Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ae/4dbd63-76b1-4b03-9dea-50c16bdd5c24/1/yy-euMpd9vX39Vpg0Kd4UgQYIGE.roa
File:                     yy-euMpd9vX39Vpg0Kd4UgQYIGE.roa (raw, json)
Hash identifier:          uPbo4oi69ROXD/aUyypCBBuvkKtZ7Q2k8X+kaOBwbco=
Subject key identifier:   CB:2F:9E:B8:CA:5D:F6:F5:F7:F5:5A:60:D0:A7:78:52:04:18:20:61
Certificate issuer:       /CN=49f7c1a4677eb7826dae69de01a699b6201d6244
Certificate serial:       018CC4247EB062E6755F92FB1279D850B5DC
Authority key identifier: 49:F7:C1:A4:67:7E:B7:82:6D:AE:69:DE:01:A6:99:B6:20:1D:62:44
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SffBpGd-t4JtrmneAaaZtiAdYkQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ae/4dbd63-76b1-4b03-9dea-50c16bdd5c24/1/yy-euMpd9vX39Vpg0Kd4UgQYIGE.roa
Signing time:             Mon 01 Jan 2024 08:29:35 +0000
ROA not before:           Mon 01 Jan 2024 08:29:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207592
IP address blocks:        2a02:d480:700::/42 maxlen: 42

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ae/4dbd63-76b1-4b03-9dea-50c16bdd5c24/1/SffBpGd-t4JtrmneAaaZtiAdYkQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ae/4dbd63-76b1-4b03-9dea-50c16bdd5c24/1/SffBpGd-t4JtrmneAaaZtiAdYkQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SffBpGd-t4JtrmneAaaZtiAdYkQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:7e:b0:62:e6:75:5f:92:fb:12:79:d8:50:b5:dc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=49f7c1a4677eb7826dae69de01a699b6201d6244
        Validity
            Not Before: Jan  1 08:29:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cb2f9eb8ca5df6f5f7f55a60d0a7785204182061
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:9d:84:bf:b1:28:9e:40:09:99:40:c7:36:74:
                    8d:bf:34:26:c6:3f:78:7f:06:b9:4d:e6:3d:90:f2:
                    09:8d:90:55:f8:55:66:e9:fb:da:85:30:65:30:73:
                    c5:92:7c:70:7d:d8:53:d5:14:9e:6d:39:ce:21:9c:
                    91:8e:16:e6:c2:9a:58:fb:3e:2b:87:f3:22:80:66:
                    d4:27:3a:67:b7:3e:f1:15:1e:37:47:7a:df:e2:69:
                    3a:d8:92:ea:2b:19:a2:76:50:a7:a4:a7:be:0f:57:
                    2c:dd:d2:19:e2:8a:17:dc:0c:b0:73:d9:a2:9c:21:
                    2e:35:7e:72:62:ac:b2:4d:a4:99:f7:ef:d0:e4:e3:
                    48:dc:ce:ea:14:f3:22:c0:2b:21:86:3a:79:48:b4:
                    4b:56:e1:50:b9:94:6f:63:68:a8:54:8f:88:5c:c9:
                    53:12:76:87:46:7e:70:a3:84:47:78:37:39:ab:b4:
                    fc:18:91:61:7d:d9:56:32:d5:13:0c:41:36:fb:ab:
                    1a:71:ec:b6:5b:54:d3:a3:9f:cc:db:0e:52:de:1c:
                    be:da:a2:b8:6d:5d:98:4f:12:b7:2c:bd:b3:29:c5:
                    d4:a2:d6:34:59:88:e2:c2:07:32:62:2e:de:ae:6f:
                    9d:4f:e6:4b:02:4f:5e:90:fa:b9:7b:20:13:73:1c:
                    d0:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:2F:9E:B8:CA:5D:F6:F5:F7:F5:5A:60:D0:A7:78:52:04:18:20:61
            X509v3 Authority Key Identifier:
                keyid:49:F7:C1:A4:67:7E:B7:82:6D:AE:69:DE:01:A6:99:B6:20:1D:62:44

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SffBpGd-t4JtrmneAaaZtiAdYkQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/4dbd63-76b1-4b03-9dea-50c16bdd5c24/1/yy-euMpd9vX39Vpg0Kd4UgQYIGE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/4dbd63-76b1-4b03-9dea-50c16bdd5c24/1/SffBpGd-t4JtrmneAaaZtiAdYkQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a02:d480:700::/42

