Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1f/adb65c-f6f7-4495-ba23-885e84e7512e/1/fPUi-ZZp3JWAJj7umOdcp57sf5c.roa
File:                     fPUi-ZZp3JWAJj7umOdcp57sf5c.roa (raw, json)
Hash identifier:          4wvcpsXCwsZbMsrEGpjtelAlrZw5LWwG0P0aUwt0lSs=
Subject key identifier:   7C:F5:22:F9:96:69:DC:95:80:26:3E:EE:98:E7:5C:A7:9E:EC:7F:97
Certificate issuer:       /CN=c74c60adeb0cd5768cf756f562b1b5cc5b9c180a
Certificate serial:       019017D9E572F44E3C5400D6468E8018C5CB
Authority key identifier: C7:4C:60:AD:EB:0C:D5:76:8C:F7:56:F5:62:B1:B5:CC:5B:9C:18:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/x0xgresM1XaM91b1YrG1zFucGAo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1f/adb65c-f6f7-4495-ba23-885e84e7512e/1/fPUi-ZZp3JWAJj7umOdcp57sf5c.roa
Signing time:             Fri 14 Jun 2024 17:44:34 +0000
ROA not before:           Fri 14 Jun 2024 17:44:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211522
IP address blocks:        2a05:4145:1::/48 maxlen: 48
                          2a11:e104::/32 maxlen: 48
                          2a11:e104:100::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1f/adb65c-f6f7-4495-ba23-885e84e7512e/1/x0xgresM1XaM91b1YrG1zFucGAo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1f/adb65c-f6f7-4495-ba23-885e84e7512e/1/x0xgresM1XaM91b1YrG1zFucGAo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/x0xgresM1XaM91b1YrG1zFucGAo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 04:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:17:d9:e5:72:f4:4e:3c:54:00:d6:46:8e:80:18:c5:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c74c60adeb0cd5768cf756f562b1b5cc5b9c180a
        Validity
            Not Before: Jun 14 17:44:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7cf522f99669dc9580263eee98e75ca79eec7f97
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:c0:a6:57:b0:2f:91:92:45:19:0e:94:2c:16:
                    b7:e0:3a:86:87:38:b1:0e:56:a9:c5:df:12:21:3c:
                    92:3c:5f:16:26:3c:50:f2:ab:b2:7b:11:67:ec:22:
                    5a:0f:89:42:67:bd:a3:11:ab:5c:96:48:78:38:cf:
                    26:47:26:49:41:c0:cd:c2:da:39:cb:e4:3a:1e:e0:
                    11:0b:d6:ae:25:d9:44:77:9a:9a:95:be:81:5d:2e:
                    ba:4a:1a:a8:6b:aa:ab:8c:65:b2:84:5d:82:ec:c9:
                    29:2f:5f:2b:ec:47:43:46:ef:3d:7a:51:ed:91:73:
                    3e:7a:30:6e:58:49:76:ef:3c:d4:7d:2e:52:ca:79:
                    36:52:f5:45:da:cf:76:0b:5a:b5:7e:85:44:87:08:
                    1c:82:1a:17:a7:c7:fd:ed:d4:01:a9:de:bc:ea:8e:
                    e4:2c:77:d4:b5:61:e9:8c:98:8e:26:ca:26:ee:57:
                    e7:63:75:f4:5f:2e:ee:15:94:7a:f7:fa:a7:64:cf:
                    39:bf:de:08:2b:f3:a5:58:be:b1:2c:ef:be:29:26:
                    e3:19:fc:aa:c7:29:48:5d:59:8e:d9:a2:ac:03:a1:
                    cb:1f:bb:f5:54:62:b7:8a:36:34:5a:6b:43:4c:10:
                    54:ba:c7:79:a1:0a:7f:23:1b:6a:2d:d5:d2:29:d0:
                    72:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:F5:22:F9:96:69:DC:95:80:26:3E:EE:98:E7:5C:A7:9E:EC:7F:97
            X509v3 Authority Key Identifier:
                keyid:C7:4C:60:AD:EB:0C:D5:76:8C:F7:56:F5:62:B1:B5:CC:5B:9C:18:0A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/x0xgresM1XaM91b1YrG1zFucGAo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1f/adb65c-f6f7-4495-ba23-885e84e7512e/1/fPUi-ZZp3JWAJj7umOdcp57sf5c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1f/adb65c-f6f7-4495-ba23-885e84e7512e/1/x0xgresM1XaM91b1YrG1zFucGAo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:4145:1::/48
                  2a11:e104::/32

    Signature Algorithm: sha256WithRSAEncryption
         29:41:e0:a9:9d:d8:97:de:04:17:d7:5c:8a:8c:47:59:1d:d8:
         ff:5f:4c:8c:bc:5a:fb:6d:0e:dd:ea:65:f2:10:41:13:5e:6e:
         2d:3b:b6:f5:38:32:de:06:60:36:b1:d2:63:9d:9b:96:d4:0f:
         c5:10:7a:50:df:3f:d8:9c:90:54:5c:a4:e2:a8:05:14:1c:a0:
         4c:d2:a1:00:d9:30:d8:c8:c9:01:65:0e:54:31:a9:98:86:89:
         4f:97:1a:f8:66:b7:2b:36:bc:95:59:98:cd:9f:77:f5:24:0c:
         0b:2f:19:31:5a:88:81:c2:40:f9:a9:8b:fe:ac:ef:63:b5:c8:
         21:76:fe:e0:2c:58:57:f3:d4:d0:2e:07:e9:db:65:10:4c:04:
         46:20:53:c8:44:68:cc:82:65:12:94:e9:3a:45:24:7a:88:65:
         4f:a4:c3:d6:e2:f4:7e:2a:5e:cf:1e:6e:6a:3d:14:b4:dd:15:
         33:20:12:28:c6:78:ce:e0:af:7c:7f:06:92:dd:2c:ab:4b:16:
         52:4f:86:59:bb:30:73:4e:71:d1:68:ab:e0:c5:b7:c7:0c:06:
         68:99:02:eb:7d:71:fe:c4:f3:e1:e8:16:a7:b7:0e:07:53:23:
         1b:93:9c:af:cf:4b:10:9d:4d:46:09:ae:93:78:98:96:f2:8a:
         b5:b0:97:1e
-----BEGIN CERTIFICATE-----
MIIFBzCCA++gAwIBAgISAZAX2eVy9E48VADWRo6AGMXLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM3NGM2MGFkZWIwY2Q1NzY4Y2Y3NTZmNTYyYjFiNWNjNWI5
YzE4MGEwHhcNMjQwNjE0MTc0NDM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3Y2Y1MjJmOTk2NjlkYzk1ODAyNjNlZWU5OGU3NWNhNzllZWM3Zjk3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5sCmV7AvkZJFGQ6ULBa34DqGhzix
Dlapxd8SITySPF8WJjxQ8quyexFn7CJaD4lCZ72jEatclkh4OM8mRyZJQcDNwto5
y+Q6HuARC9auJdlEd5qalb6BXS66Shqoa6qrjGWyhF2C7MkpL18r7EdDRu89elHt
kXM+ejBuWEl27zzUfS5Synk2UvVF2s92C1q1foVEhwgcghoXp8f97dQBqd686o7k
LHfUtWHpjJiOJsom7lfnY3X0Xy7uFZR69/qnZM85v94IK/OlWL6xLO++KSbjGfyq
xylIXVmO2aKsA6HLH7v1VGK3ijY0WmtDTBBUusd5oQp/IxtqLdXSKdByxQIDAQAB
o4ICEzCCAg8wHQYDVR0OBBYEFHz1IvmWadyVgCY+7pjnXKee7H+XMB8GA1UdIwQY
MBaAFMdMYK3rDNV2jPdW9WKxtcxbnBgKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveDB4Z3Jlc00xWGFNOTFiMVlyRzF6RnVjR0FvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZi9hZGI2NWMtZjZmNy00NDk1LWJhMjMt
ODg1ZTg0ZTc1MTJlLzEvZlBVaS1aWnAzSldBSmo3dW1PZGNwNTdzZjVjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZi9hZGI2NWMtZjZmNy00NDk1LWJhMjMtODg1ZTg0ZTc1MTJl
LzEveDB4Z3Jlc00xWGFNOTFiMVlyRzF6RnVjR0FvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCkGCCsGAQUFBwEHAQH/BBowGDAWBAIAAjAQAwcAKgVBRQAB
AwUAKhHhBDANBgkqhkiG9w0BAQsFAAOCAQEAKUHgqZ3Yl94EF9dcioxHWR3Y/19M
jLxa+20O3epl8hBBE15uLTu29Tgy3gZgNrHSY52bltQPxRB6UN8/2JyQVFyk4qgF
FBygTNKhANkw2MjJAWUOVDGpmIaJT5ca+Ga3Kza8lVmYzZ939SQMCy8ZMVqIgcJA
+amL/qzvY7XIIXb+4CxYV/PU0C4H6dtlEEwERiBTyERozIJlEpTpOkUkeohlT6TD
1uL0fipezx5uaj0UtN0VMyASKMZ4zuCvfH8Gkt0sq0sWUk+GWbswc05x0Wir4MW3
xwwGaJkC631x/sTz4egWp7cOB1MjG5Ocr89LEJ1NRgmuk3iYlvKKtbCXHg==
-----END CERTIFICATE-----