Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/df/013c99-7d7a-482b-bb51-eb4e13be506a/1/9eGwByAfkHmlgHTqlWm0V9tr50I.roa
File:                     9eGwByAfkHmlgHTqlWm0V9tr50I.roa (raw, json)
Hash identifier:          f2kOcdilRHs93Y6KnWtieBX7pyG5LkXPD2Be2/xOdt0=
Subject key identifier:   F5:E1:B0:07:20:1F:90:79:A5:80:74:EA:95:69:B4:57:DB:6B:E7:42
Certificate issuer:       /CN=9416d8e02b5a1a75859f64a05c5a8d77c84c50f1
Certificate serial:       018CC94D17A6E949322FC0F2850FF7CD2794
Authority key identifier: 94:16:D8:E0:2B:5A:1A:75:85:9F:64:A0:5C:5A:8D:77:C8:4C:50:F1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lBbY4CtaGnWFn2SgXFqNd8hMUPE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/df/013c99-7d7a-482b-bb51-eb4e13be506a/1/9eGwByAfkHmlgHTqlWm0V9tr50I.roa
Signing time:             Tue 02 Jan 2024 08:32:01 +0000
ROA not before:           Tue 02 Jan 2024 08:32:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        2a10:6640:1::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/df/013c99-7d7a-482b-bb51-eb4e13be506a/1/lBbY4CtaGnWFn2SgXFqNd8hMUPE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/df/013c99-7d7a-482b-bb51-eb4e13be506a/1/lBbY4CtaGnWFn2SgXFqNd8hMUPE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lBbY4CtaGnWFn2SgXFqNd8hMUPE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 17:00:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:17:a6:e9:49:32:2f:c0:f2:85:0f:f7:cd:27:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9416d8e02b5a1a75859f64a05c5a8d77c84c50f1
        Validity
            Not Before: Jan  2 08:32:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f5e1b007201f9079a58074ea9569b457db6be742
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:ee:d2:a7:a4:96:5a:f8:4a:77:a7:43:f2:ea:
                    b5:ca:b4:ae:7f:2b:28:2e:fe:5b:f4:8e:6a:a9:16:
                    b3:8e:92:fb:88:f0:9f:39:56:5b:f0:aa:34:59:76:
                    ca:8b:3e:98:7c:3d:24:51:b1:d4:ba:9a:2d:01:54:
                    28:69:db:31:0c:fc:0c:74:b0:fc:e6:d6:73:f5:c6:
                    10:9a:bb:d0:78:61:7f:44:58:1a:2f:cd:75:83:8b:
                    18:d8:e2:f9:f1:2c:e8:f6:a7:02:1a:e3:45:6a:b5:
                    08:0a:3e:fa:24:26:c4:62:1d:ab:71:03:10:09:23:
                    63:78:96:35:16:28:a8:12:14:f3:a3:ba:f6:56:9a:
                    89:29:00:72:98:9f:3f:39:95:b2:1f:53:ef:dc:4b:
                    f8:e3:9e:1d:a8:e9:86:d2:dc:52:07:17:38:e4:c3:
                    24:94:62:3f:03:9b:4c:e6:64:23:ae:ff:66:9f:6d:
                    e0:1e:30:b5:a6:80:8c:36:8e:df:30:57:88:51:01:
                    67:d1:57:bf:b5:5f:f6:0c:c8:97:56:07:d1:0a:f8:
                    38:78:3c:e8:df:a7:31:b2:ca:17:f6:05:5f:a7:b2:
                    7d:87:ed:cf:19:fe:9c:ec:30:dc:57:7e:66:a9:76:
                    bc:15:67:ec:c2:48:32:19:1e:bb:ca:06:4f:32:26:
                    1b:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:E1:B0:07:20:1F:90:79:A5:80:74:EA:95:69:B4:57:DB:6B:E7:42
            X509v3 Authority Key Identifier:
                keyid:94:16:D8:E0:2B:5A:1A:75:85:9F:64:A0:5C:5A:8D:77:C8:4C:50:F1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lBbY4CtaGnWFn2SgXFqNd8hMUPE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/df/013c99-7d7a-482b-bb51-eb4e13be506a/1/9eGwByAfkHmlgHTqlWm0V9tr50I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/df/013c99-7d7a-482b-bb51-eb4e13be506a/1/lBbY4CtaGnWFn2SgXFqNd8hMUPE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:6640:1::/48

    Signature Algorithm: sha256WithRSAEncryption
         81:2b:32:f4:c0:06:13:44:b4:2d:18:85:f5:19:34:57:87:be:
         f1:88:c2:fb:56:c1:c0:f5:cf:ce:17:b5:b2:e3:1a:d9:1e:1d:
         8a:78:58:64:d9:a8:9a:56:4a:2a:ac:e0:13:1a:e0:07:cb:e1:
         16:36:1b:55:9f:47:7b:74:c1:08:96:a5:77:b9:ee:2d:35:f1:
         38:e5:34:52:74:26:2b:5d:06:26:4e:35:de:39:a1:de:10:6a:
         59:e5:e4:48:d8:13:f8:b8:0d:d8:34:c8:22:54:e7:92:79:4b:
         83:a0:3c:f4:98:45:f9:e1:3f:d6:45:fc:99:c1:26:28:86:ed:
         7a:17:65:f0:2f:c9:68:14:6a:22:ff:50:8f:0d:0a:83:9e:f1:
         0c:35:d1:8a:28:f6:f2:67:8d:6f:ee:4b:70:db:de:d0:9f:0d:
         9d:b9:f6:f4:13:01:01:b0:1d:09:09:46:c4:e9:59:a3:6c:a0:
         4c:4f:f9:66:f0:43:9d:e1:f9:30:a4:83:27:a2:cc:1e:dc:e7:
         77:ad:8a:45:fc:b0:df:9d:eb:d2:56:6b:4a:70:1f:4c:3d:a4:
         cc:90:8d:cf:30:44:8e:7d:69:7e:2e:c6:19:24:89:4f:85:47:
         13:1d:e9:69:26:3c:a3:ba:58:e9:15:8b:6e:68:fc:25:e9:26:
         e0:59:08:8a
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzJTRem6UkyL8DyhQ/3zSeUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk0MTZkOGUwMmI1YTFhNzU4NTlmNjRhMDVjNWE4ZDc3Yzg0
YzUwZjEwHhcNMjQwMTAyMDgzMjAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNWUxYjAwNzIwMWY5MDc5YTU4MDc0ZWE5NTY5YjQ1N2RiNmJlNzQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiO7Sp6SWWvhKd6dD8uq1yrSufyso
Lv5b9I5qqRazjpL7iPCfOVZb8Ko0WXbKiz6YfD0kUbHUupotAVQoadsxDPwMdLD8
5tZz9cYQmrvQeGF/RFgaL811g4sY2OL58Szo9qcCGuNFarUICj76JCbEYh2rcQMQ
CSNjeJY1FiioEhTzo7r2VpqJKQBymJ8/OZWyH1Pv3Ev4454dqOmG0txSBxc45MMk
lGI/A5tM5mQjrv9mn23gHjC1poCMNo7fMFeIUQFn0Ve/tV/2DMiXVgfRCvg4eDzo
36cxssoX9gVfp7J9h+3PGf6c7DDcV35mqXa8FWfswkgyGR67ygZPMiYb8wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFPXhsAcgH5B5pYB06pVptFfba+dCMB8GA1UdIwQY
MBaAFJQW2OArWhp1hZ9koFxajXfITFDxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbEJiWTRDdGFHbldGbjJTZ1hGcU5kOGhNVVBFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZi8wMTNjOTktN2Q3YS00ODJiLWJiNTEt
ZWI0ZTEzYmU1MDZhLzEvOWVHd0J5QWZrSG1sZ0hUcWxXbTBWOXRyNTBJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZi8wMTNjOTktN2Q3YS00ODJiLWJiNTEtZWI0ZTEzYmU1MDZh
LzEvbEJiWTRDdGFHbldGbjJTZ1hGcU5kOGhNVVBFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhBmQAAB
MA0GCSqGSIb3DQEBCwUAA4IBAQCBKzL0wAYTRLQtGIX1GTRXh77xiML7VsHA9c/O
F7Wy4xrZHh2KeFhk2aiaVkoqrOATGuAHy+EWNhtVn0d7dMEIlqV3ue4tNfE45TRS
dCYrXQYmTjXeOaHeEGpZ5eRI2BP4uA3YNMgiVOeSeUuDoDz0mEX54T/WRfyZwSYo
hu16F2XwL8loFGoi/1CPDQqDnvEMNdGKKPbyZ41v7ktw297Qnw2dufb0EwEBsB0J
CUbE6VmjbKBMT/lm8EOd4fkwpIMnoswe3Od3rYpF/LDfnevSVmtKcB9MPaTMkI3P
MESOfWl+LsYZJIlPhUcTHelpJjyjuljpFYtuaPwl6SbgWQiK
-----END CERTIFICATE-----