Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/c0bd67-f7dd-4ce2-ab7e-a347564158f8/1/tXzCu7HU1iQIa1IG46ejSsoHoTA.roa
File:                     tXzCu7HU1iQIa1IG46ejSsoHoTA.roa (raw, json)
Hash identifier:          1qFE0LUluZ0P/Oyt+0AJYBKNasL68koX7VEUM9iuHz8=
Subject key identifier:   B5:7C:C2:BB:B1:D4:D6:24:08:6B:52:06:E3:A7:A3:4A:CA:07:A1:30
Certificate issuer:       /CN=0c21b925b4c4bcc30f77c9c41ba8d040ac95dfc6
Certificate serial:       018CC5DCF44436319A330A1D886A6C680EE4
Authority key identifier: 0C:21:B9:25:B4:C4:BC:C3:0F:77:C9:C4:1B:A8:D0:40:AC:95:DF:C6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DCG5JbTEvMMPd8nEG6jQQKyV38Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/c0bd67-f7dd-4ce2-ab7e-a347564158f8/1/tXzCu7HU1iQIa1IG46ejSsoHoTA.roa
Signing time:             Mon 01 Jan 2024 16:30:41 +0000
ROA not before:           Mon 01 Jan 2024 16:30:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     18041
IP address blocks:        2a0f:607:1051::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/c0bd67-f7dd-4ce2-ab7e-a347564158f8/1/DCG5JbTEvMMPd8nEG6jQQKyV38Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/c0bd67-f7dd-4ce2-ab7e-a347564158f8/1/DCG5JbTEvMMPd8nEG6jQQKyV38Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DCG5JbTEvMMPd8nEG6jQQKyV38Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 28 May 2024 14:15:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:f4:44:36:31:9a:33:0a:1d:88:6a:6c:68:0e:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0c21b925b4c4bcc30f77c9c41ba8d040ac95dfc6
        Validity
            Not Before: Jan  1 16:30:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b57cc2bbb1d4d624086b5206e3a7a34aca07a130
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:9b:33:b1:fd:a0:a1:56:d7:30:4e:55:f5:a9:
                    36:f1:d6:23:11:29:4f:a3:38:3b:75:5a:78:a2:8e:
                    ce:e1:f2:fd:ab:7d:2f:db:1f:ca:f1:45:e2:a2:b9:
                    d6:29:ef:a8:28:c4:23:50:9b:05:3a:70:dc:eb:b2:
                    1e:52:e9:55:f2:64:6b:99:42:e1:db:28:28:ab:b2:
                    97:7b:7a:08:9c:ec:15:42:94:0c:22:14:c9:b3:69:
                    7c:ec:3b:ae:67:74:51:11:04:34:59:28:11:92:a6:
                    1c:09:ec:9b:33:88:90:0d:3a:0e:72:a9:63:99:17:
                    30:ab:b1:d0:50:7b:1b:5c:90:c6:88:8a:cd:5f:69:
                    f8:57:2c:4a:9a:98:ab:2d:9b:c0:1a:c3:e9:eb:64:
                    c3:aa:05:b1:6e:65:36:f4:37:96:40:f8:be:83:93:
                    6a:77:a7:1d:92:3c:12:5e:10:32:e6:2d:83:7c:c7:
                    8a:81:e7:c8:8c:21:2f:18:c8:88:b5:c1:26:87:4f:
                    95:58:09:eb:a2:e4:bd:fa:cb:14:bf:a6:71:82:bc:
                    65:1a:03:78:51:ac:aa:e1:56:2a:3c:1d:8c:cc:c5:
                    f6:6d:db:55:15:8a:70:7b:c6:53:ad:1b:8f:23:be:
                    55:a8:2b:fa:7b:e9:87:81:11:89:4e:a4:dc:ef:12:
                    66:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:7C:C2:BB:B1:D4:D6:24:08:6B:52:06:E3:A7:A3:4A:CA:07:A1:30
            X509v3 Authority Key Identifier:
                keyid:0C:21:B9:25:B4:C4:BC:C3:0F:77:C9:C4:1B:A8:D0:40:AC:95:DF:C6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DCG5JbTEvMMPd8nEG6jQQKyV38Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/c0bd67-f7dd-4ce2-ab7e-a347564158f8/1/tXzCu7HU1iQIa1IG46ejSsoHoTA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/c0bd67-f7dd-4ce2-ab7e-a347564158f8/1/DCG5JbTEvMMPd8nEG6jQQKyV38Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:607:1051::/48

    Signature Algorithm: sha256WithRSAEncryption
         79:c7:ff:03:3d:7c:f2:c4:0d:a1:b4:73:c5:37:b9:44:e3:d1:
         f7:78:c6:d7:29:d5:df:52:d4:3c:fb:6e:ec:63:79:69:15:08:
         c2:11:cb:d2:00:62:91:9f:8f:81:0a:bb:06:19:03:2e:0b:7a:
         f2:4f:06:78:dd:3c:df:e6:6c:c8:f2:bc:a5:27:c5:a9:ec:d7:
         12:d0:64:24:dc:db:d1:4f:16:28:b1:1a:ce:7d:4e:00:70:25:
         0e:ad:66:3d:38:bc:e6:ae:c2:38:4d:a3:c6:c5:3f:b5:2f:88:
         70:a2:e0:00:fd:d0:4b:f3:8f:ca:e0:79:b4:5d:48:04:bd:9b:
         6e:5b:ef:a9:ee:27:11:c5:a9:ae:d7:39:82:18:66:2e:e1:46:
         bf:71:9c:f0:a0:6a:85:08:d4:9e:88:a4:c2:19:7f:3b:02:2d:
         8c:95:7e:b2:18:f2:a5:e5:76:5a:53:2a:9c:85:41:4e:e7:25:
         55:17:96:dd:b5:8b:72:03:76:3f:08:a1:62:cf:fa:50:f7:f0:
         78:ef:05:e5:d5:51:09:c8:d1:85:03:72:c7:67:a0:f3:1b:d9:
         22:73:23:94:b3:2c:ee:91:4f:d7:1f:c5:38:df:85:2b:00:f8:
         51:96:32:cf:ec:50:43:53:6d:07:ba:ea:e7:35:71:5a:db:47:
         37:23:30:7f
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzF3PRENjGaMwodiGpsaA7kMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjMjFiOTI1YjRjNGJjYzMwZjc3YzljNDFiYThkMDQwYWM5
NWRmYzYwHhcNMjQwMTAxMTYzMDQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNTdjYzJiYmIxZDRkNjI0MDg2YjUyMDZlM2E3YTM0YWNhMDdhMTMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAspszsf2goVbXME5V9ak28dYjESlP
ozg7dVp4oo7O4fL9q30v2x/K8UXiornWKe+oKMQjUJsFOnDc67IeUulV8mRrmULh
2ygoq7KXe3oInOwVQpQMIhTJs2l87DuuZ3RREQQ0WSgRkqYcCeybM4iQDToOcqlj
mRcwq7HQUHsbXJDGiIrNX2n4VyxKmpirLZvAGsPp62TDqgWxbmU29DeWQPi+g5Nq
d6cdkjwSXhAy5i2DfMeKgefIjCEvGMiItcEmh0+VWAnrouS9+ssUv6ZxgrxlGgN4
Uayq4VYqPB2MzMX2bdtVFYpwe8ZTrRuPI75VqCv6e+mHgRGJTqTc7xJmlwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFLV8wrux1NYkCGtSBuOno0rKB6EwMB8GA1UdIwQY
MBaAFAwhuSW0xLzDD3fJxBuo0ECsld/GMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRENHNUpiVEV2TU1QZDhuRUc2alFRS3lWMzhZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9jMGJkNjctZjdkZC00Y2UyLWFiN2Ut
YTM0NzU2NDE1OGY4LzEvdFh6Q3U3SFUxaVFJYTFJRzQ2ZWpTc29Ib1RBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9jMGJkNjctZjdkZC00Y2UyLWFiN2UtYTM0NzU2NDE1OGY4
LzEvRENHNUpiVEV2TU1QZDhuRUc2alFRS3lWMzhZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg8GBxBR
MA0GCSqGSIb3DQEBCwUAA4IBAQB5x/8DPXzyxA2htHPFN7lE49H3eMbXKdXfUtQ8
+27sY3lpFQjCEcvSAGKRn4+BCrsGGQMuC3ryTwZ43Tzf5mzI8rylJ8Wp7NcS0GQk
3NvRTxYosRrOfU4AcCUOrWY9OLzmrsI4TaPGxT+1L4hwouAA/dBL84/K4Hm0XUgE
vZtuW++p7icRxamu1zmCGGYu4Ua/cZzwoGqFCNSeiKTCGX87Ai2MlX6yGPKl5XZa
UyqchUFO5yVVF5bdtYtyA3Y/CKFiz/pQ9/B47wXl1VEJyNGFA3LHZ6DzG9kicyOU
syzukU/XH8U434UrAPhRljLP7FBDU20HuurnNXFa20c3IzB/
-----END CERTIFICATE-----