Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/c0bd67-f7dd-4ce2-ab7e-a347564158f8/1/PG7Zf8aAWfqw9tKBN6g1hjNwDPQ.roa
File:                     PG7Zf8aAWfqw9tKBN6g1hjNwDPQ.roa (raw, json)
Hash identifier:          sPDzBzy3QYxqJx/oMxGQ1FFccqsNGIFk/vyJOo8gdvU=
Subject key identifier:   3C:6E:D9:7F:C6:80:59:FA:B0:F6:D2:81:37:A8:35:86:33:70:0C:F4
Certificate issuer:       /CN=0c21b925b4c4bcc30f77c9c41ba8d040ac95dfc6
Certificate serial:       018CC5DCF6DB84340C85D1851952143033BD
Authority key identifier: 0C:21:B9:25:B4:C4:BC:C3:0F:77:C9:C4:1B:A8:D0:40:AC:95:DF:C6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DCG5JbTEvMMPd8nEG6jQQKyV38Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/c0bd67-f7dd-4ce2-ab7e-a347564158f8/1/PG7Zf8aAWfqw9tKBN6g1hjNwDPQ.roa
Signing time:             Mon 01 Jan 2024 16:30:41 +0000
ROA not before:           Mon 01 Jan 2024 16:30:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     138181
IP address blocks:        2a0f:607:1300::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/c0bd67-f7dd-4ce2-ab7e-a347564158f8/1/DCG5JbTEvMMPd8nEG6jQQKyV38Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/c0bd67-f7dd-4ce2-ab7e-a347564158f8/1/DCG5JbTEvMMPd8nEG6jQQKyV38Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DCG5JbTEvMMPd8nEG6jQQKyV38Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:f6:db:84:34:0c:85:d1:85:19:52:14:30:33:bd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0c21b925b4c4bcc30f77c9c41ba8d040ac95dfc6
        Validity
            Not Before: Jan  1 16:30:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3c6ed97fc68059fab0f6d28137a8358633700cf4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:ec:2c:f1:2e:dc:70:6a:ae:32:35:6d:d7:c2:
                    14:20:07:3d:1a:5c:31:e4:ef:ed:69:02:a3:64:79:
                    e3:83:fc:ef:00:7c:65:12:59:62:c4:c6:82:41:11:
                    54:7c:d5:b9:80:c1:39:cb:f7:ba:a9:0b:2f:c7:4e:
                    ed:fe:f6:49:d0:43:ab:eb:72:77:c6:eb:15:91:9f:
                    cf:87:c6:72:41:1c:16:7e:1e:d7:bd:16:4e:b5:ac:
                    93:50:03:82:2c:16:c2:ee:94:ad:3e:3b:c3:ac:5d:
                    a4:f5:90:a8:67:36:14:ca:b1:0f:0d:3f:12:e7:ac:
                    0a:75:8e:04:d2:d4:f2:fe:73:e4:a6:e8:35:be:3c:
                    fb:45:84:c2:59:48:67:f5:a8:87:4b:d0:4c:54:ec:
                    73:34:b3:0a:de:13:f5:fa:62:64:ad:a0:a2:41:d3:
                    27:52:75:70:f4:c9:b2:22:d3:94:41:cc:42:37:23:
                    10:cf:1f:85:d7:25:db:79:e6:d0:24:8f:97:c3:7d:
                    fa:91:31:8b:7b:c6:65:2f:57:d3:27:c0:b5:25:18:
                    63:cd:f0:a9:64:1f:35:33:8c:a2:db:c0:ac:cf:b4:
                    66:78:e9:1b:aa:9f:87:d5:d5:0b:45:e6:d7:e7:cd:
                    34:00:9b:82:c2:6e:31:09:2b:6a:57:a6:a0:f8:1e:
                    7a:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:6E:D9:7F:C6:80:59:FA:B0:F6:D2:81:37:A8:35:86:33:70:0C:F4
            X509v3 Authority Key Identifier:
                keyid:0C:21:B9:25:B4:C4:BC:C3:0F:77:C9:C4:1B:A8:D0:40:AC:95:DF:C6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DCG5JbTEvMMPd8nEG6jQQKyV38Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/c0bd67-f7dd-4ce2-ab7e-a347564158f8/1/PG7Zf8aAWfqw9tKBN6g1hjNwDPQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/c0bd67-f7dd-4ce2-ab7e-a347564158f8/1/DCG5JbTEvMMPd8nEG6jQQKyV38Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:607:1300::/44

    Signature Algorithm: sha256WithRSAEncryption
         88:88:8b:1c:c2:5b:6b:99:92:ab:aa:e3:9c:3a:5c:ef:53:13:
         eb:75:5a:cb:1e:9e:43:be:c6:c7:be:1b:67:31:bc:90:5b:0b:
         78:cd:c9:23:e9:93:40:ce:82:c4:8e:44:7c:37:1b:ef:de:8a:
         0c:7c:6d:38:d1:14:e3:c2:bf:2e:74:e6:d2:49:89:b8:00:e1:
         56:a5:73:db:c0:15:ff:33:50:75:28:28:72:bb:12:f0:3b:4c:
         bc:21:23:6e:00:6e:3a:e9:9e:0f:26:47:00:4a:d5:db:11:21:
         5b:2b:4e:78:b1:61:e3:3b:b3:33:bb:22:c9:a1:46:17:90:a9:
         5b:69:3a:39:98:ad:3f:2d:3f:74:bc:90:02:10:be:e8:e4:7e:
         27:f2:95:fd:a4:cd:8d:95:4d:83:db:7c:6f:53:be:7d:7b:dd:
         02:10:3d:75:c7:75:e8:14:e2:7b:e7:69:37:c8:12:e2:0b:bd:
         64:1d:42:0b:e8:7f:9c:76:cb:53:f5:e8:7c:b3:1a:2c:77:ff:
         17:39:13:98:ec:0e:20:25:cf:8d:f0:ce:7b:79:52:35:16:26:
         19:bf:f8:be:38:95:50:4e:97:3a:89:cb:a0:40:5a:94:b0:85:
         1e:34:44:39:7f:cd:22:25:f7:9b:3a:9d:70:4d:e7:85:c9:97:
         6c:31:e9:e4
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzF3PbbhDQMhdGFGVIUMDO9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjMjFiOTI1YjRjNGJjYzMwZjc3YzljNDFiYThkMDQwYWM5
NWRmYzYwHhcNMjQwMTAxMTYzMDQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYzZlZDk3ZmM2ODA1OWZhYjBmNmQyODEzN2E4MzU4NjMzNzAwY2Y0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyuws8S7ccGquMjVt18IUIAc9Glwx
5O/taQKjZHnjg/zvAHxlEllixMaCQRFUfNW5gME5y/e6qQsvx07t/vZJ0EOr63J3
xusVkZ/Ph8ZyQRwWfh7XvRZOtayTUAOCLBbC7pStPjvDrF2k9ZCoZzYUyrEPDT8S
56wKdY4E0tTy/nPkpug1vjz7RYTCWUhn9aiHS9BMVOxzNLMK3hP1+mJkraCiQdMn
UnVw9MmyItOUQcxCNyMQzx+F1yXbeebQJI+Xw336kTGLe8ZlL1fTJ8C1JRhjzfCp
ZB81M4yi28Csz7RmeOkbqp+H1dULRebX5800AJuCwm4xCStqV6ag+B56ewIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFDxu2X/GgFn6sPbSgTeoNYYzcAz0MB8GA1UdIwQY
MBaAFAwhuSW0xLzDD3fJxBuo0ECsld/GMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRENHNUpiVEV2TU1QZDhuRUc2alFRS3lWMzhZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9jMGJkNjctZjdkZC00Y2UyLWFiN2Ut
YTM0NzU2NDE1OGY4LzEvUEc3WmY4YUFXZnF3OXRLQk42ZzFoak53RFBRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9jMGJkNjctZjdkZC00Y2UyLWFiN2UtYTM0NzU2NDE1OGY4
LzEvRENHNUpiVEV2TU1QZDhuRUc2alFRS3lWMzhZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg8GBxMA
MA0GCSqGSIb3DQEBCwUAA4IBAQCIiIscwltrmZKrquOcOlzvUxPrdVrLHp5DvsbH
vhtnMbyQWwt4zckj6ZNAzoLEjkR8Nxvv3ooMfG040RTjwr8udObSSYm4AOFWpXPb
wBX/M1B1KChyuxLwO0y8ISNuAG466Z4PJkcAStXbESFbK054sWHjO7MzuyLJoUYX
kKlbaTo5mK0/LT90vJACEL7o5H4n8pX9pM2NlU2D23xvU759e90CED11x3XoFOJ7
52k3yBLiC71kHUIL6H+cdstT9eh8sxosd/8XOROY7A4gJc+N8M57eVI1FiYZv/i+
OJVQTpc6icugQFqUsIUeNEQ5f80iJfebOp1wTeeFyZdsMenk
-----END CERTIFICATE-----