Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d6/0d5f53-9653-47fb-a977-48f5e8767d02/1/iSCKI3mDWDAiMfxLh4V9sTJqWUM.roa
File:                     iSCKI3mDWDAiMfxLh4V9sTJqWUM.roa (raw, json)
Hash identifier:          ZrjwUBE0hZSwkY4AmCajrzv5lirSgmv9ACmP0YrheIk=
Subject key identifier:   89:20:8A:23:79:83:58:30:22:31:FC:4B:87:85:7D:B1:32:6A:59:43
Certificate issuer:       /CN=d1df4803e54b084a99cb7bb044bf791327594b73
Certificate serial:       018CC7947FC337A21E5209D0BD467D9189F9
Authority key identifier: D1:DF:48:03:E5:4B:08:4A:99:CB:7B:B0:44:BF:79:13:27:59:4B:73
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0d9IA-VLCEqZy3uwRL95EydZS3M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d6/0d5f53-9653-47fb-a977-48f5e8767d02/1/iSCKI3mDWDAiMfxLh4V9sTJqWUM.roa
Signing time:             Tue 02 Jan 2024 00:30:47 +0000
ROA not before:           Tue 02 Jan 2024 00:30:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206499
IP address blocks:        2a0f:5c47:3e8::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d6/0d5f53-9653-47fb-a977-48f5e8767d02/1/0d9IA-VLCEqZy3uwRL95EydZS3M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d6/0d5f53-9653-47fb-a977-48f5e8767d02/1/0d9IA-VLCEqZy3uwRL95EydZS3M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0d9IA-VLCEqZy3uwRL95EydZS3M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 06:01:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:7f:c3:37:a2:1e:52:09:d0:bd:46:7d:91:89:f9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d1df4803e54b084a99cb7bb044bf791327594b73
        Validity
            Not Before: Jan  2 00:30:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=89208a23798358302231fc4b87857db1326a5943
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:b4:48:2f:71:77:99:42:7a:c3:47:bd:9b:31:
                    23:e4:a5:0a:f9:20:cf:58:08:ae:b3:f6:14:ab:46:
                    69:4b:06:75:b6:11:9f:2b:77:0e:61:16:7b:bc:06:
                    13:6a:54:06:d3:4b:e0:d6:8a:65:48:84:be:28:b6:
                    27:d2:49:fd:03:37:40:09:ab:9b:2f:14:af:b3:a2:
                    24:93:a7:bb:db:22:6d:98:52:8e:dd:6b:5d:ff:5e:
                    8e:fb:0f:09:5e:b8:94:6c:fd:75:57:71:04:f2:7d:
                    fd:93:b9:ee:21:94:dc:c6:d4:2c:26:1c:29:04:f2:
                    aa:72:02:46:eb:01:71:ba:c4:e4:b5:b0:f6:57:fd:
                    d6:e7:bd:f2:f6:3c:45:9d:39:3f:d0:4b:bd:16:94:
                    f6:84:92:c0:08:83:1d:3d:21:c1:6c:78:8c:55:e0:
                    3c:bd:37:7b:34:08:a2:63:34:74:37:db:6c:2d:5a:
                    0b:10:b5:68:9b:1a:e4:4e:02:7c:d5:16:e6:7d:75:
                    56:02:a2:1e:ba:80:bc:b2:00:d9:3a:2f:d2:af:a8:
                    a4:8a:75:f5:77:38:2b:7f:71:a8:8b:d5:e5:09:23:
                    02:c5:a8:6a:64:e7:45:2b:be:0c:0b:a0:5f:77:32:
                    8a:50:40:cf:fd:30:d2:a7:82:80:14:8a:47:70:23:
                    d8:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:20:8A:23:79:83:58:30:22:31:FC:4B:87:85:7D:B1:32:6A:59:43
            X509v3 Authority Key Identifier:
                keyid:D1:DF:48:03:E5:4B:08:4A:99:CB:7B:B0:44:BF:79:13:27:59:4B:73

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0d9IA-VLCEqZy3uwRL95EydZS3M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d6/0d5f53-9653-47fb-a977-48f5e8767d02/1/iSCKI3mDWDAiMfxLh4V9sTJqWUM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d6/0d5f53-9653-47fb-a977-48f5e8767d02/1/0d9IA-VLCEqZy3uwRL95EydZS3M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:5c47:3e8::/48

    Signature Algorithm: sha256WithRSAEncryption
         38:50:03:07:c5:f5:22:d0:84:38:38:eb:b3:3d:3d:48:09:c7:
         ce:ea:c2:8a:2c:76:3f:bb:67:a7:2a:52:2e:60:36:dc:87:08:
         0c:57:ee:17:7c:4c:b5:11:42:0e:9a:58:af:ab:cb:21:1a:fc:
         ef:a1:5d:97:fc:0e:2f:70:56:28:1d:d9:43:6f:6f:ec:1f:e1:
         c9:99:53:ae:09:33:39:4c:ec:56:30:50:c7:e1:fe:38:30:05:
         a3:f3:c3:a0:6b:4f:68:70:80:22:81:3a:7e:d6:4e:af:d2:c1:
         71:4e:4e:ff:bf:bd:ff:2a:69:a9:df:31:a0:e7:0c:73:32:dd:
         34:ec:74:e3:1d:95:3a:ba:c3:eb:78:de:01:fe:9b:0d:8b:22:
         fc:a9:a7:ce:c8:21:c3:cb:73:dd:1a:2b:ae:5f:09:aa:c3:19:
         b1:6f:40:59:ec:97:87:af:b3:8d:47:6b:2c:67:36:5b:dd:5f:
         1e:1f:e2:de:f0:21:ee:a8:86:ca:4f:41:f1:7e:e5:20:2f:3b:
         3d:74:52:fe:e0:27:4b:e5:e6:37:72:09:9d:e6:93:0c:11:35:
         54:6d:8d:19:4e:18:e9:ad:fe:7a:89:09:5b:0c:18:1a:45:9a:
         8f:df:8e:ef:df:69:8c:f1:54:cd:a3:94:e2:23:52:8b:35:c4:
         e5:bf:c5:8c
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzHlH/DN6IeUgnQvUZ9kYn5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQxZGY0ODAzZTU0YjA4NGE5OWNiN2JiMDQ0YmY3OTEzMjc1
OTRiNzMwHhcNMjQwMTAyMDAzMDQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OTIwOGEyMzc5ODM1ODMwMjIzMWZjNGI4Nzg1N2RiMTMyNmE1OTQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5rRIL3F3mUJ6w0e9mzEj5KUK+SDP
WAius/YUq0ZpSwZ1thGfK3cOYRZ7vAYTalQG00vg1oplSIS+KLYn0kn9AzdACaub
LxSvs6Ikk6e72yJtmFKO3Wtd/16O+w8JXriUbP11V3EE8n39k7nuIZTcxtQsJhwp
BPKqcgJG6wFxusTktbD2V/3W573y9jxFnTk/0Eu9FpT2hJLACIMdPSHBbHiMVeA8
vTd7NAiiYzR0N9tsLVoLELVomxrkTgJ81RbmfXVWAqIeuoC8sgDZOi/Sr6ikinX1
dzgrf3Goi9XlCSMCxahqZOdFK74MC6BfdzKKUEDP/TDSp4KAFIpHcCPYDQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFIkgiiN5g1gwIjH8S4eFfbEyallDMB8GA1UdIwQY
MBaAFNHfSAPlSwhKmct7sES/eRMnWUtzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMGQ5SUEtVkxDRXFaeTN1d1JMOTVFeWRaUzNNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNi8wZDVmNTMtOTY1My00N2ZiLWE5Nzct
NDhmNWU4NzY3ZDAyLzEvaVNDS0kzbURXREFpTWZ4TGg0VjlzVEpxV1VNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNi8wZDVmNTMtOTY1My00N2ZiLWE5NzctNDhmNWU4NzY3ZDAy
LzEvMGQ5SUEtVkxDRXFaeTN1d1JMOTVFeWRaUzNNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg9cRwPo
MA0GCSqGSIb3DQEBCwUAA4IBAQA4UAMHxfUi0IQ4OOuzPT1ICcfO6sKKLHY/u2en
KlIuYDbchwgMV+4XfEy1EUIOmlivq8shGvzvoV2X/A4vcFYoHdlDb2/sH+HJmVOu
CTM5TOxWMFDH4f44MAWj88Oga09ocIAigTp+1k6v0sFxTk7/v73/Kmmp3zGg5wxz
Mt007HTjHZU6usPreN4B/psNiyL8qafOyCHDy3PdGiuuXwmqwxmxb0BZ7JeHr7ON
R2ssZzZb3V8eH+Le8CHuqIbKT0HxfuUgLzs9dFL+4CdL5eY3cgmd5pMMETVUbY0Z
Thjprf56iQlbDBgaRZqP347v32mM8VTNo5TiI1KLNcTlv8WM
-----END CERTIFICATE-----