Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8c/a6c008-dfdf-47ba-a7e6-25eded73fc70/1/Z7TptFWPnd0k4XqtfPlth6oScLk.roa
File:                     Z7TptFWPnd0k4XqtfPlth6oScLk.roa (raw, json)
Hash identifier:          HzAEbhb8cVoFnWDIpvhwEtv1K1yld4BAIWWKrcXVTKE=
Subject key identifier:   67:B4:E9:B4:55:8F:9D:DD:24:E1:7A:AD:7C:F9:6D:87:AA:12:70:B9
Certificate issuer:       /CN=ccf94814139e50cf0ad138f03dcc7f35b8b4dfb4
Certificate serial:       018CC2DAF8FE0F0AC012916EC6B5794F6D8D
Authority key identifier: CC:F9:48:14:13:9E:50:CF:0A:D1:38:F0:3D:CC:7F:35:B8:B4:DF:B4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zPlIFBOeUM8K0TjwPcx_Nbi037Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8c/a6c008-dfdf-47ba-a7e6-25eded73fc70/1/Z7TptFWPnd0k4XqtfPlth6oScLk.roa
Signing time:             Mon 01 Jan 2024 02:29:39 +0000
ROA not before:           Mon 01 Jan 2024 02:29:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     25596
IP address blocks:        2a02:58::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8c/a6c008-dfdf-47ba-a7e6-25eded73fc70/1/zPlIFBOeUM8K0TjwPcx_Nbi037Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8c/a6c008-dfdf-47ba-a7e6-25eded73fc70/1/zPlIFBOeUM8K0TjwPcx_Nbi037Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zPlIFBOeUM8K0TjwPcx_Nbi037Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:f8:fe:0f:0a:c0:12:91:6e:c6:b5:79:4f:6d:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ccf94814139e50cf0ad138f03dcc7f35b8b4dfb4
        Validity
            Not Before: Jan  1 02:29:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=67b4e9b4558f9ddd24e17aad7cf96d87aa1270b9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:0b:a9:27:76:b8:67:d8:71:d8:f3:ed:b2:87:
                    4a:53:91:6b:eb:fe:79:02:c6:7b:6f:a2:b2:e9:aa:
                    33:09:e8:ca:f0:7c:da:ac:1d:59:2e:0a:ac:c5:8a:
                    9b:8f:6d:b2:eb:93:8e:d7:6e:7a:bc:2f:5a:48:b6:
                    e9:25:4c:be:e3:7a:3d:09:b9:35:45:7f:ca:97:28:
                    0a:45:eb:be:1e:f3:12:4b:9a:19:9c:c1:75:d0:f4:
                    d1:ad:97:c3:1d:58:75:da:4c:95:bc:88:e9:66:69:
                    f8:31:31:2a:d8:23:7e:d8:1b:4c:14:e6:8d:6f:fd:
                    af:d0:50:9e:89:77:54:1b:7a:20:5d:6a:23:17:7f:
                    e3:a3:b5:cb:66:dc:02:c0:b0:f3:6d:43:6f:c0:cd:
                    91:24:16:a0:c1:7d:64:34:b7:8e:07:ad:ba:a0:08:
                    c1:a7:75:8c:cb:50:45:3e:23:68:b1:44:47:17:2e:
                    75:28:ba:d4:ae:28:a2:7a:54:1f:fa:a0:45:3d:1a:
                    3b:90:3b:63:f0:66:ce:75:27:10:3a:0c:a1:11:b0:
                    d7:ef:55:59:29:c7:8e:02:00:21:c7:d3:2b:18:94:
                    d2:da:a3:86:70:9f:b3:af:e4:1e:38:35:5b:34:09:
                    62:16:38:36:18:a8:a9:c6:9f:5c:33:1c:8f:61:3b:
                    3e:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:B4:E9:B4:55:8F:9D:DD:24:E1:7A:AD:7C:F9:6D:87:AA:12:70:B9
            X509v3 Authority Key Identifier:
                keyid:CC:F9:48:14:13:9E:50:CF:0A:D1:38:F0:3D:CC:7F:35:B8:B4:DF:B4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zPlIFBOeUM8K0TjwPcx_Nbi037Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8c/a6c008-dfdf-47ba-a7e6-25eded73fc70/1/Z7TptFWPnd0k4XqtfPlth6oScLk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8c/a6c008-dfdf-47ba-a7e6-25eded73fc70/1/zPlIFBOeUM8K0TjwPcx_Nbi037Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a02:58::/32

    Signature Algorithm: sha256WithRSAEncryption
         07:74:31:b2:03:1b:8e:1c:52:3a:00:1d:2a:28:c4:36:29:06:
         4c:6d:d0:4f:64:b2:85:06:47:0c:fa:02:c4:71:f8:75:60:2d:
         60:c8:d5:ab:e9:16:7b:6f:4b:63:5f:d3:6c:c2:6a:d3:5e:da:
         b4:0a:b2:57:4b:e3:84:18:af:e6:f4:f9:83:dc:ef:18:92:dc:
         24:ba:06:a5:d3:14:4f:bc:23:fd:43:8c:f5:a7:27:93:27:23:
         76:8a:90:6e:ae:96:48:ba:5f:99:5f:e7:56:ed:25:6b:87:f9:
         d5:47:f8:be:f6:52:b7:7d:d5:8e:a4:52:22:a5:02:8b:1b:c2:
         8f:75:fc:43:fa:bc:54:2f:86:00:97:ca:5b:2a:d9:24:71:78:
         e6:62:77:76:12:ee:67:7e:cb:af:18:93:bb:3e:6d:52:28:03:
         31:19:67:82:a4:d0:a1:e3:79:3d:7a:58:9c:b0:38:8a:43:98:
         d7:9b:bc:92:f6:14:9d:12:c8:76:6a:9c:46:b2:7a:8d:5c:14:
         23:9e:21:43:3b:13:ed:8e:d0:d1:69:c1:69:9b:8c:57:72:0e:
         5d:96:34:72:aa:7f:d7:95:13:af:d6:7a:fa:34:96:f6:97:14:
         4a:62:77:59:d8:36:d9:a6:b6:f5:ec:27:12:b3:92:dc:80:fa:
         7e:39:68:54
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzC2vj+DwrAEpFuxrV5T22NMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNjZjk0ODE0MTM5ZTUwY2YwYWQxMzhmMDNkY2M3ZjM1Yjhi
NGRmYjQwHhcNMjQwMTAxMDIyOTM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2N2I0ZTliNDU1OGY5ZGRkMjRlMTdhYWQ3Y2Y5NmQ4N2FhMTI3MGI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjAupJ3a4Z9hx2PPtsodKU5Fr6/55
AsZ7b6Ky6aozCejK8HzarB1ZLgqsxYqbj22y65OO1256vC9aSLbpJUy+43o9Cbk1
RX/KlygKReu+HvMSS5oZnMF10PTRrZfDHVh12kyVvIjpZmn4MTEq2CN+2BtMFOaN
b/2v0FCeiXdUG3ogXWojF3/jo7XLZtwCwLDzbUNvwM2RJBagwX1kNLeOB626oAjB
p3WMy1BFPiNosURHFy51KLrUriiielQf+qBFPRo7kDtj8GbOdScQOgyhEbDX71VZ
KceOAgAhx9MrGJTS2qOGcJ+zr+QeODVbNAliFjg2GKipxp9cMxyPYTs+EwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFGe06bRVj53dJOF6rXz5bYeqEnC5MB8GA1UdIwQY
MBaAFMz5SBQTnlDPCtE48D3MfzW4tN+0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvelBsSUZCT2VVTThLMFRqd1BjeF9OYmkwMzdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yy9hNmMwMDgtZGZkZi00N2JhLWE3ZTYt
MjVlZGVkNzNmYzcwLzEvWjdUcHRGV1BuZDBrNFhxdGZQbHRoNm9TY0xrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yy9hNmMwMDgtZGZkZi00N2JhLWE3ZTYtMjVlZGVkNzNmYzcw
LzEvelBsSUZCT2VVTThLMFRqd1BjeF9OYmkwMzdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgIAWDAN
BgkqhkiG9w0BAQsFAAOCAQEAB3QxsgMbjhxSOgAdKijENikGTG3QT2SyhQZHDPoC
xHH4dWAtYMjVq+kWe29LY1/TbMJq017atAqyV0vjhBiv5vT5g9zvGJLcJLoGpdMU
T7wj/UOM9acnkycjdoqQbq6WSLpfmV/nVu0la4f51Uf4vvZSt33VjqRSIqUCixvC
j3X8Q/q8VC+GAJfKWyrZJHF45mJ3dhLuZ37LrxiTuz5tUigDMRlngqTQoeN5PXpY
nLA4ikOY15u8kvYUnRLIdmqcRrJ6jVwUI54hQzsT7Y7Q0WnBaZuMV3IOXZY0cqp/
15UTr9Z6+jSW9pcUSmJ3Wdg22aa29ewnErOS3ID6fjloVA==
-----END CERTIFICATE-----