Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/RXTW6KgUVAG5XXEuoSJRUgSDpMY.roa
File:                     RXTW6KgUVAG5XXEuoSJRUgSDpMY.roa (raw, json)
Hash identifier:          m6+xN3v6xo7zYUmnHBQpGJa3ImwAzmDqKvUDgh1Fwww=
Subject key identifier:   45:74:D6:E8:A8:14:54:01:B9:5D:71:2E:A1:22:51:52:04:83:A4:C6
Certificate issuer:       /CN=6e87104a4db4c46371a7f8b6a441fc30ecdfe20f
Certificate serial:       018D81EBA9E5319ACF968D6CDC4A5DFC1FDB
Authority key identifier: 6E:87:10:4A:4D:B4:C4:63:71:A7:F8:B6:A4:41:FC:30:EC:DF:E2:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bocQSk20xGNxp_i2pEH8MOzf4g8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/RXTW6KgUVAG5XXEuoSJRUgSDpMY.roa
Signing time:             Wed 07 Feb 2024 04:55:21 +0000
ROA not before:           Wed 07 Feb 2024 04:55:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202427
IP address blocks:        2a0f:b241:2c::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/bocQSk20xGNxp_i2pEH8MOzf4g8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/bocQSk20xGNxp_i2pEH8MOzf4g8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bocQSk20xGNxp_i2pEH8MOzf4g8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 14:00:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:81:eb:a9:e5:31:9a:cf:96:8d:6c:dc:4a:5d:fc:1f:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6e87104a4db4c46371a7f8b6a441fc30ecdfe20f
        Validity
            Not Before: Feb  7 04:55:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4574d6e8a8145401b95d712ea12251520483a4c6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:17:d8:53:2c:24:9f:69:73:c8:15:7d:ed:85:
                    1b:25:66:66:7e:ac:82:38:cc:50:3c:05:b8:1c:2b:
                    e6:07:66:e5:c8:a6:87:36:d7:86:c0:ed:6b:dc:75:
                    02:4c:44:d1:20:d4:16:5f:75:b2:4d:02:57:cf:0b:
                    11:0a:dd:b4:05:16:f8:4f:c3:ac:3c:38:71:0b:c9:
                    84:83:97:9d:5f:db:4c:4e:e8:b7:a2:e9:26:ac:76:
                    8a:d1:27:63:f3:df:b1:04:4f:fb:45:d8:b4:45:f3:
                    30:b4:6a:cd:b0:76:55:07:d3:b3:8d:e8:6c:81:7a:
                    42:0d:82:ff:4f:08:10:d7:ee:98:e2:6f:4e:9e:78:
                    57:14:23:45:b6:d5:58:94:1b:e9:13:75:7f:c4:b6:
                    a9:b7:22:7b:a3:af:32:19:a1:f2:a6:ee:76:5a:5e:
                    1c:4c:cb:db:3e:10:30:eb:26:76:be:22:e5:32:58:
                    56:bb:10:b5:87:47:ca:6d:b0:e2:bf:f5:eb:66:e0:
                    0e:30:9c:6b:a4:5a:2f:5a:6b:ce:1e:8f:74:2e:cb:
                    bb:05:e1:3d:b8:10:8b:d9:f7:5f:ee:b6:1f:ea:83:
                    c6:72:29:3a:e1:e4:aa:5e:5b:cb:65:11:e9:61:b8:
                    85:37:77:5b:a8:80:e6:04:ad:6f:cf:5c:77:4c:75:
                    fa:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:74:D6:E8:A8:14:54:01:B9:5D:71:2E:A1:22:51:52:04:83:A4:C6
            X509v3 Authority Key Identifier:
                keyid:6E:87:10:4A:4D:B4:C4:63:71:A7:F8:B6:A4:41:FC:30:EC:DF:E2:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bocQSk20xGNxp_i2pEH8MOzf4g8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/RXTW6KgUVAG5XXEuoSJRUgSDpMY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/bocQSk20xGNxp_i2pEH8MOzf4g8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:b241:2c::/48

    Signature Algorithm: sha256WithRSAEncryption
         66:44:a8:f7:1f:23:10:7e:cb:4c:17:97:3c:60:dc:e9:e6:0f:
         17:ba:cb:4e:3e:a8:7b:e2:c9:ca:09:21:35:ea:3f:73:56:aa:
         e5:8b:eb:72:92:48:0c:1e:03:43:87:ad:c2:89:d5:e9:7e:b8:
         88:e4:2d:b2:6f:e4:46:62:8c:15:8a:55:11:cf:97:34:9a:ac:
         0e:ee:1b:92:37:9c:69:8a:7b:e9:2e:65:d2:8e:ba:40:c1:02:
         eb:66:e7:36:4b:f8:b0:2d:0f:1c:15:ff:ce:75:a9:ee:2d:56:
         cc:26:6d:b2:af:85:1b:66:7b:9c:6d:ff:16:45:58:6b:53:e3:
         93:a3:11:a8:ea:07:f7:89:19:03:cb:08:5b:6b:73:e1:d6:6a:
         2e:d4:99:64:66:e5:00:ca:65:cb:e4:22:ae:d5:27:63:0d:1c:
         18:1b:61:6e:b3:53:64:0a:8a:92:de:29:f8:59:4a:f7:be:62:
         0d:95:67:8d:27:2a:70:85:0d:be:98:20:ad:c2:e2:29:d6:46:
         94:40:df:b0:fc:f8:05:41:28:15:cb:61:f2:ed:f9:03:31:77:
         79:31:80:a0:9b:81:d4:22:c1:82:53:bf:15:42:7d:9f:5d:a9:
         ac:d1:bc:bb:34:e6:fd:cb:2e:6d:18:10:9b:59:37:42:50:25:
         d6:e9:7f:42
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY2B66nlMZrPlo1s3Epd/B/bMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZlODcxMDRhNGRiNGM0NjM3MWE3ZjhiNmE0NDFmYzMwZWNk
ZmUyMGYwHhcNMjQwMjA3MDQ1NTIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NTc0ZDZlOGE4MTQ1NDAxYjk1ZDcxMmVhMTIyNTE1MjA0ODNhNGM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApRfYUywkn2lzyBV97YUbJWZmfqyC
OMxQPAW4HCvmB2blyKaHNteGwO1r3HUCTETRINQWX3WyTQJXzwsRCt20BRb4T8Os
PDhxC8mEg5edX9tMTui3oukmrHaK0Sdj89+xBE/7Rdi0RfMwtGrNsHZVB9Ozjehs
gXpCDYL/TwgQ1+6Y4m9OnnhXFCNFttVYlBvpE3V/xLaptyJ7o68yGaHypu52Wl4c
TMvbPhAw6yZ2viLlMlhWuxC1h0fKbbDiv/XrZuAOMJxrpFovWmvOHo90Lsu7BeE9
uBCL2fdf7rYf6oPGcik64eSqXlvLZRHpYbiFN3dbqIDmBK1vz1x3THX6eQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFEV01uioFFQBuV1xLqEiUVIEg6TGMB8GA1UdIwQY
MBaAFG6HEEpNtMRjcaf4tqRB/DDs3+IPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYm9jUVNrMjB4R054cF9pMnBFSDhNT3pmNGc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9iODdlYzAtZjc1YS00YmJlLWIwNjct
YjcxNzk4MGU0YWQ2LzEvUlhUVzZLZ1VWQUc1WFhFdW9TSlJVZ1NEcE1ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9iODdlYzAtZjc1YS00YmJlLWIwNjctYjcxNzk4MGU0YWQ2
LzEvYm9jUVNrMjB4R054cF9pMnBFSDhNT3pmNGc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+yQQAs
MA0GCSqGSIb3DQEBCwUAA4IBAQBmRKj3HyMQfstMF5c8YNzp5g8XustOPqh74snK
CSE16j9zVqrli+tykkgMHgNDh63CidXpfriI5C2yb+RGYowVilURz5c0mqwO7huS
N5xpinvpLmXSjrpAwQLrZuc2S/iwLQ8cFf/OdanuLVbMJm2yr4UbZnucbf8WRVhr
U+OToxGo6gf3iRkDywhba3Ph1mou1JlkZuUAymXL5CKu1SdjDRwYG2Fus1NkCoqS
3in4WUr3vmINlWeNJypwhQ2+mCCtwuIp1kaUQN+w/PgFQSgVy2Hy7fkDMXd5MYCg
m4HUIsGCU78VQn2fXams0by7NOb9yy5tGBCbWTdCUCXW6X9C
-----END CERTIFICATE-----