Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/98/c983aa-b61e-4ed8-8e81-bc1e55c69755/1/tf0PnjLIz4bcBwGfAarlypTIsaQ.roa
File:                     tf0PnjLIz4bcBwGfAarlypTIsaQ.roa (raw, json)
Hash identifier:          WuHZjvxL7HH6NcFKKesYVln+Hkz9qAB0F8qdqAsZoKg=
Subject key identifier:   B5:FD:0F:9E:32:C8:CF:86:DC:07:01:9F:01:AA:E5:CA:94:C8:B1:A4
Certificate issuer:       /CN=0a23e2f0b064087fd84f048b1fa9997023d599e1
Certificate serial:       018CC795297ED8739795C121DE8AA2C6C378
Authority key identifier: 0A:23:E2:F0:B0:64:08:7F:D8:4F:04:8B:1F:A9:99:70:23:D5:99:E1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CiPi8LBkCH_YTwSLH6mZcCPVmeE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/98/c983aa-b61e-4ed8-8e81-bc1e55c69755/1/tf0PnjLIz4bcBwGfAarlypTIsaQ.roa
Signing time:             Tue 02 Jan 2024 00:31:30 +0000
ROA not before:           Tue 02 Jan 2024 00:31:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208272
IP address blocks:        2a0b:7980::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/98/c983aa-b61e-4ed8-8e81-bc1e55c69755/1/CiPi8LBkCH_YTwSLH6mZcCPVmeE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/98/c983aa-b61e-4ed8-8e81-bc1e55c69755/1/CiPi8LBkCH_YTwSLH6mZcCPVmeE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CiPi8LBkCH_YTwSLH6mZcCPVmeE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 18 Jun 2024 02:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:29:7e:d8:73:97:95:c1:21:de:8a:a2:c6:c3:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0a23e2f0b064087fd84f048b1fa9997023d599e1
        Validity
            Not Before: Jan  2 00:31:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b5fd0f9e32c8cf86dc07019f01aae5ca94c8b1a4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:7e:fe:43:28:c2:ff:d5:9c:c6:9e:95:04:5f:
                    93:fe:ef:8b:85:1b:95:25:00:40:3f:c9:fd:cf:4b:
                    b9:18:16:a3:09:74:ba:9e:8b:bb:1d:59:ec:6f:7f:
                    9d:02:b2:8b:6b:6c:f8:18:fc:f5:9f:6e:c1:e8:a0:
                    60:5a:6e:e4:09:5e:4f:01:e4:f8:7e:cf:5a:1c:86:
                    b1:2e:33:8a:2c:c8:35:12:56:5b:12:ae:99:c6:16:
                    15:b1:0a:8e:90:ee:58:12:7b:5b:31:f6:a1:fc:cd:
                    5c:b3:78:b3:12:22:29:0d:23:c9:57:8b:a8:57:c6:
                    75:6a:12:43:89:2e:68:dd:45:6f:04:0e:5b:3c:73:
                    9d:f9:a3:64:8c:84:7e:2f:40:a8:72:f1:8e:91:70:
                    e2:46:a5:9c:9a:9b:9a:59:24:38:c8:dc:18:27:43:
                    f2:e1:ab:97:9e:57:06:c7:ad:1e:fb:90:05:c1:60:
                    14:03:4d:82:a3:4f:e4:ab:11:48:08:a1:4d:e7:c0:
                    db:bc:c0:92:95:ca:69:be:bd:79:33:df:c0:39:2e:
                    93:38:20:e3:23:72:cf:a7:e2:11:33:60:fb:d9:6f:
                    90:5d:91:43:38:08:23:da:4f:0e:dd:e2:0f:7b:91:
                    e5:11:8f:ea:ec:48:0f:cd:5b:51:72:94:9b:5c:ce:
                    1a:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:FD:0F:9E:32:C8:CF:86:DC:07:01:9F:01:AA:E5:CA:94:C8:B1:A4
            X509v3 Authority Key Identifier:
                keyid:0A:23:E2:F0:B0:64:08:7F:D8:4F:04:8B:1F:A9:99:70:23:D5:99:E1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CiPi8LBkCH_YTwSLH6mZcCPVmeE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/98/c983aa-b61e-4ed8-8e81-bc1e55c69755/1/tf0PnjLIz4bcBwGfAarlypTIsaQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/98/c983aa-b61e-4ed8-8e81-bc1e55c69755/1/CiPi8LBkCH_YTwSLH6mZcCPVmeE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:7980::/29

    Signature Algorithm: sha256WithRSAEncryption
         7d:19:e4:2a:c8:9f:d9:30:cb:43:28:21:a6:0a:fa:fb:79:1e:
         6d:19:1c:7d:90:46:ba:c5:e8:02:09:b8:19:34:9c:f8:43:a9:
         ae:55:5b:a3:be:d1:40:d7:c3:d6:ba:09:7b:47:6a:7f:6e:dd:
         7d:d5:fa:c9:64:3b:c2:8b:52:2d:e3:ad:9e:92:a5:77:db:b8:
         fa:53:0e:97:6d:c2:1f:30:d2:8c:0d:b9:ca:00:9c:e6:e9:ac:
         7c:45:89:72:52:41:48:e4:8f:c6:83:32:bc:22:33:e7:e2:1d:
         92:e5:d9:de:5b:63:3b:0b:e9:04:9c:33:76:28:f6:df:33:41:
         66:19:8b:1e:82:70:df:9a:a6:69:cf:87:27:37:90:d8:fd:80:
         d4:ba:ea:0b:20:e0:ee:39:57:6c:df:18:0c:15:56:43:90:02:
         10:9f:de:4c:fd:a3:a2:f9:a4:cb:c7:d6:13:92:87:85:c9:8d:
         ef:36:50:79:fa:84:b0:60:ad:96:10:9e:0d:03:98:6b:df:b3:
         08:e9:8d:41:08:3f:2a:db:77:20:6e:e7:86:6c:75:70:9a:71:
         85:2b:63:17:e0:4c:38:74:1e:ff:89:a1:97:64:ab:c8:fb:d6:
         2e:63:a1:07:25:a2:5a:3e:39:30:16:46:b3:04:a2:4c:fc:c5:
         b7:93:f5:fa
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzHlSl+2HOXlcEh3oqixsN4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBhMjNlMmYwYjA2NDA4N2ZkODRmMDQ4YjFmYTk5OTcwMjNk
NTk5ZTEwHhcNMjQwMTAyMDAzMTMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNWZkMGY5ZTMyYzhjZjg2ZGMwNzAxOWYwMWFhZTVjYTk0YzhiMWE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj37+QyjC/9Wcxp6VBF+T/u+LhRuV
JQBAP8n9z0u5GBajCXS6nou7HVnsb3+dArKLa2z4GPz1n27B6KBgWm7kCV5PAeT4
fs9aHIaxLjOKLMg1ElZbEq6ZxhYVsQqOkO5YEntbMfah/M1cs3izEiIpDSPJV4uo
V8Z1ahJDiS5o3UVvBA5bPHOd+aNkjIR+L0CocvGOkXDiRqWcmpuaWSQ4yNwYJ0Py
4auXnlcGx60e+5AFwWAUA02Co0/kqxFICKFN58DbvMCSlcppvr15M9/AOS6TOCDj
I3LPp+IRM2D72W+QXZFDOAgj2k8O3eIPe5HlEY/q7EgPzVtRcpSbXM4aSQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFLX9D54yyM+G3AcBnwGq5cqUyLGkMB8GA1UdIwQY
MBaAFAoj4vCwZAh/2E8Eix+pmXAj1ZnhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ2lQaThMQmtDSF9ZVHdTTEg2bVpjQ1BWbWVFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OC9jOTgzYWEtYjYxZS00ZWQ4LThlODEt
YmMxZTU1YzY5NzU1LzEvdGYwUG5qTEl6NGJjQndHZkFhcmx5cFRJc2FRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OC9jOTgzYWEtYjYxZS00ZWQ4LThlODEtYmMxZTU1YzY5NzU1
LzEvQ2lQaThMQmtDSF9ZVHdTTEg2bVpjQ1BWbWVFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKgt5gDAN
BgkqhkiG9w0BAQsFAAOCAQEAfRnkKsif2TDLQyghpgr6+3kebRkcfZBGusXoAgm4
GTSc+EOprlVbo77RQNfD1roJe0dqf27dfdX6yWQ7wotSLeOtnpKld9u4+lMOl23C
HzDSjA25ygCc5umsfEWJclJBSOSPxoMyvCIz5+IdkuXZ3ltjOwvpBJwzdij23zNB
ZhmLHoJw35qmac+HJzeQ2P2A1LrqCyDg7jlXbN8YDBVWQ5ACEJ/eTP2jovmky8fW
E5KHhcmN7zZQefqEsGCtlhCeDQOYa9+zCOmNQQg/Ktt3IG7nhmx1cJpxhStjF+BM
OHQe/4mhl2SryPvWLmOhByWiWj45MBZGswSiTPzFt5P1+g==
-----END CERTIFICATE-----