Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ed/3e3548-fdb5-4ded-ba59-091c2d303fe8/1/i8CiKE0XSB0Z4vj3PMufYiLS9x8.roa
File:                     i8CiKE0XSB0Z4vj3PMufYiLS9x8.roa (raw, json)
Hash identifier:          DY+SHYwqpazlktR9c54cxrckRhaJ02bzjiMICaDBtJ8=
Subject key identifier:   8B:C0:A2:28:4D:17:48:1D:19:E2:F8:F7:3C:CB:9F:62:22:D2:F7:1F
Certificate issuer:       /CN=427ce5719caa681adbd493a8d9a38a675d6bd639
Certificate serial:       018CC8DF7245517789AC4F3748437120519F
Authority key identifier: 42:7C:E5:71:9C:AA:68:1A:DB:D4:93:A8:D9:A3:8A:67:5D:6B:D6:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QnzlcZyqaBrb1JOo2aOKZ11r1jk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ed/3e3548-fdb5-4ded-ba59-091c2d303fe8/1/i8CiKE0XSB0Z4vj3PMufYiLS9x8.roa
Signing time:             Tue 02 Jan 2024 06:32:16 +0000
ROA not before:           Tue 02 Jan 2024 06:32:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     174
IP address blocks:        2a02:f181:1000::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ed/3e3548-fdb5-4ded-ba59-091c2d303fe8/1/QnzlcZyqaBrb1JOo2aOKZ11r1jk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ed/3e3548-fdb5-4ded-ba59-091c2d303fe8/1/QnzlcZyqaBrb1JOo2aOKZ11r1jk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QnzlcZyqaBrb1JOo2aOKZ11r1jk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 28 Apr 2024 20:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:72:45:51:77:89:ac:4f:37:48:43:71:20:51:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=427ce5719caa681adbd493a8d9a38a675d6bd639
        Validity
            Not Before: Jan  2 06:32:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8bc0a2284d17481d19e2f8f73ccb9f6222d2f71f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:6a:36:24:fe:4a:94:1e:d2:be:a0:c7:a5:64:
                    8b:34:1b:38:3f:9e:89:56:97:72:7f:f2:59:39:24:
                    ab:36:9d:35:9b:b5:59:a5:e3:f7:f3:50:c0:df:b5:
                    47:ee:16:b2:20:11:9c:f4:d2:e4:37:28:e2:03:4d:
                    73:f7:f9:78:5d:97:e9:5c:10:7c:21:0e:06:5a:bf:
                    15:72:d7:34:e0:67:cb:6e:41:18:34:99:f6:3e:31:
                    26:2d:cf:41:f5:6b:c4:b9:87:39:13:e8:5a:d3:aa:
                    4c:d1:de:ce:5c:1b:07:89:56:18:e5:09:e2:17:3e:
                    a1:b4:27:94:bf:52:61:b6:77:86:ef:18:0f:ce:61:
                    66:dc:ab:37:36:b0:a1:a7:08:99:6c:07:46:8f:5a:
                    0c:25:d3:6c:b3:91:71:7c:35:65:77:c6:73:6d:0e:
                    8e:06:5d:8e:32:46:50:b0:f8:f3:ca:84:29:47:9f:
                    2d:2a:f7:19:99:a9:04:fb:1c:d7:a2:dd:a3:54:36:
                    26:4e:56:0d:bb:c9:ac:8e:3e:8b:66:d6:ac:55:8d:
                    3c:7a:36:bd:b9:68:7e:33:e7:0e:91:a6:fa:ea:7f:
                    ba:6f:7a:f6:52:23:92:c1:ed:0b:ab:28:f6:7b:71:
                    4d:2d:cd:6a:00:a3:18:2d:02:83:a9:24:07:9a:ea:
                    52:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:C0:A2:28:4D:17:48:1D:19:E2:F8:F7:3C:CB:9F:62:22:D2:F7:1F
            X509v3 Authority Key Identifier:
                keyid:42:7C:E5:71:9C:AA:68:1A:DB:D4:93:A8:D9:A3:8A:67:5D:6B:D6:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QnzlcZyqaBrb1JOo2aOKZ11r1jk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/3e3548-fdb5-4ded-ba59-091c2d303fe8/1/i8CiKE0XSB0Z4vj3PMufYiLS9x8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/3e3548-fdb5-4ded-ba59-091c2d303fe8/1/QnzlcZyqaBrb1JOo2aOKZ11r1jk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a02:f181:1000::/48

    Signature Algorithm: sha256WithRSAEncryption
         46:53:c2:66:6c:e1:f5:73:4d:61:db:a2:95:de:52:bd:71:d2:
         f3:53:92:7b:0d:9e:11:77:b8:4e:a8:05:72:13:17:7a:4a:d3:
         41:11:3e:82:20:48:e5:cf:0b:f6:7c:35:1a:e5:2f:fe:d3:9d:
         58:a4:58:ec:38:ec:a2:5d:eb:27:c5:d6:68:28:3c:ca:11:ae:
         1f:2c:f0:26:da:21:05:83:7d:2d:4d:03:d8:ce:02:30:bd:c6:
         4e:32:b8:d6:5f:44:ec:18:a9:20:b7:55:54:b3:f3:1a:71:37:
         fb:b1:a8:3e:63:8e:26:4e:e4:b3:ed:01:a0:8c:f2:e8:f3:a6:
         13:b2:d6:e7:fc:82:1e:ef:b9:c9:8e:d8:99:26:05:ea:be:ac:
         f7:4d:4c:c4:63:ae:92:87:55:da:b0:67:6c:1a:5e:1b:f2:b3:
         68:c2:e2:af:e3:7d:3d:7d:ff:3e:d0:67:4d:0b:ff:79:5c:02:
         c0:9c:0f:3b:d6:6b:86:7a:65:d0:e9:6b:47:6a:67:79:0d:f1:
         a6:b2:6a:d0:8f:cd:48:26:5b:ca:f6:89:9d:0d:33:9f:1a:d6:
         0a:5c:02:bb:44:a7:91:35:d7:64:c8:3d:65:77:96:ad:23:96:
         a2:86:bc:1d:79:40:b7:14:09:2c:0d:18:b7:67:90:de:ae:7e:
         f0:7a:7e:8c
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzI33JFUXeJrE83SENxIFGfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQyN2NlNTcxOWNhYTY4MWFkYmQ0OTNhOGQ5YTM4YTY3NWQ2
YmQ2MzkwHhcNMjQwMTAyMDYzMjE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YmMwYTIyODRkMTc0ODFkMTllMmY4ZjczY2NiOWY2MjIyZDJmNzFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoWo2JP5KlB7SvqDHpWSLNBs4P56J
Vpdyf/JZOSSrNp01m7VZpeP381DA37VH7hayIBGc9NLkNyjiA01z9/l4XZfpXBB8
IQ4GWr8Vctc04GfLbkEYNJn2PjEmLc9B9WvEuYc5E+ha06pM0d7OXBsHiVYY5Qni
Fz6htCeUv1JhtneG7xgPzmFm3Ks3NrChpwiZbAdGj1oMJdNss5FxfDVld8ZzbQ6O
Bl2OMkZQsPjzyoQpR58tKvcZmakE+xzXot2jVDYmTlYNu8msjj6LZtasVY08eja9
uWh+M+cOkab66n+6b3r2UiOSwe0Lqyj2e3FNLc1qAKMYLQKDqSQHmupSIwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFIvAoihNF0gdGeL49zzLn2Ii0vcfMB8GA1UdIwQY
MBaAFEJ85XGcqmga29STqNmjimdda9Y5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUW56bGNaeXFhQnJiMUpPbzJhT0taMTFyMWprLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZC8zZTM1NDgtZmRiNS00ZGVkLWJhNTkt
MDkxYzJkMzAzZmU4LzEvaThDaUtFMFhTQjBaNHZqM1BNdWZZaUxTOXg4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZC8zZTM1NDgtZmRiNS00ZGVkLWJhNTktMDkxYzJkMzAzZmU4
LzEvUW56bGNaeXFhQnJiMUpPbzJhT0taMTFyMWprLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgLxgRAA
MA0GCSqGSIb3DQEBCwUAA4IBAQBGU8JmbOH1c01h26KV3lK9cdLzU5J7DZ4Rd7hO
qAVyExd6StNBET6CIEjlzwv2fDUa5S/+051YpFjsOOyiXesnxdZoKDzKEa4fLPAm
2iEFg30tTQPYzgIwvcZOMrjWX0TsGKkgt1VUs/MacTf7sag+Y44mTuSz7QGgjPLo
86YTstbn/IIe77nJjtiZJgXqvqz3TUzEY66Sh1XasGdsGl4b8rNowuKv4309ff8+
0GdNC/95XALAnA871muGemXQ6WtHamd5DfGmsmrQj81IJlvK9omdDTOfGtYKXAK7
RKeRNddkyD1ld5atI5aihrwdeUC3FAksDRi3Z5Dern7wen6M
-----END CERTIFICATE-----