Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/d2bb68-9bc7-4791-8528-0c495477ca10/1/djxnhm-b1kR5WeRpLQ2hyPnCDaU.roa
File:                     djxnhm-b1kR5WeRpLQ2hyPnCDaU.roa (raw, json)
Hash identifier:          rz9YD6tM2uHByAyZXLUFdVKqby/Ffmhg37m+v3XHeKU=
Subject key identifier:   76:3C:67:86:6F:9B:D6:44:79:59:E4:69:2D:0D:A1:C8:F9:C2:0D:A5
Certificate issuer:       /CN=b5427ea49f972d19c56393a689e7cbeb990d5d7a
Certificate serial:       018EACC633328D33B8FFFC2D2EE2D123D503
Authority key identifier: B5:42:7E:A4:9F:97:2D:19:C5:63:93:A6:89:E7:CB:EB:99:0D:5D:7A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tUJ-pJ-XLRnFY5OmiefL65kNXXo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/d2bb68-9bc7-4791-8528-0c495477ca10/1/djxnhm-b1kR5WeRpLQ2hyPnCDaU.roa
Signing time:             Fri 05 Apr 2024 05:40:54 +0000
ROA not before:           Fri 05 Apr 2024 05:40:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215366
IP address blocks:        2a09:7ac1::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dd/d2bb68-9bc7-4791-8528-0c495477ca10/1/tUJ-pJ-XLRnFY5OmiefL65kNXXo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dd/d2bb68-9bc7-4791-8528-0c495477ca10/1/tUJ-pJ-XLRnFY5OmiefL65kNXXo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tUJ-pJ-XLRnFY5OmiefL65kNXXo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 09 Jun 2024 08:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:ac:c6:33:32:8d:33:b8:ff:fc:2d:2e:e2:d1:23:d5:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b5427ea49f972d19c56393a689e7cbeb990d5d7a
        Validity
            Not Before: Apr  5 05:40:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=763c67866f9bd6447959e4692d0da1c8f9c20da5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:a4:29:f7:8d:cf:fb:24:e0:9e:42:a3:13:d9:
                    92:a5:82:e3:09:08:b3:a6:3c:91:c1:68:93:60:48:
                    41:b4:18:44:1f:7b:de:c9:04:38:21:f0:66:db:26:
                    74:97:69:f8:71:38:20:5c:85:ab:74:fb:a1:fd:9f:
                    ef:f2:1b:20:31:59:c6:40:6c:76:cb:19:01:f0:a0:
                    f5:bd:b0:f2:0c:b3:fa:2e:cf:73:9e:55:ec:d9:ab:
                    21:95:8f:94:43:12:7e:5d:3c:2e:80:12:11:2f:d6:
                    73:d7:02:0f:64:5f:cf:d1:1b:06:7c:13:3f:67:16:
                    6c:fa:c7:c7:af:5a:32:08:37:d9:5b:ed:bd:cb:ff:
                    bb:11:26:04:d3:54:1c:61:54:22:76:ba:27:17:d7:
                    94:e3:80:3d:64:08:39:fa:54:6f:09:88:30:cf:1d:
                    54:eb:23:54:02:b0:6c:fd:0f:0e:d7:9a:c5:33:d2:
                    b5:05:f9:0a:31:37:1f:6d:3b:81:7c:bf:48:c4:6f:
                    ed:64:31:77:0d:18:06:db:19:38:64:e9:f2:71:d7:
                    7a:6b:a6:4d:43:d4:ce:88:d0:a3:83:59:6b:c4:5b:
                    77:76:24:a0:5d:9b:c1:e6:51:55:ec:63:89:be:fc:
                    80:6e:81:2b:75:41:a4:47:d9:93:7d:cd:3f:41:2f:
                    06:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:3C:67:86:6F:9B:D6:44:79:59:E4:69:2D:0D:A1:C8:F9:C2:0D:A5
            X509v3 Authority Key Identifier:
                keyid:B5:42:7E:A4:9F:97:2D:19:C5:63:93:A6:89:E7:CB:EB:99:0D:5D:7A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tUJ-pJ-XLRnFY5OmiefL65kNXXo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/d2bb68-9bc7-4791-8528-0c495477ca10/1/djxnhm-b1kR5WeRpLQ2hyPnCDaU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/d2bb68-9bc7-4791-8528-0c495477ca10/1/tUJ-pJ-XLRnFY5OmiefL65kNXXo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a09:7ac1::/48

    Signature Algorithm: sha256WithRSAEncryption
         35:ea:fc:3f:c8:f3:46:1c:4c:d2:32:2c:c8:63:e4:23:95:9c:
         49:d7:0f:6a:bd:e5:7b:fc:40:ff:56:9d:a7:ac:c8:37:9e:ca:
         d3:bc:8a:48:b8:b5:51:12:0c:91:60:cd:4a:a7:3f:5a:45:45:
         d7:47:e7:9a:87:de:60:3b:c1:88:ce:67:73:e9:78:78:1b:0b:
         bc:f1:c2:19:53:25:f7:b8:7d:d9:67:03:9c:72:53:50:82:8d:
         17:9f:29:e2:27:a2:4b:23:31:16:bc:5b:fd:d2:27:ad:09:f2:
         69:f0:0f:e9:db:f1:07:c4:9f:a8:93:3d:45:07:0c:4c:4f:cf:
         65:01:b0:ea:0b:28:19:48:cb:b9:c4:02:89:87:ea:4c:b8:e8:
         d7:da:0d:9f:04:7c:07:63:23:cf:ce:80:8a:ce:b2:a2:20:ae:
         9f:2c:ba:62:10:68:4c:8b:a2:c8:ef:d1:a7:bc:78:bc:ba:32:
         92:cb:5c:b8:71:21:23:a2:8f:14:fe:33:3a:f3:03:52:0f:c3:
         7e:7d:c0:ec:f7:a5:e9:87:c1:29:31:7e:2f:b0:41:d8:44:ca:
         14:c3:f0:ed:f1:6a:b6:51:91:6e:12:2b:42:bd:ef:7d:15:37:
         bb:d0:ab:6e:11:bc:76:44:82:73:df:21:73:1c:19:a6:1f:98:
         70:1f:1b:ff
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY6sxjMyjTO4//wtLuLRI9UDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI1NDI3ZWE0OWY5NzJkMTljNTYzOTNhNjg5ZTdjYmViOTkw
ZDVkN2EwHhcNMjQwNDA1MDU0MDU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NjNjNjc4NjZmOWJkNjQ0Nzk1OWU0NjkyZDBkYTFjOGY5YzIwZGE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmKQp943P+yTgnkKjE9mSpYLjCQiz
pjyRwWiTYEhBtBhEH3veyQQ4IfBm2yZ0l2n4cTggXIWrdPuh/Z/v8hsgMVnGQGx2
yxkB8KD1vbDyDLP6Ls9znlXs2ashlY+UQxJ+XTwugBIRL9Zz1wIPZF/P0RsGfBM/
ZxZs+sfHr1oyCDfZW+29y/+7ESYE01QcYVQidronF9eU44A9ZAg5+lRvCYgwzx1U
6yNUArBs/Q8O15rFM9K1BfkKMTcfbTuBfL9IxG/tZDF3DRgG2xk4ZOnycdd6a6ZN
Q9TOiNCjg1lrxFt3diSgXZvB5lFV7GOJvvyAboErdUGkR9mTfc0/QS8G/wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFHY8Z4Zvm9ZEeVnkaS0Nocj5wg2lMB8GA1UdIwQY
MBaAFLVCfqSfly0ZxWOTponny+uZDV16MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFVKLXBKLVhMUm5GWTVPbWllZkw2NWtOWFhvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC9kMmJiNjgtOWJjNy00NzkxLTg1Mjgt
MGM0OTU0NzdjYTEwLzEvZGp4bmhtLWIxa1I1V2VScExRMmh5UG5DRGFVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC9kMmJiNjgtOWJjNy00NzkxLTg1MjgtMGM0OTU0NzdjYTEw
LzEvdFVKLXBKLVhMUm5GWTVPbWllZkw2NWtOWFhvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgl6wQAA
MA0GCSqGSIb3DQEBCwUAA4IBAQA16vw/yPNGHEzSMizIY+QjlZxJ1w9qveV7/ED/
Vp2nrMg3nsrTvIpIuLVREgyRYM1Kpz9aRUXXR+eah95gO8GIzmdz6Xh4Gwu88cIZ
UyX3uH3ZZwOcclNQgo0XnyniJ6JLIzEWvFv90ietCfJp8A/p2/EHxJ+okz1FBwxM
T89lAbDqCygZSMu5xAKJh+pMuOjX2g2fBHwHYyPPzoCKzrKiIK6fLLpiEGhMi6LI
79GnvHi8ujKSy1y4cSEjoo8U/jM68wNSD8N+fcDs96Xph8EpMX4vsEHYRMoUw/Dt
8Wq2UZFuEitCve99FTe70KtuEbx2RIJz3yFzHBmmH5hwHxv/
-----END CERTIFICATE-----