Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/m0NjkebGlF9axQug2i04JCTsvds.roa
File:                     m0NjkebGlF9axQug2i04JCTsvds.roa (raw, json)
Hash identifier:          Wo6Ispc+xOSYcE/OVG9jB2uvDmykVfpN+2KNJHltpeg=
Subject key identifier:   9B:43:63:91:E6:C6:94:5F:5A:C5:0B:A0:DA:2D:38:24:24:EC:BD:DB
Certificate issuer:       /CN=7c3d022a240ce71e0a6e1e9aae0112da840cc34b
Certificate serial:       01922EEE6737C6B0A8103E1A315142AF2B13
Authority key identifier: 7C:3D:02:2A:24:0C:E7:1E:0A:6E:1E:9A:AE:01:12:DA:84:0C:C3:4B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fD0CKiQM5x4Kbh6argES2oQMw0s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/m0NjkebGlF9axQug2i04JCTsvds.roa
Signing time:             Thu 26 Sep 2024 15:23:48 +0000
ROA not before:           Thu 26 Sep 2024 15:23:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48147
IP address blocks:        2a05:9080:8::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/fD0CKiQM5x4Kbh6argES2oQMw0s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/fD0CKiQM5x4Kbh6argES2oQMw0s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fD0CKiQM5x4Kbh6argES2oQMw0s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:2e:ee:67:37:c6:b0:a8:10:3e:1a:31:51:42:af:2b:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7c3d022a240ce71e0a6e1e9aae0112da840cc34b
        Validity
            Not Before: Sep 26 15:23:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9b436391e6c6945f5ac50ba0da2d382424ecbddb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:c0:7c:be:ca:67:c8:69:fd:b2:6e:2b:47:56:
                    6e:d4:20:a0:58:2e:d5:70:73:d3:68:52:2b:ee:3e:
                    ef:7f:c4:1b:b1:93:c5:9f:d1:7a:3c:a3:24:59:89:
                    4f:e8:e4:f0:31:e9:ff:80:4d:80:f3:8c:df:fa:54:
                    8b:b3:4d:5d:c7:62:a3:da:d0:7e:54:1e:02:9f:66:
                    28:67:de:f6:b2:2f:8c:b4:6b:de:f9:fe:f9:8c:54:
                    2c:81:ab:c4:37:05:7d:56:a3:8e:7b:01:78:f6:3b:
                    d0:00:aa:69:10:d1:97:67:01:84:ce:81:6e:13:d6:
                    c5:86:73:fa:36:10:50:e4:64:a7:e9:64:87:9e:93:
                    7a:89:5e:9f:70:1f:8e:a9:2a:66:12:48:f4:57:25:
                    71:04:83:22:a5:25:f3:a3:e0:79:e7:81:79:cc:1d:
                    e6:85:42:a9:4e:8c:16:ab:84:b7:a8:be:ef:31:3d:
                    b0:e2:6c:89:4c:08:12:7c:d9:ab:c6:b9:45:63:0e:
                    56:75:14:03:2a:7f:12:96:6e:ed:22:3e:98:0c:62:
                    65:45:4c:c6:cf:90:8e:ab:86:88:57:2b:a1:b6:f7:
                    f9:9c:29:0b:f6:d2:cc:87:33:da:a3:7c:a4:b4:65:
                    1e:33:8a:bd:5d:a9:26:e7:d3:62:9b:d9:4c:ac:0b:
                    c1:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9B:43:63:91:E6:C6:94:5F:5A:C5:0B:A0:DA:2D:38:24:24:EC:BD:DB
            X509v3 Authority Key Identifier:
                keyid:7C:3D:02:2A:24:0C:E7:1E:0A:6E:1E:9A:AE:01:12:DA:84:0C:C3:4B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fD0CKiQM5x4Kbh6argES2oQMw0s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/m0NjkebGlF9axQug2i04JCTsvds.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/fD0CKiQM5x4Kbh6argES2oQMw0s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:9080:8::/48

    Signature Algorithm: sha256WithRSAEncryption
         70:f4:5b:32:41:c8:11:11:29:0c:20:bc:b0:a5:a2:60:e7:98:
         77:2d:fd:1b:f3:2f:b7:85:b7:2e:81:eb:95:48:c5:d9:64:09:
         41:7b:e8:4f:45:1d:c8:42:59:9e:dc:c1:49:48:ae:b2:38:b1:
         e3:e5:18:4b:fe:da:68:20:bc:d4:09:8b:94:c1:c2:b3:1f:27:
         96:10:fc:4b:90:8c:69:04:99:12:93:1d:98:11:bd:d5:5a:89:
         55:cd:9f:a5:35:ce:fa:a6:a7:e7:38:f7:9a:ff:69:16:50:10:
         11:30:e2:60:c2:82:a5:9f:fa:6e:28:db:53:18:48:4b:4a:72:
         3f:88:31:f8:06:fb:30:0b:c9:ee:ec:5f:95:10:bd:6d:69:70:
         25:14:61:0d:60:eb:ea:db:49:43:d2:bd:76:3b:69:e5:fc:24:
         8d:61:08:32:5c:d2:e1:ba:f5:cc:cb:c9:29:28:20:40:45:00:
         d4:7c:56:75:f1:dd:5c:8d:6c:f0:2d:9d:2a:88:f6:ba:99:c3:
         6e:17:c8:6f:69:b0:73:ab:e3:5f:fe:7f:85:29:0f:87:64:6c:
         d0:d8:65:e8:83:40:3f:8a:ca:df:3b:c6:0e:1e:2d:ce:f9:a7:
         7f:13:e3:ac:ad:d1:dc:49:6b:b2:2d:10:f2:3e:ec:26:46:8c:
         4c:42:bf:7f
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZIu7mc3xrCoED4aMVFCrysTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdjM2QwMjJhMjQwY2U3MWUwYTZlMWU5YWFlMDExMmRhODQw
Y2MzNGIwHhcNMjQwOTI2MTUyMzQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YjQzNjM5MWU2YzY5NDVmNWFjNTBiYTBkYTJkMzgyNDI0ZWNiZGRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx8B8vspnyGn9sm4rR1Zu1CCgWC7V
cHPTaFIr7j7vf8QbsZPFn9F6PKMkWYlP6OTwMen/gE2A84zf+lSLs01dx2Kj2tB+
VB4Cn2YoZ972si+MtGve+f75jFQsgavENwV9VqOOewF49jvQAKppENGXZwGEzoFu
E9bFhnP6NhBQ5GSn6WSHnpN6iV6fcB+OqSpmEkj0VyVxBIMipSXzo+B554F5zB3m
hUKpTowWq4S3qL7vMT2w4myJTAgSfNmrxrlFYw5WdRQDKn8Slm7tIj6YDGJlRUzG
z5COq4aIVyuhtvf5nCkL9tLMhzPao3yktGUeM4q9Xakm59Nim9lMrAvB9QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFJtDY5HmxpRfWsULoNotOCQk7L3bMB8GA1UdIwQY
MBaAFHw9AiokDOceCm4emq4BEtqEDMNLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZkQwQ0tpUU01eDRLYmg2YXJnRVMyb1FNdzBzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZi9mZDM2MmYtYWZjYi00Y2Y1LTk4YzYt
MDk0ODk4OWU2ZDU1LzEvbTBOamtlYkdsRjlheFF1ZzJpMDRKQ1RzdmRzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZi9mZDM2MmYtYWZjYi00Y2Y1LTk4YzYtMDk0ODk4OWU2ZDU1
LzEvZkQwQ0tpUU01eDRLYmg2YXJnRVMyb1FNdzBzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgWQgAAI
MA0GCSqGSIb3DQEBCwUAA4IBAQBw9FsyQcgRESkMILywpaJg55h3Lf0b8y+3hbcu
geuVSMXZZAlBe+hPRR3IQlme3MFJSK6yOLHj5RhL/tpoILzUCYuUwcKzHyeWEPxL
kIxpBJkSkx2YEb3VWolVzZ+lNc76pqfnOPea/2kWUBARMOJgwoKln/puKNtTGEhL
SnI/iDH4BvswC8nu7F+VEL1taXAlFGENYOvq20lD0r12O2nl/CSNYQgyXNLhuvXM
y8kpKCBARQDUfFZ18d1cjWzwLZ0qiPa6mcNuF8hvabBzq+Nf/n+FKQ+HZGzQ2GXo
g0A/isrfO8YOHi3O+ad/E+OsrdHcSWuyLRDyPuwmRoxMQr9/
-----END CERTIFICATE-----