Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/k7i31sZuCYM1xh8RD1SCSShRKyI.roa
File:                     k7i31sZuCYM1xh8RD1SCSShRKyI.roa (raw, json)
Hash identifier:          zRQE8vYTX2abKgDovVUVM6MGQVie4+bu3bOz6u/BdQM=
Subject key identifier:   93:B8:B7:D6:C6:6E:09:83:35:C6:1F:11:0F:54:82:49:28:51:2B:22
Certificate issuer:       /CN=b4253c4f233ce9847699ae68ecbf5d7514b0fadb
Certificate serial:       018CC64AE1BADB0E5718BD8F93673C7C3430
Authority key identifier: B4:25:3C:4F:23:3C:E9:84:76:99:AE:68:EC:BF:5D:75:14:B0:FA:DB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tCU8TyM86YR2ma5o7L9ddRSw-ts.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/k7i31sZuCYM1xh8RD1SCSShRKyI.roa
Signing time:             Mon 01 Jan 2024 18:30:45 +0000
ROA not before:           Mon 01 Jan 2024 18:30:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62874
IP address blocks:        2a00:f826:11::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/tCU8TyM86YR2ma5o7L9ddRSw-ts.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/tCU8TyM86YR2ma5o7L9ddRSw-ts.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tCU8TyM86YR2ma5o7L9ddRSw-ts.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 23:01:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:e1:ba:db:0e:57:18:bd:8f:93:67:3c:7c:34:30
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4253c4f233ce9847699ae68ecbf5d7514b0fadb
        Validity
            Not Before: Jan  1 18:30:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=93b8b7d6c66e098335c61f110f54824928512b22
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:9d:fe:3e:e2:cb:71:3b:93:a1:d0:7b:04:73:
                    9f:8a:f1:db:cb:c0:19:8a:21:57:74:e9:db:07:86:
                    0e:b9:ed:87:25:a9:a3:eb:d0:79:4f:95:ac:63:04:
                    20:ae:66:52:d7:51:65:16:f5:24:c5:07:cc:2a:60:
                    72:e3:0e:6e:ee:e4:08:9f:5f:8e:44:1a:29:f2:98:
                    41:86:b0:93:d1:3c:a5:e5:b8:71:49:36:ed:1d:94:
                    04:60:be:de:5c:d1:c8:ed:71:51:53:da:6d:84:25:
                    26:7a:f2:df:3d:17:19:fd:c6:f4:f1:37:73:85:91:
                    45:b4:81:8d:9d:6f:99:81:67:e7:22:b7:d9:30:b6:
                    68:f8:2e:55:e4:4a:b6:df:51:59:a8:29:33:58:d8:
                    29:3a:8e:33:5f:e8:63:de:59:31:a2:2d:96:72:98:
                    7e:b2:92:45:2c:08:27:97:f1:1a:10:ef:e5:df:d1:
                    15:2e:be:d0:fb:4c:66:8d:3b:9f:47:a1:df:b5:14:
                    73:10:45:8b:a1:23:95:d4:7b:07:42:1f:29:ae:79:
                    f2:6b:87:dc:d0:b5:83:ef:fa:c4:60:aa:bb:e5:e2:
                    df:16:78:90:49:fb:2b:0d:73:a3:37:db:dc:92:34:
                    98:25:63:06:1d:e6:a9:e8:40:84:d2:58:1e:58:11:
                    57:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:B8:B7:D6:C6:6E:09:83:35:C6:1F:11:0F:54:82:49:28:51:2B:22
            X509v3 Authority Key Identifier:
                keyid:B4:25:3C:4F:23:3C:E9:84:76:99:AE:68:EC:BF:5D:75:14:B0:FA:DB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tCU8TyM86YR2ma5o7L9ddRSw-ts.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/k7i31sZuCYM1xh8RD1SCSShRKyI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/tCU8TyM86YR2ma5o7L9ddRSw-ts.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a00:f826:11::/48

    Signature Algorithm: sha256WithRSAEncryption
         27:43:a8:cd:b3:b2:db:b9:0c:c0:dc:83:92:f3:bd:d5:ec:8a:
         d0:9f:cc:5a:2b:76:1f:e3:d8:4d:ae:62:2e:5f:54:87:96:eb:
         f8:03:55:04:79:04:c4:49:9c:79:c3:c9:dd:3b:15:2e:2e:7c:
         ba:38:ba:b3:60:a8:13:4b:d9:28:f6:3f:20:ab:78:0f:5b:cb:
         dd:ff:d3:b9:35:b2:28:e6:6e:bb:a0:c7:9f:6b:47:b5:80:40:
         08:f9:93:e6:18:41:3b:21:ab:ce:d2:e0:c2:ac:4e:71:f8:5a:
         69:f8:b2:b5:29:c5:60:ea:18:d1:5d:f6:ab:93:c2:f4:9a:57:
         c8:89:e2:c0:6e:c6:fb:50:b2:5d:61:de:a5:e7:51:de:fb:7c:
         fd:b0:d9:f4:73:23:a4:04:39:63:50:36:4d:46:1f:6b:c5:9d:
         cd:8a:c3:7f:d3:d7:79:18:3a:e6:7d:64:ff:40:50:d3:a5:dd:
         fa:8c:3d:a3:d5:ae:4c:ae:45:02:16:d6:a8:6f:b7:8c:8f:5d:
         95:e0:7f:87:eb:f7:da:5a:35:c7:46:1e:ce:c6:e4:c4:0c:66:
         1e:84:5d:f9:ec:27:8c:87:25:c3:fa:74:ca:d7:92:38:23:6b:
         01:b9:27:18:63:80:bf:24:a7:c5:0e:11:59:2f:27:81:8e:5d:
         4a:b1:1d:8c
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzGSuG62w5XGL2Pk2c8fDQwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0MjUzYzRmMjMzY2U5ODQ3Njk5YWU2OGVjYmY1ZDc1MTRi
MGZhZGIwHhcNMjQwMTAxMTgzMDQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5M2I4YjdkNmM2NmUwOTgzMzVjNjFmMTEwZjU0ODI0OTI4NTEyYjIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApZ3+PuLLcTuTodB7BHOfivHby8AZ
iiFXdOnbB4YOue2HJamj69B5T5WsYwQgrmZS11FlFvUkxQfMKmBy4w5u7uQIn1+O
RBop8phBhrCT0Tyl5bhxSTbtHZQEYL7eXNHI7XFRU9pthCUmevLfPRcZ/cb08Tdz
hZFFtIGNnW+ZgWfnIrfZMLZo+C5V5Eq231FZqCkzWNgpOo4zX+hj3lkxoi2Wcph+
spJFLAgnl/EaEO/l39EVLr7Q+0xmjTufR6HftRRzEEWLoSOV1HsHQh8prnnya4fc
0LWD7/rEYKq75eLfFniQSfsrDXOjN9vckjSYJWMGHeap6ECE0lgeWBFXswIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFJO4t9bGbgmDNcYfEQ9UgkkoUSsiMB8GA1UdIwQY
MBaAFLQlPE8jPOmEdpmuaOy/XXUUsPrbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdENVOFR5TTg2WVIybWE1bzdMOWRkUlN3LXRzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC80MWQ2ZTEtNWNhZC00MGRiLTk3NzMt
NThiMzhmNWFjODBiLzEvazdpMzFzWnVDWU0xeGg4UkQxU0NTU2hSS3lJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC80MWQ2ZTEtNWNhZC00MGRiLTk3NzMtNThiMzhmNWFjODBi
LzEvdENVOFR5TTg2WVIybWE1bzdMOWRkUlN3LXRzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgD4JgAR
MA0GCSqGSIb3DQEBCwUAA4IBAQAnQ6jNs7LbuQzA3IOS873V7IrQn8xaK3Yf49hN
rmIuX1SHluv4A1UEeQTESZx5w8ndOxUuLny6OLqzYKgTS9ko9j8gq3gPW8vd/9O5
NbIo5m67oMefa0e1gEAI+ZPmGEE7IavO0uDCrE5x+Fpp+LK1KcVg6hjRXfark8L0
mlfIieLAbsb7ULJdYd6l51He+3z9sNn0cyOkBDljUDZNRh9rxZ3NisN/09d5GDrm
fWT/QFDTpd36jD2j1a5MrkUCFtaob7eMj12V4H+H6/faWjXHRh7OxuTEDGYehF35
7CeMhyXD+nTK15I4I2sBuScYY4C/JKfFDhFZLyeBjl1KsR2M
-----END CERTIFICATE-----