:b0:dc:ad:c0:b2:a0:83:cf:7b:16:75:70:f2:
                    78:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:E5:C8:2E:45:DB:D5:67:C9:89:5D:57:64:83:1A:7C:37:6D:D2:0E
            X509v3 Authority Key Identifier:
                keyid:20:C5:EE:02:D2:E0:58:61:DD:90:6F:E0:6B:38:44:F0:4D:37:8C:73

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IMXuAtLgWGHdkG_gazhE8E03jHM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/979296-ef7a-4bac-8c15-67771359a2b3/1/BeXILkXb1WfJiV1XZIMafDdt0g4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/979296-ef7a-4bac-8c15-67771359a2b3/1/IMXuAtLgWGHdkG_gazhE8E03jHM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0a:7d80:1001::/48

    Signature Algorithm: sha256WithRSAEncryption
         78:86:d0:3e:58:8f:8b:c9:20:6d:46:54:db:61:82:93:15:8e:
         c4:b6:96:1d:8c:8a:33:11:b0:b9:b6:72:50:56:2a:da:82:1e:
         d6:e3:27:e6:48:a8:f3:56:8a:3a:ca:5a:3a:c9:74:dd:19:ae:
         07:f8:d6:f1:21:ef:41:6c:95:d7:52:ae:e3:73:15:d2:17:8b:
         e8:20:cb:a6:a9:f2:64:f8:c0:85:1f:9d:66:4a:c3:85:d5:40:
         50:fc:e6:8f:c7:ff:4d:87:50:2f:d9:12:0d:d5:be:bc:1e:7c:
         bc:a6:3b:ad:be:3d:86:30:c7:df:2e:7b:b7:46:df:da:c8:b2:
         a9:e1:48:0f:9a:7f:69:2c:9a:6c:d7:49:90:7d:9d:33:c8:be:
         9d:b6:f3:ce:2c:af:0a:a3:5f:f0:8e:89:56:63:5e:ae:9d:a2:
         d4:1a:3e:c1:a4:80:d7:cd:e4:88:de:ff:22:a5:65:94:57:3a:
         c7:8f:21:a7:68:3d:2c:0e:70:4c:1b:2f:1f:a8:db:b0:61:4d:
         47:64:86:f0:3f:29:11:13:33:2f:d0:03:93:70:15:77:2f:a5:
         eb:63:1c:7d:91:98:3e:13:1b:4b:5b:c7:d2:4c:51:7b:5c:45:
         b1:c0:eb:ba:61:7f:5a:61:5c:35:12:1a:98:7c:4d:67:85:5f:
         74:0c:65:42
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZGTZM0su5QLXnMClrOA06lFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIwYzVlZTAyZDJlMDU4NjFkZDkwNmZlMDZiMzg0NGYwNGQz
NzhjNzMwHhcNMjQwODI3MTAzMjIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNWU1YzgyZTQ1ZGJkNTY3Yzk4OTVkNTc2NDgzMWE3YzM3NmRkMjBlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyEVeSWRVau+cYvsZ807qTJvBLp1h
vnAf/mQWz0lCbUps40xn5o7WZVGfVQAWiCYVQKdR7GR9cM2+xK3w26uMgG3IMzl3
SUju4khfpOWUrH0KMwOnDsjLHCqE15VmzBHxOCneHqcj68xUI97YvgISPNT9zctp
PqRIiVL1Ih3unQQj42aeSFuylFbFYibC3vZUnosz37x1BS/gpuzFkoY7AD6do4Dr
W8gWQltku0kcZi2cURB2Ab8y3IHwZFYtpM0vESUk0Oo0xndiaj4CW/CVU9YRkDlv
F3kUbWzCzqzRP8o+5Pn+j/82vtUOBLIFs+UIlLDcrcCyoIPPexZ1cPJ4DQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFAXlyC5F29VnyYldV2SDGnw3bdIOMB8GA1UdIwQY
MBaAFCDF7gLS4Fhh3ZBv4Gs4RPBNN4xzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSU1YdUF0TGdXR0hka0dfZ2F6aEU4RTAzakhNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZC85NzkyOTYtZWY3YS00YmFjLThjMTUt
Njc3NzEzNTlhMmIzLzEvQmVYSUxrWGIxV2ZKaVYxWFpJTWFmRGR0MGc0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZC85NzkyOTYtZWY3YS00YmFjLThjMTUtNjc3NzEzNTlhMmIz
LzEvSU1YdUF0TGdXR0hka0dfZ2F6aEU4RTAzakhNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgp9gBAB
MA0GCSqGSIb3DQEBCwUAA4IBAQB4htA+WI+LySBtRlTbYYKTFY7EtpYdjIozEbC5
tnJQViragh7W4yfmSKjzVoo6ylo6yXTdGa4H+NbxIe9BbJXXUq7jcxXSF4voIMum
qfJk+MCFH51mSsOF1UBQ/OaPx/9Nh1Av2RIN1b68Hny8pjutvj2GMMffLnu3Rt/a
yLKp4UgPmn9pLJps10mQfZ0zyL6dtvPOLK8Ko1/wjolWY16unaLUGj7BpIDXzeSI
3v8ipWWUVzrHjyGnaD0sDnBMGy8fqNuwYU1HZIbwPykREzMv0AOTcBV3L6XrYxx9
kZg+ExtLW8fSTFF7XEWxwOu6YX9aYVw1EhqYfE1nhV90DGVC
-----END CERTIFICATE-----