Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/b70658-e1dc-4944-a06b-1c680adf7a26/1/a3X1IJfxDO2W49j7tFFzba3aUz0.roa
File:                     a3X1IJfxDO2W49j7tFFzba3aUz0.roa (raw, json)
Hash identifier:          rB7mrEDjkefjzehthV1y/2yV5lOLgrMaeGOT3sMveAA=
Subject key identifier:   6B:75:F5:20:97:F1:0C:ED:96:E3:D8:FB:B4:51:73:6D:AD:DA:53:3D
Certificate issuer:       /CN=d3600cbafd26fee5064fc89f301dfc8e3c1d3ca5
Certificate serial:       018CC42532BE3A7C4C0B31EFFEE9AB318684
Authority key identifier: D3:60:0C:BA:FD:26:FE:E5:06:4F:C8:9F:30:1D:FC:8E:3C:1D:3C:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/02AMuv0m_uUGT8ifMB38jjwdPKU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/b70658-e1dc-4944-a06b-1c680adf7a26/1/a3X1IJfxDO2W49j7tFFzba3aUz0.roa
Signing time:             Mon 01 Jan 2024 08:30:21 +0000
ROA not before:           Mon 01 Jan 2024 08:30:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     24409
IP address blocks:        2a04:3e00:1002::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/b70658-e1dc-4944-a06b-1c680adf7a26/1/02AMuv0m_uUGT8ifMB38jjwdPKU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/b70658-e1dc-4944-a06b-1c680adf7a26/1/02AMuv0m_uUGT8ifMB38jjwdPKU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/02AMuv0m_uUGT8ifMB38jjwdPKU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 01 Jun 2024 16:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:32:be:3a:7c:4c:0b:31:ef:fe:e9:ab:31:86:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d3600cbafd26fee5064fc89f301dfc8e3c1d3ca5
        Validity
            Not Before: Jan  1 08:30:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6b75f52097f10ced96e3d8fbb451736dadda533d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:57:33:59:cc:79:c1:6e:ee:48:61:c2:77:0b:
                    a5:62:b1:e1:1e:77:e5:9d:e0:13:02:56:2b:a3:c4:
                    03:60:c3:c1:c5:9b:df:27:19:c5:b4:4b:dc:b6:25:
                    93:81:73:11:55:47:f6:4b:0d:78:b0:f7:be:f7:6d:
                    55:31:f0:bb:0a:f3:2e:71:01:9c:89:5e:6e:6a:54:
                    f4:73:ee:cc:7b:e2:5e:a0:71:01:67:60:8a:35:e7:
                    48:11:bc:42:78:31:21:f3:40:22:8c:2f:1f:fa:9e:
                    cb:3b:08:86:36:35:fb:f2:0d:ab:1f:93:76:1f:1e:
                    08:86:be:97:5e:05:fb:c7:10:f8:05:13:bc:9e:fd:
                    a3:bd:e2:78:a9:60:0f:70:49:e4:77:f5:b2:bb:25:
                    84:32:d6:64:1c:20:b4:67:9f:fe:56:4e:5a:31:f5:
                    b1:d2:20:21:c8:2b:fc:a2:b6:7a:e1:75:c3:de:1e:
                    7c:06:b0:5c:a5:ed:dd:4b:1c:6f:2c:8f:b8:04:68:
                    42:a7:6d:ff:7a:95:3f:ad:ef:87:cc:94:fe:c6:7b:
                    79:ea:7f:96:6f:43:0d:ae:f2:83:8c:5b:d0:71:b1:
                    36:85:48:99:ad:b0:7f:21:2a:86:ad:7b:21:81:38:
                    fd:04:cd:d6:19:66:a4:9d:48:ee:4e:29:00:7a:49:
                    34:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:75:F5:20:97:F1:0C:ED:96:E3:D8:FB:B4:51:73:6D:AD:DA:53:3D
            X509v3 Authority Key Identifier:
