Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e5/4f955b-2ba5-4fc4-83f5-02dae131246f/1/rIsJ9XmzSKrpXg4uKtK5oYdnjHs.roa
File:                     rIsJ9XmzSKrpXg4uKtK5oYdnjHs.roa (raw, json)
Hash identifier:          e6vCbHcGpwkyz2EN99JIiCNP/R0qPw+V90cGLtYCSXI=
Subject key identifier:   AC:8B:09:F5:79:B3:48:AA:E9:5E:0E:2E:2A:D2:B9:A1:87:67:8C:7B
Certificate issuer:       /CN=5d4fccc994e94131dc11bfc95c64585b345e01f5
Certificate serial:       018CC4934BA474FEEF3861A0DDB4EE2A7530
Authority key identifier: 5D:4F:CC:C9:94:E9:41:31:DC:11:BF:C9:5C:64:58:5B:34:5E:01:F5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XU_MyZTpQTHcEb_JXGRYWzReAfU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e5/4f955b-2ba5-4fc4-83f5-02dae131246f/1/rIsJ9XmzSKrpXg4uKtK5oYdnjHs.roa
Signing time:             Mon 01 Jan 2024 10:30:36 +0000
ROA not before:           Mon 01 Jan 2024 10:30:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201458
IP address blocks:        2a03:4720::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e5/4f955b-2ba5-4fc4-83f5-02dae131246f/1/XU_MyZTpQTHcEb_JXGRYWzReAfU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e5/4f955b-2ba5-4fc4-83f5-02dae131246f/1/XU_MyZTpQTHcEb_JXGRYWzReAfU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XU_MyZTpQTHcEb_JXGRYWzReAfU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:4b:a4:74:fe:ef:38:61:a0:dd:b4:ee:2a:75:30
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5d4fccc994e94131dc11bfc95c64585b345e01f5
        Validity
            Not Before: Jan  1 10:30:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ac8b09f579b348aae95e0e2e2ad2b9a187678c7b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:1d:71:6d:f2:74:f1:f1:d5:74:69:9b:e6:5f:
                    8b:08:5d:8f:34:cd:e4:ff:2e:5b:ba:0c:6f:25:01:
                    5f:19:e3:a0:c4:f4:74:e4:ce:20:dc:db:21:c0:6a:
                    27:55:fd:67:80:81:e2:1e:1c:c1:99:3c:08:8d:47:
                    41:4a:66:ee:77:b0:f9:14:1a:da:6f:96:e6:8f:13:
                    1d:64:64:c8:00:a0:31:8e:41:1e:06:a3:26:08:8c:
                    27:9b:b5:bf:39:66:10:06:bd:7f:5a:d5:4c:2b:3b:
                    43:74:2a:87:1c:e9:43:e8:b2:2a:8b:94:00:b3:54:
                    e2:c4:ec:40:84:33:d1:77:31:62:9a:4a:c0:c5:f7:
                    85:b3:16:75:67:32:c1:b5:0b:4a:5a:70:83:61:6e:
                    5c:7d:97:8d:fe:02:bc:97:1e:9d:12:d8:60:4e:2f:
                    cc:d9:d5:ec:02:70:0b:98:38:d4:fe:ec:45:9c:53:
                    b0:77:e4:af:36:76:29:41:d2:f7:be:7a:d3:02:30:
                    a6:83:aa:df:32:a8:ee:0f:4a:aa:1a:1e:bb:c9:60:
                    e0:6a:d7:64:b8:b4:33:45:de:bb:9d:6d:45:7b:ec:
                    48:7a:71:4d:aa:c1:ce:3a:6f:c1:37:0c:51:c5:79:
                    7a:1a:41:b3:9a:7e:55:80:b6:52:94:a9:34:4f:97:
                    5a:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:8B:09:F5:79:B3:48:AA:E9:5E:0E:2E:2A:D2:B9:A1:87:67:8C:7B
            X509v3 Authority Key Identifier:
                keyid:5D:4F:CC:C9:94:E9:41:31:DC:11:BF:C9:5C:64:58:5B:34:5E:01:F5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XU_MyZTpQTHcEb_JXGRYWzReAfU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/4f955b-2ba5-4fc4-83f5-02dae131246f/1/rIsJ9XmzSKrpXg4uKtK5oYdnjHs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/4f955b-2ba5-4fc4-83f5-02dae131246f/1/XU_MyZTpQTHcEb_JXGRYWzReAfU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a03:4720::/32

    Signature Algorithm: sha256WithRSAEncryption
         8f:04:72:23:bf:0d:4f:de:ea:cb:ca:b4:86:53:f6:bf:e2:45:
         aa:58:3e:11:da:e6:3a:6c:40:42:d2:4a:dc:02:fd:ab:f7:0f:
         8a:a6:55:59:65:45:e7:52:67:0e:53:e7:28:93:c6:6a:27:f8:
         45:3b:ee:84:b2:8b:52:65:e2:9b:1f:05:a2:d0:d9:da:d4:f7:
         e4:db:8a:19:a8:e9:50:6a:07:11:0c:64:63:81:4a:63:ea:40:
         d6:c2:26:e7:50:f9:5d:ef:56:e9:2d:75:40:a1:6c:a3:5e:11:
         0a:22:82:80:13:94:ec:5d:fb:95:06:4b:51:79:66:b6:9c:2f:
         b0:9f:2f:18:f7:a5:39:f9:1e:a0:c1:82:80:c5:6d:f1:ad:fc:
         b8:0c:43:12:ec:0e:2f:0c:f0:22:7c:9e:cd:1d:32:18:bb:df:
         c9:8e:62:a5:c8:42:50:ac:06:42:a1:ae:4f:19:35:e2:40:ff:
         4c:ae:09:b1:86:61:10:61:73:5e:f3:36:b0:85:4b:c9:30:47:
         5d:ea:f3:ad:07:a6:1d:35:e7:2f:df:4e:fc:f1:cb:49:de:7a:
         cd:1a:b4:b4:32:24:55:d2:c2:22:56:7a:68:b4:aa:3c:5c:5e:
         ae:62:1e:5f:2a:d7:9a:0a:de:f6:e7:14:51:e4:00:e8:b2:e6:
         66:6c:e2:8a
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzEk0ukdP7vOGGg3bTuKnUwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVkNGZjY2M5OTRlOTQxMzFkYzExYmZjOTVjNjQ1ODViMzQ1
ZTAxZjUwHhcNMjQwMTAxMTAzMDM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYzhiMDlmNTc5YjM0OGFhZTk1ZTBlMmUyYWQyYjlhMTg3Njc4YzdiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnx1xbfJ08fHVdGmb5l+LCF2PNM3k
/y5bugxvJQFfGeOgxPR05M4g3NshwGonVf1ngIHiHhzBmTwIjUdBSmbud7D5FBra
b5bmjxMdZGTIAKAxjkEeBqMmCIwnm7W/OWYQBr1/WtVMKztDdCqHHOlD6LIqi5QA
s1TixOxAhDPRdzFimkrAxfeFsxZ1ZzLBtQtKWnCDYW5cfZeN/gK8lx6dEthgTi/M
2dXsAnALmDjU/uxFnFOwd+SvNnYpQdL3vnrTAjCmg6rfMqjuD0qqGh67yWDgatdk
uLQzRd67nW1Fe+xIenFNqsHOOm/BNwxRxXl6GkGzmn5VgLZSlKk0T5daEwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFKyLCfV5s0iq6V4OLirSuaGHZ4x7MB8GA1UdIwQY
MBaAFF1PzMmU6UEx3BG/yVxkWFs0XgH1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWFVfTXlaVHBRVEhjRWJfSlhHUllXelJlQWZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNS80Zjk1NWItMmJhNS00ZmM0LTgzZjUt
MDJkYWUxMzEyNDZmLzEvcklzSjlYbXpTS3JwWGc0dUt0SzVvWWRuakhzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNS80Zjk1NWItMmJhNS00ZmM0LTgzZjUtMDJkYWUxMzEyNDZm
LzEvWFVfTXlaVHBRVEhjRWJfSlhHUllXelJlQWZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgNHIDAN
BgkqhkiG9w0BAQsFAAOCAQEAjwRyI78NT97qy8q0hlP2v+JFqlg+EdrmOmxAQtJK
3AL9q/cPiqZVWWVF51JnDlPnKJPGaif4RTvuhLKLUmXimx8FotDZ2tT35NuKGajp
UGoHEQxkY4FKY+pA1sIm51D5Xe9W6S11QKFso14RCiKCgBOU7F37lQZLUXlmtpwv
sJ8vGPelOfkeoMGCgMVt8a38uAxDEuwOLwzwInyezR0yGLvfyY5ipchCUKwGQqGu
Txk14kD/TK4JsYZhEGFzXvM2sIVLyTBHXerzrQemHTXnL99O/PHLSd56zRq0tDIk
VdLCIlZ6aLSqPFxermIeXyrXmgre9ucUUeQA6LLmZmziig==
-----END CERTIFICATE-----