Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c4/11e5b3-43aa-4279-9441-7e8c6d4d9bef/1/4Y2NNYeHWAWVaPMmiN5WIBOeTsM.roa
File:                     4Y2NNYeHWAWVaPMmiN5WIBOeTsM.roa (raw, json)
Hash identifier:          vjoEV1ogvv/WpFnv5AnJxorcEUvTJvyMT2+E2P24tEU=
Subject key identifier:   E1:8D:8D:35:87:87:58:05:95:68:F3:26:88:DE:56:20:13:9E:4E:C3
Certificate issuer:       /CN=ffdec4a46a6e6e4f9a92d0ba2e0b3ab5658be1bd
Certificate serial:       018CC94CDF647C83A7DF16752AAD0EEB682E
Authority key identifier: FF:DE:C4:A4:6A:6E:6E:4F:9A:92:D0:BA:2E:0B:3A:B5:65:8B:E1:BD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_97EpGpubk-aktC6Lgs6tWWL4b0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c4/11e5b3-43aa-4279-9441-7e8c6d4d9bef/1/4Y2NNYeHWAWVaPMmiN5WIBOeTsM.roa
Signing time:             Tue 02 Jan 2024 08:31:47 +0000
ROA not before:           Tue 02 Jan 2024 08:31:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207080
IP address blocks:        2a0a:5940::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c4/11e5b3-43aa-4279-9441-7e8c6d4d9bef/1/_97EpGpubk-aktC6Lgs6tWWL4b0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c4/11e5b3-43aa-4279-9441-7e8c6d4d9bef/1/_97EpGpubk-aktC6Lgs6tWWL4b0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_97EpGpubk-aktC6Lgs6tWWL4b0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:01:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4c:df:64:7c:83:a7:df:16:75:2a:ad:0e:eb:68:2e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ffdec4a46a6e6e4f9a92d0ba2e0b3ab5658be1bd
        Validity
            Not Before: Jan  2 08:31:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e18d8d35878758059568f32688de5620139e4ec3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:4b:33:9d:74:d6:c0:e7:22:eb:3b:23:d4:56:
                    88:5b:7f:37:0d:14:ff:4e:82:0f:23:7f:fe:d4:12:
                    05:e8:cf:bf:20:e6:60:5f:89:e9:ef:8b:37:c0:f9:
                    13:29:9e:b7:fc:17:1a:38:a1:e0:20:13:b8:dc:05:
                    1e:45:d1:89:a1:93:c4:e6:dc:ce:eb:45:49:9b:ad:
                    e3:b8:b5:13:c1:00:11:f0:9a:21:ff:0f:1a:a3:3d:
                    a5:da:8a:a5:e3:3d:62:c5:97:91:50:14:61:71:9b:
                    c5:31:26:9a:de:f5:2a:2d:20:be:72:50:5b:95:76:
                    2d:15:91:a5:e8:b6:13:d8:ff:7c:0a:1b:17:df:02:
                    7e:2d:16:f3:a3:f0:67:10:76:af:eb:3b:c2:c7:51:
                    14:69:c5:16:77:6c:50:e7:9e:64:a0:b7:83:76:d8:
                    56:bb:17:89:49:4f:e9:17:51:38:b4:35:95:87:4f:
                    3f:d4:3b:20:44:2a:63:90:01:27:a9:79:64:e0:5b:
                    fe:9e:68:e6:8c:66:05:be:03:8d:0c:db:fc:cc:e3:
                    0d:26:c8:79:94:7b:d3:00:b1:15:34:cf:13:5c:be:
                    fb:71:d1:96:b2:0d:9c:00:cf:4a:0c:d4:cc:5c:4c:
                    2a:01:a2:09:36:e3:c9:99:83:ae:a5:f9:2e:11:b5:
                    4e:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:8D:8D:35:87:87:58:05:95:68:F3:26:88:DE:56:20:13:9E:4E:C3
            X509v3 Authority Key Identifier:
                keyid:FF:DE:C4:A4:6A:6E:6E:4F:9A:92:D0:BA:2E:0B:3A:B5:65:8B:E1:BD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_97EpGpubk-aktC6Lgs6tWWL4b0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/11e5b3-43aa-4279-9441-7e8c6d4d9bef/1/4Y2NNYeHWAWVaPMmiN5WIBOeTsM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/11e5b3-43aa-4279-9441-7e8c6d4d9bef/1/_97EpGpubk-aktC6Lgs6tWWL4b0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0a:5940::/48

    Signature Algorithm: sha256WithRSAEncryption
         25:4a:de:44:03:22:5a:40:e0:55:92:f6:33:81:e5:13:83:38:
         91:9c:33:b3:0a:7d:fa:c6:d3:63:f0:ab:62:88:a7:20:b7:30:
         4b:00:cd:01:38:b4:46:ed:a5:cb:0d:cb:b1:76:b3:de:04:a1:
         7c:f5:c1:7a:72:d3:ed:00:d8:19:62:2b:8b:aa:a4:bf:5f:09:
         fe:bc:4f:bd:f8:41:48:d0:87:98:19:d1:fa:bb:c9:e6:76:8a:
         76:57:3e:b7:d1:82:a4:99:3d:21:ee:3c:bd:c8:83:07:71:06:
         ce:99:e7:2c:6b:07:75:5f:83:98:8d:8b:7c:e0:f4:e8:eb:a1:
         29:ef:87:63:59:bb:ef:98:73:fe:29:5d:18:36:2b:3a:2f:ae:
         d9:cd:d8:fc:a3:c1:59:9f:9b:43:5b:8a:70:0c:32:8e:8f:31:
         dd:ea:fa:09:d2:89:66:10:d0:38:48:e9:57:79:65:f2:28:d4:
         e7:4a:34:a4:c3:7f:f6:0f:e4:67:11:1d:02:fe:33:05:08:72:
         40:26:65:d4:c9:9a:43:e2:a1:32:68:d4:ed:d1:e9:9c:e9:d3:
         8c:98:2e:ee:76:18:62:88:a5:9e:d4:93:a0:cd:15:61:44:e7:
         bc:f9:34:f6:8e:d8:9d:6d:19:51:de:83:30:a9:70:ae:34:ff:
         b6:cb:ba:91
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzJTN9kfIOn3xZ1Kq0O62guMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmZGVjNGE0NmE2ZTZlNGY5YTkyZDBiYTJlMGIzYWI1NjU4
YmUxYmQwHhcNMjQwMTAyMDgzMTQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMThkOGQzNTg3ODc1ODA1OTU2OGYzMjY4OGRlNTYyMDEzOWU0ZWMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqEsznXTWwOci6zsj1FaIW383DRT/
ToIPI3/+1BIF6M+/IOZgX4np74s3wPkTKZ63/BcaOKHgIBO43AUeRdGJoZPE5tzO
60VJm63juLUTwQAR8Joh/w8aoz2l2oql4z1ixZeRUBRhcZvFMSaa3vUqLSC+clBb
lXYtFZGl6LYT2P98ChsX3wJ+LRbzo/BnEHav6zvCx1EUacUWd2xQ555koLeDdthW
uxeJSU/pF1E4tDWVh08/1DsgRCpjkAEnqXlk4Fv+nmjmjGYFvgONDNv8zOMNJsh5
lHvTALEVNM8TXL77cdGWsg2cAM9KDNTMXEwqAaIJNuPJmYOupfkuEbVO2wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFOGNjTWHh1gFlWjzJojeViATnk7DMB8GA1UdIwQY
MBaAFP/exKRqbm5PmpLQui4LOrVli+G9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzk3RXBHcHViay1ha3RDNkxnczZ0V1dMNGIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNC8xMWU1YjMtNDNhYS00Mjc5LTk0NDEt
N2U4YzZkNGQ5YmVmLzEvNFkyTk5ZZUhXQVdWYVBNbWlONVdJQk9lVHNNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNC8xMWU1YjMtNDNhYS00Mjc5LTk0NDEtN2U4YzZkNGQ5YmVm
LzEvXzk3RXBHcHViay1ha3RDNkxnczZ0V1dMNGIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgpZQAAA
MA0GCSqGSIb3DQEBCwUAA4IBAQAlSt5EAyJaQOBVkvYzgeUTgziRnDOzCn36xtNj
8KtiiKcgtzBLAM0BOLRG7aXLDcuxdrPeBKF89cF6ctPtANgZYiuLqqS/Xwn+vE+9
+EFI0IeYGdH6u8nmdop2Vz630YKkmT0h7jy9yIMHcQbOmecsawd1X4OYjYt84PTo
66Ep74djWbvvmHP+KV0YNis6L67Zzdj8o8FZn5tDW4pwDDKOjzHd6voJ0olmENA4
SOlXeWXyKNTnSjSkw3/2D+RnER0C/jMFCHJAJmXUyZpD4qEyaNTt0emc6dOMmC7u
dhhiiKWe1JOgzRVhROe8+TT2jtidbRlR3oMwqXCuNP+2y7qR
-----END CERTIFICATE-----