Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/GpNT38WGqjvP2BZw5ZzpIpxLrgU.roa
File:                     GpNT38WGqjvP2BZw5ZzpIpxLrgU.roa (raw, json)
Hash identifier:          w1jMx382lC8qu8ydrKvHswbgqh7XDiPOSdpexBuByGQ=
Subject key identifier:   1A:93:53:DF:C5:86:AA:3B:CF:D8:16:70:E5:9C:E9:22:9C:4B:AE:05
Certificate issuer:       /CN=7508475ff0d8ec960336016e0e04221a98e5ecf2
Certificate serial:       018F6FECBD760A1EEABBC4D9DB8A3976BC48
Authority key identifier: 75:08:47:5F:F0:D8:EC:96:03:36:01:6E:0E:04:22:1A:98:E5:EC:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dQhHX_DY7JYDNgFuDgQiGpjl7PI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/GpNT38WGqjvP2BZw5ZzpIpxLrgU.roa
Signing time:             Mon 13 May 2024 03:08:57 +0000
ROA not before:           Mon 13 May 2024 03:08:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207027
IP address blocks:        2a10:4102::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/dQhHX_DY7JYDNgFuDgQiGpjl7PI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/dQhHX_DY7JYDNgFuDgQiGpjl7PI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dQhHX_DY7JYDNgFuDgQiGpjl7PI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:6f:ec:bd:76:0a:1e:ea:bb:c4:d9:db:8a:39:76:bc:48
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7508475ff0d8ec960336016e0e04221a98e5ecf2
        Validity
            Not Before: May 13 03:08:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1a9353dfc586aa3bcfd81670e59ce9229c4bae05
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:75:2c:73:f5:5c:d0:0f:bf:00:1a:ad:71:e3:
                    18:8d:0f:55:aa:c1:38:29:f0:a2:43:ed:fd:e1:48:
                    4b:ae:31:ca:b9:63:16:b8:ab:b7:a0:48:d8:66:0e:
                    77:31:6f:2f:ef:f3:78:12:47:28:fb:8e:88:5d:02:
                    5c:e7:be:28:d7:e1:e4:7c:2d:3e:9c:07:b0:d5:2b:
                    1b:21:89:99:58:6e:0b:50:e2:b7:f0:13:38:4f:96:
                    50:d9:05:21:b1:98:4a:54:53:ef:5f:95:60:56:bd:
                    97:7a:a0:f5:6d:0e:e1:a3:dd:c6:23:6e:59:e1:5b:
                    ed:90:e4:d0:cc:c2:19:aa:77:70:ea:bf:ac:51:e7:
                    43:56:0c:ee:86:5c:fa:16:3e:fa:b1:4a:93:4a:78:
                    65:d3:02:32:67:d6:74:ab:ec:ca:5b:ff:06:0e:0e:
                    89:04:a7:3c:0a:ef:66:ca:d7:c2:ef:6e:48:21:52:
                    58:03:20:17:90:6b:0a:90:d1:90:04:60:b8:f4:fa:
                    0f:ee:73:54:96:ef:37:20:44:17:97:06:7f:e0:57:
                    eb:f0:cf:1d:89:55:5b:26:ba:6c:58:bd:57:76:f1:
                    0b:2a:b0:6b:a6:4b:3f:b5:bd:d3:78:17:16:43:5e:
                    59:e6:b3:00:3e:ff:2d:ac:bb:91:56:42:d0:75:e0:
                    76:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:93:53:DF:C5:86:AA:3B:CF:D8:16:70:E5:9C:E9:22:9C:4B:AE:05
            X509v3 Authority Key Identifier:
                keyid:75:08:47:5F:F0:D8:EC:96:03:36:01:6E:0E:04:22:1A:98:E5:EC:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dQhHX_DY7JYDNgFuDgQiGpjl7PI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/GpNT38WGqjvP2BZw5ZzpIpxLrgU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/dQhHX_DY7JYDNgFuDgQiGpjl7PI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:4102::/32

    Signature Algorithm: sha256WithRSAEncryption
         2b:fc:30:8b:85:14:7a:2d:5e:5d:ce:81:29:66:f5:67:e9:73:
         a3:6e:4a:0f:63:5e:ec:53:e7:46:25:ed:c5:9e:1b:b0:be:5f:
         c3:19:84:f1:03:ca:92:d7:14:14:30:3b:3a:6b:45:3a:19:6a:
         43:67:2e:dd:ba:e5:04:38:6c:0d:05:ab:da:a5:ce:a1:40:17:
         8a:ff:67:74:89:40:68:4a:b1:2f:56:13:33:1a:66:16:f0:f4:
         38:40:fc:0e:c0:90:2f:ad:ab:26:c1:9c:7c:d5:7a:2e:83:3e:
         df:99:ce:c0:27:a4:ea:df:0d:f8:1c:6e:97:b1:5b:33:43:04:
         68:66:72:ec:b1:15:2c:51:f0:f2:fc:ac:3c:30:d1:2b:b0:d5:
         50:c7:c5:b3:ad:f6:1f:9f:8b:62:71:1b:54:5d:03:42:71:3f:
         a8:03:1c:47:63:d9:10:df:8e:89:21:8e:d8:d0:62:f0:7f:df:
         8b:87:09:34:7d:ec:52:54:cc:f4:b6:b6:b2:dd:4e:54:d2:c3:
         8b:18:ba:51:d3:82:fc:e1:a7:ec:25:7d:a9:5f:55:40:ac:62:
         0c:77:7e:2a:75:95:70:b0:b2:67:c0:e3:e5:b3:a5:ed:38:12:
         fb:bc:15:b0:4d:bd:76:40:27:0d:fd:4a:1b:3a:97:8d:8b:51:
         bf:72:91:31
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAY9v7L12Ch7qu8TZ24o5drxIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc1MDg0NzVmZjBkOGVjOTYwMzM2MDE2ZTBlMDQyMjFhOThl
NWVjZjIwHhcNMjQwNTEzMDMwODU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYTkzNTNkZmM1ODZhYTNiY2ZkODE2NzBlNTljZTkyMjljNGJhZTA1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0nUsc/Vc0A+/ABqtceMYjQ9VqsE4
KfCiQ+394UhLrjHKuWMWuKu3oEjYZg53MW8v7/N4Ekco+46IXQJc574o1+HkfC0+
nAew1SsbIYmZWG4LUOK38BM4T5ZQ2QUhsZhKVFPvX5VgVr2XeqD1bQ7ho93GI25Z
4VvtkOTQzMIZqndw6r+sUedDVgzuhlz6Fj76sUqTSnhl0wIyZ9Z0q+zKW/8GDg6J
BKc8Cu9mytfC725IIVJYAyAXkGsKkNGQBGC49PoP7nNUlu83IEQXlwZ/4Ffr8M8d
iVVbJrpsWL1XdvELKrBrpks/tb3TeBcWQ15Z5rMAPv8trLuRVkLQdeB2ZwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFBqTU9/Fhqo7z9gWcOWc6SKcS64FMB8GA1UdIwQY
MBaAFHUIR1/w2OyWAzYBbg4EIhqY5ezyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZFFoSFhfRFk3SllETmdGdURnUWlHcGpsN1BJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZS8xZmE2YTMtOGRjNS00YzM1LWE0OWIt
MTcxYzM2N2JlNzgyLzEvR3BOVDM4V0dxanZQMkJadzVaenBJcHhMcmdVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZS8xZmE2YTMtOGRjNS00YzM1LWE0OWItMTcxYzM2N2JlNzgy
LzEvZFFoSFhfRFk3SllETmdGdURnUWlHcGpsN1BJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhBBAjAN
BgkqhkiG9w0BAQsFAAOCAQEAK/wwi4UUei1eXc6BKWb1Z+lzo25KD2Ne7FPnRiXt
xZ4bsL5fwxmE8QPKktcUFDA7OmtFOhlqQ2cu3brlBDhsDQWr2qXOoUAXiv9ndIlA
aEqxL1YTMxpmFvD0OED8DsCQL62rJsGcfNV6LoM+35nOwCek6t8N+Bxul7FbM0ME
aGZy7LEVLFHw8vysPDDRK7DVUMfFs632H5+LYnEbVF0DQnE/qAMcR2PZEN+OiSGO
2NBi8H/fi4cJNH3sUlTM9La2st1OVNLDixi6UdOC/OGn7CV9qV9VQKxiDHd+KnWV
cLCyZ8Dj5bOl7TgS+7wVsE29dkAnDf1KGzqXjYtRv3KRMQ==
-----END CERTIFICATE-----