Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/ac6b91-edaf-4486-934e-05db497ac455/1/84MdVQCA0zMJJm-z6slWThzgbnI.roa
File:                     84MdVQCA0zMJJm-z6slWThzgbnI.roa (raw, json)
Hash identifier:          tWeR0MFG8BnFbMKwV2yIq0sksORQta/C1zh7Lhxleak=
Subject key identifier:   F3:83:1D:55:00:80:D3:33:09:26:6F:B3:EA:C9:56:4E:1C:E0:6E:72
Certificate issuer:       /CN=bcce590711ae7fcb016eeb7376b0a7fc7661cb13
Certificate serial:       018CC801D11FC6D0BA02CE9288A8830D96D2
Authority key identifier: BC:CE:59:07:11:AE:7F:CB:01:6E:EB:73:76:B0:A7:FC:76:61:CB:13
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vM5ZBxGuf8sBbutzdrCn_HZhyxM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b1/ac6b91-edaf-4486-934e-05db497ac455/1/84MdVQCA0zMJJm-z6slWThzgbnI.roa
Signing time:             Tue 02 Jan 2024 02:30:11 +0000
ROA not before:           Tue 02 Jan 2024 02:30:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197872
IP address blocks:        2a00:ad40:20::/44 maxlen: 44

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b1/ac6b91-edaf-4486-934e-05db497ac455/1/vM5ZBxGuf8sBbutzdrCn_HZhyxM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b1/ac6b91-edaf-4486-934e-05db497ac455/1/vM5ZBxGuf8sBbutzdrCn_HZhyxM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vM5ZBxGuf8sBbutzdrCn_HZhyxM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:d1:1f:c6:d0:ba:02:ce:92:88:a8:83:0d:96:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bcce590711ae7fcb016eeb7376b0a7fc7661cb13
        Validity
            Not Before: Jan  2 02:30:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f3831d550080d33309266fb3eac9564e1ce06e72
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:09:1f:a4:e6:ef:0b:fc:59:2f:f2:58:d6:0d:
                    53:3c:30:36:1d:a5:b9:69:83:19:d6:f6:17:c9:b9:
                    f9:1d:9c:a6:22:3f:17:4f:5c:f6:83:60:d7:1e:9c:
                    a8:ad:b2:67:73:f7:87:24:70:d1:7d:74:73:5f:b2:
                    cd:db:39:25:5d:ff:93:5a:e4:a3:cc:2c:c7:e4:60:
                    6e:a6:37:03:2c:3f:1d:ae:5e:98:e3:23:12:6c:0b:
                    97:16:2a:31:f2:b5:43:f1:3b:5c:84:9d:31:1a:7a:
                    62:f1:91:e1:2e:f0:de:69:dc:15:f5:43:d7:bc:59:
                    ec:42:b1:d5:47:3c:d6:a4:99:3a:de:6f:94:bc:84:
                    e8:e3:30:f4:10:18:26:e8:15:59:58:56:c6:b8:e3:
                    05:5f:7f:7c:d5:10:52:e7:af:57:22:8b:5d:1d:19:
                    af:79:c6:af:d4:29:67:00:c3:36:54:95:d2:86:cd:
                    39:ab:d7:fa:b6:a5:8f:a6:8c:8e:0e:ad:b9:d1:b3:
                    68:f8:5d:3d:b6:47:69:38:e7:b6:87:ef:34:d2:b1:
                    2e:62:1f:e0:a1:67:f1:dc:d6:93:73:a0:49:d1:4b:
                    fa:13:32:e5:d2:12:02:11:86:90:a1:2f:10:fe:d0:
                    02:fd:ee:80:d8:85:7a:b4:41:35:74:24:59:f7:0c:
                    0f:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:83:1D:55:00:80:D3:33:09:26:6F:B3:EA:C9:56:4E:1C:E0:6E:72
            X509v3 Authority Key Identifier:
                keyid:BC:CE:59:07:11:AE:7F:CB:01:6E:EB:73:76:B0:A7:FC:76:61:CB:13

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vM5ZBxGuf8sBbutzdrCn_HZhyxM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/ac6b91-edaf-4486-934e-05db497ac455/1/84MdVQCA0zMJJm-z6slWThzgbnI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/ac6b91-edaf-4486-934e-05db497ac455/1/vM5ZBxGuf8sBbutzdrCn_HZhyxM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a00:ad40:20::/44

