Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dc/24a0bd-0838-4c95-9ccd-30f608ade48d/1/Gs4tH4IVE2PsgHYc367W6VW4g-k.roa
File:                     Gs4tH4IVE2PsgHYc367W6VW4g-k.roa (raw, json)
Hash identifier:          UNbfP0l2oHk4YAYsujSnSkxgPBkB8SPkF4o4TV+ALPQ=
Subject key identifier:   1A:CE:2D:1F:82:15:13:63:EC:80:76:1C:DF:AE:D6:E9:55:B8:83:E9
Certificate issuer:       /CN=b9f74a47a6d1a0bf4c216e5fab4d91fb129df3d6
Certificate serial:       018CC4939D992DFCFA1AF7A1EDAFDD7B3C8B
Authority key identifier: B9:F7:4A:47:A6:D1:A0:BF:4C:21:6E:5F:AB:4D:91:FB:12:9D:F3:D6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ufdKR6bRoL9MIW5fq02R-xKd89Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dc/24a0bd-0838-4c95-9ccd-30f608ade48d/1/Gs4tH4IVE2PsgHYc367W6VW4g-k.roa
Signing time:             Mon 01 Jan 2024 10:30:57 +0000
ROA not before:           Mon 01 Jan 2024 10:30:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50994
IP address blocks:        2a02:4a40:108::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dc/24a0bd-0838-4c95-9ccd-30f608ade48d/1/ufdKR6bRoL9MIW5fq02R-xKd89Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dc/24a0bd-0838-4c95-9ccd-30f608ade48d/1/ufdKR6bRoL9MIW5fq02R-xKd89Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ufdKR6bRoL9MIW5fq02R-xKd89Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:9d:99:2d:fc:fa:1a:f7:a1:ed:af:dd:7b:3c:8b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b9f74a47a6d1a0bf4c216e5fab4d91fb129df3d6
        Validity
            Not Before: Jan  1 10:30:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1ace2d1f82151363ec80761cdfaed6e955b883e9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:33:68:90:d1:a5:4d:4a:8c:a7:a6:73:b7:b2:
                    5c:78:b0:c8:5a:5b:d6:83:65:c1:9a:91:0e:00:7b:
                    8e:1a:95:a0:5c:21:4c:15:9a:ef:41:08:a0:c4:08:
                    5a:f3:22:c1:ea:49:37:ef:64:19:be:37:ca:96:d2:
                    02:83:2b:d0:54:2d:1c:3a:2b:34:2e:ef:bb:f3:04:
                    ca:0b:ee:46:c3:a0:09:07:fb:1f:b2:75:35:34:98:
                    40:2c:56:1d:6b:ac:7f:0c:9d:bd:f4:c7:8e:a1:6d:
                    a6:a9:5b:b5:73:8f:a3:26:d5:a1:22:34:b9:57:8d:
                    96:9e:27:c9:a7:30:80:15:da:11:11:e1:1c:25:10:
                    31:78:94:4e:32:ba:ef:1b:ab:8d:b3:9e:99:be:26:
                    f9:42:f7:96:7d:53:65:b3:ca:5d:f3:38:b5:19:cc:
                    58:56:73:91:fb:d2:0c:e9:f9:4f:db:3c:3d:d5:ed:
                    a2:6a:be:cf:71:e2:1f:84:d9:6d:f4:64:a1:1c:87:
                    5c:8a:b2:c5:cb:c3:16:1a:35:e3:73:f5:97:e5:c3:
                    32:3f:fc:80:72:a4:0a:65:b6:74:59:2b:31:2c:10:
                    d4:63:d5:7e:a3:9f:06:80:4a:1e:56:aa:02:97:0e:
                    18:10:54:a2:e3:61:39:56:93:76:3f:15:97:fc:e2:
                    e1:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:CE:2D:1F:82:15:13:63:EC:80:76:1C:DF:AE:D6:E9:55:B8:83:E9
            X509v3 Authority Key Identifier:
                keyid:B9:F7:4A:47:A6:D1:A0:BF:4C:21:6E:5F:AB:4D:91:FB:12:9D:F3:D6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ufdKR6bRoL9MIW5fq02R-xKd89Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/24a0bd-0838-4c95-9ccd-30f608ade48d/1/Gs4tH4IVE2PsgHYc367W6VW4g-k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/24a0bd-0838-4c95-9ccd-30f608ade48d/1/ufdKR6bRoL9MIW5fq02R-xKd89Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a02:4a40:108::/48

    Signature Algorithm: sha256WithRSAEncryption
         9b:a2:fc:dc:c9:13:4d:85:69:f8:16:9d:e9:c4:4d:57:6c:0b:
         47:f5:04:3b:ef:dd:6f:c5:00:24:67:d1:dc:df:b0:85:d4:04:
         b5:21:34:98:bd:b2:41:4d:2d:b9:b6:b1:6d:de:a5:c2:c8:57:
         75:52:fa:b7:43:b5:c5:f8:59:a8:be:0b:32:e7:e9:07:74:71:
         d0:5f:6c:3e:07:2c:3c:0a:93:14:e3:58:08:7d:6d:dd:f6:db:
         69:ea:d1:bd:50:06:0b:c8:f4:72:36:e3:e0:d9:6b:97:f4:8f:
         20:b0:66:c7:32:aa:d0:16:c5:18:dc:ff:3f:8f:33:2a:89:4a:
         1e:8d:7b:ba:3d:f8:2a:c1:ce:af:b3:a9:ae:17:dc:aa:11:15:
         20:38:11:a3:49:b8:43:0d:1f:35:09:56:b8:30:6f:86:52:13:
         3a:f4:c6:6a:cc:a5:50:9b:c8:3b:34:6c:32:0f:37:d2:d0:06:
         f2:d6:26:a8:10:25:91:8a:02:c7:e0:70:d0:40:f2:5f:51:c4:
         99:94:91:d6:f8:d9:0c:fd:f9:4d:09:8b:37:f6:ed:bc:14:59:
         84:a4:46:83:e8:fd:b5:90:26:f6:83:31:73:7a:f0:8b:49:f2:
         76:98:c6:73:0e:8b:2d:f4:9f:19:9f:ec:47:63:17:11:21:20:
         c8:87:a1:99
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzEk52ZLfz6Gveh7a/dezyLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5Zjc0YTQ3YTZkMWEwYmY0YzIxNmU1ZmFiNGQ5MWZiMTI5
ZGYzZDYwHhcNMjQwMTAxMTAzMDU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYWNlMmQxZjgyMTUxMzYzZWM4MDc2MWNkZmFlZDZlOTU1Yjg4M2U5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtDNokNGlTUqMp6Zzt7JceLDIWlvW
g2XBmpEOAHuOGpWgXCFMFZrvQQigxAha8yLB6kk372QZvjfKltICgyvQVC0cOis0
Lu+78wTKC+5Gw6AJB/sfsnU1NJhALFYda6x/DJ299MeOoW2mqVu1c4+jJtWhIjS5
V42WnifJpzCAFdoREeEcJRAxeJROMrrvG6uNs56Zvib5QveWfVNls8pd8zi1GcxY
VnOR+9IM6flP2zw91e2iar7PceIfhNlt9GShHIdcirLFy8MWGjXjc/WX5cMyP/yA
cqQKZbZ0WSsxLBDUY9V+o58GgEoeVqoClw4YEFSi42E5VpN2PxWX/OLhPQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFBrOLR+CFRNj7IB2HN+u1ulVuIPpMB8GA1UdIwQY
MBaAFLn3Skem0aC/TCFuX6tNkfsSnfPWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdWZkS1I2YlJvTDlNSVc1ZnEwMlIteEtkODlZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYy8yNGEwYmQtMDgzOC00Yzk1LTljY2Qt
MzBmNjA4YWRlNDhkLzEvR3M0dEg0SVZFMlBzZ0hZYzM2N1c2Vlc0Zy1rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYy8yNGEwYmQtMDgzOC00Yzk1LTljY2QtMzBmNjA4YWRlNDhk
LzEvdWZkS1I2YlJvTDlNSVc1ZnEwMlIteEtkODlZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgJKQAEI
MA0GCSqGSIb3DQEBCwUAA4IBAQCbovzcyRNNhWn4Fp3pxE1XbAtH9QQ7791vxQAk
Z9Hc37CF1AS1ITSYvbJBTS25trFt3qXCyFd1Uvq3Q7XF+Fmovgsy5+kHdHHQX2w+
Byw8CpMU41gIfW3d9ttp6tG9UAYLyPRyNuPg2WuX9I8gsGbHMqrQFsUY3P8/jzMq
iUoejXu6Pfgqwc6vs6muF9yqERUgOBGjSbhDDR81CVa4MG+GUhM69MZqzKVQm8g7
NGwyDzfS0Aby1iaoECWRigLH4HDQQPJfUcSZlJHW+NkM/flNCYs39u28FFmEpEaD
6P21kCb2gzFzevCLSfJ2mMZzDost9J8Zn+xHYxcRISDIh6GZ
-----END CERTIFICATE-----