Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e5/c4e5a0-8219-4ff9-8287-1f4bea23e4c7/1/sDcjszfTEZrplIpz0G-edu7Te_8.roa
File:                     sDcjszfTEZrplIpz0G-edu7Te_8.roa (raw, json)
Hash identifier:          uc4KD+b45EaiUPG9olvbJxTuyuZvc2uH837O4d/lXKM=
Subject key identifier:   B0:37:23:B3:37:D3:11:9A:E9:94:8A:73:D0:6F:9E:76:EE:D3:7B:FF
Certificate issuer:       /CN=01626ffd800eafa336bdf343141f03f7c393c364
Certificate serial:       018CC5DC8E210C437782F49C3B8AB046BBF4
Authority key identifier: 01:62:6F:FD:80:0E:AF:A3:36:BD:F3:43:14:1F:03:F7:C3:93:C3:64
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AWJv_YAOr6M2vfNDFB8D98OTw2Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e5/c4e5a0-8219-4ff9-8287-1f4bea23e4c7/1/sDcjszfTEZrplIpz0G-edu7Te_8.roa
Signing time:             Mon 01 Jan 2024 16:30:15 +0000
ROA not before:           Mon 01 Jan 2024 16:30:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     21433
IP address blocks:        2a02:ee80:4251::/48 maxlen: 48
                          2a02:ee80:4250::/48 maxlen: 48
                          2a02:ee80:4250::/47 maxlen: 47

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e5/c4e5a0-8219-4ff9-8287-1f4bea23e4c7/1/AWJv_YAOr6M2vfNDFB8D98OTw2Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e5/c4e5a0-8219-4ff9-8287-1f4bea23e4c7/1/AWJv_YAOr6M2vfNDFB8D98OTw2Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/AWJv_YAOr6M2vfNDFB8D98OTw2Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 27 May 2024 08:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:8e:21:0c:43:77:82:f4:9c:3b:8a:b0:46:bb:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=01626ffd800eafa336bdf343141f03f7c393c364
        Validity
            Not Before: Jan  1 16:30:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b03723b337d3119ae9948a73d06f9e76eed37bff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:a1:56:00:9e:b3:d5:c6:24:5e:f9:f1:98:6f:
                    49:d6:f3:a6:20:72:d4:10:69:20:d9:a8:59:cb:a0:
                    7e:51:ac:83:44:9c:87:c5:de:16:1f:44:40:76:fe:
                    f0:79:58:6d:45:15:71:84:94:cd:bf:50:5c:74:de:
                    af:8b:5a:89:5f:31:ba:5f:e7:ab:2a:85:d4:27:0b:
                    35:b6:93:23:12:71:f2:95:ca:ef:2c:0b:36:b1:e9:
                    70:cf:bf:11:23:c0:3e:b1:93:6f:a1:ac:7a:30:f6:
                    b2:21:92:db:71:7f:57:b5:d6:42:e5:e2:ed:55:88:
                    bf:5b:65:7b:b8:6b:dd:44:01:c5:f3:f7:66:2f:b8:
                    69:9e:84:f2:c2:03:b6:99:4a:cb:e1:97:ae:6b:dc:
                    3b:8a:54:38:9a:64:59:d3:5e:0e:12:83:85:44:6c:
                    c1:42:fb:e9:5b:1f:51:f9:a7:82:c2:50:d0:75:6e:
                    5e:79:f0:4f:3c:36:55:11:f5:71:1a:fb:57:c7:6d:
                    34:6a:25:75:ba:cf:2a:f3:c2:09:87:d9:a8:2c:21:
                    e3:40:33:89:0e:41:db:4b:07:23:58:b3:f6:b8:df:
                    82:04:9d:b5:44:22:93:24:0f:31:fb:16:b7:05:f8:
                    f4:e9:43:f6:5d:12:9e:9e:ca:74:71:1c:e1:82:09:
                    d1:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:37:23:B3:37:D3:11:9A:E9:94:8A:73:D0:6F:9E:76:EE:D3:7B:FF
            X509v3 Authority Key Identifier:
                keyid:01:62:6F:FD:80:0E:AF:A3:36:BD:F3:43:14:1F:03:F7:C3:93:C3:64

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AWJv_YAOr6M2vfNDFB8D98OTw2Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/c4e5a0-8219-4ff9-8287-1f4bea23e4c7/1/sDcjszfTEZrplIpz0G-edu7Te_8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/c4e5a0-8219-4ff9-8287-1f4bea23e4c7/1/AWJv_YAOr6M2vfNDFB8D98OTw2Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a02:ee80:4250::/47

