Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e3/73ca57-4eee-4c29-814a-81790f61e794/1/rMWPy0hT6r2aLpS1-5IDNfJsvmE.roa
File:                     rMWPy0hT6r2aLpS1-5IDNfJsvmE.roa (raw, json)
Hash identifier:          BIBAUHxwg6DcuSt3N2CxeE3iWFL3Q/W4s1rWoVY1JsE=
Subject key identifier:   AC:C5:8F:CB:48:53:EA:BD:9A:2E:94:B5:FB:92:03:35:F2:6C:BE:61
Certificate issuer:       /CN=9788de1b757eaaab5e76b196e178b60b5e6c240c
Certificate serial:       018EF6C6FEB41E72863D43C654B5D639EFBC
Authority key identifier: 97:88:DE:1B:75:7E:AA:AB:5E:76:B1:96:E1:78:B6:0B:5E:6C:24:0C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/l4jeG3V-qqtedrGW4Xi2C15sJAw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e3/73ca57-4eee-4c29-814a-81790f61e794/1/rMWPy0hT6r2aLpS1-5IDNfJsvmE.roa
Signing time:             Fri 19 Apr 2024 14:33:40 +0000
ROA not before:           Fri 19 Apr 2024 14:33:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3257
IP address blocks:        2a14:4340::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e3/73ca57-4eee-4c29-814a-81790f61e794/1/l4jeG3V-qqtedrGW4Xi2C15sJAw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e3/73ca57-4eee-4c29-814a-81790f61e794/1/l4jeG3V-qqtedrGW4Xi2C15sJAw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/l4jeG3V-qqtedrGW4Xi2C15sJAw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 23:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:f6:c6:fe:b4:1e:72:86:3d:43:c6:54:b5:d6:39:ef:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9788de1b757eaaab5e76b196e178b60b5e6c240c
        Validity
            Not Before: Apr 19 14:33:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=acc58fcb4853eabd9a2e94b5fb920335f26cbe61
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:c9:a5:50:a7:3a:ec:c2:46:b6:a0:30:7d:c0:
                    c2:97:f5:d2:52:17:e4:fe:f5:b2:2d:8d:97:0c:a4:
                    5e:27:05:92:a2:23:dd:75:62:e0:41:af:6b:e5:dd:
                    ca:45:e7:70:b0:07:52:4c:f8:25:59:75:c3:5f:0d:
                    9f:99:6e:7f:0f:be:2a:1b:2a:ad:eb:39:94:bb:97:
                    63:5e:05:7d:e6:87:69:af:5e:2b:f9:c9:ba:45:13:
                    1c:c1:70:f6:51:08:bd:02:38:e3:39:e1:df:e6:33:
                    4d:f7:4d:da:9b:0b:f7:c2:35:66:15:7a:e0:b4:40:
                    3e:52:bf:9e:2c:16:a0:72:35:32:41:a2:a9:cd:b4:
                    cb:43:c5:d1:a1:fa:52:8a:e0:7d:d5:7d:f3:f7:3f:
                    11:3c:1f:5a:8b:0e:03:bc:b4:10:22:ad:4c:20:8d:
                    fd:0d:92:58:a7:51:22:8d:ff:2e:43:96:9c:3a:4d:
                    6b:97:f8:05:06:8f:8a:f5:80:e2:51:d4:a0:1c:1a:
                    74:15:28:c6:e7:05:68:56:85:2d:a3:31:db:91:2a:
                    c7:40:7b:90:23:1d:72:22:cd:d0:f6:87:b5:f7:12:
                    af:f8:e5:b0:6b:9e:31:0e:98:e1:86:8c:26:78:8f:
                    78:92:f1:3c:7c:47:fd:72:94:c5:14:e0:19:b6:dc:
                    f7:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:C5:8F:CB:48:53:EA:BD:9A:2E:94:B5:FB:92:03:35:F2:6C:BE:61
            X509v3 Authority Key Identifier:
