Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/Y2K0sBzo009eQGoBpw8P6CT0fLo.roa
File:                     Y2K0sBzo009eQGoBpw8P6CT0fLo.roa (raw, json)
Hash identifier:          8cG6OM+VYbglUyaaP361Lg8IzotJ5CWPuSFlx99Uhrw=
Subject key identifier:   63:62:B4:B0:1C:E8:D3:4F:5E:40:6A:01:A7:0F:0F:E8:24:F4:7C:BA
Certificate issuer:       /CN=5ee531b9ac2990d69a8a5c3023e72e6d841e6c09
Certificate serial:       018EBD3861467844164CE4317E4476AC268B
Authority key identifier: 5E:E5:31:B9:AC:29:90:D6:9A:8A:5C:30:23:E7:2E:6D:84:1E:6C:09
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XuUxuawpkNaailwwI-cubYQebAk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/Y2K0sBzo009eQGoBpw8P6CT0fLo.roa
Signing time:             Mon 08 Apr 2024 10:19:32 +0000
ROA not before:           Mon 08 Apr 2024 10:19:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39229
IP address blocks:        2a00:1e88:8::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/XuUxuawpkNaailwwI-cubYQebAk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/XuUxuawpkNaailwwI-cubYQebAk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XuUxuawpkNaailwwI-cubYQebAk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:bd:38:61:46:78:44:16:4c:e4:31:7e:44:76:ac:26:8b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ee531b9ac2990d69a8a5c3023e72e6d841e6c09
        Validity
            Not Before: Apr  8 10:19:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6362b4b01ce8d34f5e406a01a70f0fe824f47cba
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:e9:b6:d7:13:83:39:02:5a:a8:63:c5:32:76:
                    ec:ce:30:9b:8c:d1:97:9d:0f:fc:5f:d9:64:06:0e:
                    9a:6b:db:29:36:53:de:63:7c:fc:53:68:d4:57:0a:
                    99:e1:59:c1:5a:87:64:bc:71:0c:b9:95:2a:7b:ee:
                    e6:7f:05:fe:99:d7:21:36:c8:fc:be:a1:2d:c3:50:
                    26:30:b4:f9:5d:5d:36:68:c7:53:61:10:01:fd:32:
                    9d:a7:dc:de:f8:d2:06:0e:b7:09:5d:9d:cf:04:ca:
                    d8:c1:75:fb:a4:b8:95:e4:6d:21:a8:76:c3:31:ed:
                    e0:5a:e2:16:b9:7b:b1:5f:96:2c:18:68:40:2c:53:
                    4b:8d:e4:76:80:8c:94:dd:31:ff:3a:2a:d5:b9:29:
                    48:cd:b4:0d:08:b8:fe:71:48:ce:e7:32:a0:34:57:
                    09:e0:53:be:75:14:3a:40:f3:08:cb:51:58:b3:36:
                    eb:d4:52:fa:4b:65:93:d8:e7:1e:9e:72:38:ac:a6:
                    40:e4:04:75:5c:29:0d:8e:c3:e2:c8:b0:65:76:b2:
                    96:51:b3:8d:03:d7:85:b5:04:14:ff:10:c6:1d:c0:
                    25:ce:c8:48:5b:3b:5b:bc:70:30:b7:df:35:dc:75:
                    63:87:55:3f:26:27:52:45:9e:01:5c:36:0d:08:55:
                    9f:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:62:B4:B0:1C:E8:D3:4F:5E:40:6A:01:A7:0F:0F:E8:24:F4:7C:BA
            X509v3 Authority Key Identifier:
                keyid:5E:E5:31:B9:AC:29:90:D6:9A:8A:5C:30:23:E7:2E:6D:84:1E:6C:09

