Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dc/32cc27-9448-437b-9722-dc9b9c6013f6/1/Yd1muz2vD3iVf9Shtz8dVcM2r_c.roa
File:                     Yd1muz2vD3iVf9Shtz8dVcM2r_c.roa (raw, json)
Hash identifier:          Fs9Rbw0iTACkUXJ9tKOwvvz/fTRO/BKsRBVyKpQjLbs=
Subject key identifier:   61:DD:66:BB:3D:AF:0F:78:95:7F:D4:A1:B7:3F:1D:55:C3:36:AF:F7
Certificate issuer:       /CN=96d95fe2d90943c92f6c28f3b329f82015cd92ae
Certificate serial:       018CC500072A50FEBFBAA175D87FCFE97F66
Authority key identifier: 96:D9:5F:E2:D9:09:43:C9:2F:6C:28:F3:B3:29:F8:20:15:CD:92:AE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ltlf4tkJQ8kvbCjzsyn4IBXNkq4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dc/32cc27-9448-437b-9722-dc9b9c6013f6/1/Yd1muz2vD3iVf9Shtz8dVcM2r_c.roa
Signing time:             Mon 01 Jan 2024 12:29:22 +0000
ROA not before:           Mon 01 Jan 2024 12:29:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199700
IP address blocks:        2a13:8d80::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dc/32cc27-9448-437b-9722-dc9b9c6013f6/1/ltlf4tkJQ8kvbCjzsyn4IBXNkq4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dc/32cc27-9448-437b-9722-dc9b9c6013f6/1/ltlf4tkJQ8kvbCjzsyn4IBXNkq4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ltlf4tkJQ8kvbCjzsyn4IBXNkq4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:07:2a:50:fe:bf:ba:a1:75:d8:7f:cf:e9:7f:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=96d95fe2d90943c92f6c28f3b329f82015cd92ae
        Validity
            Not Before: Jan  1 12:29:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=61dd66bb3daf0f78957fd4a1b73f1d55c336aff7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:9d:b7:01:81:ec:df:44:30:7f:02:38:c3:c9:
                    7f:7a:a2:33:78:fc:25:a9:ee:5c:80:c8:ec:3b:49:
                    c0:42:76:6d:2b:c7:22:71:b5:4f:f5:71:5d:17:6a:
                    21:f1:95:c5:31:f1:c2:86:67:a3:cf:6f:76:e7:5c:
                    11:e2:09:25:3d:20:e5:d1:47:a4:14:65:91:40:3f:
                    c3:86:75:c3:78:d1:ac:03:14:d7:d5:a5:49:f1:e9:
                    a5:b4:90:2b:3c:32:4c:cd:15:ab:05:10:f6:21:bc:
                    c3:56:ce:36:6a:6d:fa:10:26:8e:88:87:7e:fb:73:
                    ee:20:c8:4d:2d:50:9d:28:5f:3d:4c:51:ba:86:0c:
                    b9:16:29:23:76:99:2d:a0:63:d7:e3:ea:62:35:42:
                    1f:27:13:bd:3c:4f:16:02:d9:4f:17:37:b5:6a:b2:
                    a0:0a:ce:dc:62:8a:cf:6f:a4:8d:12:e1:c1:a0:7a:
                    4c:18:a4:f9:b4:82:87:f6:2b:85:f5:41:be:84:3d:
                    f1:c6:db:68:ef:36:6d:b9:d6:92:b5:89:a1:d8:66:
                    d5:54:a0:91:0b:6f:67:72:5e:7d:79:45:35:65:d0:
                    96:f1:63:61:6a:e5:db:20:74:0b:bb:c1:f0:6f:2a:
                    28:45:1c:37:53:f2:9e:1d:08:9b:2e:dd:bf:b4:6d:
                    1f:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                61:DD:66:BB:3D:AF:0F:78:95:7F:D4:A1:B7:3F:1D:55:C3:36:AF:F7
            X509v3 Authority Key Identifier:
