Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/6336d0-9494-46d3-9861-ed3e38f9577f/1/8wQbxG0KRKuWI1S7YGJQCvWvB-M.roa
File:                     8wQbxG0KRKuWI1S7YGJQCvWvB-M.roa (raw, json)
Hash identifier:          1gISVguOyOhC0kJinPDxVVS1MYiMVdBfoMfiOlgJNdo=
Subject key identifier:   F3:04:1B:C4:6D:0A:44:AB:96:23:54:BB:60:62:50:0A:F5:AF:07:E3
Certificate issuer:       /CN=25e4aed3ef72bee3141660d1149e16d079205f3c
Certificate serial:       018CC500365B5CB654B7891E9544F58D1FF2
Authority key identifier: 25:E4:AE:D3:EF:72:BE:E3:14:16:60:D1:14:9E:16:D0:79:20:5F:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JeSu0-9yvuMUFmDRFJ4W0HkgXzw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/6336d0-9494-46d3-9861-ed3e38f9577f/1/8wQbxG0KRKuWI1S7YGJQCvWvB-M.roa
Signing time:             Mon 01 Jan 2024 12:29:34 +0000
ROA not before:           Mon 01 Jan 2024 12:29:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51558
IP address blocks:        2a03:2100:1a::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/6336d0-9494-46d3-9861-ed3e38f9577f/1/JeSu0-9yvuMUFmDRFJ4W0HkgXzw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/6336d0-9494-46d3-9861-ed3e38f9577f/1/JeSu0-9yvuMUFmDRFJ4W0HkgXzw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JeSu0-9yvuMUFmDRFJ4W0HkgXzw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 23:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:36:5b:5c:b6:54:b7:89:1e:95:44:f5:8d:1f:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=25e4aed3ef72bee3141660d1149e16d079205f3c
        Validity
            Not Before: Jan  1 12:29:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f3041bc46d0a44ab962354bb6062500af5af07e3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:a5:2b:c5:a3:3b:b0:4f:c6:4f:2c:f3:26:49:
                    b3:2c:67:7f:e8:a3:fe:29:42:80:a9:c1:32:a0:f3:
                    e7:f6:aa:74:a4:d8:75:57:78:5e:4b:20:a8:01:4b:
                    0c:0c:b1:1e:a8:1a:81:de:5f:01:c0:74:04:f5:8d:
                    e2:81:26:e0:99:16:0d:e7:ab:e5:9b:eb:7d:f9:97:
                    25:ea:a3:0f:67:d1:c0:e6:2a:5f:80:25:d6:d9:b7:
                    4a:24:3f:bd:23:0b:30:78:de:4b:f7:d6:db:0d:e5:
                    6c:7d:e0:f1:97:07:6d:70:1a:9a:b5:00:1f:9e:0f:
                    d3:e6:41:b7:d0:7c:48:96:0e:53:6a:28:ab:4b:17:
                    9c:43:30:b1:85:db:24:3d:cd:fa:11:c9:54:f9:7b:
                    b6:5a:b3:46:77:c8:4d:84:37:d9:ec:1e:ed:d2:8d:
                    2a:10:28:4e:09:2b:b2:cb:8e:4f:cc:ee:84:82:24:
                    e3:e4:21:c7:7d:80:d9:90:86:35:4e:28:79:e0:46:
                    a2:82:63:ca:94:43:c8:23:fd:c6:09:00:d8:2f:84:
                    07:2b:79:b3:d7:05:ea:4d:00:41:65:31:dd:9d:e0:
                    58:f7:75:10:f2:03:2a:8f:9e:8a:bd:9e:74:d1:7c:
                    a0:1e:2d:af:61:e8:5a:ee:a1:cb:88:8a:ad:54:eb:
                    b3:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:04:1B:C4:6D:0A:44:AB:96:23:54:BB:60:62:50:0A:F5:AF:07:E3
            X509v3 Authority Key Identifier:
