Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/29c915-2cbc-4768-840c-aadfa9c06742/1/pf1N8n7STtur0vjt-b41ebDS6C0.roa
File:                     pf1N8n7STtur0vjt-b41ebDS6C0.roa (raw, json)
Hash identifier:          ZSviE6Mn4Z/jmEHNDWc3gBys8T5peHEhv1hf355RXb0=
Subject key identifier:   A5:FD:4D:F2:7E:D2:4E:DB:AB:D2:F8:ED:F9:BE:35:79:B0:D2:E8:2D
Certificate issuer:       /CN=b82e7b8068c4ae9ae4ca4c3a6b2096199a741ff2
Certificate serial:       018CC7945878A7B615EED2C317F0911B453E
Authority key identifier: B8:2E:7B:80:68:C4:AE:9A:E4:CA:4C:3A:6B:20:96:19:9A:74:1F:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uC57gGjErprkykw6ayCWGZp0H_I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/29c915-2cbc-4768-840c-aadfa9c06742/1/pf1N8n7STtur0vjt-b41ebDS6C0.roa
Signing time:             Tue 02 Jan 2024 00:30:37 +0000
ROA not before:           Tue 02 Jan 2024 00:30:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35277
IP address blocks:        2a04:bc40:1dc3::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/29c915-2cbc-4768-840c-aadfa9c06742/1/uC57gGjErprkykw6ayCWGZp0H_I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/29c915-2cbc-4768-840c-aadfa9c06742/1/uC57gGjErprkykw6ayCWGZp0H_I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uC57gGjErprkykw6ayCWGZp0H_I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 09 Jun 2024 03:05:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:58:78:a7:b6:15:ee:d2:c3:17:f0:91:1b:45:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b82e7b8068c4ae9ae4ca4c3a6b2096199a741ff2
        Validity
            Not Before: Jan  2 00:30:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a5fd4df27ed24edbabd2f8edf9be3579b0d2e82d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:db:48:c9:d0:61:75:1b:42:5b:eb:03:5f:5b:
                    91:80:02:46:c8:8c:1b:3e:9d:70:4c:3e:43:dd:42:
                    e3:76:2d:38:db:23:05:6a:e2:96:bb:0d:86:13:00:
                    8a:8e:e0:21:d9:94:78:87:09:e2:e6:78:44:fe:28:
                    e4:fd:dc:00:9a:66:da:d4:35:0d:c3:a0:ad:f4:50:
                    92:61:f5:36:90:08:61:30:b2:75:c5:ff:45:c1:0a:
                    80:e5:71:6c:1a:1e:36:80:eb:c5:29:67:d7:9f:6a:
                    81:f1:22:ba:f2:4e:5f:72:48:ef:26:99:4e:df:91:
                    72:35:be:a5:d7:53:62:34:e0:1c:3f:01:0b:8e:05:
                    28:4e:3e:fa:25:be:dc:d9:2c:42:48:b8:bb:60:64:
                    20:bf:8c:f4:25:9c:2d:20:fa:05:40:b5:c4:1c:9b:
                    f7:ea:3c:84:e3:b1:92:ee:b0:a2:e9:4a:ff:89:4a:
                    e8:eb:15:9b:cf:20:63:d5:bd:38:32:5e:1a:41:16:
                    7e:a9:0c:e7:28:a8:b3:49:47:e5:e3:cd:27:ab:e1:
                    de:87:73:dc:1a:88:87:ee:ad:4b:44:96:32:39:21:
                    d6:84:cd:e0:a0:5c:c3:7a:3a:f1:53:f2:9a:79:4c:
                    50:a2:7b:b4:a4:0d:ce:ec:bf:19:c8:58:eb:cd:ed:
                    5f:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:FD:4D:F2:7E:D2:4E:DB:AB:D2:F8:ED:F9:BE:35:79:B0:D2:E8:2D
            X509v3 Authority Key Identifier:
                keyid:B8:2E:7B:80:68:C4:AE:9A:E4:CA:4C:3A:6B:20:96:19:9A:74:1F:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uC57gGjErprkykw6ayCWGZp0H_I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/29c915-2cbc-4768-840c-aadfa9c06742/1/pf1N8n7STtur0vjt-b41ebDS6C0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/29c915-2cbc-4768-840c-aadfa9c06742/1/uC57gGjErprkykw6ayCWGZp0H_I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a04:bc40:1dc3::/48

    Signature Algorithm: sha256WithRSAEncryption
         08:19:8f:99:64:ff:ce:96:96:30:8e:64:c6:c3:ef:a4:76:fc:
         57:26:9f:11:4f:cc:65:50:75:59:df:05:cb:00:6d:50:f4:05:
         98:bd:e4:05:62:67:de:92:9b:89:b1:81:33:ef:96:ac:99:38:
         0e:e6:34:34:91:fb:17:0c:f6:14:13:11:55:4e:ae:72:52:b6:
         85:56:84:49:dc:a1:ec:df:82:ac:0c:af:62:6f:e7:14:4e:62:
         80:f7:8a:54:9f:7c:0e:c8:db:ec:5c:66:23:a2:a0:ce:d6:c5:
         62:d4:0e:77:02:e1:39:cd:a0:8e:95:de:1e:dd:2d:61:9c:41:
         d5:aa:54:06:d5:82:f0:1c:7f:0d:66:61:4f:59:83:11:7b:1e:
         e9:db:f5:ce:f6:3d:cc:1e:d8:c1:b4:59:5b:ff:b3:1b:18:88:
         73:b4:f5:97:1c:39:c4:b3:68:ae:18:ac:ca:a1:2f:17:f7:93:
         11:6b:64:fe:22:02:0d:47:da:a7:00:06:14:e7:1a:f4:1c:81:
         40:4b:3c:c1:60:5f:27:96:4e:5d:7b:0e:cf:dc:2e:88:35:78:
         b9:a0:34:1f:a7:54:11:32:a3:ad:3a:cd:ec:6f:47:2b:6f:6b:
         af:d6:3e:4d:28:d8:d5:af:b1:c9:ab:c3:f5:02:cc:7a:5b:0d:
         04:0f:92:b3
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzHlFh4p7YV7tLDF/CRG0U+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI4MmU3YjgwNjhjNGFlOWFlNGNhNGMzYTZiMjA5NjE5OWE3
NDFmZjIwHhcNMjQwMTAyMDAzMDM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNWZkNGRmMjdlZDI0ZWRiYWJkMmY4ZWRmOWJlMzU3OWIwZDJlODJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj9tIydBhdRtCW+sDX1uRgAJGyIwb
Pp1wTD5D3ULjdi042yMFauKWuw2GEwCKjuAh2ZR4hwni5nhE/ijk/dwAmmba1DUN
w6Ct9FCSYfU2kAhhMLJ1xf9FwQqA5XFsGh42gOvFKWfXn2qB8SK68k5fckjvJplO
35FyNb6l11NiNOAcPwELjgUoTj76Jb7c2SxCSLi7YGQgv4z0JZwtIPoFQLXEHJv3
6jyE47GS7rCi6Ur/iUro6xWbzyBj1b04Ml4aQRZ+qQznKKizSUfl480nq+Heh3Pc
GoiH7q1LRJYyOSHWhM3goFzDejrxU/KaeUxQonu0pA3O7L8ZyFjrze1flQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFKX9TfJ+0k7bq9L47fm+NXmw0ugtMB8GA1UdIwQY
MBaAFLgue4BoxK6a5MpMOmsglhmadB/yMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdUM1N2dHakVycHJreWt3NmF5Q1dHWnAwSF9JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny8yOWM5MTUtMmNiYy00NzY4LTg0MGMt
YWFkZmE5YzA2NzQyLzEvcGYxTjhuN1NUdHVyMHZqdC1iNDFlYkRTNkMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny8yOWM5MTUtMmNiYy00NzY4LTg0MGMtYWFkZmE5YzA2NzQy
LzEvdUM1N2dHakVycHJreWt3NmF5Q1dHWnAwSF9JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgS8QB3D
MA0GCSqGSIb3DQEBCwUAA4IBAQAIGY+ZZP/OlpYwjmTGw++kdvxXJp8RT8xlUHVZ
3wXLAG1Q9AWYveQFYmfekpuJsYEz75asmTgO5jQ0kfsXDPYUExFVTq5yUraFVoRJ
3KHs34KsDK9ib+cUTmKA94pUn3wOyNvsXGYjoqDO1sVi1A53AuE5zaCOld4e3S1h
nEHVqlQG1YLwHH8NZmFPWYMRex7p2/XO9j3MHtjBtFlb/7MbGIhztPWXHDnEs2iu
GKzKoS8X95MRa2T+IgINR9qnAAYU5xr0HIFASzzBYF8nlk5dew7P3C6INXi5oDQf
p1QRMqOtOs3sb0crb2uv1j5NKNjVr7HJq8P1Asx6Ww0ED5Kz
-----END CERTIFICATE-----