Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ee/dfbaa2-4a27-4f3c-b9fc-fb01436a695f/1/r59saloy4V4uaWcW8Gc6NSlBYXk.roa
File:                     r59saloy4V4uaWcW8Gc6NSlBYXk.roa (raw, json)
Hash identifier:          3yBf1cza8Vwps9bCij+xG0pnh/c8ZTMcym/oa17Zzos=
Subject key identifier:   AF:9F:6C:6A:5A:32:E1:5E:2E:69:67:16:F0:67:3A:35:29:41:61:79
Certificate issuer:       /CN=5262505b488581c2ecd7582a34ece52632e3ef96
Certificate serial:       018CC6B78D20E62681CEC01E1DBABFDDB409
Authority key identifier: 52:62:50:5B:48:85:81:C2:EC:D7:58:2A:34:EC:E5:26:32:E3:EF:96
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UmJQW0iFgcLs11gqNOzlJjLj75Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ee/dfbaa2-4a27-4f3c-b9fc-fb01436a695f/1/r59saloy4V4uaWcW8Gc6NSlBYXk.roa
Signing time:             Mon 01 Jan 2024 20:29:27 +0000
ROA not before:           Mon 01 Jan 2024 20:29:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57199
IP address blocks:        2a0b:cbc0::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ee/dfbaa2-4a27-4f3c-b9fc-fb01436a695f/1/UmJQW0iFgcLs11gqNOzlJjLj75Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ee/dfbaa2-4a27-4f3c-b9fc-fb01436a695f/1/UmJQW0iFgcLs11gqNOzlJjLj75Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UmJQW0iFgcLs11gqNOzlJjLj75Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 14:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:8d:20:e6:26:81:ce:c0:1e:1d:ba:bf:dd:b4:09
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5262505b488581c2ecd7582a34ece52632e3ef96
        Validity
            Not Before: Jan  1 20:29:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=af9f6c6a5a32e15e2e696716f0673a3529416179
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:c7:c1:c2:62:22:9a:6f:e9:6e:75:ba:66:d8:
                    8c:ee:d3:ac:05:7a:b0:7e:23:73:36:3e:09:e4:9c:
                    97:52:fe:21:fa:24:3c:09:b0:81:a9:98:73:11:53:
                    56:e3:79:56:24:19:9b:ef:b6:c5:e6:ea:61:ea:e0:
                    5b:ca:ba:7c:71:fe:85:a1:3d:a6:25:ef:6f:b8:66:
                    f0:b2:6a:c5:ec:65:66:24:9c:89:94:c6:45:71:c8:
                    f7:96:8b:62:7a:0e:b2:c7:28:d0:0f:39:fb:2f:b5:
                    ce:51:ad:6b:60:79:b3:96:c7:35:46:ce:91:81:f9:
                    7a:7b:77:15:4f:4d:cb:f4:6b:c3:5f:f0:25:b0:50:
                    70:74:2d:26:cc:ed:b2:2e:65:b4:c3:40:ac:56:45:
                    3b:ce:f0:c6:00:ca:af:1f:69:57:c2:2d:83:b5:f3:
                    1b:99:9a:8f:a7:9c:9c:04:61:02:4b:3e:42:74:b0:
                    a4:bd:33:fa:e5:b0:e5:69:42:f1:72:d3:48:f6:b7:
                    4f:41:b5:5d:bc:24:74:32:48:02:80:50:70:a6:8f:
                    51:68:e3:b7:88:58:29:7e:dd:2d:9e:eb:85:9f:7e:
                    1c:98:09:4f:9e:03:51:60:9c:41:79:11:13:9b:16:
                    4d:56:78:45:fd:25:a3:86:3f:e0:c0:79:c1:25:91:
                    d4:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:9F:6C:6A:5A:32:E1:5E:2E:69:67:16:F0:67:3A:35:29:41:61:79
            X509v3 Authority Key Identifier:
                keyid:52:62:50:5B:48:85:81:C2:EC:D7:58:2A:34:EC:E5:26:32:E3:EF:96

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UmJQW0iFgcLs11gqNOzlJjLj75Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/dfbaa2-4a27-4f3c-b9fc-fb01436a695f/1/r59saloy4V4uaWcW8Gc6NSlBYXk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/dfbaa2-4a27-4f3c-b9fc-fb01436a695f/1/UmJQW0iFgcLs11gqNOzlJjLj75Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:cbc0::/32

    Signature Algorithm: sha256WithRSAEncryption
         30:f2:a9:d1:6d:a9:84:a2:93:35:b9:0d:c6:ec:05:e1:3d:44:
         31:2c:89:ef:f0:4f:09:2e:cd:e9:34:9b:d5:8e:ab:f3:1f:29:
         be:47:04:0e:b8:a2:25:c7:09:db:61:8c:7f:c6:4a:af:6f:af:
         eb:bb:9d:0a:c4:cd:48:1b:d7:ff:e5:87:dd:f0:0c:b0:21:e8:
         92:76:d4:7d:6b:12:87:0c:40:0f:e8:26:cb:8a:f4:86:4f:7f:
         e0:8b:eb:20:c6:78:5b:21:a7:e6:c5:fc:02:f2:d8:a2:90:a9:
         ad:06:58:92:70:3a:ef:db:d1:a7:fd:3f:9c:6f:99:58:a2:a3:
         9f:1b:5b:28:c7:ba:09:b0:00:60:30:d4:14:84:90:60:1c:ee:
         3a:db:71:44:f1:e9:ca:ef:d2:44:e6:2c:c4:0b:11:ff:56:5c:
         17:36:c1:c5:04:9a:48:93:20:a5:00:21:2c:21:44:70:21:07:
         7a:8a:5e:12:99:8d:f9:1d:31:b0:61:ed:9e:c8:63:d0:03:95:
         29:1c:50:f4:3a:ff:e6:95:c5:bf:95:f8:cb:fd:18:c2:84:57:
         5a:c5:82:f1:40:93:70:0d:38:12:8e:70:bd:18:26:d3:51:63:
         b9:3d:50:3c:41:e3:15:22:72:90:73:74:63:a4:f5:70:9a:13:
         9a:09:1f:6c
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzGt40g5iaBzsAeHbq/3bQJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyNjI1MDViNDg4NTgxYzJlY2Q3NTgyYTM0ZWNlNTI2MzJl
M2VmOTYwHhcNMjQwMTAxMjAyOTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZjlmNmM2YTVhMzJlMTVlMmU2OTY3MTZmMDY3M2EzNTI5NDE2MTc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgMfBwmIimm/pbnW6ZtiM7tOsBXqw
fiNzNj4J5JyXUv4h+iQ8CbCBqZhzEVNW43lWJBmb77bF5uph6uBbyrp8cf6FoT2m
Je9vuGbwsmrF7GVmJJyJlMZFccj3lotieg6yxyjQDzn7L7XOUa1rYHmzlsc1Rs6R
gfl6e3cVT03L9GvDX/AlsFBwdC0mzO2yLmW0w0CsVkU7zvDGAMqvH2lXwi2DtfMb
mZqPp5ycBGECSz5CdLCkvTP65bDlaULxctNI9rdPQbVdvCR0MkgCgFBwpo9RaOO3
iFgpft0tnuuFn34cmAlPngNRYJxBeRETmxZNVnhF/SWjhj/gwHnBJZHUQQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFK+fbGpaMuFeLmlnFvBnOjUpQWF5MB8GA1UdIwQY
MBaAFFJiUFtIhYHC7NdYKjTs5SYy4++WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVW1KUVcwaUZnY0xzMTFncU5PemxKakxqNzVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZS9kZmJhYTItNGEyNy00ZjNjLWI5ZmMt
ZmIwMTQzNmE2OTVmLzEvcjU5c2Fsb3k0VjR1YVdjVzhHYzZOU2xCWVhrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZS9kZmJhYTItNGEyNy00ZjNjLWI5ZmMtZmIwMTQzNmE2OTVm
LzEvVW1KUVcwaUZnY0xzMTFncU5PemxKakxqNzVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgvLwDAN
BgkqhkiG9w0BAQsFAAOCAQEAMPKp0W2phKKTNbkNxuwF4T1EMSyJ7/BPCS7N6TSb
1Y6r8x8pvkcEDriiJccJ22GMf8ZKr2+v67udCsTNSBvX/+WH3fAMsCHoknbUfWsS
hwxAD+gmy4r0hk9/4IvrIMZ4WyGn5sX8AvLYopCprQZYknA679vRp/0/nG+ZWKKj
nxtbKMe6CbAAYDDUFISQYBzuOttxRPHpyu/SROYsxAsR/1ZcFzbBxQSaSJMgpQAh
LCFEcCEHeopeEpmN+R0xsGHtnshj0AOVKRxQ9Dr/5pXFv5X4y/0YwoRXWsWC8UCT
cA04Eo5wvRgm01FjuT1QPEHjFSJykHN0Y6T1cJoTmgkfbA==
-----END CERTIFICATE-----