Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/PJQZX9uQlRFwn-w16OUVCv3RhsY.roa
File:                     PJQZX9uQlRFwn-w16OUVCv3RhsY.roa (raw, json)
Hash identifier:          NmeSrboDMs7sP7c1tx+LQIVtPoDu/32CGN1LhnkBMkM=
Subject key identifier:   3C:94:19:5F:DB:90:95:11:70:9F:EC:35:E8:E5:15:0A:FD:D1:86:C6
Certificate issuer:       /CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Certificate serial:       018D852BC8A650638C717FB0F4E44659C968
Authority key identifier: 7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/PJQZX9uQlRFwn-w16OUVCv3RhsY.roa
Signing time:             Wed 07 Feb 2024 20:04:15 +0000
ROA not before:           Wed 07 Feb 2024 20:04:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     139791
IP address blocks:        2a06:3600::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Jun 2024 08:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:85:2b:c8:a6:50:63:8c:71:7f:b0:f4:e4:46:59:c9:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
        Validity
            Not Before: Feb  7 20:04:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3c94195fdb909511709fec35e8e5150afdd186c6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:65:62:ec:15:5c:4a:8c:9b:90:e1:66:4d:0b:
                    19:05:94:29:58:4d:50:18:48:62:a6:71:3c:bf:d5:
                    b6:18:ba:05:47:93:be:04:b7:b5:39:83:f6:d4:36:
                    f9:99:55:67:b2:e6:00:6c:52:0a:76:65:cd:cf:81:
                    bc:bd:b0:18:25:94:44:1f:14:e9:03:e9:c4:55:6d:
                    f2:48:ba:60:d1:43:32:18:a9:2b:60:17:e6:9e:11:
                    30:97:52:0b:d6:2f:d2:e1:05:4d:b6:fb:b4:fa:79:
                    f1:af:00:ae:0f:6e:0c:94:6d:1e:30:64:c1:22:2a:
                    22:e1:60:3d:66:60:17:76:2e:74:08:ce:06:97:a7:
                    66:ce:f5:95:6d:44:ad:c1:70:b8:28:b7:91:47:f9:
                    f7:ac:a5:0f:e5:75:d0:25:0d:bf:1f:d0:7d:1b:d9:
                    b0:74:15:8a:60:e6:79:6d:56:2f:97:0e:1f:49:8f:
                    10:cb:a7:5f:f6:a1:8c:8b:7f:d1:78:2d:15:1e:45:
                    b5:9d:88:40:f8:a2:e5:94:bd:42:64:35:96:f6:a9:
                    5b:d2:36:c2:f7:8c:4f:a3:fe:39:3d:ea:95:95:ef:
                    12:34:c0:8d:71:86:ee:49:51:79:69:56:bd:f2:3f:
                    ca:de:4f:27:7a:db:33:8b:eb:de:1a:c4:a5:f3:8f:
                    a1:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:94:19:5F:DB:90:95:11:70:9F:EC:35:E8:E5:15:0A:FD:D1:86:C6
            X509v3 Authority Key Identifier:
                keyid:7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/PJQZX9uQlRFwn-w16OUVCv3RhsY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:3600::/29

    Signature Algorithm: sha256WithRSAEncryption
         01:8e:60:63:7b:38:e0:be:a2:49:a2:29:ae:0c:98:5d:e7:76:
         bd:26:05:ee:70:4d:83:63:48:05:3a:c4:d5:0d:8c:14:26:8e:
         d9:df:a8:d9:b4:d4:e3:62:4d:1b:12:11:e2:cf:23:4a:b6:a3:
         5a:91:f4:03:cb:d9:4b:01:42:84:89:6b:fe:20:e2:18:1f:df:
         96:cc:3a:eb:d3:30:14:3d:0c:e6:77:f4:3d:3e:5c:bb:be:88:
         12:0c:e7:cd:8d:e2:ba:46:22:06:5b:45:cb:b4:1a:31:0e:58:
         ee:96:86:1e:1c:4f:33:01:21:f1:e6:9a:57:fc:75:22:08:ea:
         4e:ea:dc:c5:0c:42:e6:37:c3:82:20:76:16:0a:28:61:8c:44:
         cd:15:9e:23:86:1d:64:86:e9:79:f4:95:69:9e:5e:8b:96:e1:
         8f:f1:0e:02:09:46:a7:1b:ba:38:ad:74:08:62:ac:61:13:47:
         42:98:1e:ba:6e:a7:3e:2d:d0:bd:be:7f:0c:3b:ae:5f:86:3f:
         e7:ab:2d:bc:03:9d:8b:b8:4d:a9:7b:8c:c1:1b:1e:be:f1:db:
         2e:59:68:7a:47:c2:43:31:de:65:2f:be:01:8d:eb:00:36:a8:
         b0:4b:f1:e8:b4:f0:4d:de:c4:49:ca:92:f8:a5:69:7c:be:fe:
         18:13:97:32
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAY2FK8imUGOMcX+w9ORGWcloMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTU5YWFmYmZjMDkzMTI0MmUxZDYzNzI5OGNmMWRkMjIz
ZTRjMjYwHhcNMjQwMjA3MjAwNDE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYzk0MTk1ZmRiOTA5NTExNzA5ZmVjMzVlOGU1MTUwYWZkZDE4NmM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgWVi7BVcSoybkOFmTQsZBZQpWE1Q
GEhipnE8v9W2GLoFR5O+BLe1OYP21Db5mVVnsuYAbFIKdmXNz4G8vbAYJZREHxTp
A+nEVW3ySLpg0UMyGKkrYBfmnhEwl1IL1i/S4QVNtvu0+nnxrwCuD24MlG0eMGTB
Iioi4WA9ZmAXdi50CM4Gl6dmzvWVbUStwXC4KLeRR/n3rKUP5XXQJQ2/H9B9G9mw
dBWKYOZ5bVYvlw4fSY8Qy6df9qGMi3/ReC0VHkW1nYhA+KLllL1CZDWW9qlb0jbC
94xPo/45PeqVle8SNMCNcYbuSVF5aVa98j/K3k8netszi+veGsSl84+hQwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFDyUGV/bkJURcJ/sNejlFQr90YbGMB8GA1UdIwQY
MBaAFH1Vmq+/wJMSQuHWNymM8d0iPkwmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTkt
OGM1MDA3YzJhNGI2LzEvUEpRWlg5dVFsUkZ3bi13MTZPVVZDdjNSaHNZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTktOGM1MDA3YzJhNGI2
LzEvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKgY2ADAN
BgkqhkiG9w0BAQsFAAOCAQEAAY5gY3s44L6iSaIprgyYXed2vSYF7nBNg2NIBTrE
1Q2MFCaO2d+o2bTU42JNGxIR4s8jSrajWpH0A8vZSwFChIlr/iDiGB/flsw669Mw
FD0M5nf0PT5cu76IEgznzY3iukYiBltFy7QaMQ5Y7paGHhxPMwEh8eaaV/x1Igjq
TurcxQxC5jfDgiB2FgooYYxEzRWeI4YdZIbpefSVaZ5ei5bhj/EOAglGpxu6OK10
CGKsYRNHQpgeum6nPi3Qvb5/DDuuX4Y/56stvAOdi7hNqXuMwRsevvHbLlloekfC
QzHeZS++AY3rADaosEvx6LTwTd7EScqS+KVpfL7+GBOXMg==
-----END CERTIFICATE-----