Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/c0bd67-f7dd-4ce2-ab7e-a347564158f8/1/A4ETMnVpd9FKMsWr1xoGVNiRnQ0.roa
File:                     A4ETMnVpd9FKMsWr1xoGVNiRnQ0.roa (raw, json)
Hash identifier:          om1gO0GDBD6gvouVjflpQK4UVmpP3oimb5oVnEzGSHI=
Subject key identifier:   03:81:13:32:75:69:77:D1:4A:32:C5:AB:D7:1A:06:54:D8:91:9D:0D
Certificate issuer:       /CN=0c21b925b4c4bcc30f77c9c41ba8d040ac95dfc6
Certificate serial:       018CC5DCFA62B052EE44DAD35EB247F79B3F
Authority key identifier: 0C:21:B9:25:B4:C4:BC:C3:0F:77:C9:C4:1B:A8:D0:40:AC:95:DF:C6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DCG5JbTEvMMPd8nEG6jQQKyV38Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/c0bd67-f7dd-4ce2-ab7e-a347564158f8/1/A4ETMnVpd9FKMsWr1xoGVNiRnQ0.roa
Signing time:             Mon 01 Jan 2024 16:30:42 +0000
ROA not before:           Mon 01 Jan 2024 16:30:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212279
IP address blocks:        2a0f:607:1100::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/c0bd67-f7dd-4ce2-ab7e-a347564158f8/1/DCG5JbTEvMMPd8nEG6jQQKyV38Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/c0bd67-f7dd-4ce2-ab7e-a347564158f8/1/DCG5JbTEvMMPd8nEG6jQQKyV38Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DCG5JbTEvMMPd8nEG6jQQKyV38Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:fa:62:b0:52:ee:44:da:d3:5e:b2:47:f7:9b:3f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0c21b925b4c4bcc30f77c9c41ba8d040ac95dfc6
        Validity
            Not Before: Jan  1 16:30:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=03811332756977d14a32c5abd71a0654d8919d0d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:80:65:ba:b6:84:2e:75:e0:0d:7c:c9:00:da:
                    de:14:81:15:6d:25:11:0e:db:23:73:32:21:7d:aa:
                    ee:03:13:8a:1a:3b:05:a9:01:61:e8:93:4f:29:97:
                    0f:79:ca:2c:1f:da:3b:16:a5:e1:bc:ad:f1:2a:fb:
                    33:43:fb:40:37:d1:3e:39:df:b9:72:29:3b:26:8c:
                    a2:ec:7e:3e:98:f2:81:83:17:4b:06:1e:17:40:43:
                    b7:4a:94:0d:44:4a:19:e9:a4:97:b2:fa:24:de:e4:
                    2a:df:35:4b:83:0c:50:7a:ef:b0:3f:03:fa:3c:4a:
                    32:10:de:66:86:b4:49:57:06:d3:d3:6d:b6:89:2c:
                    06:4b:2b:a1:f5:5a:82:26:c6:0c:a0:0c:7a:86:5c:
                    6e:ac:6b:df:8d:d4:43:c3:d7:d2:c3:86:4f:72:0f:
                    bc:44:f5:20:0a:39:1b:07:87:7a:f6:99:07:0d:b5:
                    3d:b0:6f:d3:10:e2:f9:21:fa:d2:21:c4:a4:bb:d9:
                    91:a1:f3:2a:d2:a8:e7:f4:15:a6:20:86:f1:e8:54:
                    0c:31:bf:5d:18:56:95:3c:97:65:7e:22:2e:3d:79:
                    7c:11:af:b4:d3:67:27:29:a6:03:77:ed:71:5f:25:
                    07:f7:a5:3f:97:31:ce:df:f6:96:6e:3d:0e:a0:f0:
                    0c:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:81:13:32:75:69:77:D1:4A:32:C5:AB:D7:1A:06:54:D8:91:9D:0D
            X509v3 Authority Key Identifier:
                keyid:0C:21:B9:25:B4:C4:BC:C3:0F:77:C9:C4:1B:A8:D0:40:AC:95:DF:C6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DCG5JbTEvMMPd8nEG6jQQKyV38Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/c0bd67-f7dd-4ce2-ab7e-a347564158f8/1/A4ETMnVpd9FKMsWr1xoGVNiRnQ0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/c0bd67-f7dd-4ce2-ab7e-a347564158f8/1/DCG5JbTEvMMPd8nEG6jQQKyV38Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:607:1100::/44

    Signature Algorithm: sha256WithRSAEncryption
         c0:6d:cf:eb:1d:41:75:0b:45:a1:6c:19:b0:c3:30:e0:e5:9a:
         3d:02:35:05:14:20:ae:c5:41:11:97:08:74:d7:24:b2:be:c9:
         b1:9e:6a:0c:0d:83:1e:eb:51:e6:73:8e:6c:e6:6d:c1:ae:36:
         9c:aa:e0:cb:ce:a5:71:7c:f6:d6:b4:ea:e5:11:4e:73:7f:62:
         9e:5a:9d:50:60:f9:e1:3a:9d:28:e0:01:26:d2:e1:a0:ff:fa:
         7b:1e:e7:f7:04:9d:54:39:73:fc:4e:22:cb:73:2b:aa:f6:fe:
         13:a3:7c:c2:8b:65:a4:53:03:1d:d9:fe:41:0e:50:01:fa:2d:
         90:41:2d:98:24:65:eb:64:a5:0d:a5:3c:1b:48:79:f1:79:37:
         cb:5a:62:d4:b1:7a:49:16:5a:44:97:4e:b4:25:36:5b:23:01:
         5a:e1:e7:b2:72:f3:d9:9a:e3:bb:6c:83:cb:b1:28:e7:fb:2c:
         17:d7:ee:fc:a8:8c:24:49:c6:85:44:f3:50:8f:4b:92:fa:22:
         1a:5e:83:96:34:08:9a:ac:87:c2:6e:0b:4d:a1:c9:be:cc:57:
         99:a5:ed:6a:e2:9d:f4:a7:0a:49:51:95:1d:47:42:7b:72:35:
         ea:46:c4:84:c5:d4:38:7a:6b:a1:69:67:6d:3e:c9:da:a0:de:
         3f:0e:fb:43
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzF3PpisFLuRNrTXrJH95s/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjMjFiOTI1YjRjNGJjYzMwZjc3YzljNDFiYThkMDQwYWM5
NWRmYzYwHhcNMjQwMTAxMTYzMDQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMzgxMTMzMjc1Njk3N2QxNGEzMmM1YWJkNzFhMDY1NGQ4OTE5ZDBkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgIBluraELnXgDXzJANreFIEVbSUR
DtsjczIhfaruAxOKGjsFqQFh6JNPKZcPecosH9o7FqXhvK3xKvszQ/tAN9E+Od+5
cik7Joyi7H4+mPKBgxdLBh4XQEO3SpQNREoZ6aSXsvok3uQq3zVLgwxQeu+wPwP6
PEoyEN5mhrRJVwbT0222iSwGSyuh9VqCJsYMoAx6hlxurGvfjdRDw9fSw4ZPcg+8
RPUgCjkbB4d69pkHDbU9sG/TEOL5IfrSIcSku9mRofMq0qjn9BWmIIbx6FQMMb9d
GFaVPJdlfiIuPXl8Ea+002cnKaYDd+1xXyUH96U/lzHO3/aWbj0OoPAMNQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFAOBEzJ1aXfRSjLFq9caBlTYkZ0NMB8GA1UdIwQY
MBaAFAwhuSW0xLzDD3fJxBuo0ECsld/GMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRENHNUpiVEV2TU1QZDhuRUc2alFRS3lWMzhZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9jMGJkNjctZjdkZC00Y2UyLWFiN2Ut
YTM0NzU2NDE1OGY4LzEvQTRFVE1uVnBkOUZLTXNXcjF4b0dWTmlSblEwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9jMGJkNjctZjdkZC00Y2UyLWFiN2UtYTM0NzU2NDE1OGY4
LzEvRENHNUpiVEV2TU1QZDhuRUc2alFRS3lWMzhZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg8GBxEA
MA0GCSqGSIb3DQEBCwUAA4IBAQDAbc/rHUF1C0WhbBmwwzDg5Zo9AjUFFCCuxUER
lwh01ySyvsmxnmoMDYMe61Hmc45s5m3BrjacquDLzqVxfPbWtOrlEU5zf2KeWp1Q
YPnhOp0o4AEm0uGg//p7Huf3BJ1UOXP8TiLLcyuq9v4To3zCi2WkUwMd2f5BDlAB
+i2QQS2YJGXrZKUNpTwbSHnxeTfLWmLUsXpJFlpEl060JTZbIwFa4eeycvPZmuO7
bIPLsSjn+ywX1+78qIwkScaFRPNQj0uS+iIaXoOWNAiarIfCbgtNocm+zFeZpe1q
4p30pwpJUZUdR0J7cjXqRsSExdQ4emuhaWdtPsnaoN4/DvtD
-----END CERTIFICATE-----