Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/3fxdCd7s2C8YCDMbIjk03FOkmH4.roa
File:                     3fxdCd7s2C8YCDMbIjk03FOkmH4.roa (raw, json)
Hash identifier:          C/piC+SC3c4vh7ThyA4fVPx2qze1ExH1gMjgH0/f3tE=
Subject key identifier:   DD:FC:5D:09:DE:EC:D8:2F:18:08:33:1B:22:39:34:DC:53:A4:98:7E
Certificate issuer:       /CN=1b9f21ba04e5e3077b391e3d48ff5b0a50b3369f
Certificate serial:       018CC94D0727BF824D85D5F6ECFDCF23CC4F
Authority key identifier: 1B:9F:21:BA:04:E5:E3:07:7B:39:1E:3D:48:FF:5B:0A:50:B3:36:9F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/G58hugTl4wd7OR49SP9bClCzNp8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/3fxdCd7s2C8YCDMbIjk03FOkmH4.roa
Signing time:             Tue 02 Jan 2024 08:31:57 +0000
ROA not before:           Tue 02 Jan 2024 08:31:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200866
IP address blocks:        2a0a:280:2200::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/G58hugTl4wd7OR49SP9bClCzNp8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/G58hugTl4wd7OR49SP9bClCzNp8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/G58hugTl4wd7OR49SP9bClCzNp8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 May 2024 16:11:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:07:27:bf:82:4d:85:d5:f6:ec:fd:cf:23:cc:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1b9f21ba04e5e3077b391e3d48ff5b0a50b3369f
        Validity
            Not Before: Jan  2 08:31:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ddfc5d09deecd82f1808331b223934dc53a4987e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:bc:63:a2:13:c0:e2:6d:76:32:66:55:cc:77:
                    ac:47:48:62:17:41:a5:8c:b5:9d:03:b2:8d:4e:54:
                    00:86:21:cf:33:0f:54:35:d3:c0:7a:86:3c:80:f6:
                    98:ca:5a:07:fd:5d:99:12:82:9a:87:68:a8:62:5a:
                    e9:64:ee:40:d4:91:93:71:02:8f:bf:2b:c1:29:57:
                    4c:ff:db:7c:d4:bd:d3:eb:1b:1c:78:49:ef:6f:63:
                    1c:79:bd:a2:27:1e:3a:f2:8f:ab:22:38:5c:80:f8:
                    c0:2c:ed:b3:7d:81:1e:d9:fa:10:a8:61:4b:18:8c:
                    be:34:25:7d:77:dc:53:50:61:24:67:d7:fd:1c:3e:
                    a4:bb:40:68:7a:cc:b1:39:b5:ec:8e:2f:30:2e:10:
                    87:63:85:f9:fd:6b:a4:69:0e:0d:89:8b:ee:24:63:
                    34:cb:98:b2:69:97:6f:a5:5d:d8:f7:b9:00:13:19:
                    a5:d0:bf:60:75:0f:ab:ac:2f:41:e6:4a:42:82:9e:
                    5b:88:b8:a5:ce:98:f3:1a:e8:73:f3:bd:c5:29:d8:
                    70:6f:a5:bf:98:ae:71:60:0b:e6:0d:98:a4:35:05:
                    5f:42:78:8c:14:26:70:bc:e8:58:1d:bd:45:9f:0c:
                    1a:81:6e:08:39:1b:4d:e6:3a:91:9a:4e:1a:f2:9a:
                    00:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:FC:5D:09:DE:EC:D8:2F:18:08:33:1B:22:39:34:DC:53:A4:98:7E
            X509v3 Authority Key Identifier:
                keyid:1B:9F:21:BA:04:E5:E3:07:7B:39:1E:3D:48:FF:5B:0A:50:B3:36:9F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/G58hugTl4wd7OR49SP9bClCzNp8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/3fxdCd7s2C8YCDMbIjk03FOkmH4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/G58hugTl4wd7OR49SP9bClCzNp8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0a:280:2200::/40

    Signature Algorithm: sha256WithRSAEncryption
         15:7f:d3:f2:dc:a0:bf:d1:82:d5:81:e7:b8:21:38:fc:3a:77:
         6a:05:a1:a6:0d:eb:50:c2:de:59:0a:bc:1b:80:e6:cc:0f:35:
         d5:bb:cd:b0:eb:ee:42:7b:e0:61:1d:a7:21:1c:88:cc:38:23:
         2c:f6:47:b7:94:40:1f:ca:af:28:98:d4:fb:8e:86:35:cc:b1:
         72:0b:b7:a5:09:b6:a7:12:9c:e0:0b:fc:89:b5:4c:c5:93:43:
         6f:17:45:e3:53:0f:50:19:f5:80:04:c8:ce:c9:03:a4:dd:d1:
         33:39:57:ad:51:e1:b2:a1:01:11:86:e4:54:75:c3:6f:b5:e8:
         17:cb:86:b3:9f:05:16:43:de:42:0a:a8:67:fa:bc:f0:e5:d5:
         5d:99:43:f1:b0:9f:e4:89:58:68:ac:03:ba:14:f8:0a:08:9e:
         4c:1b:ee:46:34:de:ac:71:5d:27:68:cd:70:8e:1f:14:6c:47:
         e0:c3:96:15:f7:0c:23:af:d0:e6:5f:fd:d1:82:eb:8a:17:7e:
         39:d4:ca:4d:bb:87:8b:3a:48:5b:45:01:d5:c2:94:5b:05:96:
         1f:87:f9:1f:cb:1a:a4:46:6d:bd:2e:78:b8:40:61:43:f5:04:
         b1:8d:9e:8e:65:dc:48:46:0d:c6:3f:f6:20:8a:1b:d4:8d:89:
         a9:64:f3:77
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzJTQcnv4JNhdX27P3PI8xPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiOWYyMWJhMDRlNWUzMDc3YjM5MWUzZDQ4ZmY1YjBhNTBi
MzM2OWYwHhcNMjQwMTAyMDgzMTU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZGZjNWQwOWRlZWNkODJmMTgwODMzMWIyMjM5MzRkYzUzYTQ5ODdlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkrxjohPA4m12MmZVzHesR0hiF0Gl
jLWdA7KNTlQAhiHPMw9UNdPAeoY8gPaYyloH/V2ZEoKah2ioYlrpZO5A1JGTcQKP
vyvBKVdM/9t81L3T6xsceEnvb2Mceb2iJx468o+rIjhcgPjALO2zfYEe2foQqGFL
GIy+NCV9d9xTUGEkZ9f9HD6ku0BoesyxObXsji8wLhCHY4X5/WukaQ4NiYvuJGM0
y5iyaZdvpV3Y97kAExml0L9gdQ+rrC9B5kpCgp5biLilzpjzGuhz873FKdhwb6W/
mK5xYAvmDZikNQVfQniMFCZwvOhYHb1FnwwagW4IORtN5jqRmk4a8poAUQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFN38XQne7NgvGAgzGyI5NNxTpJh+MB8GA1UdIwQY
MBaAFBufIboE5eMHezkePUj/WwpQszafMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRzU4aHVnVGw0d2Q3T1I0OVNQOWJDbEN6TnA4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMi9mNjdhNzgtMTgzZC00OTRhLTk5NWUt
ZjUxYzVmYjNkZjlhLzEvM2Z4ZENkN3MyQzhZQ0RNYklqazAzRk9rbUg0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMi9mNjdhNzgtMTgzZC00OTRhLTk5NWUtZjUxYzVmYjNkZjlh
LzEvRzU4aHVnVGw0d2Q3T1I0OVNQOWJDbEN6TnA4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKgoCgCIw
DQYJKoZIhvcNAQELBQADggEBABV/0/LcoL/RgtWB57ghOPw6d2oFoaYN61DC3lkK
vBuA5swPNdW7zbDr7kJ74GEdpyEciMw4Iyz2R7eUQB/KryiY1PuOhjXMsXILt6UJ
tqcSnOAL/Im1TMWTQ28XReNTD1AZ9YAEyM7JA6Td0TM5V61R4bKhARGG5FR1w2+1
6BfLhrOfBRZD3kIKqGf6vPDl1V2ZQ/Gwn+SJWGisA7oU+AoInkwb7kY03qxxXSdo
zXCOHxRsR+DDlhX3DCOv0OZf/dGC64oXfjnUyk27h4s6SFtFAdXClFsFlh+H+R/L
GqRGbb0ueLhAYUP1BLGNno5l3EhGDcY/9iCKG9SNialk83c=
-----END CERTIFICATE-----