Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/d9a672-26c3-4ab4-b53b-099fd2101385/1/jco7O9UUxnLIClEpq58b1MWy6e4.roa
File:                     jco7O9UUxnLIClEpq58b1MWy6e4.roa (raw, json)
Hash identifier:          gNcNfHHhvG+69kur5cgPMgsTy6iIVdfLsPj8dL8Mz/M=
Subject key identifier:   8D:CA:3B:3B:D5:14:C6:72:C8:0A:51:29:AB:9F:1B:D4:C5:B2:E9:EE
Certificate issuer:       /CN=b4fb331fa42fb451e4551c6f91cbb9c19ee37a4e
Certificate serial:       018CC4939E8F75DDA5070942E3F25599EDC7
Authority key identifier: B4:FB:33:1F:A4:2F:B4:51:E4:55:1C:6F:91:CB:B9:C1:9E:E3:7A:4E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tPszH6QvtFHkVRxvkcu5wZ7jek4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/d9a672-26c3-4ab4-b53b-099fd2101385/1/jco7O9UUxnLIClEpq58b1MWy6e4.roa
Signing time:             Mon 01 Jan 2024 10:30:57 +0000
ROA not before:           Mon 01 Jan 2024 10:30:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     1654
IP address blocks:        2a02:bf8:1601::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/d9a672-26c3-4ab4-b53b-099fd2101385/1/tPszH6QvtFHkVRxvkcu5wZ7jek4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/d9a672-26c3-4ab4-b53b-099fd2101385/1/tPszH6QvtFHkVRxvkcu5wZ7jek4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tPszH6QvtFHkVRxvkcu5wZ7jek4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Jun 2024 16:02:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:9e:8f:75:dd:a5:07:09:42:e3:f2:55:99:ed:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4fb331fa42fb451e4551c6f91cbb9c19ee37a4e
        Validity
            Not Before: Jan  1 10:30:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8dca3b3bd514c672c80a5129ab9f1bd4c5b2e9ee
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:99:0f:4d:c7:53:dd:2f:8a:38:9a:30:be:e2:
                    29:80:22:6d:4a:12:59:64:f4:fa:1e:20:07:90:5a:
                    54:12:29:66:31:8d:ea:fe:d3:1d:66:4b:08:98:e5:
                    ee:7a:19:0c:72:66:12:a7:db:e8:1c:de:70:a7:8a:
                    17:92:49:2f:d1:14:14:1b:eb:d4:a2:2c:1b:a5:1f:
                    c6:59:64:6f:ba:85:4d:af:75:08:6b:24:ad:b2:b8:
                    00:b4:67:3d:3d:f8:48:3f:de:d3:02:54:11:49:42:
                    c6:82:d9:56:52:eb:d4:a1:7b:76:40:b1:b3:5f:12:
                    d9:3f:ca:e0:50:32:f5:f4:e8:76:34:1a:c3:60:14:
                    a1:89:e8:6b:ed:11:e1:53:22:57:9f:8a:07:a0:0c:
                    e5:e6:d8:79:6a:3f:38:c3:20:fc:35:45:f2:4c:33:
                    d6:2e:f2:bb:b6:41:d7:df:8c:13:9b:a4:f9:37:23:
                    f0:bd:13:22:1c:a5:ff:4b:26:f6:1b:12:ea:f0:77:
                    5f:52:a8:40:95:08:a7:c3:12:a4:57:8d:f1:4e:24:
                    af:ce:12:f5:e1:67:0a:82:1d:1f:fc:62:79:0b:f5:
                    15:58:d1:f9:2b:e5:60:ab:81:9c:db:bd:2e:84:d0:
                    fc:f0:be:3f:80:63:81:da:fa:2e:d8:15:8e:4e:a6:
                    75:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:CA:3B:3B:D5:14:C6:72:C8:0A:51:29:AB:9F:1B:D4:C5:B2:E9:EE
            X509v3 Authority Key Identifier:
                keyid:B4:FB:33:1F:A4:2F:B4:51:E4:55:1C:6F:91:CB:B9:C1:9E:E3:7A:4E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tPszH6QvtFHkVRxvkcu5wZ7jek4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/d9a672-26c3-4ab4-b53b-099fd2101385/1/jco7O9UUxnLIClEpq58b1MWy6e4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/d9a672-26c3-4ab4-b53b-099fd2101385/1/tPszH6QvtFHkVRxvkcu5wZ7jek4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a02:bf8:1601::/48

    Signature Algorithm: sha256WithRSAEncryption
         38:bb:a8:f0:28:cb:3d:61:f2:d3:24:d5:2d:35:f3:13:84:80:
         01:3b:35:81:a2:99:4c:82:4b:4a:75:c5:7d:da:94:e2:4b:ae:
         ed:47:9b:92:1b:84:41:d5:21:56:b2:da:aa:b7:3f:75:fb:80:
         45:dd:f7:ff:41:fd:aa:1c:3f:ec:3d:16:3b:58:77:36:4b:73:
         6b:90:8a:b8:c8:7f:56:30:73:c4:9a:cf:7e:5f:ac:18:0c:79:
         42:70:9d:c7:ac:74:b0:9d:25:21:5e:3e:92:01:85:a0:b0:50:
         15:98:ee:28:f3:1d:fa:b3:2c:8e:6b:ec:7b:fa:1b:ed:1c:12:
         93:4e:bb:1e:4b:9f:9a:91:44:bc:8e:af:51:bf:3a:8c:dc:1b:
         aa:93:9e:dd:8f:12:f5:b0:b6:76:fa:e7:45:28:5e:5b:36:5f:
         8d:96:3a:a4:bf:7c:dd:42:3e:3d:3a:f1:6c:da:a6:3b:83:73:
         21:b8:db:db:12:06:55:fa:be:1a:65:c5:91:7c:6d:2b:94:20:
         1f:67:0b:72:a6:92:90:9e:a6:ec:71:45:66:29:50:36:b6:88:
         3a:f7:98:90:17:c0:00:32:59:9b:32:e4:6f:b2:d1:94:15:9a:
         5a:14:0d:9d:e9:51:6f:e4:da:60:ca:72:e8:0c:d3:3b:9b:d6:
         a0:6f:8a:61
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzEk56Pdd2lBwlC4/JVme3HMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0ZmIzMzFmYTQyZmI0NTFlNDU1MWM2ZjkxY2JiOWMxOWVl
MzdhNGUwHhcNMjQwMTAxMTAzMDU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZGNhM2IzYmQ1MTRjNjcyYzgwYTUxMjlhYjlmMWJkNGM1YjJlOWVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyZkPTcdT3S+KOJowvuIpgCJtShJZ
ZPT6HiAHkFpUEilmMY3q/tMdZksImOXuehkMcmYSp9voHN5wp4oXkkkv0RQUG+vU
oiwbpR/GWWRvuoVNr3UIayStsrgAtGc9PfhIP97TAlQRSULGgtlWUuvUoXt2QLGz
XxLZP8rgUDL19Oh2NBrDYBShiehr7RHhUyJXn4oHoAzl5th5aj84wyD8NUXyTDPW
LvK7tkHX34wTm6T5NyPwvRMiHKX/Syb2GxLq8HdfUqhAlQinwxKkV43xTiSvzhL1
4WcKgh0f/GJ5C/UVWNH5K+Vgq4Gc270uhND88L4/gGOB2vou2BWOTqZ1lwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFI3KOzvVFMZyyApRKaufG9TFsunuMB8GA1UdIwQY
MBaAFLT7Mx+kL7RR5FUcb5HLucGe43pOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFBzekg2UXZ0RkhrVlJ4dmtjdTV3WjdqZWs0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS9kOWE2NzItMjZjMy00YWI0LWI1M2It
MDk5ZmQyMTAxMzg1LzEvamNvN085VVV4bkxJQ2xFcHE1OGIxTVd5NmU0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS9kOWE2NzItMjZjMy00YWI0LWI1M2ItMDk5ZmQyMTAxMzg1
LzEvdFBzekg2UXZ0RkhrVlJ4dmtjdTV3WjdqZWs0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgIL+BYB
MA0GCSqGSIb3DQEBCwUAA4IBAQA4u6jwKMs9YfLTJNUtNfMThIABOzWBoplMgktK
dcV92pTiS67tR5uSG4RB1SFWstqqtz91+4BF3ff/Qf2qHD/sPRY7WHc2S3NrkIq4
yH9WMHPEms9+X6wYDHlCcJ3HrHSwnSUhXj6SAYWgsFAVmO4o8x36syyOa+x7+hvt
HBKTTrseS5+akUS8jq9RvzqM3Buqk57djxL1sLZ2+udFKF5bNl+Nljqkv3zdQj49
OvFs2qY7g3MhuNvbEgZV+r4aZcWRfG0rlCAfZwtyppKQnqbscUVmKVA2tog695iQ
F8AAMlmbMuRvstGUFZpaFA2d6VFv5NpgynLoDNM7m9agb4ph
-----END CERTIFICATE-----