Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e5/9098fd-7dc3-4e12-b893-fd22df3b57f6/1/avu7UkLqytzMIWSoVTtsL0ORPOo.roa
File:                     avu7UkLqytzMIWSoVTtsL0ORPOo.roa (raw, json)
Hash identifier:          Vn0JhzqiRxKsDpg6T1/RBzPPBJnGxr68uyg+pnO1VJg=
Subject key identifier:   6A:FB:BB:52:42:EA:CA:DC:CC:21:64:A8:55:3B:6C:2F:43:91:3C:EA
Certificate issuer:       /CN=cb952f9c339cabd14234d00c84a252d7ec71a2a2
Certificate serial:       018CC94E625C1E1756B24784CF06E667A2BF
Authority key identifier: CB:95:2F:9C:33:9C:AB:D1:42:34:D0:0C:84:A2:52:D7:EC:71:A2:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/y5UvnDOcq9FCNNAMhKJS1-xxoqI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e5/9098fd-7dc3-4e12-b893-fd22df3b57f6/1/avu7UkLqytzMIWSoVTtsL0ORPOo.roa
Signing time:             Tue 02 Jan 2024 08:33:26 +0000
ROA not before:           Tue 02 Jan 2024 08:33:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     59749
IP address blocks:        2a01:73e0:e030::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e5/9098fd-7dc3-4e12-b893-fd22df3b57f6/1/y5UvnDOcq9FCNNAMhKJS1-xxoqI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e5/9098fd-7dc3-4e12-b893-fd22df3b57f6/1/y5UvnDOcq9FCNNAMhKJS1-xxoqI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/y5UvnDOcq9FCNNAMhKJS1-xxoqI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 02:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:62:5c:1e:17:56:b2:47:84:cf:06:e6:67:a2:bf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cb952f9c339cabd14234d00c84a252d7ec71a2a2
        Validity
            Not Before: Jan  2 08:33:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6afbbb5242eacadccc2164a8553b6c2f43913cea
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:1f:ec:3d:49:3c:05:46:fa:44:c7:ec:4e:ae:
                    8a:6d:59:11:10:92:ba:15:d8:ca:92:90:14:db:c4:
                    72:1e:72:62:20:7b:f1:2a:eb:28:a9:c7:cc:10:da:
                    88:8e:b8:87:0b:22:10:f3:d0:4a:9f:58:07:a4:90:
                    a9:b2:90:2a:d8:08:3b:71:f0:0c:9f:63:c5:d8:a2:
                    58:42:8e:75:46:5d:fa:21:a1:57:66:dd:bc:0e:54:
                    61:23:cc:5c:52:72:d0:c0:11:34:ee:b8:ee:8e:20:
                    b3:b8:21:88:6e:a1:bb:3f:f8:37:5a:14:0d:d1:43:
                    f3:8f:f7:47:b1:f0:ef:69:c9:cb:15:f9:a8:f1:90:
                    af:63:24:81:c2:6f:ab:c8:b1:b3:b9:4f:10:b6:9a:
                    26:1d:b7:bb:3c:e0:ab:54:78:e2:b5:d8:eb:21:b1:
                    91:e3:a1:11:0b:1e:cf:ce:2d:06:6e:e4:c3:b8:0e:
                    e4:bd:1e:89:f9:d2:85:ca:eb:f5:70:64:dc:89:27:
                    cf:d1:57:0c:f8:11:62:8f:88:ec:1f:2c:ad:df:b2:
                    39:74:92:0f:49:88:d0:25:d7:01:e4:72:48:29:b4:
                    3f:0d:97:e4:26:25:fe:b9:5c:60:ec:88:ad:04:fb:
                    fb:0b:4a:8c:ec:4f:be:56:d9:b8:40:d9:d3:03:32:
                    7c:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:FB:BB:52:42:EA:CA:DC:CC:21:64:A8:55:3B:6C:2F:43:91:3C:EA
            X509v3 Authority Key Identifier:
                keyid:CB:95:2F:9C:33:9C:AB:D1:42:34:D0:0C:84:A2:52:D7:EC:71:A2:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/y5UvnDOcq9FCNNAMhKJS1-xxoqI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/9098fd-7dc3-4e12-b893-fd22df3b57f6/1/avu7UkLqytzMIWSoVTtsL0ORPOo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/9098fd-7dc3-4e12-b893-fd22df3b57f6/1/y5UvnDOcq9FCNNAMhKJS1-xxoqI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:73e0:e030::/48

    Signature Algorithm: sha256WithRSAEncryption
         67:c8:93:10:06:9b:10:ab:25:20:9f:a9:28:ea:47:dc:66:fc:
         02:03:8f:58:80:26:3e:fb:23:c9:52:33:5c:a8:3f:2b:3b:4b:
         22:4c:cd:05:c7:a7:41:cb:05:23:6e:02:d0:56:99:e6:5c:f6:
         6a:e1:25:04:73:ce:13:c2:c8:e7:c6:8e:ec:9d:c5:57:99:8c:
         cf:d7:32:86:87:fc:38:42:08:a7:d3:20:bc:ee:b5:a6:4a:f5:
         d6:77:bb:a4:7c:ca:91:08:1d:2a:b0:b5:31:d0:2b:2f:a1:f9:
         b7:b3:26:30:45:69:fb:49:fd:8e:c7:ce:3f:c4:a6:c1:93:3f:
         4f:8e:a8:b5:cc:75:ab:48:f0:59:c2:07:fb:f4:aa:fc:c5:5e:
         00:e2:d8:28:22:f7:0a:ad:bb:0e:d2:3e:08:f6:df:3b:e0:7c:
         34:72:1c:fb:ac:bd:ca:c6:4b:0f:f7:c0:3c:fc:af:e3:5d:c5:
         b2:bf:a3:44:dc:e8:14:93:41:d0:36:1b:9d:9e:67:aa:4a:d2:
         da:be:c3:0d:2f:6d:93:49:2f:b0:3b:33:60:16:0b:c2:fc:ab:
         35:49:f4:9e:d1:14:e5:e6:0b:ec:65:09:65:26:8f:fc:d6:ca:
         b5:d7:4c:87:54:e3:71:95:5b:18:a0:8b:2c:eb:52:77:1c:5f:
         8d:8f:a1:17
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzJTmJcHhdWskeEzwbmZ6K/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNiOTUyZjljMzM5Y2FiZDE0MjM0ZDAwYzg0YTI1MmQ3ZWM3
MWEyYTIwHhcNMjQwMTAyMDgzMzI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YWZiYmI1MjQyZWFjYWRjY2MyMTY0YTg1NTNiNmMyZjQzOTEzY2VhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhh/sPUk8BUb6RMfsTq6KbVkREJK6
FdjKkpAU28RyHnJiIHvxKusoqcfMENqIjriHCyIQ89BKn1gHpJCpspAq2Ag7cfAM
n2PF2KJYQo51Rl36IaFXZt28DlRhI8xcUnLQwBE07rjujiCzuCGIbqG7P/g3WhQN
0UPzj/dHsfDvacnLFfmo8ZCvYySBwm+ryLGzuU8QtpomHbe7POCrVHjitdjrIbGR
46ERCx7Pzi0GbuTDuA7kvR6J+dKFyuv1cGTciSfP0VcM+BFij4jsHyyt37I5dJIP
SYjQJdcB5HJIKbQ/DZfkJiX+uVxg7IitBPv7C0qM7E++Vtm4QNnTAzJ8YwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFGr7u1JC6srczCFkqFU7bC9DkTzqMB8GA1UdIwQY
MBaAFMuVL5wznKvRQjTQDISiUtfscaKiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveTVVdm5ET2NxOUZDTk5BTWhLSlMxLXh4b3FJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNS85MDk4ZmQtN2RjMy00ZTEyLWI4OTMt
ZmQyMmRmM2I1N2Y2LzEvYXZ1N1VrTHF5dHpNSVdTb1ZUdHNMME9SUE9vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNS85MDk4ZmQtN2RjMy00ZTEyLWI4OTMtZmQyMmRmM2I1N2Y2
LzEveTVVdm5ET2NxOUZDTk5BTWhLSlMxLXh4b3FJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgFz4OAw
MA0GCSqGSIb3DQEBCwUAA4IBAQBnyJMQBpsQqyUgn6ko6kfcZvwCA49YgCY++yPJ
UjNcqD8rO0siTM0Fx6dBywUjbgLQVpnmXPZq4SUEc84Twsjnxo7sncVXmYzP1zKG
h/w4Qgin0yC87rWmSvXWd7ukfMqRCB0qsLUx0Csvofm3syYwRWn7Sf2Ox84/xKbB
kz9Pjqi1zHWrSPBZwgf79Kr8xV4A4tgoIvcKrbsO0j4I9t874Hw0chz7rL3KxksP
98A8/K/jXcWyv6NE3OgUk0HQNhudnmeqStLavsMNL22TSS+wOzNgFgvC/Ks1SfSe
0RTl5gvsZQllJo/81sq110yHVONxlVsYoIss61J3HF+Nj6EX
-----END CERTIFICATE-----