Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ce/3cf2fb-cf43-4c52-a2a1-be8d8c67df95/1/eGbG13urmXY7_AHdBw2kKz6kjMM.roa
File:                     eGbG13urmXY7_AHdBw2kKz6kjMM.roa (raw, json)
Hash identifier:          GfHxquVOWIlfZRn0lzl+tl6NH3W27Q3HrKpnJzorMXo=
Subject key identifier:   78:66:C6:D7:7B:AB:99:76:3B:FC:01:DD:07:0D:A4:2B:3E:A4:8C:C3
Certificate issuer:       /CN=018cc6f466a241657bf5ec52a630daeb01222f85
Certificate serial:       018CC4937B721440BCF186D2A400044ECA28
Authority key identifier: 01:8C:C6:F4:66:A2:41:65:7B:F5:EC:52:A6:30:DA:EB:01:22:2F:85
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AYzG9GaiQWV79exSpjDa6wEiL4U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ce/3cf2fb-cf43-4c52-a2a1-be8d8c67df95/1/eGbG13urmXY7_AHdBw2kKz6kjMM.roa
Signing time:             Mon 01 Jan 2024 10:30:48 +0000
ROA not before:           Mon 01 Jan 2024 10:30:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     23738
IP address blocks:        2a0f:d800::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ce/3cf2fb-cf43-4c52-a2a1-be8d8c67df95/1/AYzG9GaiQWV79exSpjDa6wEiL4U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ce/3cf2fb-cf43-4c52-a2a1-be8d8c67df95/1/AYzG9GaiQWV79exSpjDa6wEiL4U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/AYzG9GaiQWV79exSpjDa6wEiL4U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 May 2024 17:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:7b:72:14:40:bc:f1:86:d2:a4:00:04:4e:ca:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=018cc6f466a241657bf5ec52a630daeb01222f85
        Validity
            Not Before: Jan  1 10:30:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7866c6d77bab99763bfc01dd070da42b3ea48cc3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:2b:bb:0a:5d:4e:41:9c:fe:8b:77:e1:ab:5b:
                    ff:26:c1:34:75:54:aa:ea:f7:54:28:6f:6a:6e:d0:
                    b6:fe:59:f4:e8:46:ad:83:38:e6:fe:25:ce:94:d2:
                    2e:f9:5e:53:9a:e0:d5:c1:b5:1e:17:92:0a:81:9d:
                    56:ce:15:0f:ae:63:20:55:f5:70:3f:9c:d8:84:20:
                    22:dd:4f:e5:94:d5:68:25:42:b1:26:96:cf:71:7c:
                    af:25:10:12:55:fe:85:2f:95:d4:99:63:52:36:be:
                    37:af:f7:6c:46:d4:4b:54:7c:c8:3d:64:78:19:7a:
                    60:8a:0c:7b:1f:39:b7:a7:78:54:52:7b:5c:61:8b:
                    8d:cf:e4:06:f6:f1:b9:ff:36:12:5f:0d:75:05:25:
                    9b:af:c4:5d:39:bf:ae:7a:5b:9e:e6:73:e6:c7:b4:
                    1c:1b:ff:3c:80:35:6f:db:2e:2c:19:fc:a8:96:24:
                    23:92:9f:6d:a5:db:8f:be:26:1f:09:a2:4b:2d:2e:
                    6f:fd:ec:72:e2:5d:29:d6:fd:97:fb:22:50:a8:26:
                    ae:10:07:7b:70:84:17:5c:3e:93:d4:61:d0:c4:66:
                    dc:1c:92:bd:14:0d:ae:f3:1d:ef:aa:44:43:66:9e:
                    90:bd:06:d4:3a:f0:a9:4d:b6:31:3e:80:29:03:d1:
                    06:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                78:66:C6:D7:7B:AB:99:76:3B:FC:01:DD:07:0D:A4:2B:3E:A4:8C:C3
            X509v3 Authority Key Identifier:
                keyid:01:8C:C6:F4:66:A2:41:65:7B:F5:EC:52:A6:30:DA:EB:01:22:2F:85

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AYzG9GaiQWV79exSpjDa6wEiL4U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ce/3cf2fb-cf43-4c52-a2a1-be8d8c67df95/1/eGbG13urmXY7_AHdBw2kKz6kjMM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ce/3cf2fb-cf43-4c52-a2a1-be8d8c67df95/1/AYzG9GaiQWV79exSpjDa6wEiL4U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:d800::/29

    Signature Algorithm: sha256WithRSAEncryption
         6b:1c:c7:ad:da:2e:4b:e0:e7:79:1e:d8:5a:8b:05:ed:7a:b4:
         0f:66:84:7f:60:4b:e9:be:91:2d:24:bf:be:8e:6e:ad:d1:18:
         6e:c9:be:c2:53:3f:ec:75:82:2b:c5:2e:24:97:6b:71:fd:40:
         2c:16:2d:c5:96:29:06:59:ac:27:54:12:90:25:a4:2c:bb:cc:
         c4:05:24:37:b2:26:b9:43:91:08:17:c5:ef:1e:e4:f1:59:89:
         d7:00:79:6b:fc:f6:1c:72:b0:1c:c3:f9:bf:3b:b6:75:12:88:
         44:ba:ab:c0:05:7d:1c:e9:ea:2e:d4:71:78:7b:d3:a4:a7:24:
         26:6f:db:5b:6e:77:44:19:3e:42:ec:87:d2:ca:a3:75:80:8f:
         ca:cb:e1:68:2f:de:b8:14:4d:69:d2:7e:f6:36:85:fb:3e:76:
         c3:32:f1:79:76:92:f8:74:15:8b:06:6f:f2:2b:a4:40:49:14:
         cd:7b:57:44:92:13:e5:84:16:19:f7:0d:ae:6d:7a:4a:3b:e8:
         fe:d5:c1:0c:07:e7:ab:fd:36:6a:bc:c7:45:2c:f5:c4:1f:01:
         13:64:23:b3:5f:3e:55:e6:42:ae:c7:3b:fe:49:e1:50:9d:15:
         63:a6:3e:ea:df:23:ae:2f:58:c0:90:0a:81:11:ab:5a:2a:37:
         e3:95:3e:54
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzEk3tyFEC88YbSpAAETsooMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAxOGNjNmY0NjZhMjQxNjU3YmY1ZWM1MmE2MzBkYWViMDEy
MjJmODUwHhcNMjQwMTAxMTAzMDQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ODY2YzZkNzdiYWI5OTc2M2JmYzAxZGQwNzBkYTQyYjNlYTQ4Y2MzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkiu7Cl1OQZz+i3fhq1v/JsE0dVSq
6vdUKG9qbtC2/ln06Eatgzjm/iXOlNIu+V5TmuDVwbUeF5IKgZ1WzhUPrmMgVfVw
P5zYhCAi3U/llNVoJUKxJpbPcXyvJRASVf6FL5XUmWNSNr43r/dsRtRLVHzIPWR4
GXpgigx7Hzm3p3hUUntcYYuNz+QG9vG5/zYSXw11BSWbr8RdOb+uelue5nPmx7Qc
G/88gDVv2y4sGfyoliQjkp9tpduPviYfCaJLLS5v/exy4l0p1v2X+yJQqCauEAd7
cIQXXD6T1GHQxGbcHJK9FA2u8x3vqkRDZp6QvQbUOvCpTbYxPoApA9EGhQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFHhmxtd7q5l2O/wB3QcNpCs+pIzDMB8GA1UdIwQY
MBaAFAGMxvRmokFle/XsUqYw2usBIi+FMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQVl6RzlHYWlRV1Y3OWV4U3BqRGE2d0VpTDRVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZS8zY2YyZmItY2Y0My00YzUyLWEyYTEt
YmU4ZDhjNjdkZjk1LzEvZUdiRzEzdXJtWFk3X0FIZEJ3MmtLejZrak1NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZS8zY2YyZmItY2Y0My00YzUyLWEyYTEtYmU4ZDhjNjdkZjk1
LzEvQVl6RzlHYWlRV1Y3OWV4U3BqRGE2d0VpTDRVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKg/YADAN
BgkqhkiG9w0BAQsFAAOCAQEAaxzHrdouS+DneR7YWosF7Xq0D2aEf2BL6b6RLSS/
vo5urdEYbsm+wlM/7HWCK8UuJJdrcf1ALBYtxZYpBlmsJ1QSkCWkLLvMxAUkN7Im
uUORCBfF7x7k8VmJ1wB5a/z2HHKwHMP5vzu2dRKIRLqrwAV9HOnqLtRxeHvTpKck
Jm/bW253RBk+QuyH0sqjdYCPysvhaC/euBRNadJ+9jaF+z52wzLxeXaS+HQViwZv
8iukQEkUzXtXRJIT5YQWGfcNrm16Sjvo/tXBDAfnq/02arzHRSz1xB8BE2Qjs18+
VeZCrsc7/knhUJ0VY6Y+6t8jri9YwJAKgRGrWio345U+VA==
-----END CERTIFICATE-----