Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4f/53a947-fd03-4014-9827-c5d8950818ec/1/yOQNrNfqnu-zUPwseIlDnR9db6I.roa
File:                     yOQNrNfqnu-zUPwseIlDnR9db6I.roa (raw, json)
Hash identifier:          M4/IvWYWT3V9C0qv4qy17doGNXNBQ4Xqnwnw1suYfCM=
Subject key identifier:   C8:E4:0D:AC:D7:EA:9E:EF:B3:50:FC:2C:78:89:43:9D:1F:5D:6F:A2
Certificate issuer:       /CN=ff44dbaca56dac319401f68a50d917f5424611ad
Certificate serial:       018CC7944F00D9EA204A2E6CEB24D46AEA27
Authority key identifier: FF:44:DB:AC:A5:6D:AC:31:94:01:F6:8A:50:D9:17:F5:42:46:11:AD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_0TbrKVtrDGUAfaKUNkX9UJGEa0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4f/53a947-fd03-4014-9827-c5d8950818ec/1/yOQNrNfqnu-zUPwseIlDnR9db6I.roa
Signing time:             Tue 02 Jan 2024 00:30:34 +0000
ROA not before:           Tue 02 Jan 2024 00:30:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212144
IP address blocks:        2a12:6d80::/29 maxlen: 29
                          2a12:3f80::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4f/53a947-fd03-4014-9827-c5d8950818ec/1/_0TbrKVtrDGUAfaKUNkX9UJGEa0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4f/53a947-fd03-4014-9827-c5d8950818ec/1/_0TbrKVtrDGUAfaKUNkX9UJGEa0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_0TbrKVtrDGUAfaKUNkX9UJGEa0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 16:03:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:4f:00:d9:ea:20:4a:2e:6c:eb:24:d4:6a:ea:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ff44dbaca56dac319401f68a50d917f5424611ad
        Validity
            Not Before: Jan  2 00:30:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c8e40dacd7ea9eefb350fc2c7889439d1f5d6fa2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:5b:19:fc:b6:b2:e1:64:bb:78:3c:d0:d1:d5:
                    06:c4:d8:9b:5d:8d:60:72:a2:df:ee:0d:5f:9a:06:
                    20:1c:8e:a2:e9:b9:f6:50:29:9c:d5:05:c6:6f:22:
                    83:c7:68:a0:ee:32:b2:2a:ea:75:b9:32:85:ee:1b:
                    eb:db:2d:54:60:7a:96:1a:ad:0d:b3:29:36:00:4f:
                    94:14:3e:e6:ca:a3:02:01:c7:8f:cb:3a:76:ec:e4:
                    ef:c7:13:b7:97:9f:dd:62:cd:ef:fa:95:45:bb:c9:
                    b2:62:0f:fb:c6:1c:7d:39:0e:b8:5d:dc:8b:d5:bf:
                    b9:16:74:3f:84:4c:77:2c:f4:2c:42:17:c1:3b:45:
                    80:f9:8a:52:a3:af:33:ca:c0:91:f2:3f:32:5b:a1:
                    e5:32:a5:c4:32:8f:90:ac:81:42:b4:dd:47:cc:89:
                    0e:68:54:6b:73:b7:bc:7e:1e:d7:e4:d9:65:8f:0c:
                    c7:00:7b:08:36:c7:20:87:a1:45:59:0b:6d:95:88:
                    d2:ad:fa:17:90:2a:03:2b:b9:ab:92:64:24:12:0e:
                    3e:90:4a:75:8c:2e:f1:47:f1:5c:53:e0:f4:77:4b:
                    d5:46:82:15:00:27:93:61:4c:56:fa:87:e9:99:3c:
                    b5:55:d7:c8:17:24:26:ec:99:f3:89:05:54:52:8e:
                    2c:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:E4:0D:AC:D7:EA:9E:EF:B3:50:FC:2C:78:89:43:9D:1F:5D:6F:A2
            X509v3 Authority Key Identifier:
                keyid:FF:44:DB:AC:A5:6D:AC:31:94:01:F6:8A:50:D9:17:F5:42:46:11:AD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_0TbrKVtrDGUAfaKUNkX9UJGEa0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/53a947-fd03-4014-9827-c5d8950818ec/1/yOQNrNfqnu-zUPwseIlDnR9db6I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/53a947-fd03-4014-9827-c5d8950818ec/1/_0TbrKVtrDGUAfaKUNkX9UJGEa0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:3f80::/29
                  2a12:6d80::/29

    Signature Algorithm: sha256WithRSAEncryption
         63:ce:37:a9:b6:4b:42:c8:5d:e1:22:6d:dc:46:4d:70:48:d0:
         03:23:d3:65:77:6d:e9:eb:7f:1e:e7:7f:5c:2f:30:19:c5:32:
         42:d2:19:68:02:2c:99:4b:b7:54:b9:56:0a:46:b3:64:be:bc:
         d3:55:5e:60:08:b9:96:6e:02:9e:42:5f:34:3d:36:a2:0f:37:
         7f:78:d3:88:a8:55:f4:91:65:6d:c4:f9:d7:a2:98:69:b0:ff:
         c9:ea:fb:43:75:a2:fd:40:e0:fc:95:0a:ea:d3:4d:83:59:8a:
         a4:94:b2:cc:0d:f4:97:e3:15:51:54:6b:a4:ad:20:f5:4f:63:
         d2:1c:f1:53:9b:2c:f6:f1:5c:17:9f:48:9b:7d:e5:9e:2a:47:
         49:32:87:5e:73:f1:59:39:6e:97:a3:bf:42:95:b1:e6:b2:0e:
         91:69:f6:8e:90:11:2e:b3:96:29:b5:19:94:09:df:ce:eb:12:
         12:e5:31:73:62:ad:06:f0:c3:4e:15:86:7c:3d:76:cc:e0:eb:
         6e:bf:25:d7:d0:36:e3:a7:2e:cc:33:0b:f7:34:c4:9d:40:93:
         54:7b:17:3a:1e:11:87:d3:f9:85:18:17:f2:f8:65:1a:01:9c:
         9e:94:1d:d2:1e:47:16:5a:ba:db:ad:fa:c8:8c:e4:6a:d6:3d:
         86:d3:50:84
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzHlE8A2eogSi5s6yTUauonMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmNDRkYmFjYTU2ZGFjMzE5NDAxZjY4YTUwZDkxN2Y1NDI0
NjExYWQwHhcNMjQwMTAyMDAzMDM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOGU0MGRhY2Q3ZWE5ZWVmYjM1MGZjMmM3ODg5NDM5ZDFmNWQ2ZmEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo1sZ/Lay4WS7eDzQ0dUGxNibXY1g
cqLf7g1fmgYgHI6i6bn2UCmc1QXGbyKDx2ig7jKyKup1uTKF7hvr2y1UYHqWGq0N
syk2AE+UFD7myqMCAcePyzp27OTvxxO3l5/dYs3v+pVFu8myYg/7xhx9OQ64XdyL
1b+5FnQ/hEx3LPQsQhfBO0WA+YpSo68zysCR8j8yW6HlMqXEMo+QrIFCtN1HzIkO
aFRrc7e8fh7X5NlljwzHAHsINscgh6FFWQttlYjSrfoXkCoDK7mrkmQkEg4+kEp1
jC7xR/FcU+D0d0vVRoIVACeTYUxW+ofpmTy1VdfIFyQm7JnziQVUUo4siQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFMjkDazX6p7vs1D8LHiJQ50fXW+iMB8GA1UdIwQY
MBaAFP9E26ylbawxlAH2ilDZF/VCRhGtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzBUYnJLVnRyREdVQWZhS1VOa1g5VUpHRWEwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Zi81M2E5NDctZmQwMy00MDE0LTk4Mjct
YzVkODk1MDgxOGVjLzEveU9RTnJOZnFudS16VVB3c2VJbERuUjlkYjZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Zi81M2E5NDctZmQwMy00MDE0LTk4MjctYzVkODk1MDgxOGVj
LzEvXzBUYnJLVnRyREdVQWZhS1VOa1g5VUpHRWEwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAAjAOAwUDKhI/gAMF
AyoSbYAwDQYJKoZIhvcNAQELBQADggEBAGPON6m2S0LIXeEibdxGTXBI0AMj02V3
benrfx7nf1wvMBnFMkLSGWgCLJlLt1S5VgpGs2S+vNNVXmAIuZZuAp5CXzQ9NqIP
N39404ioVfSRZW3E+deimGmw/8nq+0N1ov1A4PyVCurTTYNZiqSUsswN9JfjFVFU
a6StIPVPY9Ic8VObLPbxXBefSJt95Z4qR0kyh15z8Vk5bpejv0KVseayDpFp9o6Q
ES6zlim1GZQJ387rEhLlMXNirQbww04Vhnw9dszg626/JdfQNuOnLswzC/c0xJ1A
k1R7FzoeEYfT+YUYF/L4ZRoBnJ6UHdIeRxZautut+siM5GrWPYbTUIQ=
-----END CERTIFICATE-----