Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/c0bd67-f7dd-4ce2-ab7e-a347564158f8/1/rUzBuLfMTnGa0Sw4qWDG8MdNv8Y.roa
File:                     rUzBuLfMTnGa0Sw4qWDG8MdNv8Y.roa (raw, json)
Hash identifier:          xgXz1M4afQozNwIOLdafkUm7BvYEWhyCq4btNRWRY+M=
Subject key identifier:   AD:4C:C1:B8:B7:CC:4E:71:9A:D1:2C:38:A9:60:C6:F0:C7:4D:BF:C6
Certificate issuer:       /CN=0c21b925b4c4bcc30f77c9c41ba8d040ac95dfc6
Certificate serial:       018CC5DCFA38DF62EB8F8FFF3D43141C2B26
Authority key identifier: 0C:21:B9:25:B4:C4:BC:C3:0F:77:C9:C4:1B:A8:D0:40:AC:95:DF:C6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DCG5JbTEvMMPd8nEG6jQQKyV38Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/c0bd67-f7dd-4ce2-ab7e-a347564158f8/1/rUzBuLfMTnGa0Sw4qWDG8MdNv8Y.roa
Signing time:             Mon 01 Jan 2024 16:30:42 +0000
ROA not before:           Mon 01 Jan 2024 16:30:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212057
IP address blocks:        2a0f:607:1056::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/c0bd67-f7dd-4ce2-ab7e-a347564158f8/1/DCG5JbTEvMMPd8nEG6jQQKyV38Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/c0bd67-f7dd-4ce2-ab7e-a347564158f8/1/DCG5JbTEvMMPd8nEG6jQQKyV38Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DCG5JbTEvMMPd8nEG6jQQKyV38Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 01:00:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:fa:38:df:62:eb:8f:8f:ff:3d:43:14:1c:2b:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0c21b925b4c4bcc30f77c9c41ba8d040ac95dfc6
        Validity
            Not Before: Jan  1 16:30:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ad4cc1b8b7cc4e719ad12c38a960c6f0c74dbfc6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:6c:bd:e8:90:4d:f3:25:60:8d:db:3a:88:41:
                    e5:24:57:e0:ce:68:9f:58:8b:c9:58:90:57:da:37:
                    a7:5f:99:a0:07:d2:21:98:52:b3:18:aa:7b:c6:2c:
                    04:c3:14:da:7a:fe:ae:86:8d:4e:2f:c0:39:86:36:
                    8f:36:1d:c5:d4:65:79:ff:35:a6:20:b2:f3:06:c1:
                    ed:bf:21:7a:6d:7d:dc:3c:b1:6c:78:55:c2:f1:44:
                    84:47:b5:72:02:19:f7:a5:66:74:94:bc:03:84:74:
                    08:ba:99:0d:6e:ad:d5:54:99:23:09:bc:74:b5:ab:
                    ca:be:39:36:78:d9:58:88:40:7e:97:3b:56:5c:aa:
                    b9:0e:0e:d5:26:00:14:78:b5:45:a1:a2:cb:41:e8:
                    ca:33:71:77:79:47:8a:81:c5:0e:e6:3f:72:24:eb:
                    98:34:61:c5:70:98:48:ae:99:5e:87:e9:c6:8e:98:
                    91:66:08:c8:8e:c7:2c:2d:a5:52:54:ad:db:24:a3:
                    95:2e:be:4a:a6:c1:04:b1:d5:38:d9:d1:eb:a5:1c:
                    26:e0:6f:4a:34:d6:06:67:33:a3:ba:b6:b9:87:29:
                    7f:59:59:1e:2b:5d:f6:77:f9:18:98:89:34:85:88:
                    05:cd:70:9a:8a:41:12:70:46:a4:f7:67:0f:c0:4f:
                    44:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:4C:C1:B8:B7:CC:4E:71:9A:D1:2C:38:A9:60:C6:F0:C7:4D:BF:C6
            X509v3 Authority Key Identifier:
                keyid:0C:21:B9:25:B4:C4:BC:C3:0F:77:C9:C4:1B:A8:D0:40:AC:95:DF:C6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DCG5JbTEvMMPd8nEG6jQQKyV38Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/c0bd67-f7dd-4ce2-ab7e-a347564158f8/1/rUzBuLfMTnGa0Sw4qWDG8MdNv8Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/c0bd67-f7dd-4ce2-ab7e-a347564158f8/1/DCG5JbTEvMMPd8nEG6jQQKyV38Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:607:1056::/48

    Signature Algorithm: sha256WithRSAEncryption
         88:2e:06:be:9a:f5:24:f6:3d:65:31:63:27:9a:47:01:ab:fe:
         5f:2b:ea:71:18:de:6c:be:7b:61:bb:13:62:19:b3:e2:5e:6e:
         7a:7a:c8:ef:f9:b2:b0:c8:65:ae:d2:13:25:c1:29:9b:c3:66:
         18:7b:1a:c9:9d:df:cc:ed:85:64:e1:88:63:a9:d2:88:9b:e7:
         69:50:3b:9b:73:51:3e:e1:3b:5e:9c:03:91:8e:a0:73:50:e5:
         02:15:6c:af:a6:96:a0:fa:16:a5:61:cb:9f:b1:b2:46:b0:71:
         44:90:aa:4b:26:d1:90:18:72:90:fd:a8:47:ea:78:53:fd:56:
         a2:99:68:d1:b7:22:60:47:68:d6:40:73:3d:28:dc:49:a0:e0:
         ba:d6:47:fe:23:43:21:bd:25:f3:2f:f9:75:54:83:fb:cd:f3:
         78:3c:a3:cb:2d:fe:b7:dc:eb:69:7e:35:8b:b3:78:b8:12:79:
         ca:ee:9b:84:9a:49:4c:2f:1d:b5:2b:25:69:c8:da:53:8c:e0:
         51:fe:0a:4a:f3:34:f6:ec:7d:90:cf:c0:64:ab:9e:29:0c:e2:
         f9:7e:53:9f:8a:da:48:7f:3e:08:1a:b1:84:f5:77:6a:3d:6f:
         12:ee:78:3f:8b:75:b4:2c:a5:c5:87:0f:f6:3e:fc:05:f1:2f:
         01:5d:9c:74
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzF3Po432Lrj4//PUMUHCsmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjMjFiOTI1YjRjNGJjYzMwZjc3YzljNDFiYThkMDQwYWM5
NWRmYzYwHhcNMjQwMTAxMTYzMDQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZDRjYzFiOGI3Y2M0ZTcxOWFkMTJjMzhhOTYwYzZmMGM3NGRiZmM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlGy96JBN8yVgjds6iEHlJFfgzmif
WIvJWJBX2jenX5mgB9IhmFKzGKp7xiwEwxTaev6uho1OL8A5hjaPNh3F1GV5/zWm
ILLzBsHtvyF6bX3cPLFseFXC8USER7VyAhn3pWZ0lLwDhHQIupkNbq3VVJkjCbx0
tavKvjk2eNlYiEB+lztWXKq5Dg7VJgAUeLVFoaLLQejKM3F3eUeKgcUO5j9yJOuY
NGHFcJhIrpleh+nGjpiRZgjIjscsLaVSVK3bJKOVLr5KpsEEsdU42dHrpRwm4G9K
NNYGZzOjura5hyl/WVkeK132d/kYmIk0hYgFzXCaikEScEak92cPwE9EHQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFK1Mwbi3zE5xmtEsOKlgxvDHTb/GMB8GA1UdIwQY
MBaAFAwhuSW0xLzDD3fJxBuo0ECsld/GMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRENHNUpiVEV2TU1QZDhuRUc2alFRS3lWMzhZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9jMGJkNjctZjdkZC00Y2UyLWFiN2Ut
YTM0NzU2NDE1OGY4LzEvclV6QnVMZk1UbkdhMFN3NHFXREc4TWROdjhZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9jMGJkNjctZjdkZC00Y2UyLWFiN2UtYTM0NzU2NDE1OGY4
LzEvRENHNUpiVEV2TU1QZDhuRUc2alFRS3lWMzhZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg8GBxBW
MA0GCSqGSIb3DQEBCwUAA4IBAQCILga+mvUk9j1lMWMnmkcBq/5fK+pxGN5svnth
uxNiGbPiXm56esjv+bKwyGWu0hMlwSmbw2YYexrJnd/M7YVk4YhjqdKIm+dpUDub
c1E+4TtenAORjqBzUOUCFWyvppag+halYcufsbJGsHFEkKpLJtGQGHKQ/ahH6nhT
/VaimWjRtyJgR2jWQHM9KNxJoOC61kf+I0MhvSXzL/l1VIP7zfN4PKPLLf633Otp
fjWLs3i4EnnK7puEmklMLx21KyVpyNpTjOBR/gpK8zT27H2Qz8Bkq54pDOL5flOf
itpIfz4IGrGE9XdqPW8S7ng/i3W0LKXFhw/2PvwF8S8BXZx0
-----END CERTIFICATE-----