                keyid:96:D9:5F:E2:D9:09:43:C9:2F:6C:28:F3:B3:29:F8:20:15:CD:92:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ltlf4tkJQ8kvbCjzsyn4IBXNkq4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/32cc27-9448-437b-9722-dc9b9c6013f6/1/Yd1muz2vD3iVf9Shtz8dVcM2r_c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/32cc27-9448-437b-9722-dc9b9c6013f6/1/ltlf4tkJQ8kvbCjzsyn4IBXNkq4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:8d80::/40

    Signature Algorithm: sha256WithRSAEncryption
         97:c0:69:f8:d0:8c:cb:ce:69:6b:bc:9d:82:f0:10:ea:3d:a9:
         68:75:b6:fb:47:8b:bc:b3:60:61:c3:a7:29:a3:94:d8:15:91:
         df:c5:8a:df:f9:33:ce:d5:41:26:0b:fc:a9:0a:5c:e8:da:ec:
         9a:d8:8e:8a:ea:f4:97:4e:a3:98:19:74:32:0e:ff:e4:c3:1f:
         7b:4b:b5:ed:12:75:4c:e8:ea:6f:b7:5b:5b:4d:f5:4a:58:c2:
         8d:5b:89:c5:f2:3a:9b:a1:19:47:12:12:62:b5:dd:ca:27:b8:
         17:fe:6b:5e:aa:08:d8:91:47:f1:f7:4b:78:2a:46:73:68:dd:
         8b:a0:a5:8e:a6:d7:81:4c:7e:2f:91:1b:44:11:1e:21:23:d9:
         64:32:c0:bd:39:84:83:d3:ac:dc:26:7a:f5:3e:5e:d7:1f:14:
         cd:92:f2:c0:47:fd:48:d6:d6:31:e1:1a:59:01:d1:f7:03:ca:
         b4:ef:7a:77:55:af:ff:0c:48:27:29:34:66:0a:34:83:fe:3b:
         f5:76:2a:59:3e:62:ab:bf:2d:5c:25:03:73:f4:6a:b9:7a:2d:
         c1:c4:f1:39:8b:01:74:ce:04:de:e0:d8:74:9f:f0:6d:7f:07:
         be:d4:10:e0:78:65:b5:e7:5c:cf:dc:94:65:d3:85:75:5f:af:
         f1:7a:a7:a9
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzFAAcqUP6/uqF12H/P6X9mMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk2ZDk1ZmUyZDkwOTQzYzkyZjZjMjhmM2IzMjlmODIwMTVj
ZDkyYWUwHhcNMjQwMTAxMTIyOTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MWRkNjZiYjNkYWYwZjc4OTU3ZmQ0YTFiNzNmMWQ1NWMzMzZhZmY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArp23AYHs30QwfwI4w8l/eqIzePwl
qe5cgMjsO0nAQnZtK8cicbVP9XFdF2oh8ZXFMfHChmejz29251wR4gklPSDl0Uek
FGWRQD/DhnXDeNGsAxTX1aVJ8emltJArPDJMzRWrBRD2IbzDVs42am36ECaOiId+
+3PuIMhNLVCdKF89TFG6hgy5FikjdpktoGPX4+piNUIfJxO9PE8WAtlPFze1arKg
Cs7cYorPb6SNEuHBoHpMGKT5tIKH9iuF9UG+hD3xxtto7zZtudaStYmh2GbVVKCR
C29ncl59eUU1ZdCW8WNhauXbIHQLu8HwbyooRRw3U/KeHQibLt2/tG0f3wIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFGHdZrs9rw94lX/Uobc/HVXDNq/3MB8GA1UdIwQY
MBaAFJbZX+LZCUPJL2wo87Mp+CAVzZKuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbHRsZjR0a0pROGt2YkNqenN5bjRJQlhOa3E0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYy8zMmNjMjctOTQ0OC00MzdiLTk3MjIt
ZGM5YjljNjAxM2Y2LzEvWWQxbXV6MnZEM2lWZjlTaHR6OGRWY00ycl9jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYy8zMmNjMjctOTQ0OC00MzdiLTk3MjItZGM5YjljNjAxM2Y2
LzEvbHRsZjR0a0pROGt2YkNqenN5bjRJQlhOa3E0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKhONgAAw
DQYJKoZIhvcNAQELBQADggEBAJfAafjQjMvOaWu8nYLwEOo9qWh1tvtHi7yzYGHD
pymjlNgVkd/Fit/5M87VQSYL/KkKXOja7JrYjorq9JdOo5gZdDIO/+TDH3tLte0S
dUzo6m+3W1tN9UpYwo1bicXyOpuhGUcSEmK13conuBf+a16qCNiRR/H3S3gqRnNo
3YugpY6m14FMfi+RG0QRHiEj2WQywL05hIPTrNwmevU+XtcfFM2S8sBH/UjW1jHh
GlkB0fcDyrTvendVr/8MSCcpNGYKNIP+O/V2Klk+Yqu/LVwlA3P0arl6LcHE8TmL
AXTOBN7g2HSf8G1/B77UEOB4ZbXnXM/clGXThXVfr/F6p6k=
-----END CERTIFICATE-----