Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/0f1f9f-5a51-4bd6-bf30-39a24388a5e8/1/4pZDfLtTMsuZu9B01GQAPGaFf_w.roa
File:                     4pZDfLtTMsuZu9B01GQAPGaFf_w.roa (raw, json)
Hash identifier:          Jrmbo91ut29s5OUL1zxZu0vF8ezQ/eJyH1hMEP3PDno=
Subject key identifier:   E2:96:43:7C:BB:53:32:CB:99:BB:D0:74:D4:64:00:3C:66:85:7F:FC
Certificate issuer:       /CN=f6137c597d1e30cb75618e51f42b7f79ed5ffc88
Certificate serial:       018EF6143FDE294E5DBE52D339BF98A1691A
Authority key identifier: F6:13:7C:59:7D:1E:30:CB:75:61:8E:51:F4:2B:7F:79:ED:5F:FC:88
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9hN8WX0eMMt1YY5R9Ct_ee1f_Ig.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/0f1f9f-5a51-4bd6-bf30-39a24388a5e8/1/4pZDfLtTMsuZu9B01GQAPGaFf_w.roa
Signing time:             Fri 19 Apr 2024 11:18:25 +0000
ROA not before:           Fri 19 Apr 2024 11:18:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213220
IP address blocks:        2a0c:7b82::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bf/0f1f9f-5a51-4bd6-bf30-39a24388a5e8/1/9hN8WX0eMMt1YY5R9Ct_ee1f_Ig.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bf/0f1f9f-5a51-4bd6-bf30-39a24388a5e8/1/9hN8WX0eMMt1YY5R9Ct_ee1f_Ig.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9hN8WX0eMMt1YY5R9Ct_ee1f_Ig.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 11:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:f6:14:3f:de:29:4e:5d:be:52:d3:39:bf:98:a1:69:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f6137c597d1e30cb75618e51f42b7f79ed5ffc88
        Validity
            Not Before: Apr 19 11:18:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e296437cbb5332cb99bbd074d464003c66857ffc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:18:0a:26:c8:98:5a:89:3c:bd:9a:c7:19:c3:
                    a8:cb:d2:fe:e6:88:35:9c:bf:09:14:1a:49:cb:1a:
                    dd:2b:ce:e4:6b:11:1a:4d:b9:46:24:dc:d7:0a:4b:
                    80:99:78:48:31:b8:22:eb:14:71:a3:5b:04:6d:9d:
                    e0:de:b2:d7:2f:75:88:21:55:e3:bf:ae:4f:0a:eb:
                    64:06:ef:69:94:b2:0f:bf:de:e0:14:17:1a:02:f6:
                    bd:f8:4a:e1:18:c9:f5:d7:49:50:1f:fc:1e:62:02:
                    a1:c7:70:79:81:33:ea:1c:fb:2d:0a:76:8d:4a:bd:
                    dc:6e:d4:5c:58:be:78:7c:4a:e7:a6:fc:72:2a:59:
                    97:81:e6:38:bf:82:6c:ef:fc:48:ed:af:39:58:6e:
                    7d:27:13:2d:0c:f9:b9:f3:cc:90:4c:6c:13:9e:4e:
                    cd:dc:0a:f4:73:b9:c6:d2:ec:e8:b9:66:c8:66:d8:
                    fc:80:e1:df:50:2b:2a:a8:04:95:22:23:69:5f:06:
                    20:5e:78:88:6b:19:5c:61:b3:b0:0c:ca:c0:60:05:
                    d7:4f:ae:a7:20:d8:81:83:7f:06:65:7b:8e:77:ea:
                    a3:c6:3d:68:ce:e5:11:36:38:fc:ba:12:66:62:ba:
                    eb:ab:75:91:1f:0d:70:ad:dd:3c:8a:4c:2e:80:4f:
                    52:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:96:43:7C:BB:53:32:CB:99:BB:D0:74:D4:64:00:3C:66:85:7F:FC
            X509v3 Authority Key Identifier:
                keyid:F6:13:7C:59:7D:1E:30:CB:75:61:8E:51:F4:2B:7F:79:ED:5F:FC:88

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9hN8WX0eMMt1YY5R9Ct_ee1f_Ig.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/0f1f9f-5a51-4bd6-bf30-39a24388a5e8/1/4pZDfLtTMsuZu9B01GQAPGaFf_w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/0f1f9f-5a51-4bd6-bf30-39a24388a5e8/1/9hN8WX0eMMt1YY5R9Ct_ee1f_Ig.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:7b82::/32

    Signature Algorithm: sha256WithRSAEncryption
         1d:c0:14:57:e9:f5:fb:11:03:2a:6d:e1:55:65:1f:8d:73:9f:
         db:f3:70:5f:ed:7f:7b:e6:d0:a4:38:ff:13:0f:de:2a:d6:a8:
         ff:f6:5c:d3:3d:9d:e0:9e:b9:f0:37:39:7c:3e:a4:80:9b:b2:
         89:a7:9e:a0:45:9f:90:3a:90:c8:66:eb:d1:1f:4d:04:8b:0f:
         3b:f6:e0:7f:ed:46:68:76:50:08:02:68:f9:21:63:aa:df:42:
         1c:3e:2d:ad:be:74:9d:70:82:45:cb:20:71:9b:e7:fe:7b:f9:
         8f:ef:56:31:46:be:17:0c:9a:c0:2c:e8:6c:61:00:ec:01:bb:
         cd:a1:f8:d3:d3:95:5f:5d:2c:5a:cc:8f:2b:6d:72:c1:95:22:
         7f:fc:17:01:a9:f2:78:40:73:07:6e:0c:1c:85:a5:d5:da:aa:
         cd:3b:b7:9e:84:a5:35:d5:35:5c:0e:01:bb:ad:0f:03:f6:be:
         6d:22:6b:ef:61:22:7f:ed:d2:6f:a6:b8:93:3d:34:f9:d9:09:
         6d:bd:fa:02:65:30:b7:37:f4:26:3c:5d:53:68:b2:d8:69:d7:
         0b:7c:c2:b9:8d:df:e6:a8:b2:62:b2:90:84:91:29:c0:43:c6:
         e7:68:0b:bb:1c:5e:57:61:ee:b3:18:34:35:6c:50:c5:3f:a8:
         1a:42:70:1f
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAY72FD/eKU5dvlLTOb+YoWkaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY2MTM3YzU5N2QxZTMwY2I3NTYxOGU1MWY0MmI3Zjc5ZWQ1
ZmZjODgwHhcNMjQwNDE5MTExODI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMjk2NDM3Y2JiNTMzMmNiOTliYmQwNzRkNDY0MDAzYzY2ODU3ZmZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArBgKJsiYWok8vZrHGcOoy9L+5og1
nL8JFBpJyxrdK87kaxEaTblGJNzXCkuAmXhIMbgi6xRxo1sEbZ3g3rLXL3WIIVXj
v65PCutkBu9plLIPv97gFBcaAva9+ErhGMn110lQH/weYgKhx3B5gTPqHPstCnaN
Sr3cbtRcWL54fErnpvxyKlmXgeY4v4Js7/xI7a85WG59JxMtDPm588yQTGwTnk7N
3Ar0c7nG0uzouWbIZtj8gOHfUCsqqASVIiNpXwYgXniIaxlcYbOwDMrAYAXXT66n
INiBg38GZXuOd+qjxj1ozuURNjj8uhJmYrrrq3WRHw1wrd08ikwugE9SqQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFOKWQ3y7UzLLmbvQdNRkADxmhX/8MB8GA1UdIwQY
MBaAFPYTfFl9HjDLdWGOUfQrf3ntX/yIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOWhOOFdYMGVNTXQxWVk1UjlDdF9lZTFmX0lnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi8wZjFmOWYtNWE1MS00YmQ2LWJmMzAt
MzlhMjQzODhhNWU4LzEvNHBaRGZMdFRNc3VadTlCMDFHUUFQR2FGZl93LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi8wZjFmOWYtNWE1MS00YmQ2LWJmMzAtMzlhMjQzODhhNWU4
LzEvOWhOOFdYMGVNTXQxWVk1UjlDdF9lZTFmX0lnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgx7gjAN
BgkqhkiG9w0BAQsFAAOCAQEAHcAUV+n1+xEDKm3hVWUfjXOf2/NwX+1/e+bQpDj/
Ew/eKtao//Zc0z2d4J658Dc5fD6kgJuyiaeeoEWfkDqQyGbr0R9NBIsPO/bgf+1G
aHZQCAJo+SFjqt9CHD4trb50nXCCRcsgcZvn/nv5j+9WMUa+FwyawCzobGEA7AG7
zaH409OVX10sWsyPK21ywZUif/wXAanyeEBzB24MHIWl1dqqzTu3noSlNdU1XA4B
u60PA/a+bSJr72Eif+3Sb6a4kz00+dkJbb36AmUwtzf0JjxdU2iy2GnXC3zCuY3f
5qiyYrKQhJEpwEPG52gLuxxeV2Husxg0NWxQxT+oGkJwHw==
-----END CERTIFICATE-----