Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c1/9646d7-5b04-4544-8edc-659cb427dcf7/1/MzYDeANgZVntZl3mXbneGWbVlkY.roa
File:                     MzYDeANgZVntZl3mXbneGWbVlkY.roa (raw, json)
Hash identifier:          AFdZ+5coTkGynFrU3mtLrsXikxEzV0MkXZDM0NC5VsQ=
Subject key identifier:   33:36:03:78:03:60:65:59:ED:66:5D:E6:5D:B9:DE:19:66:D5:96:46
Certificate issuer:       /CN=7c44ad532540d2d2daeba95e13d614b7855ad622
Certificate serial:       018D8DD8DA1914CD90F23143AE343DD14955
Authority key identifier: 7C:44:AD:53:25:40:D2:D2:DA:EB:A9:5E:13:D6:14:B7:85:5A:D6:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fEStUyVA0tLa66leE9YUt4Va1iI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c1/9646d7-5b04-4544-8edc-659cb427dcf7/1/MzYDeANgZVntZl3mXbneGWbVlkY.roa
Signing time:             Fri 09 Feb 2024 12:30:15 +0000
ROA not before:           Fri 09 Feb 2024 12:30:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     52212
IP address blocks:        2a07:f880::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c1/9646d7-5b04-4544-8edc-659cb427dcf7/1/fEStUyVA0tLa66leE9YUt4Va1iI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c1/9646d7-5b04-4544-8edc-659cb427dcf7/1/fEStUyVA0tLa66leE9YUt4Va1iI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fEStUyVA0tLa66leE9YUt4Va1iI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Jun 2024 03:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:8d:d8:da:19:14:cd:90:f2:31:43:ae:34:3d:d1:49:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7c44ad532540d2d2daeba95e13d614b7855ad622
        Validity
            Not Before: Feb  9 12:30:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3336037803606559ed665de65db9de1966d59646
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ec:1a:9f:f0:37:d2:a5:1e:39:d8:ff:bd:39:16:
                    7c:11:72:4f:f0:8c:c8:0d:ae:6b:48:f9:fe:f1:17:
                    0f:b2:97:b5:44:46:7a:09:6a:8d:49:9f:bd:46:ce:
                    6f:29:b2:7d:13:3b:ca:f9:bc:06:7c:04:8b:b7:68:
                    cf:2a:ea:27:b1:32:77:7a:f7:54:d4:aa:c0:8b:a2:
                    66:de:1f:19:5a:ec:f9:31:5a:e3:49:91:67:0e:52:
                    87:47:24:f5:53:9e:b5:21:06:d6:80:b2:ee:58:e3:
                    f6:e1:4c:09:14:d3:f7:35:a9:63:48:b1:59:fc:78:
                    4d:41:d6:cb:d5:e2:6c:a5:71:c1:fb:f3:77:16:72:
                    d0:a6:72:02:5a:d2:37:49:39:64:db:94:1b:35:db:
                    27:b3:19:d9:ca:be:57:86:cd:55:99:de:3b:f9:88:
                    e7:13:90:0f:b8:87:33:c1:ff:bc:a7:8c:ac:2c:99:
                    f6:9f:16:4e:e4:5a:42:8e:6f:8b:c1:a1:06:47:83:
                    82:8a:21:5c:5d:a2:c6:e7:98:bc:8c:8a:72:15:7d:
                    36:6f:57:0a:7c:b2:0a:25:48:a8:3f:3f:dc:a9:86:
                    22:9c:40:54:a8:cd:d1:a4:f2:59:5b:71:96:08:a3:
                    c6:d6:20:75:22:49:09:80:ba:57:ca:fd:f9:ed:4f:
                    c4:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:36:03:78:03:60:65:59:ED:66:5D:E6:5D:B9:DE:19:66:D5:96:46
            X509v3 Authority Key Identifier:
                keyid:7C:44:AD:53:25:40:D2:D2:DA:EB:A9:5E:13:D6:14:B7:85:5A:D6:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fEStUyVA0tLa66leE9YUt4Va1iI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/9646d7-5b04-4544-8edc-659cb427dcf7/1/MzYDeANgZVntZl3mXbneGWbVlkY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/9646d7-5b04-4544-8edc-659cb427dcf7/1/fEStUyVA0tLa66leE9YUt4Va1iI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a07:f880::/29

    Signature Algorithm: sha256WithRSAEncryption
         40:5e:f2:4e:8d:e3:e1:ad:ac:d7:26:54:59:62:14:21:46:03:
         f9:df:92:61:bd:c5:2e:44:e1:6a:c0:08:49:f5:51:5d:6b:9c:
         e1:1c:99:4a:f5:82:f8:8f:d8:55:ee:f8:a1:4a:7a:c7:38:53:
         17:2d:a7:f9:71:b3:9a:67:8b:0a:5a:c5:ed:4b:5d:35:0e:fa:
         f7:11:1f:88:5a:09:0b:a4:98:26:af:06:a3:4c:b8:fa:da:9d:
         88:6d:46:08:76:3f:61:a0:6d:b1:be:6b:ed:3b:ac:8d:41:21:
         7d:34:a6:4e:33:53:ab:b9:7f:c5:58:8c:fb:94:16:ee:ea:c3:
         38:3c:42:63:bc:5d:bd:47:bb:b4:86:b8:be:24:4a:8c:77:d7:
         bb:1c:cd:ef:7c:4c:1e:fb:9a:24:e6:a8:c6:cb:a3:fb:3b:bd:
         e2:f4:28:60:4c:b5:88:0d:74:74:fe:fa:b2:6b:19:f9:4f:5f:
         2a:04:69:91:cd:40:d8:5e:53:49:3f:cd:dc:89:61:51:8e:ce:
         68:cf:01:e4:3b:a1:06:de:d7:35:33:ae:91:9d:d5:ed:b3:35:
         3c:29:ec:93:66:c0:e7:74:e8:95:9f:3d:5b:21:a2:89:27:33:
         3f:5e:2e:c1:90:c3:b1:66:ce:1e:d2:a2:82:e3:22:02:21:07:
         15:96:1c:c9
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAY2N2NoZFM2Q8jFDrjQ90UlVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdjNDRhZDUzMjU0MGQyZDJkYWViYTk1ZTEzZDYxNGI3ODU1
YWQ2MjIwHhcNMjQwMjA5MTIzMDE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMzM2MDM3ODAzNjA2NTU5ZWQ2NjVkZTY1ZGI5ZGUxOTY2ZDU5NjQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7Bqf8DfSpR452P+9ORZ8EXJP8IzI
Da5rSPn+8RcPspe1REZ6CWqNSZ+9Rs5vKbJ9EzvK+bwGfASLt2jPKuonsTJ3evdU
1KrAi6Jm3h8ZWuz5MVrjSZFnDlKHRyT1U561IQbWgLLuWOP24UwJFNP3NaljSLFZ
/HhNQdbL1eJspXHB+/N3FnLQpnICWtI3STlk25QbNdsnsxnZyr5Xhs1Vmd47+Yjn
E5APuIczwf+8p4ysLJn2nxZO5FpCjm+LwaEGR4OCiiFcXaLG55i8jIpyFX02b1cK
fLIKJUioPz/cqYYinEBUqM3RpPJZW3GWCKPG1iB1IkkJgLpXyv357U/EjwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFDM2A3gDYGVZ7WZd5l253hlm1ZZGMB8GA1UdIwQY
MBaAFHxErVMlQNLS2uupXhPWFLeFWtYiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZkVTdFV5VkEwdExhNjZsZUU5WVV0NFZhMWlJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMS85NjQ2ZDctNWIwNC00NTQ0LThlZGMt
NjU5Y2I0MjdkY2Y3LzEvTXpZRGVBTmdaVm50WmwzbVhibmVHV2JWbGtZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMS85NjQ2ZDctNWIwNC00NTQ0LThlZGMtNjU5Y2I0MjdkY2Y3
LzEvZkVTdFV5VkEwdExhNjZsZUU5WVV0NFZhMWlJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKgf4gDAN
BgkqhkiG9w0BAQsFAAOCAQEAQF7yTo3j4a2s1yZUWWIUIUYD+d+SYb3FLkThasAI
SfVRXWuc4RyZSvWC+I/YVe74oUp6xzhTFy2n+XGzmmeLClrF7UtdNQ769xEfiFoJ
C6SYJq8Go0y4+tqdiG1GCHY/YaBtsb5r7TusjUEhfTSmTjNTq7l/xViM+5QW7urD
ODxCY7xdvUe7tIa4viRKjHfXuxzN73xMHvuaJOaoxsuj+zu94vQoYEy1iA10dP76
smsZ+U9fKgRpkc1A2F5TST/N3IlhUY7OaM8B5DuhBt7XNTOukZ3V7bM1PCnsk2bA
53TolZ89WyGiiSczP14uwZDDsWbOHtKiguMiAiEHFZYcyQ==
-----END CERTIFICATE-----