                keyid:D3:60:0C:BA:FD:26:FE:E5:06:4F:C8:9F:30:1D:FC:8E:3C:1D:3C:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/02AMuv0m_uUGT8ifMB38jjwdPKU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/b70658-e1dc-4944-a06b-1c680adf7a26/1/a3X1IJfxDO2W49j7tFFzba3aUz0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/b70658-e1dc-4944-a06b-1c680adf7a26/1/02AMuv0m_uUGT8ifMB38jjwdPKU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a04:3e00:1002::/48

    Signature Algorithm: sha256WithRSAEncryption
         77:b6:12:00:42:29:89:83:a8:61:0a:50:0a:7b:3f:1a:5b:ef:
         43:f0:3c:da:22:13:15:3b:04:9c:31:b8:b3:1e:d0:03:4e:91:
         8c:f7:03:4b:76:00:6c:03:78:7f:a9:ba:bb:53:99:f7:c3:3b:
         e2:df:15:e8:09:44:0e:26:c4:37:9c:c0:9a:7c:c3:35:8b:46:
         06:10:da:bc:30:8a:f5:6c:de:7c:f7:85:0f:4e:46:8c:00:a7:
         c1:dc:ce:18:66:34:47:49:d1:23:ac:59:f7:37:0f:d2:a0:71:
         d2:b8:25:52:63:ac:e2:ef:9c:ee:ad:7c:ad:a9:0f:3b:ab:c6:
         77:12:9a:50:72:81:96:86:20:00:2e:3d:51:f2:6a:a4:67:f4:
         ea:4a:f4:d7:74:f8:8e:97:6e:5d:ca:87:1a:88:ab:ff:31:49:
         fb:4b:b6:ad:3c:a8:8d:28:b5:e3:d8:4e:6a:69:83:38:02:ef:
         42:15:b0:c0:ec:d6:a5:16:af:cb:ec:d9:b5:e2:3f:45:96:e0:
         9f:96:9b:6c:7b:f0:4d:38:2a:08:18:18:99:40:0b:fe:0b:80:
         a2:90:b6:65:79:ed:15:55:3a:25:e1:7e:df:92:09:2f:de:e5:
         45:41:d4:04:b9:f1:97:26:38:92:14:2b:33:ee:db:3a:5c:74:
         08:3f:02:6f
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzEJTK+OnxMCzHv/umrMYaEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzNjAwY2JhZmQyNmZlZTUwNjRmYzg5ZjMwMWRmYzhlM2Mx
ZDNjYTUwHhcNMjQwMTAxMDgzMDIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2Yjc1ZjUyMDk3ZjEwY2VkOTZlM2Q4ZmJiNDUxNzM2ZGFkZGE1MzNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqlczWcx5wW7uSGHCdwulYrHhHnfl
neATAlYro8QDYMPBxZvfJxnFtEvctiWTgXMRVUf2Sw14sPe+921VMfC7CvMucQGc
iV5ualT0c+7Me+JeoHEBZ2CKNedIEbxCeDEh80AijC8f+p7LOwiGNjX78g2rH5N2
Hx4Ihr6XXgX7xxD4BRO8nv2jveJ4qWAPcEnkd/WyuyWEMtZkHCC0Z5/+Vk5aMfWx
0iAhyCv8orZ64XXD3h58BrBcpe3dSxxvLI+4BGhCp23/epU/re+HzJT+xnt56n+W
b0MNrvKDjFvQcbE2hUiZrbB/ISqGrXshgTj9BM3WGWaknUjuTikAekk0nwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFGt19SCX8QztluPY+7RRc22t2lM9MB8GA1UdIwQY
MBaAFNNgDLr9Jv7lBk/InzAd/I48HTylMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMDJBTXV2MG1fdVVHVDhpZk1CMzhqandkUEtVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC9iNzA2NTgtZTFkYy00OTQ0LWEwNmIt
MWM2ODBhZGY3YTI2LzEvYTNYMUlKZnhETzJXNDlqN3RGRnpiYTNhVXowLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC9iNzA2NTgtZTFkYy00OTQ0LWEwNmItMWM2ODBhZGY3YTI2
LzEvMDJBTXV2MG1fdVVHVDhpZk1CMzhqandkUEtVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgQ+ABAC
MA0GCSqGSIb3DQEBCwUAA4IBAQB3thIAQimJg6hhClAKez8aW+9D8DzaIhMVOwSc
MbizHtADTpGM9wNLdgBsA3h/qbq7U5n3wzvi3xXoCUQOJsQ3nMCafMM1i0YGENq8
MIr1bN5894UPTkaMAKfB3M4YZjRHSdEjrFn3Nw/SoHHSuCVSY6zi75zurXytqQ87
q8Z3EppQcoGWhiAALj1R8mqkZ/TqSvTXdPiOl25dyocaiKv/MUn7S7atPKiNKLXj
2E5qaYM4Au9CFbDA7NalFq/L7Nm14j9FluCflptse/BNOCoIGBiZQAv+C4CikLZl
ee0VVTol4X7fkgkv3uVFQdQEufGXJjiSFCsz7ts6XHQIPwJv
-----END CERTIFICATE-----