Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f0/eb7037-deed-4a23-b3a4-0458c15cfd0b/1/xkLzEcuftd3EoX_JVrIZWG0LF4M.roa
File:                     xkLzEcuftd3EoX_JVrIZWG0LF4M.roa (raw, json)
Hash identifier:          1GWoXBniL6q3CXcXZJ5MDGjfAcZKOY+ejVCz0ciSdOA=
Subject key identifier:   C6:42:F3:11:CB:9F:B5:DD:C4:A1:7F:C9:56:B2:19:58:6D:0B:17:83
Certificate issuer:       /CN=3f34d48d841a52a4227d49fa3ef85ba5abf22248
Certificate serial:       018EAD101FD6B1CB57D1B416684A5BA6C67E
Authority key identifier: 3F:34:D4:8D:84:1A:52:A4:22:7D:49:FA:3E:F8:5B:A5:AB:F2:22:48
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PzTUjYQaUqQifUn6PvhbpavyIkg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f0/eb7037-deed-4a23-b3a4-0458c15cfd0b/1/xkLzEcuftd3EoX_JVrIZWG0LF4M.roa
Signing time:             Fri 05 Apr 2024 07:01:38 +0000
ROA not before:           Fri 05 Apr 2024 07:01:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207318
IP address blocks:        2a11:d580::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f0/eb7037-deed-4a23-b3a4-0458c15cfd0b/1/PzTUjYQaUqQifUn6PvhbpavyIkg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f0/eb7037-deed-4a23-b3a4-0458c15cfd0b/1/PzTUjYQaUqQifUn6PvhbpavyIkg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PzTUjYQaUqQifUn6PvhbpavyIkg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 04 Dec 2024 13:01:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:ad:10:1f:d6:b1:cb:57:d1:b4:16:68:4a:5b:a6:c6:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3f34d48d841a52a4227d49fa3ef85ba5abf22248
        Validity
            Not Before: Apr  5 07:01:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c642f311cb9fb5ddc4a17fc956b219586d0b1783
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f0:68:a1:73:aa:73:ea:0c:33:48:7b:23:cc:64:
                    8f:0c:90:43:08:4d:6a:3f:ad:24:1e:2a:16:fd:92:
                    d5:e4:17:43:32:d9:2b:14:14:33:f3:b4:11:e6:2b:
                    18:ad:f3:32:cf:f3:af:9e:1b:89:0a:83:af:a9:da:
                    3c:3a:9d:58:3d:c0:a3:ca:2b:7a:ad:58:1d:24:c4:
                    84:82:51:7a:3c:32:df:c8:c6:51:57:9d:c4:74:33:
                    d2:e1:5a:99:69:f7:db:44:66:45:85:bf:57:bb:e3:
                    8a:46:93:c6:70:02:9f:c1:d8:9b:59:36:40:6d:99:
                    bb:af:ba:5a:da:2b:81:19:32:d0:b3:51:7c:85:00:
                    cc:54:0b:80:a9:74:11:33:66:25:c2:6f:9c:08:ea:
                    2c:68:1a:70:eb:68:1b:52:6d:cf:59:31:54:3f:ab:
                    03:4b:29:2f:a2:8b:52:7e:d4:94:2f:20:b7:db:0a:
                    43:84:3a:2d:22:57:97:7d:0b:50:ea:1f:d9:d0:70:
                    b5:f3:95:3d:b1:ea:e4:7c:b4:91:03:1c:85:10:16:
                    55:4e:06:5d:5e:24:ae:47:d7:43:5a:b6:08:49:ee:
                    7f:c1:e6:b6:dd:ba:85:3b:4a:cc:60:a9:7b:3b:e8:
                    03:e9:bd:2d:11:17:9a:9a:1c:7a:a4:0a:91:4c:96:
                    15:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:42:F3:11:CB:9F:B5:DD:C4:A1:7F:C9:56:B2:19:58:6D:0B:17:83
            X509v3 Authority Key Identifier:
                keyid:3F:34:D4:8D:84:1A:52:A4:22:7D:49:FA:3E:F8:5B:A5:AB:F2:22:48

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PzTUjYQaUqQifUn6PvhbpavyIkg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/eb7037-deed-4a23-b3a4-0458c15cfd0b/1/xkLzEcuftd3EoX_JVrIZWG0LF4M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/eb7037-deed-4a23-b3a4-0458c15cfd0b/1/PzTUjYQaUqQifUn6PvhbpavyIkg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a11:d580::/29

    Signature Algorithm: sha256WithRSAEncryption
         bb:55:2f:0b:fc:3f:cf:00:01:14:f8:b9:d3:cf:57:f1:83:9d:
         72:f1:54:0f:1e:0c:51:f5:76:a0:37:5a:24:fe:76:21:4f:9c:
         98:63:f5:af:d5:b9:71:a7:69:7a:d2:87:7e:16:59:18:93:8b:
         ce:e4:ad:fe:c8:85:d0:4c:e4:7d:55:20:38:55:e2:5c:89:69:
         70:f7:58:39:ef:ae:f5:37:49:5e:9b:0a:67:bd:7b:4c:ea:b3:
         cf:48:54:ff:55:8c:4a:a7:ce:0e:96:ac:61:96:f5:26:09:ef:
         00:de:4f:36:e0:fe:63:94:b7:98:01:a5:c0:b3:fd:f3:cf:f0:
         da:a3:56:61:23:78:6c:c0:d3:5b:50:7c:9c:5a:c4:fc:87:f7:
         3c:3c:c8:4c:3e:9e:e4:b6:1b:34:ff:bf:1d:72:c6:17:40:86:
         39:1a:3f:e6:2f:5c:9f:0e:45:b4:df:27:4c:37:24:4b:c4:6d:
         84:d6:d7:2d:cd:ec:1c:4b:69:5b:49:bf:02:b3:01:f5:dc:5f:
         df:1a:3d:b0:71:73:8c:38:a6:7a:f2:83:2f:3c:f3:1e:6c:c8:
         20:f4:c5:17:30:42:73:53:99:5b:ea:2a:4d:70:6c:ac:f5:73:
         1d:7e:e0:43:1c:2a:69:67:42:5e:67:a3:e7:13:52:15:96:f8:
         24:5f:21:28
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAY6tEB/WsctX0bQWaEpbpsZ+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmMzRkNDhkODQxYTUyYTQyMjdkNDlmYTNlZjg1YmE1YWJm
MjIyNDgwHhcNMjQwNDA1MDcwMTM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNjQyZjMxMWNiOWZiNWRkYzRhMTdmYzk1NmIyMTk1ODZkMGIxNzgzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8Gihc6pz6gwzSHsjzGSPDJBDCE1q
P60kHioW/ZLV5BdDMtkrFBQz87QR5isYrfMyz/OvnhuJCoOvqdo8Op1YPcCjyit6
rVgdJMSEglF6PDLfyMZRV53EdDPS4VqZaffbRGZFhb9Xu+OKRpPGcAKfwdibWTZA
bZm7r7pa2iuBGTLQs1F8hQDMVAuAqXQRM2Ylwm+cCOosaBpw62gbUm3PWTFUP6sD
SykvootSftSULyC32wpDhDotIleXfQtQ6h/Z0HC185U9serkfLSRAxyFEBZVTgZd
XiSuR9dDWrYISe5/wea23bqFO0rMYKl7O+gD6b0tEReamhx6pAqRTJYVsQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFMZC8xHLn7XdxKF/yVayGVhtCxeDMB8GA1UdIwQY
MBaAFD801I2EGlKkIn1J+j74W6Wr8iJIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUHpUVWpZUWFVcVFpZlVuNlB2aGJwYXZ5SWtnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMC9lYjcwMzctZGVlZC00YTIzLWIzYTQt
MDQ1OGMxNWNmZDBiLzEveGtMekVjdWZ0ZDNFb1hfSlZySVpXRzBMRjRNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMC9lYjcwMzctZGVlZC00YTIzLWIzYTQtMDQ1OGMxNWNmZDBi
LzEvUHpUVWpZUWFVcVFpZlVuNlB2aGJwYXZ5SWtnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhHVgDAN
BgkqhkiG9w0BAQsFAAOCAQEAu1UvC/w/zwABFPi5089X8YOdcvFUDx4MUfV2oDda
JP52IU+cmGP1r9W5cadpetKHfhZZGJOLzuSt/siF0EzkfVUgOFXiXIlpcPdYOe+u
9TdJXpsKZ717TOqzz0hU/1WMSqfODpasYZb1JgnvAN5PNuD+Y5S3mAGlwLP988/w
2qNWYSN4bMDTW1B8nFrE/If3PDzITD6e5LYbNP+/HXLGF0CGORo/5i9cnw5FtN8n
TDckS8RthNbXLc3sHEtpW0m/ArMB9dxf3xo9sHFzjDimevKDLzzzHmzIIPTFFzBC
c1OZW+oqTXBsrPVzHX7gQxwqaWdCXmej5xNSFZb4JF8hKA==
-----END CERTIFICATE-----