Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/360de7-6fdc-4067-8f4d-676b52096cf8/1/2n-uA3DK4qP028QKZbkLBsXhlJ8.roa
File:                     2n-uA3DK4qP028QKZbkLBsXhlJ8.roa (raw, json)
Hash identifier:          QYCjOkJXzcGnmrGx4yREfLOZJUhoKdoNLjvgnx0gXJ8=
Subject key identifier:   DA:7F:AE:03:70:CA:E2:A3:F4:DB:C4:0A:65:B9:0B:06:C5:E1:94:9F
Certificate issuer:       /CN=f0e729a54cc76b889c832e0d1395894af7c0e5fe
Certificate serial:       018EA425CF5DBBC27EFC3BDBC98440ACC749
Authority key identifier: F0:E7:29:A5:4C:C7:6B:88:9C:83:2E:0D:13:95:89:4A:F7:C0:E5:FE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8OcppUzHa4icgy4NE5WJSvfA5f4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/360de7-6fdc-4067-8f4d-676b52096cf8/1/2n-uA3DK4qP028QKZbkLBsXhlJ8.roa
Signing time:             Wed 03 Apr 2024 13:28:45 +0000
ROA not before:           Wed 03 Apr 2024 13:28:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215622
IP address blocks:        2a12:5340:5::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/360de7-6fdc-4067-8f4d-676b52096cf8/1/8OcppUzHa4icgy4NE5WJSvfA5f4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/360de7-6fdc-4067-8f4d-676b52096cf8/1/8OcppUzHa4icgy4NE5WJSvfA5f4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8OcppUzHa4icgy4NE5WJSvfA5f4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 05:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:a4:25:cf:5d:bb:c2:7e:fc:3b:db:c9:84:40:ac:c7:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f0e729a54cc76b889c832e0d1395894af7c0e5fe
        Validity
            Not Before: Apr  3 13:28:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=da7fae0370cae2a3f4dbc40a65b90b06c5e1949f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:cc:77:e5:28:d8:b4:37:3e:19:64:b5:b7:a6:
                    1d:f6:ce:44:b6:cc:d4:86:f6:e3:64:ac:f3:53:c9:
                    7b:12:2a:2c:92:a7:6b:c4:ea:58:95:d8:82:e9:c3:
                    dc:cc:e5:f8:f5:b3:50:1b:94:8c:e0:c6:44:0c:6b:
                    f5:ce:7f:4a:63:76:dc:64:28:ec:bd:1e:f8:47:c7:
                    90:06:1d:00:07:00:e3:7d:02:60:cd:6a:8e:b8:db:
                    5e:38:5f:c8:e7:a1:2f:a7:8b:d6:49:c4:1f:b0:ec:
                    d7:7a:c3:ab:12:7b:cc:c2:7e:f8:6b:01:bc:68:9d:
                    eb:ab:e9:ea:a4:f9:e6:f9:5c:fd:2d:01:34:3e:3b:
                    45:30:98:ae:2b:32:a9:9d:b5:15:90:16:d8:ae:88:
                    d6:f8:d0:2b:3d:bb:ba:af:27:70:db:fb:90:a1:d4:
                    9c:e1:b5:4a:2e:5d:a4:54:02:4a:da:57:a0:d4:fb:
                    46:0d:9a:c6:ce:2f:0f:f1:ca:15:ac:d0:0a:65:a5:
                    0b:ab:d9:8d:53:65:b1:4b:a8:24:a7:0a:34:01:54:
                    a1:ee:9f:b2:de:c9:bd:d2:c3:73:6c:00:5e:d3:12:
                    94:81:db:ae:21:1e:75:a8:46:40:b0:22:f3:e4:cb:
                    33:ff:9f:e6:1c:37:ce:4e:b5:ba:10:d1:33:37:cf:
                    dd:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:7F:AE:03:70:CA:E2:A3:F4:DB:C4:0A:65:B9:0B:06:C5:E1:94:9F
            X509v3 Authority Key Identifier:
                keyid:F0:E7:29:A5:4C:C7:6B:88:9C:83:2E:0D:13:95:89:4A:F7:C0:E5:FE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8OcppUzHa4icgy4NE5WJSvfA5f4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/360de7-6fdc-4067-8f4d-676b52096cf8/1/2n-uA3DK4qP028QKZbkLBsXhlJ8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/360de7-6fdc-4067-8f4d-676b52096cf8/1/8OcppUzHa4icgy4NE5WJSvfA5f4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:5340:5::/48

    Signature Algorithm: sha256WithRSAEncryption
         21:2b:f5:35:27:2e:c2:5e:48:04:97:6f:e9:64:97:ca:c9:04:
         c9:38:7b:93:99:18:d6:f8:f1:20:3c:fc:29:94:f9:ad:45:cf:
         31:c9:9a:06:98:f7:a9:1c:9e:a8:24:58:ee:fe:26:5e:30:55:
         43:aa:f1:43:0a:97:75:55:c5:13:f7:5a:0f:f5:fe:85:54:26:
         34:83:0e:83:ec:fd:04:c0:48:2a:ac:b4:fe:35:c5:43:57:d3:
         98:92:46:74:74:92:65:f0:20:32:81:99:be:5a:19:8c:a6:e1:
         4f:97:c4:3a:d3:21:85:e2:4c:95:5f:8f:32:65:e7:b8:d6:14:
         0c:31:a6:74:57:4a:b9:6f:e4:84:5c:2d:39:6e:86:e6:db:63:
         ee:13:5a:3d:f7:62:a7:04:a9:8e:6e:44:60:0f:5c:f9:cc:06:
         d8:05:79:08:78:fe:da:b2:ff:57:a0:5b:0a:50:23:8f:2a:a4:
         4b:38:f2:0f:7b:1c:ab:90:0a:c9:ec:3a:a3:99:dd:8e:d2:4a:
         6d:c9:cb:2b:67:96:6a:f1:6e:1e:dc:d9:d2:d3:29:84:48:4d:
         f0:c0:9e:b6:ee:58:a9:5f:0e:8b:fb:fd:36:07:1d:f6:dc:07:
         9a:a9:97:66:6c:5b:9f:7b:07:25:a3:2c:52:26:6e:27:04:c4:
         31:fe:13:11
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY6kJc9du8J+/DvbyYRArMdJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwZTcyOWE1NGNjNzZiODg5YzgzMmUwZDEzOTU4OTRhZjdj
MGU1ZmUwHhcNMjQwNDAzMTMyODQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYTdmYWUwMzcwY2FlMmEzZjRkYmM0MGE2NWI5MGIwNmM1ZTE5NDlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoMx35SjYtDc+GWS1t6Yd9s5EtszU
hvbjZKzzU8l7EioskqdrxOpYldiC6cPczOX49bNQG5SM4MZEDGv1zn9KY3bcZCjs
vR74R8eQBh0ABwDjfQJgzWqOuNteOF/I56Evp4vWScQfsOzXesOrEnvMwn74awG8
aJ3rq+nqpPnm+Vz9LQE0PjtFMJiuKzKpnbUVkBbYrojW+NArPbu6rydw2/uQodSc
4bVKLl2kVAJK2leg1PtGDZrGzi8P8coVrNAKZaULq9mNU2WxS6gkpwo0AVSh7p+y
3sm90sNzbABe0xKUgduuIR51qEZAsCLz5Msz/5/mHDfOTrW6ENEzN8/dvQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFNp/rgNwyuKj9NvECmW5CwbF4ZSfMB8GA1UdIwQY
MBaAFPDnKaVMx2uInIMuDROViUr3wOX+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOE9jcHBVekhhNGljZ3k0TkU1V0pTdmZBNWY0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC8zNjBkZTctNmZkYy00MDY3LThmNGQt
Njc2YjUyMDk2Y2Y4LzEvMm4tdUEzREs0cVAwMjhRS1pia0xCc1hobEo4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC8zNjBkZTctNmZkYy00MDY3LThmNGQtNjc2YjUyMDk2Y2Y4
LzEvOE9jcHBVekhhNGljZ3k0TkU1V0pTdmZBNWY0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhJTQAAF
MA0GCSqGSIb3DQEBCwUAA4IBAQAhK/U1Jy7CXkgEl2/pZJfKyQTJOHuTmRjW+PEg
PPwplPmtRc8xyZoGmPepHJ6oJFju/iZeMFVDqvFDCpd1VcUT91oP9f6FVCY0gw6D
7P0EwEgqrLT+NcVDV9OYkkZ0dJJl8CAygZm+WhmMpuFPl8Q60yGF4kyVX48yZee4
1hQMMaZ0V0q5b+SEXC05bobm22PuE1o992KnBKmObkRgD1z5zAbYBXkIeP7asv9X
oFsKUCOPKqRLOPIPexyrkArJ7Dqjmd2O0kptycsrZ5Zq8W4e3NnS0ymESE3wwJ62
7lipXw6L+/02Bx323AeaqZdmbFufewcloyxSJm4nBMQx/hMR
-----END CERTIFICATE-----