Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/Bt28ivx_GfttgRa4rJ1NJ84njcQ.roa
File:                     Bt28ivx_GfttgRa4rJ1NJ84njcQ.roa (raw, json)
Hash identifier:          vWlyMisCGecrANWT8ENLv2gJRUlfKIrr+n+WD+MDzNo=
Subject key identifier:   06:DD:BC:8A:FC:7F:19:FB:6D:81:16:B8:AC:9D:4D:27:CE:27:8D:C4
Certificate issuer:       /CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
Certificate serial:       018CC56E0F64652F1938701865AAFC927EF4
Authority key identifier: 05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/Bt28ivx_GfttgRa4rJ1NJ84njcQ.roa
Signing time:             Mon 01 Jan 2024 14:29:33 +0000
ROA not before:           Mon 01 Jan 2024 14:29:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43419
IP address blocks:        2a04:3a40:8000::/33 maxlen: 33

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 00:09:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:0f:64:65:2f:19:38:70:18:65:aa:fc:92:7e:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
        Validity
            Not Before: Jan  1 14:29:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=06ddbc8afc7f19fb6d8116b8ac9d4d27ce278dc4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:cd:8c:89:cc:26:9e:7c:13:e8:4e:83:db:95:
                    18:05:37:94:c2:d5:07:3c:b8:9c:bf:4d:2b:09:63:
                    f9:79:15:e1:d7:69:8a:34:97:36:d5:df:4b:cc:67:
                    ac:b8:63:33:f3:be:a7:7c:dc:b1:92:13:f7:da:86:
                    5f:fd:23:a5:76:25:89:83:dd:dc:96:69:6f:5e:22:
                    94:d1:25:ed:0c:ff:b1:a7:b3:69:a6:31:19:55:e4:
                    96:a0:bf:77:23:33:c5:71:ed:77:88:3a:91:0b:ee:
                    54:b9:a2:6d:75:83:4a:7c:7d:36:27:27:86:d3:67:
                    d6:c1:cf:fe:f4:c8:8b:ea:05:9d:9d:2b:15:de:a2:
                    87:d9:76:79:d1:8f:14:9f:f5:ca:22:e5:56:dd:80:
                    32:cb:32:18:3b:8a:4a:45:81:c4:fb:65:b2:ca:2a:
                    cc:e2:0c:e3:30:e8:9d:0d:74:7e:1e:e9:ad:db:00:
                    07:be:10:38:2a:a5:13:66:a6:f8:a9:94:cd:e5:d7:
                    53:21:fd:37:49:7a:48:77:4b:a9:67:e8:e1:56:c6:
                    14:71:e5:08:5c:7f:ed:8c:69:58:b4:b5:d4:f7:87:
                    76:5f:25:46:73:56:5b:ad:b4:59:07:4c:83:98:86:
                    56:aa:48:6a:ec:af:14:ed:17:d7:3e:cc:9b:52:e5:
                    e0:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:DD:BC:8A:FC:7F:19:FB:6D:81:16:B8:AC:9D:4D:27:CE:27:8D:C4
            X509v3 Authority Key Identifier:
                keyid:05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/Bt28ivx_GfttgRa4rJ1NJ84njcQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a04:3a40:8000::/33

    Signature Algorithm: sha256WithRSAEncryption
         31:30:d8:0f:45:5b:30:ea:4c:2c:8c:24:13:cb:8a:de:6b:0f:
         57:d7:93:9e:b6:92:15:b6:25:11:38:a6:8c:a4:6f:87:71:31:
         05:57:33:4c:f9:48:df:62:05:0e:28:61:be:c4:f6:cc:33:b5:
         bb:ad:6a:d7:14:90:63:93:50:a4:b2:55:8b:06:68:88:96:be:
         2e:4e:41:98:b0:35:3e:fc:08:0d:81:bf:bc:ba:55:8e:12:55:
         25:63:38:36:56:ab:3c:22:14:84:7c:bf:e0:43:42:5c:58:7a:
         71:8c:04:ba:91:19:54:40:2d:eb:92:29:7a:47:8d:09:6b:25:
         f9:23:8f:00:af:d3:98:ed:2a:39:aa:25:d0:cf:ec:40:e8:24:
         cb:17:e8:05:c5:f2:51:2d:6f:a2:77:39:45:2a:41:45:c1:c4:
         6f:4c:c7:42:73:e9:19:13:33:99:43:21:6e:1b:21:84:56:05:
         66:94:b8:8c:ad:11:1b:3b:eb:0f:32:8b:f0:11:06:50:96:e9:
         36:99:c7:72:1a:d9:f0:04:aa:f7:28:3f:b7:4e:13:1f:00:9c:
         16:d3:2a:cc:22:78:a2:d2:15:4a:cb:a3:d1:34:51:e0:fb:b8:
         a2:d2:1b:1b:20:80:38:29:b5:be:fb:ce:7f:6a:c5:78:6a:ca:
         85:88:a3:b5
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzFbg9kZS8ZOHAYZar8kn70MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1MzRjNDlmY2ZhOGE0NTA0MWQ5NWVkNGQ4ZDRmYzY5Yzcy
N2E0NjcwHhcNMjQwMTAxMTQyOTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNmRkYmM4YWZjN2YxOWZiNmQ4MTE2YjhhYzlkNGQyN2NlMjc4ZGM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo82MicwmnnwT6E6D25UYBTeUwtUH
PLicv00rCWP5eRXh12mKNJc21d9LzGesuGMz876nfNyxkhP32oZf/SOldiWJg93c
lmlvXiKU0SXtDP+xp7NppjEZVeSWoL93IzPFce13iDqRC+5UuaJtdYNKfH02JyeG
02fWwc/+9MiL6gWdnSsV3qKH2XZ50Y8Un/XKIuVW3YAyyzIYO4pKRYHE+2WyyirM
4gzjMOidDXR+Humt2wAHvhA4KqUTZqb4qZTN5ddTIf03SXpId0upZ+jhVsYUceUI
XH/tjGlYtLXU94d2XyVGc1ZbrbRZB0yDmIZWqkhq7K8U7RfXPsybUuXgvwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFAbdvIr8fxn7bYEWuKydTSfOJ43EMB8GA1UdIwQY
MBaAFAU0xJ/PqKRQQdle1NjU/GnHJ6RnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYt
Y2Q3ZTA2Y2JiNTMxLzEvQnQyOGl2eF9HZnR0Z1JhNHJKMU5KODRuamNRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYtY2Q3ZTA2Y2JiNTMx
LzEvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYHKgQ6QIAw
DQYJKoZIhvcNAQELBQADggEBADEw2A9FWzDqTCyMJBPLit5rD1fXk562khW2JRE4
poykb4dxMQVXM0z5SN9iBQ4oYb7E9swztbutatcUkGOTUKSyVYsGaIiWvi5OQZiw
NT78CA2Bv7y6VY4SVSVjODZWqzwiFIR8v+BDQlxYenGMBLqRGVRALeuSKXpHjQlr
JfkjjwCv05jtKjmqJdDP7EDoJMsX6AXF8lEtb6J3OUUqQUXBxG9Mx0Jz6RkTM5lD
IW4bIYRWBWaUuIytERs76w8yi/ARBlCW6TaZx3Ia2fAEqvcoP7dOEx8AnBbTKswi
eKLSFUrLo9E0UeD7uKLSGxsggDgptb77zn9qxXhqyoWIo7U=
-----END CERTIFICATE-----