Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/4cd064-5e46-4a3f-83c5-86bcb7f59d98/1/PnTtMzNTA_oD_5Uhii64r00AXZI.roa
File:                     PnTtMzNTA_oD_5Uhii64r00AXZI.roa (raw, json)
Hash identifier:          IlsNGCt+dGi/40W2tSx0HIMPOxDDE+DWjdcgDuVpXnQ=
Subject key identifier:   3E:74:ED:33:33:53:03:FA:03:FF:95:21:8A:2E:B8:AF:4D:00:5D:92
Certificate issuer:       /CN=8bcb6154f9c893e0a40b87afa0a2fa27fccf31eb
Certificate serial:       018CC7948078ABAF1CDEB9D2F89F5C097761
Authority key identifier: 8B:CB:61:54:F9:C8:93:E0:A4:0B:87:AF:A0:A2:FA:27:FC:CF:31:EB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i8thVPnIk-CkC4evoKL6J_zPMes.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/4cd064-5e46-4a3f-83c5-86bcb7f59d98/1/PnTtMzNTA_oD_5Uhii64r00AXZI.roa
Signing time:             Tue 02 Jan 2024 00:30:47 +0000
ROA not before:           Tue 02 Jan 2024 00:30:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     31736
IP address blocks:        2a12:44c0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/4cd064-5e46-4a3f-83c5-86bcb7f59d98/1/i8thVPnIk-CkC4evoKL6J_zPMes.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/4cd064-5e46-4a3f-83c5-86bcb7f59d98/1/i8thVPnIk-CkC4evoKL6J_zPMes.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i8thVPnIk-CkC4evoKL6J_zPMes.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 29 Apr 2024 05:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:80:78:ab:af:1c:de:b9:d2:f8:9f:5c:09:77:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8bcb6154f9c893e0a40b87afa0a2fa27fccf31eb
        Validity
            Not Before: Jan  2 00:30:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3e74ed33335303fa03ff95218a2eb8af4d005d92
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:ed:06:84:06:7c:9a:5d:a1:b8:55:67:2b:4e:
                    20:84:6e:85:92:87:4c:92:1c:91:2f:49:20:6f:0d:
                    bb:3d:5e:39:ba:82:83:b6:69:95:ce:4c:10:04:a5:
                    bb:07:34:e8:80:84:e2:1c:34:b7:d5:3e:f5:0c:9f:
                    4b:59:32:bd:40:b0:db:15:d2:24:b3:44:5a:a0:aa:
                    5e:4d:54:b2:20:87:58:f5:6c:16:73:4c:50:cd:97:
                    ba:d6:12:c9:3b:8f:e2:8f:b5:e2:b7:b2:d0:ec:51:
                    9a:83:cf:37:d0:d9:9a:c1:4d:02:73:5d:45:b5:e1:
                    39:40:16:6a:4a:da:5e:27:0d:e8:22:95:6b:0d:7c:
                    b0:2a:f5:a3:f5:83:6d:be:61:a3:14:02:91:74:d9:
                    c5:1d:72:84:54:77:91:96:fe:12:33:c7:47:e4:f4:
                    0c:5c:af:30:2c:25:be:39:6f:bb:7a:0b:f0:13:ab:
                    cc:2b:1d:83:e2:bf:75:17:04:8e:df:26:71:60:19:
                    db:16:58:ac:8b:6b:9d:05:ce:a9:e8:03:42:92:55:
                    70:50:2d:fe:f7:cc:93:c9:f9:c6:99:23:91:3f:34:
                    f6:eb:c6:2c:0b:bd:22:64:60:22:9d:7c:21:2b:ad:
                    d3:19:47:32:e4:4d:e6:55:2a:80:10:13:25:45:f9:
                    c4:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:74:ED:33:33:53:03:FA:03:FF:95:21:8A:2E:B8:AF:4D:00:5D:92
            X509v3 Authority Key Identifier:
                keyid:8B:CB:61:54:F9:C8:93:E0:A4:0B:87:AF:A0:A2:FA:27:FC:CF:31:EB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i8thVPnIk-CkC4evoKL6J_zPMes.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/4cd064-5e46-4a3f-83c5-86bcb7f59d98/1/PnTtMzNTA_oD_5Uhii64r00AXZI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/4cd064-5e46-4a3f-83c5-86bcb7f59d98/1/i8thVPnIk-CkC4evoKL6J_zPMes.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:44c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         6e:a6:11:20:15:05:bf:63:53:c7:6d:b7:b6:a4:eb:07:46:19:
         40:4a:0a:c2:37:35:5c:2f:30:6d:11:2f:ef:2c:1e:50:6b:32:
         bd:f8:e9:dd:f3:7a:c4:4c:f9:e3:84:cc:63:6c:82:de:a9:05:
         84:52:bf:aa:80:53:8c:af:e9:b2:0b:fb:69:58:ea:62:09:6a:
         70:98:59:a1:29:4a:54:20:22:11:92:d7:03:74:2f:c0:95:b2:
         34:85:f7:77:00:aa:44:e7:aa:72:5f:9a:34:bc:bb:5a:6d:8b:
         50:d1:9e:0f:5d:11:ea:3b:6f:01:46:c2:62:06:6e:32:a9:c6:
         87:f9:bb:80:5a:00:83:b9:04:47:45:a1:f3:ee:4e:5f:bb:d2:
         52:49:f8:cb:e5:db:2b:17:cd:3d:c7:a6:97:7d:40:b9:0a:0b:
         50:ea:85:27:c0:36:ad:37:ba:b8:ee:ed:b1:b7:cd:2b:59:c9:
         d4:d3:f6:4f:f1:94:51:27:6d:c7:f2:50:4d:ae:ce:99:77:ba:
         7b:a2:9e:d5:8b:59:57:c9:a6:89:47:2c:3a:ec:bc:bb:64:99:
         d0:b3:05:2b:ef:ab:f1:4c:c9:4e:f9:ba:bd:48:a5:d3:1d:83:
         b0:a1:22:0d:c1:04:3d:9a:68:2c:0c:a5:17:38:a7:1b:b1:aa:
         87:f9:3c:55
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzHlIB4q68c3rnS+J9cCXdhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiY2I2MTU0ZjljODkzZTBhNDBiODdhZmEwYTJmYTI3ZmNj
ZjMxZWIwHhcNMjQwMTAyMDAzMDQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZTc0ZWQzMzMzNTMwM2ZhMDNmZjk1MjE4YTJlYjhhZjRkMDA1ZDkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm+0GhAZ8ml2huFVnK04ghG6FkodM
khyRL0kgbw27PV45uoKDtmmVzkwQBKW7BzTogITiHDS31T71DJ9LWTK9QLDbFdIk
s0RaoKpeTVSyIIdY9WwWc0xQzZe61hLJO4/ij7Xit7LQ7FGag8830NmawU0Cc11F
teE5QBZqStpeJw3oIpVrDXywKvWj9YNtvmGjFAKRdNnFHXKEVHeRlv4SM8dH5PQM
XK8wLCW+OW+7egvwE6vMKx2D4r91FwSO3yZxYBnbFlisi2udBc6p6ANCklVwUC3+
98yTyfnGmSORPzT268YsC70iZGAinXwhK63TGUcy5E3mVSqAEBMlRfnEgwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFD507TMzUwP6A/+VIYouuK9NAF2SMB8GA1UdIwQY
MBaAFIvLYVT5yJPgpAuHr6Ci+if8zzHrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTh0aFZQbklrLUNrQzRldm9LTDZKX3pQTWVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy80Y2QwNjQtNWU0Ni00YTNmLTgzYzUt
ODZiY2I3ZjU5ZDk4LzEvUG5UdE16TlRBX29EXzVVaGlpNjRyMDBBWFpJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy80Y2QwNjQtNWU0Ni00YTNmLTgzYzUtODZiY2I3ZjU5ZDk4
LzEvaTh0aFZQbklrLUNrQzRldm9LTDZKX3pQTWVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhJEwDAN
BgkqhkiG9w0BAQsFAAOCAQEAbqYRIBUFv2NTx223tqTrB0YZQEoKwjc1XC8wbREv
7yweUGsyvfjp3fN6xEz544TMY2yC3qkFhFK/qoBTjK/psgv7aVjqYglqcJhZoSlK
VCAiEZLXA3QvwJWyNIX3dwCqROeqcl+aNLy7Wm2LUNGeD10R6jtvAUbCYgZuMqnG
h/m7gFoAg7kER0Wh8+5OX7vSUkn4y+XbKxfNPceml31AuQoLUOqFJ8A2rTe6uO7t
sbfNK1nJ1NP2T/GUUSdtx/JQTa7OmXe6e6Ke1YtZV8mmiUcsOuy8u2SZ0LMFK++r
8UzJTvm6vUil0x2DsKEiDcEEPZpoLAylFzinG7Gqh/k8VQ==
-----END CERTIFICATE-----