Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a3/8f3b6f-e86f-467d-aa90-18b1a937a567/1/1-h9YodcJ1W0mp0ptB6vPGtH0V00.roa
File:                     1-h9YodcJ1W0mp0ptB6vPGtH0V00.roa (raw, json)
Hash identifier:          FCUFjmPEfeBXY72gIRJOTXr81aiNbeuYwURt8UCdmXk=
Subject key identifier:   FA:1F:58:A1:D7:09:D5:6D:26:A7:4A:6D:07:AB:CF:1A:D1:F4:57:4D
Certificate issuer:       /CN=8bfca7c96e804505a48b99603d9b2124f1dd3702
Certificate serial:       018CC5DC60605358C9D84358ADB64BD92C8E
Authority key identifier: 8B:FC:A7:C9:6E:80:45:05:A4:8B:99:60:3D:9B:21:24:F1:DD:37:02
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i_ynyW6ARQWki5lgPZshJPHdNwI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a3/8f3b6f-e86f-467d-aa90-18b1a937a567/1/1-h9YodcJ1W0mp0ptB6vPGtH0V00.roa
Signing time:             Mon 01 Jan 2024 16:30:03 +0000
ROA not before:           Mon 01 Jan 2024 16:30:03 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48047
IP address blocks:        2a02:2978:ffff::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a3/8f3b6f-e86f-467d-aa90-18b1a937a567/1/i_ynyW6ARQWki5lgPZshJPHdNwI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a3/8f3b6f-e86f-467d-aa90-18b1a937a567/1/i_ynyW6ARQWki5lgPZshJPHdNwI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i_ynyW6ARQWki5lgPZshJPHdNwI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 23:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:60:60:53:58:c9:d8:43:58:ad:b6:4b:d9:2c:8e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8bfca7c96e804505a48b99603d9b2124f1dd3702
        Validity
            Not Before: Jan  1 16:30:03 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fa1f58a1d709d56d26a74a6d07abcf1ad1f4574d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:5a:00:dd:4a:ed:ee:6b:15:22:80:57:76:bc:
                    b3:e4:d7:06:95:e0:93:82:78:2a:6a:ce:ae:df:e4:
                    7e:60:e5:7c:83:59:d9:67:a7:49:8b:6e:ff:9b:e3:
                    33:4e:15:da:bc:b3:bc:54:18:38:24:59:48:df:51:
                    98:66:f2:6e:84:e2:a4:12:c6:a6:db:28:c6:30:0d:
                    06:bf:9a:33:3a:cf:48:05:bd:35:c9:62:6c:19:99:
                    d3:e9:81:b2:62:a7:ea:56:48:4b:c1:20:e3:97:c5:
                    7a:da:7b:a7:be:7c:0e:a5:9d:eb:89:ed:1e:30:0f:
                    df:f9:9e:71:75:ff:9a:a1:29:0f:e5:06:1b:57:cb:
                    61:22:8e:55:54:2d:c3:a4:9a:b4:7f:0d:28:a6:4e:
                    a6:30:15:5c:65:33:02:0c:79:27:b3:aa:50:24:f6:
                    b5:c9:68:44:56:10:96:69:01:78:61:1c:2b:cf:e2:
                    a5:44:fb:a9:40:6b:fc:48:7d:1b:4d:2b:38:33:c4:
                    e9:fc:38:80:4e:b4:80:41:49:33:02:93:11:e8:2e:
                    37:6d:14:ec:e4:f3:55:c6:3a:a4:ec:b6:62:8b:12:
                    07:47:f4:0d:c1:72:5c:11:8c:b1:99:e3:d8:95:39:
                    35:e4:fc:d6:86:a3:70:8d:ae:72:0b:ec:eb:7b:c1:
                    d6:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:1F:58:A1:D7:09:D5:6D:26:A7:4A:6D:07:AB:CF:1A:D1:F4:57:4D
            X509v3 Authority Key Identifier:
