Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/83/235d26-7094-4feb-9ca9-378499398f18/1/toKfpwwFZSo8wfW0MN1VmNaFSWs.roa
File:                     toKfpwwFZSo8wfW0MN1VmNaFSWs.roa (raw, json)
Hash identifier:          lYL4YhuLB3v741Ox5CSxyOoqL+IqWH9Jn+pHD80R9dM=
Subject key identifier:   B6:82:9F:A7:0C:05:65:2A:3C:C1:F5:B4:30:DD:55:98:D6:85:49:6B
Certificate issuer:       /CN=29ad8bfe07ad5d2ccb43b0d1dba6b192cb51dbea
Certificate serial:       018CC8DEAEBB0F0A97CE0B7F691594D76634
Authority key identifier: 29:AD:8B:FE:07:AD:5D:2C:CB:43:B0:D1:DB:A6:B1:92:CB:51:DB:EA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ka2L_getXSzLQ7DR26axkstR2-o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/83/235d26-7094-4feb-9ca9-378499398f18/1/toKfpwwFZSo8wfW0MN1VmNaFSWs.roa
Signing time:             Tue 02 Jan 2024 06:31:26 +0000
ROA not before:           Tue 02 Jan 2024 06:31:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     0
IP address blocks:        2a01:7e00::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/83/235d26-7094-4feb-9ca9-378499398f18/1/Ka2L_getXSzLQ7DR26axkstR2-o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/83/235d26-7094-4feb-9ca9-378499398f18/1/Ka2L_getXSzLQ7DR26axkstR2-o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ka2L_getXSzLQ7DR26axkstR2-o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 26 Apr 2024 14:10:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:ae:bb:0f:0a:97:ce:0b:7f:69:15:94:d7:66:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=29ad8bfe07ad5d2ccb43b0d1dba6b192cb51dbea
        Validity
            Not Before: Jan  2 06:31:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b6829fa70c05652a3cc1f5b430dd5598d685496b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:5e:5a:0b:43:ed:f1:c5:85:35:ea:0e:bb:5e:
                    13:db:f7:b3:02:0e:aa:bb:c6:1c:ca:05:23:1e:ec:
                    71:08:c9:df:b8:5c:f3:14:7b:39:a4:84:c0:3a:b9:
                    58:27:d6:93:5c:a7:82:2e:da:2e:dc:54:f1:23:e1:
                    40:c9:83:b3:90:28:64:42:a0:a2:88:33:5a:4f:c1:
                    13:19:6e:c1:01:a9:9a:20:cd:de:82:f7:fe:8d:5e:
                    43:55:b0:c3:97:23:54:83:e1:e7:a4:d5:8e:c5:ba:
                    47:b3:db:2c:99:6d:57:66:42:41:ee:5b:79:26:4d:
                    36:07:2f:3c:6b:df:9f:71:66:cb:6c:8e:1f:e9:84:
                    08:f1:d3:eb:95:c4:3b:33:c9:88:78:9b:56:f6:ba:
                    fb:7f:d2:11:bd:1c:88:ea:2b:4c:f8:de:0d:ce:62:
                    fb:33:35:e5:b1:a3:85:ad:7e:a4:9b:7c:42:0d:53:
                    30:47:dc:4e:ce:53:b2:1a:44:f2:f2:d4:c3:03:44:
                    07:97:9c:b0:2b:5d:e0:b8:f9:62:3f:fe:fd:03:a0:
                    12:43:2c:97:ae:8f:ae:2f:ea:7f:66:8d:93:1a:e2:
                    ed:fd:f7:bf:94:1d:83:1a:04:a9:33:a4:97:ba:9a:
                    5b:79:0d:0c:15:6d:8e:df:73:01:44:f9:b1:af:55:
                    72:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:82:9F:A7:0C:05:65:2A:3C:C1:F5:B4:30:DD:55:98:D6:85:49:6B
            X509v3 Authority Key Identifier:
                keyid:29:AD:8B:FE:07:AD:5D:2C:CB:43:B0:D1:DB:A6:B1:92:CB:51:DB:EA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ka2L_getXSzLQ7DR26axkstR2-o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/83/235d26-7094-4feb-9ca9-378499398f18/1/toKfpwwFZSo8wfW0MN1VmNaFSWs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/83/235d26-7094-4feb-9ca9-378499398f18/1/Ka2L_getXSzLQ7DR26axkstR2-o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:7e00::/29

    Signature Algorithm: sha256WithRSAEncryption
         2f:28:aa:e9:b4:5f:9e:fe:8a:b2:f3:60:8a:50:6f:76:ba:04:
         34:b2:0d:56:ae:8a:36:f1:86:a6:0e:39:bc:7d:4c:18:70:69:
         ab:23:55:86:35:bc:c9:30:ef:ea:79:ac:1f:f6:be:d0:c1:34:
         02:2f:00:26:7e:23:a0:72:d4:57:87:88:e5:de:d5:fe:5f:c7:
         c2:3a:52:57:9e:fa:79:2a:da:36:4d:03:57:3d:a1:7f:c0:db:
         56:55:89:fd:42:4e:bb:6e:19:f1:77:6e:20:c3:0b:a9:16:7f:
         df:7a:ca:ef:dc:46:6a:12:1e:5f:7b:01:1f:1e:10:08:b3:72:
         6b:7f:bb:59:e3:fd:77:16:29:88:de:79:97:a5:3d:43:e3:ea:
         3f:1f:74:3f:a4:72:a7:93:a1:cd:73:a8:78:41:ef:8d:4e:dc:
         74:46:cc:92:ad:98:ac:ba:6d:56:14:e5:77:ff:2c:35:20:f0:
         7e:14:9b:b3:af:28:60:07:8b:a7:ff:17:76:49:c4:e1:3d:6b:
         13:87:73:0f:55:23:2e:2c:72:6e:90:b2:35:41:99:2f:79:1e:
         06:43:76:ae:8d:36:9d:dd:7a:41:ba:b2:f8:14:bc:87:cc:ed:
         88:a5:b5:c5:c0:8e:33:2b:11:3b:e0:18:97:e6:42:7a:91:3b:
         21:cd:84:f5
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzI3q67DwqXzgt/aRWU12Y0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5YWQ4YmZlMDdhZDVkMmNjYjQzYjBkMWRiYTZiMTkyY2I1
MWRiZWEwHhcNMjQwMTAyMDYzMTI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNjgyOWZhNzBjMDU2NTJhM2NjMWY1YjQzMGRkNTU5OGQ2ODU0OTZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAql5aC0Pt8cWFNeoOu14T2/ezAg6q
u8YcygUjHuxxCMnfuFzzFHs5pITAOrlYJ9aTXKeCLtou3FTxI+FAyYOzkChkQqCi
iDNaT8ETGW7BAamaIM3egvf+jV5DVbDDlyNUg+HnpNWOxbpHs9ssmW1XZkJB7lt5
Jk02By88a9+fcWbLbI4f6YQI8dPrlcQ7M8mIeJtW9rr7f9IRvRyI6itM+N4NzmL7
MzXlsaOFrX6km3xCDVMwR9xOzlOyGkTy8tTDA0QHl5ywK13guPliP/79A6ASQyyX
ro+uL+p/Zo2TGuLt/fe/lB2DGgSpM6SXuppbeQ0MFW2O33MBRPmxr1VyNwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFLaCn6cMBWUqPMH1tDDdVZjWhUlrMB8GA1UdIwQY
MBaAFCmti/4HrV0sy0Ow0dumsZLLUdvqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS2EyTF9nZXRYU3pMUTdEUjI2YXhrc3RSMi1vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84My8yMzVkMjYtNzA5NC00ZmViLTljYTkt
Mzc4NDk5Mzk4ZjE4LzEvdG9LZnB3d0ZaU284d2ZXME1OMVZtTmFGU1dzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84My8yMzVkMjYtNzA5NC00ZmViLTljYTktMzc4NDk5Mzk4ZjE4
LzEvS2EyTF9nZXRYU3pMUTdEUjI2YXhrc3RSMi1vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKgF+ADAN
BgkqhkiG9w0BAQsFAAOCAQEALyiq6bRfnv6KsvNgilBvdroENLINVq6KNvGGpg45
vH1MGHBpqyNVhjW8yTDv6nmsH/a+0ME0Ai8AJn4joHLUV4eI5d7V/l/HwjpSV576
eSraNk0DVz2hf8DbVlWJ/UJOu24Z8XduIMMLqRZ/33rK79xGahIeX3sBHx4QCLNy
a3+7WeP9dxYpiN55l6U9Q+PqPx90P6Ryp5OhzXOoeEHvjU7cdEbMkq2YrLptVhTl
d/8sNSDwfhSbs68oYAeLp/8XdknE4T1rE4dzD1UjLixybpCyNUGZL3keBkN2ro02
nd16Qbqy+BS8h8ztiKW1xcCOMysRO+AYl+ZCepE7Ic2E9Q==
-----END CERTIFICATE-----