Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/72/fe915c-bf70-4602-8a3c-0292b020150a/1/PLgUutu93YzYz9bvvKVbdCs5Cm8.roa
File:                     PLgUutu93YzYz9bvvKVbdCs5Cm8.roa (raw, json)
Hash identifier:          WHaUzHmJYDJBvtjTnBr+y2tQplAPRAJ0XLLrzyGq5rY=
Subject key identifier:   3C:B8:14:BA:DB:BD:DD:8C:D8:CF:D6:EF:BC:A5:5B:74:2B:39:0A:6F
Certificate issuer:       /CN=a0ef5fbbfca7a93cfee965eeb6bdee6fb43c403e
Certificate serial:       018CC94E39FDCABDFC1C8064596C2BBABBA9
Authority key identifier: A0:EF:5F:BB:FC:A7:A9:3C:FE:E9:65:EE:B6:BD:EE:6F:B4:3C:40:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/oO9fu_ynqTz-6WXutr3ub7Q8QD4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/72/fe915c-bf70-4602-8a3c-0292b020150a/1/PLgUutu93YzYz9bvvKVbdCs5Cm8.roa
Signing time:             Tue 02 Jan 2024 08:33:16 +0000
ROA not before:           Tue 02 Jan 2024 08:33:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212775
IP address blocks:        2a00:7180:8010::/46 maxlen: 46

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/72/fe915c-bf70-4602-8a3c-0292b020150a/1/oO9fu_ynqTz-6WXutr3ub7Q8QD4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/72/fe915c-bf70-4602-8a3c-0292b020150a/1/oO9fu_ynqTz-6WXutr3ub7Q8QD4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/oO9fu_ynqTz-6WXutr3ub7Q8QD4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 03:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:39:fd:ca:bd:fc:1c:80:64:59:6c:2b:ba:bb:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a0ef5fbbfca7a93cfee965eeb6bdee6fb43c403e
        Validity
            Not Before: Jan  2 08:33:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3cb814badbbddd8cd8cfd6efbca55b742b390a6f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:95:ba:5e:37:d3:33:41:75:a0:a4:81:af:6b:
                    74:12:b7:52:4b:3a:d0:43:ce:23:5c:f1:e0:57:f4:
                    2f:94:6c:26:e3:c1:e3:13:ec:48:34:01:04:50:6f:
                    24:49:0d:f7:45:5d:d2:60:c0:df:5e:6f:72:02:c5:
                    01:a3:fc:57:b3:69:9d:f9:a7:b9:12:46:79:e0:f5:
                    8d:6b:1c:62:bd:38:9b:ca:9a:91:8d:ef:9a:bb:dd:
                    f8:b5:0c:22:cf:f6:8d:b0:dd:e0:69:77:10:d7:6f:
                    12:c8:a3:b7:b5:f1:f4:76:7e:19:74:8d:b0:78:e3:
                    4a:fc:a8:09:da:2f:be:76:25:1d:f0:d1:55:7a:4f:
                    f0:5a:13:8c:fb:bc:8f:8a:e0:ca:c9:f4:08:dc:d8:
                    94:37:e3:5f:4a:ae:3a:54:50:af:0d:66:c6:c9:0e:
                    86:e2:05:47:c1:f1:61:81:2c:b5:13:ea:22:00:ac:
                    39:f2:7b:af:5a:f0:51:28:8f:5b:4d:8b:6e:74:e4:
                    1f:67:e2:f0:b9:ef:05:a7:2d:26:a5:6c:46:64:ff:
                    bb:35:7c:12:a6:3d:26:be:b0:06:23:3f:da:8b:d0:
                    6d:9e:2f:18:58:fe:3c:da:78:eb:24:b5:42:2b:d9:
                    98:0f:61:87:1f:a5:9a:be:52:ab:53:b7:4d:a2:c6:
                    5d:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:B8:14:BA:DB:BD:DD:8C:D8:CF:D6:EF:BC:A5:5B:74:2B:39:0A:6F
            X509v3 Authority Key Identifier:
                keyid:A0:EF:5F:BB:FC:A7:A9:3C:FE:E9:65:EE:B6:BD:EE:6F:B4:3C:40:3E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oO9fu_ynqTz-6WXutr3ub7Q8QD4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/72/fe915c-bf70-4602-8a3c-0292b020150a/1/PLgUutu93YzYz9bvvKVbdCs5Cm8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/72/fe915c-bf70-4602-8a3c-0292b020150a/1/oO9fu_ynqTz-6WXutr3ub7Q8QD4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a00:7180:8010::/46

    Signature Algorithm: sha256WithRSAEncryption
         16:f2:70:b4:45:92:16:11:9d:fe:86:70:9f:e9:22:79:9f:7d:
         a6:1f:cc:d9:23:d0:98:5d:99:ca:29:27:b6:7a:6b:36:dc:59:
         19:40:02:00:36:67:6a:17:4a:27:0d:9f:61:d7:ce:f1:1f:2b:
         de:53:0b:ba:95:25:01:63:55:83:02:81:4a:e6:7c:79:0f:fb:
         54:63:6e:df:4e:cf:b4:b1:cb:88:36:f3:e7:da:e2:21:e6:1b:
         e4:ea:27:30:ff:07:96:86:32:3f:36:c2:57:4e:d0:c0:58:1d:
         bd:1b:d7:50:ff:d1:76:b9:77:06:16:e5:32:e7:c0:a3:1b:ba:
         a0:44:4c:0d:2b:0e:e9:83:14:c3:26:03:36:e9:84:c3:6c:f5:
         03:86:4e:4b:ba:0d:69:f5:3a:fe:b0:ad:0b:1c:90:89:06:cf:
         94:b4:ab:50:ed:04:fd:b2:a7:3c:3c:ce:8a:76:2f:fb:c6:1d:
         41:fe:7d:0e:45:5e:0d:74:7c:02:d0:d5:20:ca:a9:f6:6a:a9:
         2d:ed:cc:da:a2:31:e2:58:40:2f:50:b7:a6:26:01:96:e6:ba:
         0c:be:a4:ec:95:60:db:99:d6:c1:97:3b:5d:4e:b0:36:c9:6e:
         c0:13:90:84:7f:fb:19:39:01:d1:e9:84:5c:9f:33:86:8e:26:
         fc:d4:83:39
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzJTjn9yr38HIBkWWwrurupMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEwZWY1ZmJiZmNhN2E5M2NmZWU5NjVlZWI2YmRlZTZmYjQz
YzQwM2UwHhcNMjQwMTAyMDgzMzE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzY2I4MTRiYWRiYmRkZDhjZDhjZmQ2ZWZiY2E1NWI3NDJiMzkwYTZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg5W6XjfTM0F1oKSBr2t0ErdSSzrQ
Q84jXPHgV/QvlGwm48HjE+xINAEEUG8kSQ33RV3SYMDfXm9yAsUBo/xXs2md+ae5
EkZ54PWNaxxivTibypqRje+au934tQwiz/aNsN3gaXcQ128SyKO3tfH0dn4ZdI2w
eONK/KgJ2i++diUd8NFVek/wWhOM+7yPiuDKyfQI3NiUN+NfSq46VFCvDWbGyQ6G
4gVHwfFhgSy1E+oiAKw58nuvWvBRKI9bTYtudOQfZ+Lwue8Fpy0mpWxGZP+7NXwS
pj0mvrAGIz/ai9Btni8YWP482njrJLVCK9mYD2GHH6WavlKrU7dNosZdiQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFDy4FLrbvd2M2M/W77ylW3QrOQpvMB8GA1UdIwQY
MBaAFKDvX7v8p6k8/ull7ra97m+0PEA+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb085ZnVfeW5xVHotNldYdXRyM3ViN1E4UUQ0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Mi9mZTkxNWMtYmY3MC00NjAyLThhM2Mt
MDI5MmIwMjAxNTBhLzEvUExnVXV0dTkzWXpZejlidnZLVmJkQ3M1Q204LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Mi9mZTkxNWMtYmY3MC00NjAyLThhM2MtMDI5MmIwMjAxNTBh
LzEvb085ZnVfeW5xVHotNldYdXRyM3ViN1E4UUQ0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcCKgBxgIAQ
MA0GCSqGSIb3DQEBCwUAA4IBAQAW8nC0RZIWEZ3+hnCf6SJ5n32mH8zZI9CYXZnK
KSe2ems23FkZQAIANmdqF0onDZ9h187xHyveUwu6lSUBY1WDAoFK5nx5D/tUY27f
Ts+0scuINvPn2uIh5hvk6icw/weWhjI/NsJXTtDAWB29G9dQ/9F2uXcGFuUy58Cj
G7qgREwNKw7pgxTDJgM26YTDbPUDhk5Lug1p9Tr+sK0LHJCJBs+UtKtQ7QT9sqc8
PM6Kdi/7xh1B/n0ORV4NdHwC0NUgyqn2aqkt7czaojHiWEAvULemJgGW5roMvqTs
lWDbmdbBlztdTrA2yW7AE5CEf/sZOQHR6YRcnzOGjib81IM5
-----END CERTIFICATE-----