Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b3/ff6f4a-8d5f-45b2-875c-a5683844e792/1/p_TEdy5MOG4-9ffur-N7mRDBpHQ.roa
File:                     p_TEdy5MOG4-9ffur-N7mRDBpHQ.roa (raw, json)
Hash identifier:          kpzS4Oafd3oyEOB6GEJsapI888NzaGHsp+OyQTBMOlg=
Subject key identifier:   A7:F4:C4:77:2E:4C:38:6E:3E:F5:F7:EE:AF:E3:7B:99:10:C1:A4:74
Certificate issuer:       /CN=3d8ba0a52c42129af1d4f743feb33bb144d4bb5c
Certificate serial:       018CCA2B09AC468259EB3BAFD1B5091D14F9
Authority key identifier: 3D:8B:A0:A5:2C:42:12:9A:F1:D4:F7:43:FE:B3:3B:B1:44:D4:BB:5C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PYugpSxCEprx1PdD_rM7sUTUu1w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b3/ff6f4a-8d5f-45b2-875c-a5683844e792/1/p_TEdy5MOG4-9ffur-N7mRDBpHQ.roa
Signing time:             Tue 02 Jan 2024 12:34:27 +0000
ROA not before:           Tue 02 Jan 2024 12:34:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     33824
IP address blocks:        212.19.63.96/29 maxlen: 32
                          2a02:2e0:413::/48 maxlen: 128

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b3/ff6f4a-8d5f-45b2-875c-a5683844e792/1/PYugpSxCEprx1PdD_rM7sUTUu1w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b3/ff6f4a-8d5f-45b2-875c-a5683844e792/1/PYugpSxCEprx1PdD_rM7sUTUu1w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PYugpSxCEprx1PdD_rM7sUTUu1w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 22 Jun 2024 00:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:09:ac:46:82:59:eb:3b:af:d1:b5:09:1d:14:f9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3d8ba0a52c42129af1d4f743feb33bb144d4bb5c
        Validity
            Not Before: Jan  2 12:34:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a7f4c4772e4c386e3ef5f7eeafe37b9910c1a474
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:d2:90:47:0a:11:4b:4a:6c:70:f9:44:44:57:
                    c4:32:f5:48:a2:f4:2d:e9:b4:a4:71:ca:16:a4:c0:
                    33:2a:5c:87:f2:bf:86:cd:29:a6:99:13:12:e0:3b:
                    4f:d8:52:5a:29:3f:2b:08:cc:e0:c1:e1:25:5f:c4:
                    03:f4:53:13:14:ad:d8:ac:4c:90:bb:f9:38:e2:d8:
                    ed:71:49:bd:38:a9:fa:1d:1f:70:fb:75:e7:bc:17:
                    d3:42:6e:f7:6e:cd:41:a5:8c:ec:d4:7e:b5:03:91:
                    0b:cc:2c:db:bc:09:0f:61:c2:87:58:a3:ce:de:59:
                    81:50:74:ec:ee:4b:70:56:22:0b:a1:f3:fb:61:77:
                    81:90:aa:b7:c4:35:b7:e7:aa:9e:99:9a:69:f9:b7:
                    e2:19:60:a9:cd:24:18:e7:8c:17:96:03:22:46:92:
                    c6:37:4e:20:7d:33:13:85:37:8d:bc:bd:8b:0c:0c:
                    e7:20:b7:c3:c3:51:b2:9c:8a:28:df:da:00:d4:4f:
                    b5:9b:34:c1:86:8b:18:20:ab:6c:00:40:4d:9b:39:
                    13:69:85:3d:27:b1:a4:e1:16:5b:bd:ca:49:3a:53:
                    8a:55:c4:f1:dd:f2:50:a1:62:fa:bb:50:3b:8a:60:
                    a5:b2:51:c1:11:69:7f:0b:41:ca:d3:8f:a3:24:6c:
                    33:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:F4:C4:77:2E:4C:38:6E:3E:F5:F7:EE:AF:E3:7B:99:10:C1:A4:74
            X509v3 Authority Key Identifier:
                keyid:3D:8B:A0:A5:2C:42:12:9A:F1:D4:F7:43:FE:B3:3B:B1:44:D4:BB:5C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PYugpSxCEprx1PdD_rM7sUTUu1w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/ff6f4a-8d5f-45b2-875c-a5683844e792/1/p_TEdy5MOG4-9ffur-N7mRDBpHQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/ff6f4a-8d5f-45b2-875c-a5683844e792/1/PYugpSxCEprx1PdD_rM7sUTUu1w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.19.63.96/29
                IPv6:
                  2a02:2e0:413::/48

    Signature Algorithm: sha256WithRSAEncryption
         3b:34:f3:db:88:32:d1:4d:cd:13:c0:0c:80:17:62:aa:02:bd:
         00:b6:10:1a:06:e3:23:dd:3c:56:df:7a:4d:aa:6f:5f:0a:1c:
         4d:64:c4:78:02:36:cc:82:58:13:1e:01:ba:e4:6c:b7:d7:f4:
         6e:cc:2d:cf:b3:9c:3d:d9:55:ab:62:78:18:71:62:de:84:b3:
         f3:2a:fc:38:44:d7:21:d1:f1:25:f9:63:41:3e:ca:f2:07:0c:
         d6:30:5a:ae:00:e8:34:11:87:89:c7:55:3e:b2:91:42:04:55:
         0d:fb:33:0b:57:2e:d7:bc:39:17:e2:7f:fe:e6:5a:5b:1e:fb:
         4b:9f:29:e0:a4:ac:6a:01:fa:dc:0d:37:d5:0c:61:27:a8:a2:
         e5:12:d3:83:40:f7:cf:a9:57:b2:6c:5b:9b:b2:4e:de:7c:01:
         65:e7:79:38:d0:0a:95:5d:40:3e:0c:09:84:a3:b6:69:d5:44:
         00:84:92:78:7d:27:c0:27:66:e6:1e:75:09:0b:07:9e:2e:25:
         0e:5e:8d:e4:39:67:be:4f:13:12:63:14:5d:44:b1:08:2e:21:
         17:1f:83:ff:84:61:55:ac:84:bf:b1:a7:56:51:51:5c:2e:a7:
         43:cb:e6:4b:98:7a:f1:cd:51:05:e2:3c:51:46:9c:5a:b4:62:
         e6:79:0f:21
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYzKKwmsRoJZ6zuv0bUJHRT5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNkOGJhMGE1MmM0MjEyOWFmMWQ0Zjc0M2ZlYjMzYmIxNDRk
NGJiNWMwHhcNMjQwMTAyMTIzNDI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhN2Y0YzQ3NzJlNGMzODZlM2VmNWY3ZWVhZmUzN2I5OTEwYzFhNDc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg9KQRwoRS0pscPlERFfEMvVIovQt
6bSkccoWpMAzKlyH8r+GzSmmmRMS4DtP2FJaKT8rCMzgweElX8QD9FMTFK3YrEyQ
u/k44tjtcUm9OKn6HR9w+3XnvBfTQm73bs1BpYzs1H61A5ELzCzbvAkPYcKHWKPO
3lmBUHTs7ktwViILofP7YXeBkKq3xDW356qemZpp+bfiGWCpzSQY54wXlgMiRpLG
N04gfTMThTeNvL2LDAznILfDw1GynIoo39oA1E+1mzTBhosYIKtsAEBNmzkTaYU9
J7Gk4RZbvcpJOlOKVcTx3fJQoWL6u1A7imClslHBEWl/C0HK04+jJGwznQIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFKf0xHcuTDhuPvX37q/je5kQwaR0MB8GA1UdIwQY
MBaAFD2LoKUsQhKa8dT3Q/6zO7FE1LtcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUFl1Z3BTeENFcHJ4MVBkRF9yTTdzVVRVdTF3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMy9mZjZmNGEtOGQ1Zi00NWIyLTg3NWMt
YTU2ODM4NDRlNzkyLzEvcF9URWR5NU1PRzQtOWZmdXItTjdtUkRCcEhRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMy9mZjZmNGEtOGQ1Zi00NWIyLTg3NWMtYTU2ODM4NDRlNzky
LzEvUFl1Z3BTeENFcHJ4MVBkRF9yTTdzVVRVdTF3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDANBAIAATAHAwUD1BM/YDAP
BAIAAjAJAwcAKgIC4AQTMA0GCSqGSIb3DQEBCwUAA4IBAQA7NPPbiDLRTc0TwAyA
F2KqAr0AthAaBuMj3TxW33pNqm9fChxNZMR4AjbMglgTHgG65Gy31/RuzC3Ps5w9
2VWrYngYcWLehLPzKvw4RNch0fEl+WNBPsryBwzWMFquAOg0EYeJx1U+spFCBFUN
+zMLVy7XvDkX4n/+5lpbHvtLnyngpKxqAfrcDTfVDGEnqKLlEtODQPfPqVeybFub
sk7efAFl53k40AqVXUA+DAmEo7Zp1UQAhJJ4fSfAJ2bmHnUJCweeLiUOXo3kOWe+
TxMSYxRdRLEILiEXH4P/hGFVrIS/sadWUVFcLqdDy+ZLmHrxzVEF4jxRRpxatGLm
eQ8h
-----END CERTIFICATE-----