    Signature Algorithm: sha256WithRSAEncryption
         43:f2:9f:14:3f:b3:30:7d:89:77:3c:ff:c8:cc:ed:88:18:7e:
         61:72:25:68:7e:7e:5b:8e:10:5b:82:e8:af:82:e9:dc:be:27:
         32:76:2f:db:36:ee:d2:9a:1a:4d:48:e4:17:32:f0:38:d4:d7:
         74:98:2d:4b:a1:80:3f:27:3b:e4:9a:d2:64:49:40:f0:cc:19:
         5d:b0:4b:bd:59:7a:4b:74:a8:1a:de:e0:8e:b4:98:05:56:18:
         8e:ef:8c:2d:e1:2c:09:c1:ae:12:67:49:35:98:cf:32:29:d1:
         bc:8a:f6:20:f6:5e:5f:8b:33:c0:46:2a:09:a7:9f:03:18:96:
         15:dd:b9:19:c8:bd:81:fa:9e:7f:01:3c:54:ae:eb:ec:a6:16:
         ad:1b:d7:27:dc:01:12:e2:4e:c9:85:c5:3e:d6:eb:b9:17:16:
         68:3d:c9:0a:a8:13:3d:70:5f:76:4e:1e:05:10:38:72:91:d2:
         99:c8:0b:58:9b:7e:0f:44:90:d4:60:8d:95:63:ac:24:69:c2:
         d4:a0:2b:c0:a8:b0:e0:58:d1:80:5f:09:f7:da:1c:75:20:1b:
         f2:7d:5b:d6:1c:97:50:d3:bb:5b:78:e2:92:42:fd:bf:1f:d5:
         57:07:4c:91:0a:8e:e6:bb:ce:d1:44:3e:b0:9e:d2:95:0a:15:
         a4:fe:02:0f
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzF3I4hDEN3gvScO4qwRrv0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAxNjI2ZmZkODAwZWFmYTMzNmJkZjM0MzE0MWYwM2Y3YzM5
M2MzNjQwHhcNMjQwMTAxMTYzMDE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMDM3MjNiMzM3ZDMxMTlhZTk5NDhhNzNkMDZmOWU3NmVlZDM3YmZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkaFWAJ6z1cYkXvnxmG9J1vOmIHLU
EGkg2ahZy6B+UayDRJyHxd4WH0RAdv7weVhtRRVxhJTNv1BcdN6vi1qJXzG6X+er
KoXUJws1tpMjEnHylcrvLAs2selwz78RI8A+sZNvoax6MPayIZLbcX9XtdZC5eLt
VYi/W2V7uGvdRAHF8/dmL7hpnoTywgO2mUrL4Zeua9w7ilQ4mmRZ014OEoOFRGzB
QvvpWx9R+aeCwlDQdW5eefBPPDZVEfVxGvtXx200aiV1us8q88IJh9moLCHjQDOJ
DkHbSwcjWLP2uN+CBJ21RCKTJA8x+xa3Bfj06UP2XRKensp0cRzhggnR6wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFLA3I7M30xGa6ZSKc9Bvnnbu03v/MB8GA1UdIwQY
MBaAFAFib/2ADq+jNr3zQxQfA/fDk8NkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQVdKdl9ZQU9yNk0ydmZOREZCOEQ5OE9UdzJRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNS9jNGU1YTAtODIxOS00ZmY5LTgyODct
MWY0YmVhMjNlNGM3LzEvc0RjanN6ZlRFWnJwbElwejBHLWVkdTdUZV84LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNS9jNGU1YTAtODIxOS00ZmY5LTgyODctMWY0YmVhMjNlNGM3
LzEvQVdKdl9ZQU9yNk0ydmZOREZCOEQ5OE9UdzJRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcBKgLugEJQ
MA0GCSqGSIb3DQEBCwUAA4IBAQBD8p8UP7MwfYl3PP/IzO2IGH5hciVofn5bjhBb
guivguncvicydi/bNu7SmhpNSOQXMvA41Nd0mC1LoYA/JzvkmtJkSUDwzBldsEu9
WXpLdKga3uCOtJgFVhiO74wt4SwJwa4SZ0k1mM8yKdG8ivYg9l5fizPARioJp58D
GJYV3bkZyL2B+p5/ATxUruvsphatG9cn3AES4k7JhcU+1uu5FxZoPckKqBM9cF92
Th4FEDhykdKZyAtYm34PRJDUYI2VY6wkacLUoCvAqLDgWNGAXwn32hx1IBvyfVvW
HJdQ07tbeOKSQv2/H9VXB0yRCo7mu87RRD6wntKVChWk/gIP
-----END CERTIFICATE-----