Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/8rtPnSqb6mVXqz37hEvaBEpngCQ.roa
File:                     8rtPnSqb6mVXqz37hEvaBEpngCQ.roa (raw, json)
Hash identifier:          iFVAOG3ZSUm4chSq0SFhsMqndIJNMDeebXRccjCl6RE=
Subject key identifier:   F2:BB:4F:9D:2A:9B:EA:65:57:AB:3D:FB:84:4B:DA:04:4A:67:80:24
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       018CC801655774FF1F50CB0CE1E67C86AEB2
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/8rtPnSqb6mVXqz37hEvaBEpngCQ.roa
Signing time:             Tue 02 Jan 2024 02:29:43 +0000
ROA not before:           Tue 02 Jan 2024 02:29:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207536
IP address blocks:        2a0c:b641:670::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:65:57:74:ff:1f:50:cb:0c:e1:e6:7c:86:ae:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Jan  2 02:29:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f2bb4f9d2a9bea6557ab3dfb844bda044a678024
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:0e:b8:e2:60:3a:14:4e:26:6e:42:16:c7:f4:
                    8e:ad:52:7c:aa:1c:b6:92:74:bb:ee:02:58:cc:47:
                    00:fe:42:24:4f:b2:f2:83:6c:8e:36:82:34:7a:6d:
                    4a:b8:05:e4:24:3c:4b:fe:49:bc:79:e8:bf:a0:45:
                    f9:8a:9b:12:9c:87:dd:5f:15:06:d6:2d:86:6d:2d:
                    d0:9c:39:34:13:47:f0:4a:97:90:6e:86:31:5c:b3:
                    ee:ba:0a:df:50:45:7f:2b:35:83:74:de:fb:28:10:
                    ad:a1:b8:a6:27:0a:8b:a4:48:04:74:62:31:3f:24:
                    15:6c:9b:7f:c1:b1:65:82:d7:5f:c6:cb:73:26:a0:
                    10:5e:90:ed:0f:97:de:68:4a:ba:33:f7:21:e8:62:
                    7a:1d:58:1d:ba:5f:fe:97:f0:05:b1:08:fa:ea:5b:
                    e6:06:45:42:fe:46:69:7f:5b:28:d8:fd:bf:c7:86:
                    1e:ff:a5:64:e9:c1:7f:ce:b8:b5:3a:86:d5:80:1e:
                    89:7c:a6:20:50:7b:4c:96:8e:8c:ff:62:a9:f0:af:
                    41:ba:d0:cb:0f:26:3f:c2:49:d5:00:05:f4:4e:a5:
                    55:5e:fc:fe:2a:d8:53:b3:c2:89:1f:d2:77:09:3c:
                    21:62:0b:7c:c9:73:6b:eb:d7:94:ca:6f:32:6c:2b:
                    a0:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:BB:4F:9D:2A:9B:EA:65:57:AB:3D:FB:84:4B:DA:04:4A:67:80:24
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/8rtPnSqb6mVXqz37hEvaBEpngCQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b641:670::/44

    Signature Algorithm: sha256WithRSAEncryption
         6f:60:d6:e2:bb:13:d5:0f:82:56:39:6d:7a:23:db:2c:f4:2e:
         00:f5:e4:b9:77:a0:a7:79:1f:1a:ae:b3:e0:79:9f:62:49:01:
         41:0d:98:90:25:d9:23:13:35:3a:2f:e8:00:6c:05:dc:e8:3f:
         7d:33:03:02:f6:5d:8d:7e:81:fa:38:df:14:cd:56:54:63:ff:
         08:74:e4:e8:0d:e6:e9:66:2d:e5:6c:7b:ca:46:fb:59:85:ce:
         d6:fe:15:ec:28:24:e8:04:cf:4b:a4:63:dc:a7:be:65:fa:f2:
         3b:55:b1:da:8a:79:68:af:60:f3:1d:1b:d7:8d:ff:62:92:96:
         df:ce:82:aa:2c:c9:4f:3a:b0:bf:f2:d0:59:06:1a:9f:64:34:
         d2:d2:25:d8:21:89:c6:d8:c0:a7:a6:4b:40:01:f5:3d:c3:f2:
         eb:9f:f5:21:aa:29:c2:37:51:e4:6a:e1:ab:85:a3:6f:d4:dd:
         81:91:eb:a0:42:cc:8a:de:50:67:36:73:cf:4f:1d:57:37:38:
         15:ec:8b:19:0b:d3:ef:63:4b:3d:c4:6f:69:4a:c8:74:95:f2:
         86:84:64:de:b0:fd:d2:ff:5b:71:fa:1e:8e:10:1b:50:28:13:
         f7:5e:f9:35:e9:97:74:3c:78:6a:78:3d:02:c1:20:b3:2b:b5:
         0e:6b:71:2b
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzIAWVXdP8fUMsM4eZ8hq6yMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjQwMTAyMDIyOTQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMmJiNGY5ZDJhOWJlYTY1NTdhYjNkZmI4NDRiZGEwNDRhNjc4MDI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuA644mA6FE4mbkIWx/SOrVJ8qhy2
knS77gJYzEcA/kIkT7Lyg2yONoI0em1KuAXkJDxL/km8eei/oEX5ipsSnIfdXxUG
1i2GbS3QnDk0E0fwSpeQboYxXLPuugrfUEV/KzWDdN77KBCtobimJwqLpEgEdGIx
PyQVbJt/wbFlgtdfxstzJqAQXpDtD5feaEq6M/ch6GJ6HVgdul/+l/AFsQj66lvm
BkVC/kZpf1so2P2/x4Ye/6Vk6cF/zri1OobVgB6JfKYgUHtMlo6M/2Kp8K9ButDL
DyY/wknVAAX0TqVVXvz+KthTs8KJH9J3CTwhYgt8yXNr69eUym8ybCugBQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFPK7T50qm+plV6s9+4RL2gRKZ4AkMB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvOHJ0UG5TcWI2bVZYcXozN2hFdmFCRXBuZ0NRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgy2QQZw
MA0GCSqGSIb3DQEBCwUAA4IBAQBvYNbiuxPVD4JWOW16I9ss9C4A9eS5d6CneR8a
rrPgeZ9iSQFBDZiQJdkjEzU6L+gAbAXc6D99MwMC9l2NfoH6ON8UzVZUY/8IdOTo
DebpZi3lbHvKRvtZhc7W/hXsKCToBM9LpGPcp75l+vI7VbHainlor2DzHRvXjf9i
kpbfzoKqLMlPOrC/8tBZBhqfZDTS0iXYIYnG2MCnpktAAfU9w/Lrn/UhqinCN1Hk
auGrhaNv1N2BkeugQsyK3lBnNnPPTx1XNzgV7IsZC9PvY0s9xG9pSsh0lfKGhGTe
sP3S/1tx+h6OEBtQKBP3Xvk16Zd0PHhqeD0CwSCzK7UOa3Er
-----END CERTIFICATE-----