                keyid:25:E4:AE:D3:EF:72:BE:E3:14:16:60:D1:14:9E:16:D0:79:20:5F:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JeSu0-9yvuMUFmDRFJ4W0HkgXzw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/6336d0-9494-46d3-9861-ed3e38f9577f/1/8wQbxG0KRKuWI1S7YGJQCvWvB-M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/6336d0-9494-46d3-9861-ed3e38f9577f/1/JeSu0-9yvuMUFmDRFJ4W0HkgXzw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a03:2100:1a::/48

    Signature Algorithm: sha256WithRSAEncryption
         3e:8e:f6:d8:41:76:a9:2b:a6:9b:2a:6c:64:b7:6a:3a:6a:a4:
         04:43:b0:b7:f2:80:42:0a:48:6d:8a:20:67:5b:e5:c1:d8:5f:
         62:b5:1e:8f:e5:95:50:35:2c:63:1f:7e:11:1f:fd:21:9d:2a:
         bc:0e:f8:7e:6a:93:c4:ab:87:1a:70:3d:86:5f:d0:0c:c8:45:
         5a:7f:57:70:6f:14:04:fb:d3:a1:7a:79:af:9c:27:1f:79:63:
         a3:92:eb:7a:22:d5:68:d2:f4:8a:3b:d4:34:cd:41:cd:32:81:
         0e:22:fa:6a:f2:45:20:c7:7b:6a:cb:ca:2c:c9:ab:2b:b0:73:
         c4:b4:70:56:3f:22:d8:0d:4f:31:dd:64:84:e2:ac:7d:2e:9e:
         fb:37:ea:d8:e0:ef:e2:b7:4d:41:2d:92:75:3f:39:13:6c:66:
         42:08:e4:59:d4:7c:c8:66:34:49:ab:9e:0b:bd:81:8f:56:e9:
         ea:9e:84:b0:f9:35:65:46:8d:46:f8:0b:6a:6d:2c:10:2b:c6:
         59:97:c9:7a:b6:03:4f:de:5b:c4:5b:75:69:6c:cc:8d:7e:40:
         aa:8d:a2:88:a3:2d:0a:d6:23:a9:cd:ee:49:19:a9:32:aa:a5:
         0e:49:7c:35:a3:e8:3a:b8:8e:55:b4:1d:c8:04:27:29:23:b8:
         0e:b3:fd:f5
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzFADZbXLZUt4kelUT1jR/yMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI1ZTRhZWQzZWY3MmJlZTMxNDE2NjBkMTE0OWUxNmQwNzky
MDVmM2MwHhcNMjQwMTAxMTIyOTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMzA0MWJjNDZkMGE0NGFiOTYyMzU0YmI2MDYyNTAwYWY1YWYwN2UzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoqUrxaM7sE/GTyzzJkmzLGd/6KP+
KUKAqcEyoPPn9qp0pNh1V3heSyCoAUsMDLEeqBqB3l8BwHQE9Y3igSbgmRYN56vl
m+t9+Zcl6qMPZ9HA5ipfgCXW2bdKJD+9IwsweN5L99bbDeVsfeDxlwdtcBqatQAf
ng/T5kG30HxIlg5TaiirSxecQzCxhdskPc36EclU+Xu2WrNGd8hNhDfZ7B7t0o0q
EChOCSuyy45PzO6EgiTj5CHHfYDZkIY1Tih54EaigmPKlEPII/3GCQDYL4QHK3mz
1wXqTQBBZTHdneBY93UQ8gMqj56KvZ500XygHi2vYeha7qHLiIqtVOuzxwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFPMEG8RtCkSrliNUu2BiUAr1rwfjMB8GA1UdIwQY
MBaAFCXkrtPvcr7jFBZg0RSeFtB5IF88MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSmVTdTAtOXl2dU1VRm1EUkZKNFcwSGtnWHp3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS82MzM2ZDAtOTQ5NC00NmQzLTk4NjEt
ZWQzZTM4Zjk1NzdmLzEvOHdRYnhHMEtSS3VXSTFTN1lHSlFDdld2Qi1NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS82MzM2ZDAtOTQ5NC00NmQzLTk4NjEtZWQzZTM4Zjk1Nzdm
LzEvSmVTdTAtOXl2dU1VRm1EUkZKNFcwSGtnWHp3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgMhAAAa
MA0GCSqGSIb3DQEBCwUAA4IBAQA+jvbYQXapK6abKmxkt2o6aqQEQ7C38oBCCkht
iiBnW+XB2F9itR6P5ZVQNSxjH34RH/0hnSq8Dvh+apPEq4cacD2GX9AMyEVaf1dw
bxQE+9OhenmvnCcfeWOjkut6ItVo0vSKO9Q0zUHNMoEOIvpq8kUgx3tqy8osyasr
sHPEtHBWPyLYDU8x3WSE4qx9Lp77N+rY4O/it01BLZJ1PzkTbGZCCORZ1HzIZjRJ
q54LvYGPVunqnoSw+TVlRo1G+AtqbSwQK8ZZl8l6tgNP3lvEW3VpbMyNfkCqjaKI
oy0K1iOpze5JGakyqqUOSXw1o+g6uI5VtB3IBCcpI7gOs/31
-----END CERTIFICATE-----