    Signature Algorithm: sha256WithRSAEncryption
         80:23:29:f0:84:32:20:ea:37:00:af:4c:31:a7:4b:77:4c:43:
         28:21:98:c8:4f:63:bf:ec:a8:ed:86:78:1b:40:6c:61:df:52:
         0c:9d:bc:cb:ec:ed:3c:c1:31:bb:ae:8b:25:94:07:9e:39:46:
         a2:83:58:d4:03:76:76:0b:63:6f:0b:59:71:1c:97:4d:32:75:
         56:ed:db:d2:3a:1a:ee:49:c7:fb:a9:48:87:7f:2b:6f:93:aa:
         f2:83:f4:ee:e1:9e:db:f8:cf:c3:29:8a:8c:73:d1:7a:c5:d8:
         e7:e1:d6:50:80:3d:7c:ec:10:cc:6c:4c:a6:0d:dd:08:bb:57:
         16:8e:8c:91:bb:17:fe:e3:73:9c:39:2a:88:09:ff:8d:ec:13:
         ac:13:43:a6:d6:28:00:f1:32:40:91:ee:d7:56:c4:ef:dd:8d:
         7a:13:3f:bc:35:66:2b:32:a8:b1:c5:a2:9a:0b:7d:2b:35:70:
         0e:13:fa:e4:c1:d2:88:54:fa:18:8d:4b:bc:de:e3:c4:ba:b2:
         95:c8:6b:ac:4d:3f:0c:1c:5b:40:c9:4f:ac:68:77:fa:1f:66:
         4c:17:ed:17:9d:47:9b:e7:58:3f:d4:c5:1f:cb:be:f8:24:60:
         d8:b3:b4:63:c4:ec:fb:e8:41:a5:3b:af:71:d1:76:10:f1:2a:
         48:ab:ac:43
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzEJH6wYuZ1X5L7EnnYULXcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ5ZjdjMWE0Njc3ZWI3ODI2ZGFlNjlkZTAxYTY5OWI2MjAx
ZDYyNDQwHhcNMjQwMTAxMDgyOTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYjJmOWViOGNhNWRmNmY1ZjdmNTVhNjBkMGE3Nzg1MjA0MTgyMDYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmJ2Ev7EonkAJmUDHNnSNvzQmxj94
fwa5TeY9kPIJjZBV+FVm6fvahTBlMHPFknxwfdhT1RSebTnOIZyRjhbmwppY+z4r
h/MigGbUJzpntz7xFR43R3rf4mk62JLqKxmidlCnpKe+D1cs3dIZ4ooX3Aywc9mi
nCEuNX5yYqyyTaSZ9+/Q5ONI3M7qFPMiwCshhjp5SLRLVuFQuZRvY2ioVI+IXMlT
EnaHRn5wo4RHeDc5q7T8GJFhfdlWMtUTDEE2+6sacey2W1TTo5/M2w5S3hy+2qK4
bV2YTxK3LL2zKcXUotY0WYjiwgcyYi7erm+dT+ZLAk9ekPq5eyATcxzQyQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFMsvnrjKXfb19/VaYNCneFIEGCBhMB8GA1UdIwQY
MBaAFEn3waRnfreCba5p3gGmmbYgHWJEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU2ZmQnBHZC10NEp0cm1uZUFhYVp0aUFkWWtRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZS80ZGJkNjMtNzZiMS00YjAzLTlkZWEt
NTBjMTZiZGQ1YzI0LzEveXktZXVNcGQ5dlgzOVZwZzBLZDRVZ1FZSUdFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZS80ZGJkNjMtNzZiMS00YjAzLTlkZWEtNTBjMTZiZGQ1YzI0
LzEvU2ZmQnBHZC10NEp0cm1uZUFhYVp0aUFkWWtRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcGKgLUgAcA
MA0GCSqGSIb3DQEBCwUAA4IBAQCAIynwhDIg6jcAr0wxp0t3TEMoIZjIT2O/7Kjt
hngbQGxh31IMnbzL7O08wTG7rosllAeeOUaig1jUA3Z2C2NvC1lxHJdNMnVW7dvS
OhruScf7qUiHfytvk6ryg/Tu4Z7b+M/DKYqMc9F6xdjn4dZQgD187BDMbEymDd0I
u1cWjoyRuxf+43OcOSqICf+N7BOsE0Om1igA8TJAke7XVsTv3Y16Ez+8NWYrMqix
xaKaC30rNXAOE/rkwdKIVPoYjUu83uPEurKVyGusTT8MHFtAyU+saHf6H2ZMF+0X
nUeb51g/1MUfy774JGDYs7RjxOz76EGlO69x0XYQ8SpIq6xD
-----END CERTIFICATE-----