    Signature Algorithm: sha256WithRSAEncryption
         2e:e8:6a:0d:a0:dc:d2:f9:a9:87:d6:60:00:cf:13:b0:d9:73:
         26:96:43:87:73:ad:5d:77:ba:20:8f:40:e0:1a:73:6b:80:bf:
         06:87:e5:91:af:ef:b5:74:fb:3c:c4:f2:fd:59:71:ca:d1:a3:
         a4:a2:14:73:1e:40:2c:17:6d:3b:e7:8c:cb:f5:5b:e8:c3:b0:
         4d:53:d5:52:5e:ed:0f:1e:6d:71:65:4d:f1:2c:82:b3:d9:5d:
         9f:af:99:dc:f7:0f:bf:c6:1c:bb:21:10:e6:0b:a9:43:85:50:
         a5:9d:f0:1e:49:c7:b8:cd:92:4b:30:2b:5f:57:71:43:19:8f:
         e7:3a:3c:33:1a:de:2a:3a:7b:ce:05:5a:03:74:45:a1:b4:73:
         c8:75:ad:e4:19:2b:e7:4b:05:b6:b6:99:23:a2:26:53:61:3d:
         0d:ae:2c:35:d9:ac:98:3a:4c:9e:ce:2f:0d:53:ae:1b:1a:48:
         3b:37:f2:1f:f4:af:7b:25:d9:38:73:e6:a4:91:79:b6:63:76:
         2e:2d:40:a6:f3:0f:b8:c4:b0:57:e5:3d:a3:1b:60:5d:e3:5f:
         32:5e:66:91:d6:31:d3:f3:8a:53:b6:cb:1c:f9:41:d0:50:12:
         b4:11:27:7b:a9:53:7b:ed:ee:4d:3a:a3:be:38:37:54:56:be:
         a4:fe:0d:f5
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzIAdEfxtC6As6SiKiDDZbSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJjY2U1OTA3MTFhZTdmY2IwMTZlZWI3Mzc2YjBhN2ZjNzY2
MWNiMTMwHhcNMjQwMTAyMDIzMDExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMzgzMWQ1NTAwODBkMzMzMDkyNjZmYjNlYWM5NTY0ZTFjZTA2ZTcyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoQkfpObvC/xZL/JY1g1TPDA2HaW5
aYMZ1vYXybn5HZymIj8XT1z2g2DXHpyorbJnc/eHJHDRfXRzX7LN2zklXf+TWuSj
zCzH5GBupjcDLD8drl6Y4yMSbAuXFiox8rVD8TtchJ0xGnpi8ZHhLvDeadwV9UPX
vFnsQrHVRzzWpJk63m+UvITo4zD0EBgm6BVZWFbGuOMFX3981RBS569XIotdHRmv
ecav1ClnAMM2VJXShs05q9f6tqWPpoyODq250bNo+F09tkdpOOe2h+800rEuYh/g
oWfx3NaTc6BJ0Uv6EzLl0hICEYaQoS8Q/tAC/e6A2IV6tEE1dCRZ9wwPRQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFPODHVUAgNMzCSZvs+rJVk4c4G5yMB8GA1UdIwQY
MBaAFLzOWQcRrn/LAW7rc3awp/x2YcsTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdk01WkJ4R3VmOHNCYnV0emRyQ25fSFpoeXhNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS9hYzZiOTEtZWRhZi00NDg2LTkzNGUt
MDVkYjQ5N2FjNDU1LzEvODRNZFZRQ0Ewek1KSm0tejZzbFdUaHpnYm5JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS9hYzZiOTEtZWRhZi00NDg2LTkzNGUtMDVkYjQ5N2FjNDU1
LzEvdk01WkJ4R3VmOHNCYnV0emRyQ25fSFpoeXhNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgCtQAAg
MA0GCSqGSIb3DQEBCwUAA4IBAQAu6GoNoNzS+amH1mAAzxOw2XMmlkOHc61dd7og
j0DgGnNrgL8Gh+WRr++1dPs8xPL9WXHK0aOkohRzHkAsF20754zL9Vvow7BNU9VS
Xu0PHm1xZU3xLIKz2V2fr5nc9w+/xhy7IRDmC6lDhVClnfAeSce4zZJLMCtfV3FD
GY/nOjwzGt4qOnvOBVoDdEWhtHPIda3kGSvnSwW2tpkjoiZTYT0Nriw12ayYOkye
zi8NU64bGkg7N/If9K97Jdk4c+akkXm2Y3YuLUCm8w+4xLBX5T2jG2Bd418yXmaR
1jHT84pTtssc+UHQUBK0ESd7qVN77e5NOqO+ODdUVr6k/g31
-----END CERTIFICATE-----