Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/38/971cc4-54d5-4c28-a1c3-e63e94cba09f/1/f1qcqJmojmjm9tN--vJ2FUipzUg.roa
File:                     f1qcqJmojmjm9tN--vJ2FUipzUg.roa (raw, json)
Hash identifier:          97ORGdvoZSob+gt0h3AQ6tlmlIjkq/+QDwWAR4hCgMQ=
Subject key identifier:   7F:5A:9C:A8:99:A8:8E:68:E6:F6:D3:7E:FA:F2:76:15:48:A9:CD:48
Certificate issuer:       /CN=7d04c25c2f8b47e5daf52d1c4c5a50999dd0a0a9
Certificate serial:       018CC79557F95CB7A145D7B1EC867E28F522
Authority key identifier: 7D:04:C2:5C:2F:8B:47:E5:DA:F5:2D:1C:4C:5A:50:99:9D:D0:A0:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fQTCXC-LR-Xa9S0cTFpQmZ3QoKk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/38/971cc4-54d5-4c28-a1c3-e63e94cba09f/1/f1qcqJmojmjm9tN--vJ2FUipzUg.roa
Signing time:             Tue 02 Jan 2024 00:31:42 +0000
ROA not before:           Tue 02 Jan 2024 00:31:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206607
IP address blocks:        2a04:ff00:500::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/38/971cc4-54d5-4c28-a1c3-e63e94cba09f/1/fQTCXC-LR-Xa9S0cTFpQmZ3QoKk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/38/971cc4-54d5-4c28-a1c3-e63e94cba09f/1/fQTCXC-LR-Xa9S0cTFpQmZ3QoKk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fQTCXC-LR-Xa9S0cTFpQmZ3QoKk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Jun 2024 14:06:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:57:f9:5c:b7:a1:45:d7:b1:ec:86:7e:28:f5:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d04c25c2f8b47e5daf52d1c4c5a50999dd0a0a9
        Validity
            Not Before: Jan  2 00:31:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7f5a9ca899a88e68e6f6d37efaf2761548a9cd48
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:09:3e:7b:44:30:94:50:9a:a3:dc:09:27:d5:
                    90:29:2b:f5:a3:3f:2c:fb:93:fb:f5:f8:68:5c:1e:
                    43:33:71:b2:5e:9f:25:af:15:c8:37:46:4d:29:7b:
                    49:7d:1c:16:40:d7:65:df:bb:10:25:37:ad:a7:7f:
                    b3:bf:71:6b:1f:f0:fd:4e:8c:b6:4d:39:6b:09:49:
                    cb:28:95:93:d1:f5:7c:38:67:6c:ef:9a:f3:8b:02:
                    d7:16:9f:41:76:26:6e:f3:51:07:b4:9f:1c:fa:8a:
                    5f:03:15:5b:a1:2f:45:e4:c8:61:9a:1a:d5:77:f9:
                    ec:74:4b:6c:78:aa:e9:d8:d6:00:f8:12:17:79:db:
                    8d:c2:24:a9:24:fe:b5:fe:cb:89:71:09:81:28:26:
                    a8:c9:ea:9a:49:00:0c:2e:7d:d3:56:15:1d:ae:0e:
                    e5:3e:35:ad:9d:b7:06:4b:56:21:ae:e7:fe:19:db:
                    ce:f1:e1:8d:64:cd:2b:4c:6d:88:a1:2d:e7:39:cf:
                    a6:08:38:e7:6a:12:7b:29:8b:e6:bb:9e:2a:5c:b2:
                    31:94:c2:3e:31:03:16:a4:a6:3f:1c:10:3d:30:f4:
                    0a:e9:8e:16:ee:88:64:d4:12:c8:15:f6:9a:44:b3:
                    39:3a:5e:cb:4b:1a:5b:22:21:81:c2:a0:b2:38:88:
                    bc:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:5A:9C:A8:99:A8:8E:68:E6:F6:D3:7E:FA:F2:76:15:48:A9:CD:48
            X509v3 Authority Key Identifier:
                keyid:7D:04:C2:5C:2F:8B:47:E5:DA:F5:2D:1C:4C:5A:50:99:9D:D0:A0:A9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fQTCXC-LR-Xa9S0cTFpQmZ3QoKk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/38/971cc4-54d5-4c28-a1c3-e63e94cba09f/1/f1qcqJmojmjm9tN--vJ2FUipzUg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/38/971cc4-54d5-4c28-a1c3-e63e94cba09f/1/fQTCXC-LR-Xa9S0cTFpQmZ3QoKk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a04:ff00:500::/40

    Signature Algorithm: sha256WithRSAEncryption
         2c:87:dc:93:57:cb:93:ef:1f:4f:ba:11:0f:7f:75:a6:f7:a7:
         1a:0e:cd:4c:b8:d9:9d:d8:6e:81:1e:48:84:e1:c7:59:91:05:
         5b:35:b9:77:dc:20:c5:18:8a:7f:a4:28:d3:0f:34:3d:1b:dc:
         73:da:ae:58:81:2b:b9:56:45:25:d8:fd:e4:81:38:b6:00:76:
         31:78:e4:22:03:f5:0d:7d:de:e3:b3:16:f8:f6:ab:74:94:26:
         9d:5c:4e:aa:b6:7a:89:7b:35:84:b2:e6:aa:3b:e8:29:24:6b:
         27:bf:a4:1f:b8:12:2f:b7:3b:3e:f3:a8:1c:a6:fe:17:1c:f4:
         39:de:fc:f1:26:14:68:d1:d5:5e:db:a7:03:4d:a2:66:25:5f:
         79:74:c7:c5:0d:e3:fc:6b:7c:18:5c:f9:96:35:e4:f8:79:51:
         45:6c:d7:ae:33:94:66:c8:0d:e4:a8:31:75:2f:82:be:0d:9d:
         5b:ab:e0:4a:82:9e:c8:5f:56:5e:ef:6b:b6:b0:66:78:0e:6b:
         c1:1f:85:10:87:ff:1a:97:b2:b6:09:cc:cb:e4:39:3f:0f:f9:
         0c:74:90:b3:22:16:86:f3:34:f3:89:79:b6:2f:7c:ea:a0:64:
         c2:d4:7f:3d:b0:a9:56:e3:11:ae:ea:42:01:5c:b6:71:48:9b:
         27:be:c3:92
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzHlVf5XLehRdex7IZ+KPUiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkMDRjMjVjMmY4YjQ3ZTVkYWY1MmQxYzRjNWE1MDk5OWRk
MGEwYTkwHhcNMjQwMTAyMDAzMTQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZjVhOWNhODk5YTg4ZTY4ZTZmNmQzN2VmYWYyNzYxNTQ4YTljZDQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhQk+e0QwlFCao9wJJ9WQKSv1oz8s
+5P79fhoXB5DM3GyXp8lrxXIN0ZNKXtJfRwWQNdl37sQJTetp3+zv3FrH/D9Toy2
TTlrCUnLKJWT0fV8OGds75rziwLXFp9BdiZu81EHtJ8c+opfAxVboS9F5MhhmhrV
d/nsdEtseKrp2NYA+BIXeduNwiSpJP61/suJcQmBKCaoyeqaSQAMLn3TVhUdrg7l
PjWtnbcGS1Yhruf+GdvO8eGNZM0rTG2IoS3nOc+mCDjnahJ7KYvmu54qXLIxlMI+
MQMWpKY/HBA9MPQK6Y4W7ohk1BLIFfaaRLM5Ol7LSxpbIiGBwqCyOIi8gQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFH9anKiZqI5o5vbTfvrydhVIqc1IMB8GA1UdIwQY
MBaAFH0Ewlwvi0fl2vUtHExaUJmd0KCpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlFUQ1hDLUxSLVhhOVMwY1RGcFFtWjNRb0trLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOC85NzFjYzQtNTRkNS00YzI4LWExYzMt
ZTYzZTk0Y2JhMDlmLzEvZjFxY3FKbW9qbWptOXROLS12SjJGVWlwelVnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOC85NzFjYzQtNTRkNS00YzI4LWExYzMtZTYzZTk0Y2JhMDlm
LzEvZlFUQ1hDLUxSLVhhOVMwY1RGcFFtWjNRb0trLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKgT/AAUw
DQYJKoZIhvcNAQELBQADggEBACyH3JNXy5PvH0+6EQ9/dab3pxoOzUy42Z3YboEe
SIThx1mRBVs1uXfcIMUYin+kKNMPND0b3HParliBK7lWRSXY/eSBOLYAdjF45CID
9Q193uOzFvj2q3SUJp1cTqq2eol7NYSy5qo76Ckkaye/pB+4Ei+3Oz7zqBym/hcc
9Dne/PEmFGjR1V7bpwNNomYlX3l0x8UN4/xrfBhc+ZY15Ph5UUVs164zlGbIDeSo
MXUvgr4NnVur4EqCnshfVl7va7awZngOa8EfhRCH/xqXsrYJzMvkOT8P+Qx0kLMi
FobzNPOJebYvfOqgZMLUfz2wqVbjEa7qQgFctnFImye+w5I=
-----END CERTIFICATE-----