Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/Jp3kAGS4frVSIg4TZvWy0-MdySk.roa
File:                     Jp3kAGS4frVSIg4TZvWy0-MdySk.roa (raw, json)
Hash identifier:          vhlo7iYfUmTmG4KtyD++n5Ys0z+K35/N9v+p8vvPpmc=
Subject key identifier:   26:9D:E4:00:64:B8:7E:B5:52:22:0E:13:66:F5:B2:D3:E3:1D:C9:29
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       018F863BEB3D714A0F7943A86D55CCA280AC
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/Jp3kAGS4frVSIg4TZvWy0-MdySk.roa
Signing time:             Fri 17 May 2024 11:07:04 +0000
ROA not before:           Fri 17 May 2024 11:07:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214879
IP address blocks:        2a0c:b641:c60::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 02:00:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:86:3b:eb:3d:71:4a:0f:79:43:a8:6d:55:cc:a2:80:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: May 17 11:07:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=269de40064b87eb552220e1366f5b2d3e31dc929
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:34:ad:0c:76:e5:62:b4:d2:ba:aa:45:09:e3:
                    39:9a:a7:67:f5:46:ef:2f:63:5f:8d:69:8d:35:33:
                    98:94:55:2f:fa:93:f9:66:41:c8:d1:c6:78:57:0b:
                    65:6f:52:28:0b:96:60:56:c2:e5:47:5a:06:bf:0e:
                    0f:e3:d2:9f:0d:64:b8:92:14:a6:86:22:76:a1:70:
                    3c:48:8f:7a:3c:0f:3d:9f:4e:6d:df:c2:62:4c:db:
                    54:aa:5b:82:dc:51:92:4e:93:fb:ce:1f:21:d9:cf:
                    33:73:51:5e:61:85:de:e9:76:e3:34:19:fb:99:be:
                    d6:99:5c:de:0c:29:77:49:ae:cd:9c:9c:4f:70:3f:
                    9b:0c:f6:a8:22:92:c1:61:b4:f9:0e:d6:a2:22:10:
                    14:32:c8:24:7a:a4:b3:c1:b6:82:05:2d:74:04:1b:
                    05:9d:38:63:c6:8d:ea:05:b3:86:b2:f8:ed:3c:b7:
                    29:a1:be:e2:c3:dc:54:2c:22:18:55:15:30:60:24:
                    71:62:70:73:90:7e:65:b3:79:ab:58:36:0b:36:d7:
                    a0:11:72:b4:93:81:a1:0f:47:e0:5b:51:cf:5d:75:
                    88:3c:36:70:98:be:54:90:3d:ea:10:49:f8:53:e0:
                    f4:ea:42:73:8e:5c:c0:1e:31:de:c8:fa:3b:cd:cc:
                    5b:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:9D:E4:00:64:B8:7E:B5:52:22:0E:13:66:F5:B2:D3:E3:1D:C9:29
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/Jp3kAGS4frVSIg4TZvWy0-MdySk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b641:c60::/44

    Signature Algorithm: sha256WithRSAEncryption
         2a:cd:d0:52:79:94:b7:7c:88:33:d4:47:62:e0:5f:fa:8d:14:
         12:76:f6:93:21:94:57:3c:86:23:ba:c2:35:02:ed:37:e4:44:
         b7:c1:15:d4:67:68:47:5a:6d:1e:e3:87:85:84:63:e7:4a:bd:
         b0:5c:1c:22:4f:74:f8:1d:01:bd:cf:0c:c5:a1:f7:a3:21:2b:
         0e:26:7f:69:e4:3c:7b:e5:74:62:9d:03:d0:02:1f:11:f1:bb:
         4c:da:f3:f1:3f:1a:4d:fc:4c:06:39:3c:27:b8:76:9b:f7:cb:
         bc:01:a8:30:96:ba:d6:86:8f:42:4e:a6:f9:4e:14:0c:40:89:
         b7:cc:08:18:ad:18:79:37:fd:ed:de:df:ca:c6:f2:50:d7:45:
         37:0f:78:f7:1a:6d:fc:6b:b7:6a:d3:c6:4c:4f:09:7e:49:25:
         df:db:bf:73:01:e5:e1:9b:6f:ce:c3:f6:b1:28:61:97:d4:b2:
         a3:c3:79:43:9e:8f:dc:92:00:84:1b:15:45:00:57:7b:e4:99:
         38:8d:ff:87:6a:20:d0:cf:5f:cd:8a:9a:ff:41:0a:bb:ed:e4:
         fe:0f:1d:e3:8a:23:07:cf:41:f2:01:23:6c:0b:a2:aa:35:d5:
         a5:61:c1:27:dd:33:3c:97:0f:57:c2:c9:73:da:29:75:dd:d3:
         b8:e3:c4:8a
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY+GO+s9cUoPeUOobVXMooCsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjQwNTE3MTEwNzA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNjlkZTQwMDY0Yjg3ZWI1NTIyMjBlMTM2NmY1YjJkM2UzMWRjOTI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoDStDHblYrTSuqpFCeM5mqdn9Ubv
L2NfjWmNNTOYlFUv+pP5ZkHI0cZ4Vwtlb1IoC5ZgVsLlR1oGvw4P49KfDWS4khSm
hiJ2oXA8SI96PA89n05t38JiTNtUqluC3FGSTpP7zh8h2c8zc1FeYYXe6XbjNBn7
mb7WmVzeDCl3Sa7NnJxPcD+bDPaoIpLBYbT5DtaiIhAUMsgkeqSzwbaCBS10BBsF
nThjxo3qBbOGsvjtPLcpob7iw9xULCIYVRUwYCRxYnBzkH5ls3mrWDYLNtegEXK0
k4GhD0fgW1HPXXWIPDZwmL5UkD3qEEn4U+D06kJzjlzAHjHeyPo7zcxb6wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFCad5ABkuH61UiIOE2b1stPjHckpMB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvSnAza0FHUzRmclZTSWc0VFp2V3kwLU1keVNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgy2QQxg
MA0GCSqGSIb3DQEBCwUAA4IBAQAqzdBSeZS3fIgz1Edi4F/6jRQSdvaTIZRXPIYj
usI1Au035ES3wRXUZ2hHWm0e44eFhGPnSr2wXBwiT3T4HQG9zwzFofejISsOJn9p
5Dx75XRinQPQAh8R8btM2vPxPxpN/EwGOTwnuHab98u8AagwlrrWho9CTqb5ThQM
QIm3zAgYrRh5N/3t3t/KxvJQ10U3D3j3Gm38a7dq08ZMTwl+SSXf279zAeXhm2/O
w/axKGGX1LKjw3lDno/ckgCEGxVFAFd75Jk4jf+HaiDQz1/Nipr/QQq77eT+Dx3j
iiMHz0HyASNsC6KqNdWlYcEn3TM8lw9Xwslz2il13dO448SK
-----END CERTIFICATE-----