Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f2/266caf-3b43-49e0-b6e1-9c174e53e4fe/1/c3wyjfEkokEBm3KzKtgY1iPm1s8.roa
File:                     c3wyjfEkokEBm3KzKtgY1iPm1s8.roa (raw, json)
Hash identifier:          jL54HVCO26iAEcUmoA5fwftOHWmMpu7cqkk6jAEq7XU=
Subject key identifier:   73:7C:32:8D:F1:24:A2:41:01:9B:72:B3:2A:D8:18:D6:23:E6:D6:CF
Certificate issuer:       /CN=1045dacc837798c3e6cf31f4d27946a33b0de661
Certificate serial:       018CC3B72BFF5C01470E3DD1A74081D1B086
Authority key identifier: 10:45:DA:CC:83:77:98:C3:E6:CF:31:F4:D2:79:46:A3:3B:0D:E6:61
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EEXazIN3mMPmzzH00nlGozsN5mE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f2/266caf-3b43-49e0-b6e1-9c174e53e4fe/1/c3wyjfEkokEBm3KzKtgY1iPm1s8.roa
Signing time:             Mon 01 Jan 2024 06:30:10 +0000
ROA not before:           Mon 01 Jan 2024 06:30:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200557
IP address blocks:        2a02:d0c2:2::/48 maxlen: 48
                          2a02:ec41::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f2/266caf-3b43-49e0-b6e1-9c174e53e4fe/1/EEXazIN3mMPmzzH00nlGozsN5mE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f2/266caf-3b43-49e0-b6e1-9c174e53e4fe/1/EEXazIN3mMPmzzH00nlGozsN5mE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EEXazIN3mMPmzzH00nlGozsN5mE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:2b:ff:5c:01:47:0e:3d:d1:a7:40:81:d1:b0:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1045dacc837798c3e6cf31f4d27946a33b0de661
        Validity
            Not Before: Jan  1 06:30:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=737c328df124a241019b72b32ad818d623e6d6cf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:e3:ee:bb:64:f4:2c:78:dc:03:a2:f9:eb:07:
                    7f:49:03:45:5f:aa:93:09:81:96:38:dc:20:d2:ac:
                    ba:db:14:2b:fe:6e:6d:71:82:00:86:f7:83:9e:87:
                    b9:28:b2:f3:f9:23:df:4e:25:19:70:87:71:d2:43:
                    a5:47:04:32:c2:62:c6:57:cd:87:04:ec:5e:e3:ce:
                    76:a5:fa:44:65:5e:1b:67:7e:21:8c:c3:3b:fc:69:
                    e0:b9:21:e5:32:0a:38:a5:9d:a8:23:63:29:aa:ae:
                    67:2f:14:07:e4:76:79:b0:c5:fb:b9:a4:e0:f5:d7:
                    83:8d:fb:5c:00:07:c5:80:73:a0:62:ac:21:22:2a:
                    ae:fc:18:5c:fc:17:c0:6a:3b:58:8d:d4:14:16:99:
                    c9:d7:db:cb:10:b7:2c:ee:71:d2:72:e4:cd:3f:25:
                    25:9d:55:9c:6c:02:9e:d2:2a:2c:15:98:43:06:1b:
                    9e:0d:52:88:f0:24:aa:d8:73:09:98:6d:7d:45:ea:
                    63:af:03:d4:7c:83:ab:2d:44:19:4a:51:32:87:2b:
                    96:53:16:ca:2d:d4:94:c1:41:6f:01:21:64:dd:ca:
                    32:6c:03:d4:b0:e7:f7:30:56:ff:8e:6f:a6:15:d6:
                    80:45:35:85:4e:09:c1:d0:03:d4:60:84:2c:c2:32:
                    a8:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                73:7C:32:8D:F1:24:A2:41:01:9B:72:B3:2A:D8:18:D6:23:E6:D6:CF
            X509v3 Authority Key Identifier:
                keyid:10:45:DA:CC:83:77:98:C3:E6:CF:31:F4:D2:79:46:A3:3B:0D:E6:61