                keyid:97:88:DE:1B:75:7E:AA:AB:5E:76:B1:96:E1:78:B6:0B:5E:6C:24:0C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/l4jeG3V-qqtedrGW4Xi2C15sJAw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/73ca57-4eee-4c29-814a-81790f61e794/1/rMWPy0hT6r2aLpS1-5IDNfJsvmE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/73ca57-4eee-4c29-814a-81790f61e794/1/l4jeG3V-qqtedrGW4Xi2C15sJAw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:4340::/29

    Signature Algorithm: sha256WithRSAEncryption
         b6:50:13:8a:db:39:ca:c4:88:9a:aa:53:87:18:4d:6d:8a:9c:
         83:72:0d:db:9d:f3:e4:81:46:5d:c3:9d:b9:3e:9b:75:5a:44:
         1a:af:cc:1e:4e:78:ff:b9:02:3e:0b:14:3c:9a:00:b7:02:93:
         0a:03:57:bc:d0:e6:3e:51:a2:80:40:d8:18:c4:76:fe:01:ea:
         3a:49:51:3d:09:c2:fe:7d:4a:e3:92:39:b7:f7:4a:0e:78:a1:
         9c:8e:f4:bc:97:11:56:99:78:73:b3:98:9e:2a:00:d1:4f:f8:
         5e:37:79:02:d6:99:5f:b5:c1:3c:2b:1d:90:e1:2c:e0:72:88:
         9f:60:c4:a0:08:bb:43:1e:6f:93:47:40:b8:ba:b2:4c:2c:d5:
         d4:8a:f9:87:a0:63:9f:33:24:65:43:e7:e9:40:7c:32:88:6e:
         2b:a9:f7:30:db:50:fd:f2:96:dc:c0:a9:4b:95:1c:70:0d:ea:
         ca:9c:df:ac:5c:e8:d6:70:54:b4:da:6f:92:2d:51:c6:96:e0:
         2e:7b:f8:0b:7c:75:62:06:38:2a:d5:56:7d:8b:3b:0c:82:90:
         e3:29:03:37:98:79:8e:e8:fd:72:10:d7:36:da:f6:52:d0:95:
         fe:f6:13:57:ae:ea:88:58:23:59:04:ad:d2:6b:78:c2:04:2f:
         69:5f:a3:e7
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAY72xv60HnKGPUPGVLXWOe+8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk3ODhkZTFiNzU3ZWFhYWI1ZTc2YjE5NmUxNzhiNjBiNWU2
YzI0MGMwHhcNMjQwNDE5MTQzMzQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhY2M1OGZjYjQ4NTNlYWJkOWEyZTk0YjVmYjkyMDMzNWYyNmNiZTYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2cmlUKc67MJGtqAwfcDCl/XSUhfk
/vWyLY2XDKReJwWSoiPddWLgQa9r5d3KRedwsAdSTPglWXXDXw2fmW5/D74qGyqt
6zmUu5djXgV95odpr14r+cm6RRMcwXD2UQi9AjjjOeHf5jNN903amwv3wjVmFXrg
tEA+Ur+eLBagcjUyQaKpzbTLQ8XRofpSiuB91X3z9z8RPB9aiw4DvLQQIq1MII39
DZJYp1Eijf8uQ5acOk1rl/gFBo+K9YDiUdSgHBp0FSjG5wVoVoUtozHbkSrHQHuQ
Ix1yIs3Q9oe19xKv+OWwa54xDpjhhowmeI94kvE8fEf9cpTFFOAZttz3mwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFKzFj8tIU+q9mi6UtfuSAzXybL5hMB8GA1UdIwQY
MBaAFJeI3ht1fqqrXnaxluF4tgtebCQMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbDRqZUczVi1xcXRlZHJHVzRYaTJDMTVzSkF3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMy83M2NhNTctNGVlZS00YzI5LTgxNGEt
ODE3OTBmNjFlNzk0LzEvck1XUHkwaFQ2cjJhTHBTMS01SUROZkpzdm1FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMy83M2NhNTctNGVlZS00YzI5LTgxNGEtODE3OTBmNjFlNzk0
LzEvbDRqZUczVi1xcXRlZHJHVzRYaTJDMTVzSkF3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhRDQDAN
BgkqhkiG9w0BAQsFAAOCAQEAtlATits5ysSImqpThxhNbYqcg3IN253z5IFGXcOd
uT6bdVpEGq/MHk54/7kCPgsUPJoAtwKTCgNXvNDmPlGigEDYGMR2/gHqOklRPQnC
/n1K45I5t/dKDnihnI70vJcRVpl4c7OYnioA0U/4Xjd5AtaZX7XBPCsdkOEs4HKI
n2DEoAi7Qx5vk0dAuLqyTCzV1Ir5h6BjnzMkZUPn6UB8MohuK6n3MNtQ/fKW3MCp
S5UccA3qypzfrFzo1nBUtNpvki1RxpbgLnv4C3x1YgY4KtVWfYs7DIKQ4ykDN5h5
juj9chDXNtr2UtCV/vYTV67qiFgjWQSt0mt4wgQvaV+j5w==
-----END CERTIFICATE-----