Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bb/a5980d-65f4-4573-9759-33415967c213/1/01YX9tdPdtuhxaxtJ1QHy7XqU2s.roa
File:                     01YX9tdPdtuhxaxtJ1QHy7XqU2s.roa (raw, json)
Hash identifier:          L66pQklFgFLiMXetN9ar5UaFKx+TDx1QxGniHymZirc=
Subject key identifier:   D3:56:17:F6:D7:4F:76:DB:A1:C5:AC:6D:27:54:07:CB:B5:EA:53:6B
Certificate issuer:       /CN=2326eeeadd4c0ee55b3594a596e67220819c18d5
Certificate serial:       018CC26D82C9172A729F57DA818AF2F79E38
Authority key identifier: 23:26:EE:EA:DD:4C:0E:E5:5B:35:94:A5:96:E6:72:20:81:9C:18:D5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Iybu6t1MDuVbNZSlluZyIIGcGNU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bb/a5980d-65f4-4573-9759-33415967c213/1/01YX9tdPdtuhxaxtJ1QHy7XqU2s.roa
Signing time:             Mon 01 Jan 2024 00:30:05 +0000
ROA not before:           Mon 01 Jan 2024 00:30:05 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208478
IP address blocks:        2a0e:73c2:ffff::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bb/a5980d-65f4-4573-9759-33415967c213/1/Iybu6t1MDuVbNZSlluZyIIGcGNU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bb/a5980d-65f4-4573-9759-33415967c213/1/Iybu6t1MDuVbNZSlluZyIIGcGNU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Iybu6t1MDuVbNZSlluZyIIGcGNU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:82:c9:17:2a:72:9f:57:da:81:8a:f2:f7:9e:38
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2326eeeadd4c0ee55b3594a596e67220819c18d5
        Validity
            Not Before: Jan  1 00:30:05 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d35617f6d74f76dba1c5ac6d275407cbb5ea536b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:80:d0:0c:ba:06:ec:91:65:46:7c:34:dd:79:
                    7d:31:68:13:c5:a0:8a:b3:fa:7b:16:20:11:52:97:
                    84:a2:0c:e8:b9:83:3c:db:45:45:0d:70:29:9f:fd:
                    c3:a8:8f:dc:38:f3:f2:a5:29:6d:6d:87:2c:19:59:
                    70:cb:73:28:1c:3e:c9:ff:3c:4a:aa:19:65:6b:af:
                    d3:78:a1:05:26:bd:ce:21:e1:55:7d:59:15:07:2f:
                    b6:ca:a4:32:7e:01:27:a8:e0:67:c3:bb:57:a4:ee:
                    c1:a7:89:da:ec:c4:2c:76:67:9a:94:11:5e:b8:5f:
                    13:4b:4c:27:b5:cf:73:4d:10:08:1f:86:35:f4:80:
                    21:1b:84:3c:13:1b:03:3d:a8:9d:23:6c:c7:c3:e0:
                    8c:c4:6a:07:72:65:33:e0:3a:a3:6c:73:e8:6d:eb:
                    ed:66:2c:f4:19:64:91:d4:d2:11:9d:cc:60:c4:01:
                    2b:40:47:d4:ee:c1:39:b7:9f:fe:d4:1b:31:4d:4b:
                    e7:cb:d0:fb:30:c8:a0:53:18:b3:16:06:3b:c5:98:
                    4a:96:1c:78:74:fb:27:f6:19:72:cd:91:34:da:74:
                    1c:f4:2f:57:65:11:f5:19:9c:5d:fa:f2:02:a0:8f:
                    df:a9:0b:ff:2e:b7:f0:fa:ee:a6:b0:a4:ba:df:8e:
                    ea:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:56:17:F6:D7:4F:76:DB:A1:C5:AC:6D:27:54:07:CB:B5:EA:53:6B
            X509v3 Authority Key Identifier:
                keyid:23:26:EE:EA:DD:4C:0E:E5:5B:35:94:A5:96:E6:72:20:81:9C:18:D5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Iybu6t1MDuVbNZSlluZyIIGcGNU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/a5980d-65f4-4573-9759-33415967c213/1/01YX9tdPdtuhxaxtJ1QHy7XqU2s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/a5980d-65f4-4573-9759-33415967c213/1/Iybu6t1MDuVbNZSlluZyIIGcGNU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:73c2:ffff::/48

    Signature Algorithm: sha256WithRSAEncryption
         9e:7f:85:75:6c:02:ac:6a:28:5c:d7:51:02:c2:95:81:9c:03:
         dd:6f:2c:0a:ec:b9:6f:c6:18:d5:0a:7d:26:55:de:78:73:8b:
         58:9d:b8:a3:51:7f:8a:14:cb:31:51:92:0f:05:8a:98:09:29:
         c0:96:08:a6:7f:c4:df:3a:62:20:5e:82:45:3b:fe:f1:fe:af:
         df:c1:cc:ce:93:c0:9f:3e:57:99:21:f8:76:49:f5:87:43:47:
         09:05:8c:34:cb:28:0f:43:de:a5:34:12:8a:c0:d1:01:ba:13:
         63:df:30:c5:a5:f5:5c:0e:21:6e:a4:50:35:02:24:ea:9f:91:
         97:6e:e5:fd:d1:51:b9:12:34:e0:28:df:29:94:b8:76:17:35:
         ed:91:43:ec:f8:52:2d:92:6f:b0:6a:88:51:55:5c:c0:f8:18:
         b6:c3:8e:76:37:98:ad:51:13:9e:51:2f:d8:3b:1e:35:f6:b4:
         66:b3:ee:ae:1c:30:d7:aa:1f:0f:e4:6a:c8:bf:fc:8a:b9:77:
         18:8b:fc:4b:b0:3f:3e:0e:8a:ba:a3:46:3a:d6:26:3e:57:fd:
         7b:23:d2:b8:13:65:a6:dc:0f:fa:84:b1:60:4f:c3:75:cd:13:
         ef:1b:a2:00:57:5f:5d:14:44:12:82:7e:4f:71:9f:31:00:a8:
         b1:d4:08:9f
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzCbYLJFypyn1fagYry9544MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIzMjZlZWVhZGQ0YzBlZTU1YjM1OTRhNTk2ZTY3MjIwODE5
YzE4ZDUwHhcNMjQwMTAxMDAzMDA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMzU2MTdmNmQ3NGY3NmRiYTFjNWFjNmQyNzU0MDdjYmI1ZWE1MzZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl4DQDLoG7JFlRnw03Xl9MWgTxaCK
s/p7FiARUpeEogzouYM820VFDXApn/3DqI/cOPPypSltbYcsGVlwy3MoHD7J/zxK
qhlla6/TeKEFJr3OIeFVfVkVBy+2yqQyfgEnqOBnw7tXpO7Bp4na7MQsdmealBFe
uF8TS0wntc9zTRAIH4Y19IAhG4Q8ExsDPaidI2zHw+CMxGoHcmUz4DqjbHPobevt
Ziz0GWSR1NIRncxgxAErQEfU7sE5t5/+1BsxTUvny9D7MMigUxizFgY7xZhKlhx4
dPsn9hlyzZE02nQc9C9XZRH1GZxd+vICoI/fqQv/Lrfw+u6msKS6347qgwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFNNWF/bXT3bbocWsbSdUB8u16lNrMB8GA1UdIwQY
MBaAFCMm7urdTA7lWzWUpZbmciCBnBjVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXlidTZ0MU1EdVZiTlpTbGx1WnlJSUdjR05VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYi9hNTk4MGQtNjVmNC00NTczLTk3NTkt
MzM0MTU5NjdjMjEzLzEvMDFZWDl0ZFBkdHVoeGF4dEoxUUh5N1hxVTJzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYi9hNTk4MGQtNjVmNC00NTczLTk3NTktMzM0MTU5NjdjMjEz
LzEvSXlidTZ0MU1EdVZiTlpTbGx1WnlJSUdjR05VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg5zwv//
MA0GCSqGSIb3DQEBCwUAA4IBAQCef4V1bAKsaihc11ECwpWBnAPdbywK7LlvxhjV
Cn0mVd54c4tYnbijUX+KFMsxUZIPBYqYCSnAlgimf8TfOmIgXoJFO/7x/q/fwczO
k8CfPleZIfh2SfWHQ0cJBYw0yygPQ96lNBKKwNEBuhNj3zDFpfVcDiFupFA1AiTq
n5GXbuX90VG5EjTgKN8plLh2FzXtkUPs+FItkm+waohRVVzA+Bi2w452N5itUROe
US/YOx419rRms+6uHDDXqh8P5GrIv/yKuXcYi/xLsD8+Doq6o0Y61iY+V/17I9K4
E2Wm3A/6hLFgT8N1zRPvG6IAV19dFEQSgn5PcZ8xAKix1Aif
-----END CERTIFICATE-----