Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e7/0a0ba9-f4fe-49bc-a368-b3cbb5ad2ad0/1/a15JNGc4tycEpL50VONNMnHelwo.roa
File:                     a15JNGc4tycEpL50VONNMnHelwo.roa (raw, json)
Hash identifier:          ePvIGfPmXnlyPWA3lUpobYyOrDLpPMamB/CcofZJHZo=
Subject key identifier:   6B:5E:49:34:67:38:B7:27:04:A4:BE:74:54:E3:4D:32:71:DE:97:0A
Certificate issuer:       /CN=e8b62bbe9eeb5a3d66e1cc223adedc53b177c4ee
Certificate serial:       018DAD01F03B42ABF74DA06E5F7B1BD74523
Authority key identifier: E8:B6:2B:BE:9E:EB:5A:3D:66:E1:CC:22:3A:DE:DC:53:B1:77:C4:EE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6LYrvp7rWj1m4cwiOt7cU7F3xO4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e7/0a0ba9-f4fe-49bc-a368-b3cbb5ad2ad0/1/a15JNGc4tycEpL50VONNMnHelwo.roa
Signing time:             Thu 15 Feb 2024 13:43:21 +0000
ROA not before:           Thu 15 Feb 2024 13:43:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213168
IP address blocks:        2a13:8140::/48 maxlen: 48
                          2a13:8140:1::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e7/0a0ba9-f4fe-49bc-a368-b3cbb5ad2ad0/1/6LYrvp7rWj1m4cwiOt7cU7F3xO4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e7/0a0ba9-f4fe-49bc-a368-b3cbb5ad2ad0/1/6LYrvp7rWj1m4cwiOt7cU7F3xO4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6LYrvp7rWj1m4cwiOt7cU7F3xO4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:ad:01:f0:3b:42:ab:f7:4d:a0:6e:5f:7b:1b:d7:45:23
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e8b62bbe9eeb5a3d66e1cc223adedc53b177c4ee
        Validity
            Not Before: Feb 15 13:43:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6b5e49346738b72704a4be7454e34d3271de970a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:a6:23:08:8a:27:73:b6:7a:1d:b2:22:12:8f:
                    55:17:a6:4f:0b:7c:13:96:14:91:16:dd:8b:bc:c0:
                    06:78:80:67:d7:44:0f:0c:d1:9e:74:06:87:21:f3:
                    e8:4e:dd:bd:f2:bc:d5:e5:11:c1:93:5c:17:18:02:
                    c5:c8:81:ac:ee:bb:a6:b6:10:af:49:bb:34:d4:71:
                    10:02:02:31:63:0a:44:8b:ed:3a:2b:21:9b:50:de:
                    7d:ad:99:c5:de:50:b5:49:f4:e2:08:27:dc:cc:43:
                    5b:25:c9:71:22:48:f9:bf:e0:ec:7e:39:fd:1c:9c:
                    92:55:47:25:a5:28:04:a2:44:17:51:65:66:63:3d:
                    41:6c:87:b5:f6:36:b1:6b:11:3b:85:fa:08:8e:5e:
                    03:44:02:b2:51:d4:2c:66:81:cf:62:b2:80:e7:e1:
                    13:cf:fc:cb:dd:d1:ac:ba:c5:4e:f8:b5:b9:96:6b:
                    c1:c9:a1:c6:ff:77:5a:e3:5a:89:1b:40:92:b4:e5:
                    77:03:5b:1f:fe:7b:95:e3:85:be:fb:36:5a:98:42:
                    26:10:99:e8:46:70:26:0c:ac:f0:76:da:22:e2:f9:
                    26:8e:a0:91:1f:f8:11:09:91:1f:2f:90:d0:a1:4c:
                    3d:7e:a8:02:39:bf:6c:78:9a:d8:4e:9b:e6:18:c0:
                    34:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:5E:49:34:67:38:B7:27:04:A4:BE:74:54:E3:4D:32:71:DE:97:0A
            X509v3 Authority Key Identifier:
                keyid:E8:B6:2B:BE:9E:EB:5A:3D:66:E1:CC:22:3A:DE:DC:53:B1:77:C4:EE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6LYrvp7rWj1m4cwiOt7cU7F3xO4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/0a0ba9-f4fe-49bc-a368-b3cbb5ad2ad0/1/a15JNGc4tycEpL50VONNMnHelwo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/0a0ba9-f4fe-49bc-a368-b3cbb5ad2ad0/1/6LYrvp7rWj1m4cwiOt7cU7F3xO4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:8140::/47

    Signature Algorithm: sha256WithRSAEncryption
         5b:30:26:03:65:2e:a2:f9:05:33:37:c7:b4:ee:22:cf:e1:d9:
         45:94:3a:e9:01:31:30:34:e9:77:3b:a2:a8:cd:d6:29:9a:9f:
         c7:aa:3f:8f:6b:f0:b0:60:1c:af:2f:d8:0c:3b:5c:61:8a:11:
         60:01:c1:7e:f7:d0:de:44:6f:e3:77:c1:97:7a:e9:19:e2:7b:
         14:fb:e6:c5:62:b9:bd:2e:78:33:27:92:82:03:c2:17:db:43:
         64:41:60:de:a5:45:72:ce:61:9e:b4:27:39:e1:86:88:2e:17:
         61:80:67:d1:87:8f:70:05:4e:5f:99:41:39:df:ea:4d:1a:2a:
         0a:5a:74:fa:c4:45:70:b6:96:31:12:fc:61:d0:f4:52:85:9c:
         ca:84:e2:3e:eb:d7:ae:51:8e:ae:16:bb:36:1e:33:c4:d5:f2:
         19:f8:b7:8f:ea:9b:07:c4:6d:96:a0:1c:39:33:ba:14:cd:5b:
         39:45:69:a9:8d:30:d2:27:16:e9:da:ff:18:32:2f:5e:d5:18:
         bc:e0:72:8c:d6:3c:75:0d:69:67:70:79:72:be:44:bd:de:79:
         56:e1:3b:e1:4e:d3:93:06:98:55:8e:2b:6a:d1:44:8c:65:5b:
         2c:dd:ff:0d:52:1f:77:24:55:e0:6a:d4:51:8e:12:f3:59:7c:
         0a:86:77:d8
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY2tAfA7Qqv3TaBuX3sb10UjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU4YjYyYmJlOWVlYjVhM2Q2NmUxY2MyMjNhZGVkYzUzYjE3
N2M0ZWUwHhcNMjQwMjE1MTM0MzIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YjVlNDkzNDY3MzhiNzI3MDRhNGJlNzQ1NGUzNGQzMjcxZGU5NzBhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi6YjCIonc7Z6HbIiEo9VF6ZPC3wT
lhSRFt2LvMAGeIBn10QPDNGedAaHIfPoTt298rzV5RHBk1wXGALFyIGs7rumthCv
Sbs01HEQAgIxYwpEi+06KyGbUN59rZnF3lC1SfTiCCfczENbJclxIkj5v+Dsfjn9
HJySVUclpSgEokQXUWVmYz1BbIe19jaxaxE7hfoIjl4DRAKyUdQsZoHPYrKA5+ET
z/zL3dGsusVO+LW5lmvByaHG/3da41qJG0CStOV3A1sf/nuV44W++zZamEImEJno
RnAmDKzwdtoi4vkmjqCRH/gRCZEfL5DQoUw9fqgCOb9seJrYTpvmGMA0/QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFGteSTRnOLcnBKS+dFTjTTJx3pcKMB8GA1UdIwQY
MBaAFOi2K76e61o9ZuHMIjre3FOxd8TuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNkxZcnZwN3JXajFtNGN3aU90N2NVN0YzeE80LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNy8wYTBiYTktZjRmZS00OWJjLWEzNjgt
YjNjYmI1YWQyYWQwLzEvYTE1Sk5HYzR0eWNFcEw1MFZPTk5NbkhlbHdvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNy8wYTBiYTktZjRmZS00OWJjLWEzNjgtYjNjYmI1YWQyYWQw
LzEvNkxZcnZwN3JXajFtNGN3aU90N2NVN0YzeE80LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcBKhOBQAAA
MA0GCSqGSIb3DQEBCwUAA4IBAQBbMCYDZS6i+QUzN8e07iLP4dlFlDrpATEwNOl3
O6KozdYpmp/Hqj+Pa/CwYByvL9gMO1xhihFgAcF+99DeRG/jd8GXeukZ4nsU++bF
Yrm9LngzJ5KCA8IX20NkQWDepUVyzmGetCc54YaILhdhgGfRh49wBU5fmUE53+pN
GioKWnT6xEVwtpYxEvxh0PRShZzKhOI+69euUY6uFrs2HjPE1fIZ+LeP6psHxG2W
oBw5M7oUzVs5RWmpjTDSJxbp2v8YMi9e1Ri84HKM1jx1DWlncHlyvkS93nlW4Tvh
TtOTBphVjitq0USMZVss3f8NUh93JFXgatRRjhLzWXwKhnfY
-----END CERTIFICATE-----