Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/38/971cc4-54d5-4c28-a1c3-e63e94cba09f/1/UzT2L2zieEzygfAZBsfnKXzillo.roa
File:                     UzT2L2zieEzygfAZBsfnKXzillo.roa (raw, json)
Hash identifier:          d4DJIv7gwoJAgQk3DlfD7vhyLwqoo8Ij0yUfTBnjhbw=
Subject key identifier:   53:34:F6:2F:6C:E2:78:4C:F2:81:F0:19:06:C7:E7:29:7C:E2:96:5A
Certificate issuer:       /CN=7d04c25c2f8b47e5daf52d1c4c5a50999dd0a0a9
Certificate serial:       018CC79558CDF1EA2BA70915B85B42EA26EF
Authority key identifier: 7D:04:C2:5C:2F:8B:47:E5:DA:F5:2D:1C:4C:5A:50:99:9D:D0:A0:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fQTCXC-LR-Xa9S0cTFpQmZ3QoKk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/38/971cc4-54d5-4c28-a1c3-e63e94cba09f/1/UzT2L2zieEzygfAZBsfnKXzillo.roa
Signing time:             Tue 02 Jan 2024 00:31:42 +0000
ROA not before:           Tue 02 Jan 2024 00:31:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208227
IP address blocks:        2a04:ff00:200::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/38/971cc4-54d5-4c28-a1c3-e63e94cba09f/1/fQTCXC-LR-Xa9S0cTFpQmZ3QoKk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/38/971cc4-54d5-4c28-a1c3-e63e94cba09f/1/fQTCXC-LR-Xa9S0cTFpQmZ3QoKk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fQTCXC-LR-Xa9S0cTFpQmZ3QoKk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:01:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:58:cd:f1:ea:2b:a7:09:15:b8:5b:42:ea:26:ef
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d04c25c2f8b47e5daf52d1c4c5a50999dd0a0a9
        Validity
            Not Before: Jan  2 00:31:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5334f62f6ce2784cf281f01906c7e7297ce2965a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:6b:0a:dc:9c:06:aa:e1:f6:c4:59:c2:13:d3:
                    d8:bf:6a:4d:13:be:d8:23:92:8d:f5:d6:95:92:96:
                    ef:51:6c:22:26:da:18:59:bb:f0:53:a7:f8:54:22:
                    6b:b0:f4:ed:0c:61:ed:7c:20:41:ea:a4:a4:1d:a3:
                    0a:b7:04:f8:9a:66:f0:9d:10:7e:16:97:27:78:bf:
                    d5:80:11:94:37:ec:c9:76:be:71:eb:d6:a8:6d:1d:
                    ba:dc:03:dd:eb:78:1a:1f:a8:a8:2f:d8:34:7e:47:
                    8c:0b:8a:05:24:d4:a1:ed:5f:a1:e9:9a:68:70:e2:
                    40:d2:e9:7d:e3:7b:bf:82:e1:9f:19:87:7e:13:d3:
                    e8:35:23:26:3a:4c:9c:d5:ba:76:b7:b9:bb:51:be:
                    a5:6f:48:b4:d4:7e:45:da:c5:5d:24:fa:a4:19:2c:
                    85:a6:31:76:5d:64:ef:d0:84:04:18:0b:b3:b5:02:
                    15:89:55:a4:97:07:2b:da:f0:08:de:54:38:92:10:
                    6b:d1:d5:2d:c1:cf:d4:dd:11:58:ae:63:5d:ad:c6:
                    fd:a9:7e:28:4c:81:c0:84:1e:db:8c:1e:d2:7e:df:
                    dd:bb:d0:ac:06:fd:f1:61:71:57:58:b1:64:44:c5:
                    af:68:4d:de:05:70:ac:31:e6:bc:5b:e9:b0:ff:01:
                    4f:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:34:F6:2F:6C:E2:78:4C:F2:81:F0:19:06:C7:E7:29:7C:E2:96:5A
            X509v3 Authority Key Identifier:
                keyid:7D:04:C2:5C:2F:8B:47:E5:DA:F5:2D:1C:4C:5A:50:99:9D:D0:A0:A9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fQTCXC-LR-Xa9S0cTFpQmZ3QoKk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/38/971cc4-54d5-4c28-a1c3-e63e94cba09f/1/UzT2L2zieEzygfAZBsfnKXzillo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/38/971cc4-54d5-4c28-a1c3-e63e94cba09f/1/fQTCXC-LR-Xa9S0cTFpQmZ3QoKk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a04:ff00:200::/40

    Signature Algorithm: sha256WithRSAEncryption
         8c:60:51:68:d1:0d:91:af:f0:05:0b:ab:a9:48:f8:ff:32:c6:
         0e:ac:ad:2a:f9:15:f1:d0:83:fb:53:5f:87:8b:17:79:b2:7c:
         05:a9:23:c8:25:8e:76:00:b3:54:59:68:36:3b:08:27:8c:ce:
         ad:b9:25:86:8f:33:ce:ae:70:88:85:d1:ff:f2:71:be:6e:0f:
         ab:8a:b9:b8:b2:fc:7f:c5:b5:6e:d8:83:5b:bf:43:aa:16:fa:
         d0:13:63:0f:70:4d:96:d8:1a:dd:d9:b7:87:8b:4c:6a:43:92:
         8d:b1:ba:f0:b7:c7:5c:04:76:a3:57:a2:60:e0:f1:5f:fc:4f:
         fc:9b:4b:a2:2e:7c:e2:4e:f5:e5:04:5f:f6:fb:a8:be:83:a8:
         48:65:58:15:a9:87:c2:c7:e3:27:b2:32:4d:54:39:9f:7b:cb:
         4f:fb:12:71:7e:d7:1e:4d:55:a6:f3:6f:df:1f:88:9a:dd:45:
         ed:30:04:d0:2c:26:8f:57:d3:32:23:b8:b2:f0:f7:e7:b2:09:
         be:c0:6f:fa:19:8e:10:2e:a7:23:f2:59:45:b8:2e:a5:ba:e9:
         fc:5e:54:3f:c6:ab:c7:6e:28:67:01:33:3b:42:96:31:6c:7f:
         74:13:3a:f1:44:a3:65:5a:69:1d:cc:96:39:89:a0:2a:ee:f2:
         01:b5:a4:03
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzHlVjN8eorpwkVuFtC6ibvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkMDRjMjVjMmY4YjQ3ZTVkYWY1MmQxYzRjNWE1MDk5OWRk
MGEwYTkwHhcNMjQwMTAyMDAzMTQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MzM0ZjYyZjZjZTI3ODRjZjI4MWYwMTkwNmM3ZTcyOTdjZTI5NjVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnmsK3JwGquH2xFnCE9PYv2pNE77Y
I5KN9daVkpbvUWwiJtoYWbvwU6f4VCJrsPTtDGHtfCBB6qSkHaMKtwT4mmbwnRB+
FpcneL/VgBGUN+zJdr5x69aobR263APd63gaH6ioL9g0fkeMC4oFJNSh7V+h6Zpo
cOJA0ul943u/guGfGYd+E9PoNSMmOkyc1bp2t7m7Ub6lb0i01H5F2sVdJPqkGSyF
pjF2XWTv0IQEGAuztQIViVWklwcr2vAI3lQ4khBr0dUtwc/U3RFYrmNdrcb9qX4o
TIHAhB7bjB7Sft/du9CsBv3xYXFXWLFkRMWvaE3eBXCsMea8W+mw/wFPOQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFFM09i9s4nhM8oHwGQbH5yl84pZaMB8GA1UdIwQY
MBaAFH0Ewlwvi0fl2vUtHExaUJmd0KCpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlFUQ1hDLUxSLVhhOVMwY1RGcFFtWjNRb0trLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOC85NzFjYzQtNTRkNS00YzI4LWExYzMt
ZTYzZTk0Y2JhMDlmLzEvVXpUMkwyemllRXp5Z2ZBWkJzZm5LWHppbGxvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOC85NzFjYzQtNTRkNS00YzI4LWExYzMtZTYzZTk0Y2JhMDlm
LzEvZlFUQ1hDLUxSLVhhOVMwY1RGcFFtWjNRb0trLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKgT/AAIw
DQYJKoZIhvcNAQELBQADggEBAIxgUWjRDZGv8AULq6lI+P8yxg6srSr5FfHQg/tT
X4eLF3myfAWpI8gljnYAs1RZaDY7CCeMzq25JYaPM86ucIiF0f/ycb5uD6uKubiy
/H/FtW7Yg1u/Q6oW+tATYw9wTZbYGt3Zt4eLTGpDko2xuvC3x1wEdqNXomDg8V/8
T/ybS6IufOJO9eUEX/b7qL6DqEhlWBWph8LH4yeyMk1UOZ97y0/7EnF+1x5NVabz
b98fiJrdRe0wBNAsJo9X0zIjuLLw9+eyCb7Ab/oZjhAupyPyWUW4LqW66fxeVD/G
q8duKGcBMztCljFsf3QTOvFEo2VaaR3MljmJoCru8gG1pAM=
-----END CERTIFICATE-----