Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/bTECMztIFFbU4tqZnXqc5ihpEp8.roa
File:                     bTECMztIFFbU4tqZnXqc5ihpEp8.roa (raw, json)
Hash identifier:          +IV+PB02GrWoEhZVu6L/eGALh3EH2lhlXmXCxkTP8Dc=
Subject key identifier:   6D:31:02:33:3B:48:14:56:D4:E2:DA:99:9D:7A:9C:E6:28:69:12:9F
Certificate issuer:       /CN=1b9f21ba04e5e3077b391e3d48ff5b0a50b3369f
Certificate serial:       018DEE39E6A9E06B462CBFD01A7594F5796A
Authority key identifier: 1B:9F:21:BA:04:E5:E3:07:7B:39:1E:3D:48:FF:5B:0A:50:B3:36:9F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/G58hugTl4wd7OR49SP9bClCzNp8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/bTECMztIFFbU4tqZnXqc5ihpEp8.roa
Signing time:             Wed 28 Feb 2024 05:39:48 +0000
ROA not before:           Wed 28 Feb 2024 05:39:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209310
IP address blocks:        2a0a:280:2d00::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/G58hugTl4wd7OR49SP9bClCzNp8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/G58hugTl4wd7OR49SP9bClCzNp8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/G58hugTl4wd7OR49SP9bClCzNp8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 May 2024 08:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:ee:39:e6:a9:e0:6b:46:2c:bf:d0:1a:75:94:f5:79:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1b9f21ba04e5e3077b391e3d48ff5b0a50b3369f
        Validity
            Not Before: Feb 28 05:39:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6d3102333b481456d4e2da999d7a9ce62869129f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:02:fb:71:68:a8:11:73:04:69:5c:06:52:91:
                    3e:7c:fb:92:59:e6:b6:58:f1:cb:38:31:e9:b1:33:
                    87:09:28:46:37:d2:6d:f9:b3:fc:21:8a:6d:16:83:
                    99:ca:b2:7b:9e:e3:ee:de:32:ea:4d:b3:d6:58:a4:
                    62:38:f1:8c:fc:2b:49:49:f6:89:e5:d1:d2:74:4b:
                    ad:4a:9f:f5:2c:da:2c:4c:47:3b:1f:5d:a1:05:06:
                    b9:78:3a:ba:2d:39:83:15:9d:05:1f:3c:b8:88:8a:
                    15:0b:5e:f3:39:13:f6:08:56:36:32:7c:1e:f4:d2:
                    82:d4:e2:fd:9b:64:d4:36:c4:ec:90:80:86:7d:f3:
                    c7:29:82:bc:97:9f:f2:18:0a:d1:07:11:01:7a:8b:
                    59:a7:51:1d:28:d0:19:f8:85:68:04:4e:31:f1:8b:
                    e2:8a:6f:cf:8f:d1:bc:4f:dc:28:91:e1:69:25:7c:
                    fb:a7:cb:5f:1f:a7:1a:fa:aa:32:16:1d:94:9d:1e:
                    a2:23:69:8f:44:ef:14:67:e7:95:f2:93:d3:35:03:
                    04:ae:ac:1d:50:e7:e6:14:0f:ff:ba:59:f2:9b:9b:
                    0f:d6:2d:21:ef:94:c9:89:61:e7:c7:d5:c4:ec:41:
                    0b:7e:e2:c9:6b:15:5e:1e:48:f8:66:cf:6e:43:2c:
                    19:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:31:02:33:3B:48:14:56:D4:E2:DA:99:9D:7A:9C:E6:28:69:12:9F
            X509v3 Authority Key Identifier:
                keyid:1B:9F:21:BA:04:E5:E3:07:7B:39:1E:3D:48:FF:5B:0A:50:B3:36:9F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/G58hugTl4wd7OR49SP9bClCzNp8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/bTECMztIFFbU4tqZnXqc5ihpEp8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/G58hugTl4wd7OR49SP9bClCzNp8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0a:280:2d00::/40

    Signature Algorithm: sha256WithRSAEncryption
         b1:4e:e5:8b:92:f9:46:31:8d:c4:a9:5c:ec:3b:11:c5:ba:0c:
         0e:09:5e:07:46:26:93:db:d1:6a:a8:21:d7:13:7d:0a:9c:4b:
         c6:0d:34:f9:88:a5:6a:f4:a9:e7:85:e9:46:4e:b4:19:89:61:
         c6:16:e1:7f:61:b7:1c:dc:ee:b3:bd:0d:32:4a:58:46:84:b1:
         6a:13:b7:17:91:1c:c1:65:2e:36:a7:cd:fe:83:ac:dc:65:b7:
         46:c8:67:df:0d:f6:cc:a3:4e:ef:42:d2:00:54:33:98:96:2a:
         1a:2d:fc:33:53:5a:7b:c8:c7:15:34:af:fa:8e:b8:6b:0b:ec:
         12:c5:ac:0e:85:7e:75:bb:1e:bd:20:49:ea:e6:95:ec:96:92:
         f8:09:79:6b:4e:6d:98:cd:dd:23:51:5c:90:60:7a:88:18:90:
         88:60:9d:ce:b3:c3:47:55:e7:0f:da:bd:07:8e:6d:54:23:f6:
         f7:99:8e:af:54:bc:2e:b0:56:8d:2c:6d:79:d3:8b:01:bf:0c:
         a8:3f:b9:46:2b:cc:9c:64:d2:ba:69:1c:1d:f6:a1:6d:06:4a:
         b4:a5:21:23:3d:7c:05:ee:2d:a0:ee:39:00:7c:87:3f:93:f2:
         9f:0a:86:de:3d:73:9c:40:b8:69:b1:67:2f:e8:21:91:91:ea:
         3b:4e:45:e3
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAY3uOeap4GtGLL/QGnWU9XlqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiOWYyMWJhMDRlNWUzMDc3YjM5MWUzZDQ4ZmY1YjBhNTBi
MzM2OWYwHhcNMjQwMjI4MDUzOTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZDMxMDIzMzNiNDgxNDU2ZDRlMmRhOTk5ZDdhOWNlNjI4NjkxMjlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgQL7cWioEXMEaVwGUpE+fPuSWea2
WPHLODHpsTOHCShGN9Jt+bP8IYptFoOZyrJ7nuPu3jLqTbPWWKRiOPGM/CtJSfaJ
5dHSdEutSp/1LNosTEc7H12hBQa5eDq6LTmDFZ0FHzy4iIoVC17zORP2CFY2Mnwe
9NKC1OL9m2TUNsTskICGffPHKYK8l5/yGArRBxEBeotZp1EdKNAZ+IVoBE4x8Yvi
im/Pj9G8T9wokeFpJXz7p8tfH6ca+qoyFh2UnR6iI2mPRO8UZ+eV8pPTNQMErqwd
UOfmFA//ulnym5sP1i0h75TJiWHnx9XE7EELfuLJaxVeHkj4Zs9uQywZ1wIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFG0xAjM7SBRW1OLamZ16nOYoaRKfMB8GA1UdIwQY
MBaAFBufIboE5eMHezkePUj/WwpQszafMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRzU4aHVnVGw0d2Q3T1I0OVNQOWJDbEN6TnA4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMi9mNjdhNzgtMTgzZC00OTRhLTk5NWUt
ZjUxYzVmYjNkZjlhLzEvYlRFQ016dElGRmJVNHRxWm5YcWM1aWhwRXA4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMi9mNjdhNzgtMTgzZC00OTRhLTk5NWUtZjUxYzVmYjNkZjlh
LzEvRzU4aHVnVGw0d2Q3T1I0OVNQOWJDbEN6TnA4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKgoCgC0w
DQYJKoZIhvcNAQELBQADggEBALFO5YuS+UYxjcSpXOw7EcW6DA4JXgdGJpPb0Wqo
IdcTfQqcS8YNNPmIpWr0qeeF6UZOtBmJYcYW4X9htxzc7rO9DTJKWEaEsWoTtxeR
HMFlLjanzf6DrNxlt0bIZ98N9syjTu9C0gBUM5iWKhot/DNTWnvIxxU0r/qOuGsL
7BLFrA6FfnW7Hr0gSermleyWkvgJeWtObZjN3SNRXJBgeogYkIhgnc6zw0dV5w/a
vQeObVQj9veZjq9UvC6wVo0sbXnTiwG/DKg/uUYrzJxk0rppHB32oW0GSrSlISM9
fAXuLaDuOQB8hz+T8p8Kht49c5xAuGmxZy/oIZGR6jtOReM=
-----END CERTIFICATE-----