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XuUxuawpkNaailwwI-cubYQebAk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/Y2K0sBzo009eQGoBpw8P6CT0fLo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/XuUxuawpkNaailwwI-cubYQebAk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a00:1e88:8::/48

    Signature Algorithm: sha256WithRSAEncryption
         1b:6a:9d:f5:53:f9:c6:9f:bb:f3:34:f8:e2:1c:ce:44:da:79:
         d2:79:35:8f:29:57:12:83:ae:72:ae:a2:c6:14:27:07:6c:cf:
         32:5f:52:ce:28:31:d1:97:80:7c:ea:ab:02:e5:fe:34:23:aa:
         94:60:41:79:7a:e9:d4:2d:03:74:cb:69:37:7c:fb:9d:e2:61:
         2e:6d:9f:d1:6d:8f:ac:89:78:de:49:fc:a9:ec:5e:75:32:a7:
         9e:1e:52:59:21:69:0f:7d:2e:8a:41:2b:93:50:91:07:92:ff:
         a3:51:8f:d4:b8:71:b4:0c:67:38:8b:60:b6:0d:5c:b9:06:1e:
         57:91:9f:5c:b9:05:a2:d6:d6:77:42:60:9d:8b:75:9e:32:6d:
         20:59:9d:dc:cb:eb:a7:c5:87:7d:1a:52:a2:d0:ff:a9:b3:7a:
         0d:21:02:23:b8:74:2c:10:10:44:dc:0f:51:b3:92:91:ad:53:
         97:55:fc:98:52:81:16:ab:f3:b1:e3:be:06:a3:3c:d7:84:51:
         f3:d7:96:98:19:89:6d:37:6d:0a:10:c7:49:ca:c7:5f:0b:48:
         f9:52:7b:04:46:46:fd:73:bc:34:15:3d:9d:8a:36:b4:e0:7d:
         99:fc:55:87:4a:8c:ce:d0:cf:8d:6e:58:52:20:dc:84:fb:b5:
         46:5f:14:e9
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY69OGFGeEQWTOQxfkR2rCaLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVlZTUzMWI5YWMyOTkwZDY5YThhNWMzMDIzZTcyZTZkODQx
ZTZjMDkwHhcNMjQwNDA4MTAxOTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MzYyYjRiMDFjZThkMzRmNWU0MDZhMDFhNzBmMGZlODI0ZjQ3Y2JhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqum21xODOQJaqGPFMnbszjCbjNGX
nQ/8X9lkBg6aa9spNlPeY3z8U2jUVwqZ4VnBWodkvHEMuZUqe+7mfwX+mdchNsj8
vqEtw1AmMLT5XV02aMdTYRAB/TKdp9ze+NIGDrcJXZ3PBMrYwXX7pLiV5G0hqHbD
Me3gWuIWuXuxX5YsGGhALFNLjeR2gIyU3TH/OirVuSlIzbQNCLj+cUjO5zKgNFcJ
4FO+dRQ6QPMIy1FYszbr1FL6S2WT2OcennI4rKZA5AR1XCkNjsPiyLBldrKWUbON
A9eFtQQU/xDGHcAlzshIWztbvHAwt9813HVjh1U/JidSRZ4BXDYNCFWffQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFGNitLAc6NNPXkBqAacPD+gk9Hy6MB8GA1UdIwQY
MBaAFF7lMbmsKZDWmopcMCPnLm2EHmwJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWHVVeHVhd3BrTmFhaWx3d0ktY3ViWVFlYkFrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC85YTFkNDQtODYwOS00ZTVlLWJhOTQt
NWE4NmMyNzU3YzFlLzEvWTJLMHNCem8wMDllUUdvQnB3OFA2Q1QwZkxvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC85YTFkNDQtODYwOS00ZTVlLWJhOTQtNWE4NmMyNzU3YzFl
LzEvWHVVeHVhd3BrTmFhaWx3d0ktY3ViWVFlYkFrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgAeiAAI
MA0GCSqGSIb3DQEBCwUAA4IBAQAbap31U/nGn7vzNPjiHM5E2nnSeTWPKVcSg65y
rqLGFCcHbM8yX1LOKDHRl4B86qsC5f40I6qUYEF5eunULQN0y2k3fPud4mEubZ/R
bY+siXjeSfyp7F51MqeeHlJZIWkPfS6KQSuTUJEHkv+jUY/UuHG0DGc4i2C2DVy5
Bh5XkZ9cuQWi1tZ3QmCdi3WeMm0gWZ3cy+unxYd9GlKi0P+ps3oNIQIjuHQsEBBE
3A9Rs5KRrVOXVfyYUoEWq/Ox474GozzXhFHz15aYGYltN20KEMdJysdfC0j5UnsE
Rkb9c7w0FT2dija04H2Z/FWHSozO0M+NblhSINyE+7VGXxTp
-----END CERTIFICATE-----