                keyid:8B:FC:A7:C9:6E:80:45:05:A4:8B:99:60:3D:9B:21:24:F1:DD:37:02

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i_ynyW6ARQWki5lgPZshJPHdNwI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/8f3b6f-e86f-467d-aa90-18b1a937a567/1/1-h9YodcJ1W0mp0ptB6vPGtH0V00.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/8f3b6f-e86f-467d-aa90-18b1a937a567/1/i_ynyW6ARQWki5lgPZshJPHdNwI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a02:2978:ffff::/48

    Signature Algorithm: sha256WithRSAEncryption
         9f:62:b9:ad:7f:b6:20:05:73:ca:d0:3a:42:41:b5:75:65:c9:
         60:4f:bf:83:27:ad:a2:d5:a2:15:60:a4:e7:9e:01:92:4a:8e:
         df:e5:74:6d:44:4e:6f:b7:7c:bd:96:21:10:8e:b8:7f:00:e4:
         56:bc:76:1a:b3:49:d0:50:09:ff:a6:8d:f5:e4:3c:61:ef:d3:
         fe:c5:af:ae:45:df:2e:c1:17:dd:97:ed:22:ec:b3:47:a1:c0:
         46:25:fa:c5:d1:0a:dd:c0:f9:b3:13:90:e2:b2:1f:ca:22:fd:
         1c:bd:13:26:22:b3:de:5d:fa:9a:06:16:e8:2c:b5:0d:e9:96:
         8b:fc:0a:c5:c9:29:77:d2:60:85:ae:98:04:09:a3:5e:99:f3:
         75:ea:6e:c2:6e:e9:47:85:91:a4:7b:73:95:2d:66:6b:f1:ff:
         2b:01:bf:25:37:b1:e7:5c:29:d4:d1:73:66:e9:66:03:dd:e1:
         ab:6a:6c:62:0c:c5:b7:22:ca:18:e4:6f:4d:e9:84:3d:44:56:
         77:9d:9e:c7:c4:c8:02:8e:1c:26:7e:ea:d8:f9:15:57:73:c3:
         07:70:70:ed:82:fb:97:f8:76:38:71:14:a1:f9:25:7b:97:be:
         68:dc:a6:85:b2:53:f8:da:a0:25:64:b3:0b:b0:6a:dd:86:cf:
         79:72:95:d0
-----BEGIN CERTIFICATE-----
MIIFATCCA+mgAwIBAgISAYzF3GBgU1jJ2ENYrbZL2SyOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiZmNhN2M5NmU4MDQ1MDVhNDhiOTk2MDNkOWIyMTI0ZjFk
ZDM3MDIwHhcNMjQwMTAxMTYzMDAzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYTFmNThhMWQ3MDlkNTZkMjZhNzRhNmQwN2FiY2YxYWQxZjQ1NzRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj1oA3Urt7msVIoBXdryz5NcGleCT
gngqas6u3+R+YOV8g1nZZ6dJi27/m+MzThXavLO8VBg4JFlI31GYZvJuhOKkEsam
2yjGMA0Gv5ozOs9IBb01yWJsGZnT6YGyYqfqVkhLwSDjl8V62nunvnwOpZ3rie0e
MA/f+Z5xdf+aoSkP5QYbV8thIo5VVC3DpJq0fw0opk6mMBVcZTMCDHkns6pQJPa1
yWhEVhCWaQF4YRwrz+KlRPupQGv8SH0bTSs4M8Tp/DiATrSAQUkzApMR6C43bRTs
5PNVxjqk7LZiixIHR/QNwXJcEYyxmePYlTk15PzWhqNwja5yC+zre8HWGwIDAQAB
o4ICDTCCAgkwHQYDVR0OBBYEFPofWKHXCdVtJqdKbQerzxrR9FdNMB8GA1UdIwQY
MBaAFIv8p8lugEUFpIuZYD2bISTx3TcCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaV95bnlXNkFSUVdraTVsZ1Bac2hKUEhkTndJLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMy84ZjNiNmYtZTg2Zi00NjdkLWFhOTAt
MThiMWE5MzdhNTY3LzEvMS1oOVlvZGNKMVcwbXAwcHRCNnZQR3RIMFYwMC5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvYTMvOGYzYjZmLWU4NmYtNDY3ZC1hYTkwLTE4YjFhOTM3YTU2
Ny8xL2lfeW55VzZBUlFXa2k1bGdQWnNoSlBIZE53SS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoCKXj/
/zANBgkqhkiG9w0BAQsFAAOCAQEAn2K5rX+2IAVzytA6QkG1dWXJYE+/gyetotWi
FWCk554BkkqO3+V0bUROb7d8vZYhEI64fwDkVrx2GrNJ0FAJ/6aN9eQ8Ye/T/sWv
rkXfLsEX3ZftIuyzR6HARiX6xdEK3cD5sxOQ4rIfyiL9HL0TJiKz3l36mgYW6Cy1
DemWi/wKxckpd9Jgha6YBAmjXpnzdepuwm7pR4WRpHtzlS1ma/H/KwG/JTex51wp
1NFzZulmA93hq2psYgzFtyLKGORvTemEPURWd52ex8TIAo4cJn7q2PkVV3PDB3Bw
7YL7l/h2OHEUofkle5e+aNymhbJT+NqgJWSzC7Bq3YbPeXKV0A==
-----END CERTIFICATE-----