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EEXazIN3mMPmzzH00nlGozsN5mE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/266caf-3b43-49e0-b6e1-9c174e53e4fe/1/c3wyjfEkokEBm3KzKtgY1iPm1s8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/266caf-3b43-49e0-b6e1-9c174e53e4fe/1/EEXazIN3mMPmzzH00nlGozsN5mE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a02:d0c2:2::/48
                  2a02:ec41::/48

    Signature Algorithm: sha256WithRSAEncryption
         60:fa:c5:fd:e5:11:64:36:bf:66:fc:64:72:47:fd:94:2b:96:
         ab:f1:5c:42:f9:96:97:d1:94:a5:be:f3:94:e9:55:34:4e:ae:
         32:32:76:83:28:a9:2e:dd:a9:16:89:65:57:02:1f:d9:8f:c8:
         b7:2b:1b:47:f5:8b:a0:ba:b6:38:aa:8a:f8:3c:fa:c3:fe:71:
         00:d6:0a:22:ff:ae:25:d6:26:dc:3e:ca:08:01:91:25:3e:74:
         69:72:a5:73:ba:2e:55:c9:80:0d:63:c0:25:93:cc:4a:62:ff:
         24:fe:cc:d8:53:10:b2:37:75:6d:a2:a6:17:f8:f3:9c:e4:e9:
         57:78:4f:bf:55:2b:a6:55:e3:69:43:2e:c4:55:a4:0f:47:97:
         cb:6d:39:8c:d9:2d:0b:42:ad:6a:23:3c:ab:46:ca:71:a1:25:
         cc:76:8d:be:79:24:32:d7:10:9a:c9:37:13:12:8e:96:c1:d0:
         7b:64:40:78:e6:07:9b:10:ca:fa:85:21:62:69:c2:5b:30:c0:
         10:88:8f:44:c2:d2:41:9d:99:85:00:2e:68:4a:31:d3:c3:e4:
         00:86:25:2d:af:8c:9b:33:bb:09:e3:5e:be:be:37:e9:f4:6c:
         8d:b7:92:4a:12:8e:f1:8f:0d:d5:9b:0d:bd:98:a7:10:b7:95:
         f0:fa:67:07
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzDtyv/XAFHDj3Rp0CB0bCGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEwNDVkYWNjODM3Nzk4YzNlNmNmMzFmNGQyNzk0NmEzM2Iw
ZGU2NjEwHhcNMjQwMTAxMDYzMDEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MzdjMzI4ZGYxMjRhMjQxMDE5YjcyYjMyYWQ4MThkNjIzZTZkNmNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk+Puu2T0LHjcA6L56wd/SQNFX6qT
CYGWONwg0qy62xQr/m5tcYIAhveDnoe5KLLz+SPfTiUZcIdx0kOlRwQywmLGV82H
BOxe4852pfpEZV4bZ34hjMM7/GnguSHlMgo4pZ2oI2Mpqq5nLxQH5HZ5sMX7uaTg
9deDjftcAAfFgHOgYqwhIiqu/Bhc/BfAajtYjdQUFpnJ19vLELcs7nHScuTNPyUl
nVWcbAKe0iosFZhDBhueDVKI8CSq2HMJmG19RepjrwPUfIOrLUQZSlEyhyuWUxbK
LdSUwUFvASFk3coybAPUsOf3MFb/jm+mFdaARTWFTgnB0APUYIQswjKoFwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFHN8Mo3xJKJBAZtysyrYGNYj5tbPMB8GA1UdIwQY
MBaAFBBF2syDd5jD5s8x9NJ5RqM7DeZhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRUVYYXpJTjNtTVBtenpIMDBubEdvenNONW1FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMi8yNjZjYWYtM2I0My00OWUwLWI2ZTEt
OWMxNzRlNTNlNGZlLzEvYzN3eWpmRWtva0VCbTNLekt0Z1kxaVBtMXM4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMi8yNjZjYWYtM2I0My00OWUwLWI2ZTEtOWMxNzRlNTNlNGZl
LzEvRUVYYXpJTjNtTVBtenpIMDBubEdvenNONW1FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcAKgLQwgAC
AwcAKgLsQQAAMA0GCSqGSIb3DQEBCwUAA4IBAQBg+sX95RFkNr9m/GRyR/2UK5ar
8VxC+ZaX0ZSlvvOU6VU0Tq4yMnaDKKku3akWiWVXAh/Zj8i3KxtH9YugurY4qor4
PPrD/nEA1goi/64l1ibcPsoIAZElPnRpcqVzui5VyYANY8Alk8xKYv8k/szYUxCy
N3VtoqYX+POc5OlXeE+/VSumVeNpQy7EVaQPR5fLbTmM2S0LQq1qIzyrRspxoSXM
do2+eSQy1xCayTcTEo6WwdB7ZEB45gebEMr6hSFiacJbMMAQiI9EwtJBnZmFAC5o
SjHTw+QAhiUtr4ybM7sJ416+vjfp9GyNt5JKEo7xjw3Vmw29mKcQt5Xw+mcH
-----END CERTIFICATE-----