Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/c0bd67-f7dd-4ce2-ab7e-a347564158f8/1/NhO3_RjbYIpGKWdlFLCubHI1S1Q.roa
File:                     NhO3_RjbYIpGKWdlFLCubHI1S1Q.roa (raw, json)
Hash identifier:          Bx1MYNMWhkMUsNXeW8txyueZdiri180rcR0ME4YiE/o=
Subject key identifier:   36:13:B7:FD:18:DB:60:8A:46:29:67:65:14:B0:AE:6C:72:35:4B:54
Certificate issuer:       /CN=0c21b925b4c4bcc30f77c9c41ba8d040ac95dfc6
Certificate serial:       018CC5DCF4D5AD7021FB16C1BE80C7976E50
Authority key identifier: 0C:21:B9:25:B4:C4:BC:C3:0F:77:C9:C4:1B:A8:D0:40:AC:95:DF:C6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DCG5JbTEvMMPd8nEG6jQQKyV38Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/c0bd67-f7dd-4ce2-ab7e-a347564158f8/1/NhO3_RjbYIpGKWdlFLCubHI1S1Q.roa
Signing time:             Mon 01 Jan 2024 16:30:41 +0000
ROA not before:           Mon 01 Jan 2024 16:30:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43126
IP address blocks:        2a0f:607:1060::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/c0bd67-f7dd-4ce2-ab7e-a347564158f8/1/DCG5JbTEvMMPd8nEG6jQQKyV38Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/c0bd67-f7dd-4ce2-ab7e-a347564158f8/1/DCG5JbTEvMMPd8nEG6jQQKyV38Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DCG5JbTEvMMPd8nEG6jQQKyV38Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:f4:d5:ad:70:21:fb:16:c1:be:80:c7:97:6e:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0c21b925b4c4bcc30f77c9c41ba8d040ac95dfc6
        Validity
            Not Before: Jan  1 16:30:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3613b7fd18db608a4629676514b0ae6c72354b54
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:3e:6f:3d:92:e5:89:44:48:76:b8:d1:c6:63:
                    63:2c:25:a0:3a:a4:b5:58:86:fd:79:fc:d2:7e:2e:
                    44:ff:72:53:b9:3d:7c:9c:e5:7b:12:4d:15:c5:8e:
                    f8:c1:7c:9d:e3:74:54:7b:ea:39:f2:e5:ce:c9:e5:
                    45:ad:15:a5:89:d6:a8:ed:f5:81:ca:6e:bf:c6:08:
                    62:cc:7e:ca:08:2a:1e:82:fa:87:21:fe:21:e3:31:
                    30:ad:9b:b0:55:06:29:24:ce:4e:94:9f:e0:97:69:
                    c6:35:e8:48:16:69:da:8f:27:7b:b9:27:a5:67:09:
                    57:5f:5a:99:94:9f:9f:ce:16:49:b8:4e:1d:ce:d8:
                    b1:55:7e:42:ca:f6:4a:4c:b7:d3:57:45:db:de:b3:
                    dc:f3:47:bc:ef:d6:0f:f1:b6:bb:1a:4f:1f:ad:a1:
                    26:88:76:9b:a9:a4:aa:1a:47:33:af:48:b0:02:71:
                    da:5b:88:e4:89:bc:90:ba:35:ba:c3:a7:4e:6c:f9:
                    0e:02:1c:c4:ab:0f:dd:9f:ee:5a:f1:dc:f3:a0:a9:
                    6e:a4:09:85:e7:d3:47:7f:e2:ff:b6:96:49:85:5d:
                    8a:92:5c:c3:fd:77:26:5b:16:7b:86:6d:6a:db:24:
                    9a:b7:5f:8c:51:a0:4f:c6:cf:8b:10:dc:09:8f:87:
                    25:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:13:B7:FD:18:DB:60:8A:46:29:67:65:14:B0:AE:6C:72:35:4B:54
            X509v3 Authority Key Identifier:
                keyid:0C:21:B9:25:B4:C4:BC:C3:0F:77:C9:C4:1B:A8:D0:40:AC:95:DF:C6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DCG5JbTEvMMPd8nEG6jQQKyV38Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/c0bd67-f7dd-4ce2-ab7e-a347564158f8/1/NhO3_RjbYIpGKWdlFLCubHI1S1Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/c0bd67-f7dd-4ce2-ab7e-a347564158f8/1/DCG5JbTEvMMPd8nEG6jQQKyV38Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:607:1060::/44

    Signature Algorithm: sha256WithRSAEncryption
         3e:0c:eb:87:24:5b:18:42:43:0a:4a:15:0f:58:70:8b:d8:0e:
         a1:d2:7a:f8:7a:2d:7f:16:f7:77:54:83:9c:9b:86:9b:f8:21:
         b7:3f:dc:88:c7:0e:20:33:c0:de:e8:4e:e1:ba:44:fb:be:34:
         c0:51:9a:a3:a0:51:9f:db:b8:d7:a4:b7:2d:55:e5:7d:8c:ed:
         bd:71:1b:4c:fc:a3:67:36:7e:41:85:85:73:84:1e:7f:89:ed:
         6b:1a:38:53:be:25:d0:97:eb:2f:0e:5a:90:57:c4:7e:8c:5b:
         a9:c7:9f:a1:bc:7f:6f:d9:5c:77:a0:3a:7f:f0:36:92:5a:36:
         32:fb:1e:8d:5f:ec:77:db:0a:6e:7c:c3:16:4e:71:f2:cd:29:
         26:d4:90:c7:a4:87:b1:6f:06:a9:69:46:bc:26:03:6b:52:b5:
         8f:68:18:6f:53:0f:ae:47:60:2e:f4:e3:91:84:70:c6:6b:c8:
         3f:20:d3:0e:76:40:6d:fe:70:aa:6b:3c:2c:93:ed:b4:d5:bf:
         83:2b:28:ab:50:6e:4b:19:09:7b:9c:e8:2f:8d:a9:e8:24:1a:
         44:8f:66:c5:b7:b9:29:a5:8e:33:16:49:5f:d6:b3:fb:bb:86:
         98:93:95:3a:d6:fd:ec:cc:53:64:de:32:27:eb:5a:8d:e6:b3:
         2f:95:01:30
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzF3PTVrXAh+xbBvoDHl25QMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjMjFiOTI1YjRjNGJjYzMwZjc3YzljNDFiYThkMDQwYWM5
NWRmYzYwHhcNMjQwMTAxMTYzMDQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNjEzYjdmZDE4ZGI2MDhhNDYyOTY3NjUxNGIwYWU2YzcyMzU0YjU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgT5vPZLliURIdrjRxmNjLCWgOqS1
WIb9efzSfi5E/3JTuT18nOV7Ek0VxY74wXyd43RUe+o58uXOyeVFrRWlidao7fWB
ym6/xghizH7KCCoegvqHIf4h4zEwrZuwVQYpJM5OlJ/gl2nGNehIFmnajyd7uSel
ZwlXX1qZlJ+fzhZJuE4dztixVX5CyvZKTLfTV0Xb3rPc80e879YP8ba7Gk8fraEm
iHabqaSqGkczr0iwAnHaW4jkibyQujW6w6dObPkOAhzEqw/dn+5a8dzzoKlupAmF
59NHf+L/tpZJhV2KklzD/XcmWxZ7hm1q2ySat1+MUaBPxs+LENwJj4cltQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFDYTt/0Y22CKRilnZRSwrmxyNUtUMB8GA1UdIwQY
MBaAFAwhuSW0xLzDD3fJxBuo0ECsld/GMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRENHNUpiVEV2TU1QZDhuRUc2alFRS3lWMzhZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9jMGJkNjctZjdkZC00Y2UyLWFiN2Ut
YTM0NzU2NDE1OGY4LzEvTmhPM19SamJZSXBHS1dkbEZMQ3ViSEkxUzFRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9jMGJkNjctZjdkZC00Y2UyLWFiN2UtYTM0NzU2NDE1OGY4
LzEvRENHNUpiVEV2TU1QZDhuRUc2alFRS3lWMzhZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg8GBxBg
MA0GCSqGSIb3DQEBCwUAA4IBAQA+DOuHJFsYQkMKShUPWHCL2A6h0nr4ei1/Fvd3
VIOcm4ab+CG3P9yIxw4gM8De6E7hukT7vjTAUZqjoFGf27jXpLctVeV9jO29cRtM
/KNnNn5BhYVzhB5/ie1rGjhTviXQl+svDlqQV8R+jFupx5+hvH9v2Vx3oDp/8DaS
WjYy+x6NX+x32wpufMMWTnHyzSkm1JDHpIexbwapaUa8JgNrUrWPaBhvUw+uR2Au
9OORhHDGa8g/INMOdkBt/nCqazwsk+201b+DKyirUG5LGQl7nOgvjanoJBpEj2bF
t7kppY4zFklf1rP7u4aYk5U61v3szFNk3jIn61qN5rMvlQEw
-----END CERTIFICATE-----