Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/96fa68-f2b1-4aaf-b50f-91e27b9cfba6/1/1-ypIMp7MvreMtg-3BuEBTaSGaMs.roa
File:                     1-ypIMp7MvreMtg-3BuEBTaSGaMs.roa (raw, json)
Hash identifier:          gPXiq80+vsiT6xBE3SQ4MXYTmAixxsFQRaQnjOeT/Ks=
Subject key identifier:   FB:2A:48:32:9E:CC:BE:B7:8C:B6:0F:B7:06:E1:01:4D:A4:86:68:CB
Certificate issuer:       /CN=f12465bd246f22311ce9b05eeb49f7b7914b2a0a
Certificate serial:       018FE737FE84AA82EA904B1FC100334C8DBE
Authority key identifier: F1:24:65:BD:24:6F:22:31:1C:E9:B0:5E:EB:49:F7:B7:91:4B:2A:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8SRlvSRvIjEc6bBe60n3t5FLKgo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/96fa68-f2b1-4aaf-b50f-91e27b9cfba6/1/1-ypIMp7MvreMtg-3BuEBTaSGaMs.roa
Signing time:             Wed 05 Jun 2024 07:05:57 +0000
ROA not before:           Wed 05 Jun 2024 07:05:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204056
IP address blocks:        2a07:2700::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bf/96fa68-f2b1-4aaf-b50f-91e27b9cfba6/1/8SRlvSRvIjEc6bBe60n3t5FLKgo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bf/96fa68-f2b1-4aaf-b50f-91e27b9cfba6/1/8SRlvSRvIjEc6bBe60n3t5FLKgo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8SRlvSRvIjEc6bBe60n3t5FLKgo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:e7:37:fe:84:aa:82:ea:90:4b:1f:c1:00:33:4c:8d:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f12465bd246f22311ce9b05eeb49f7b7914b2a0a
        Validity
            Not Before: Jun  5 07:05:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fb2a48329eccbeb78cb60fb706e1014da48668cb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:08:00:aa:31:6f:4e:be:d1:7e:08:d5:0c:ea:
                    94:5e:ff:9b:0f:39:9a:5d:ed:b2:db:21:83:a4:99:
                    74:0c:6b:5c:55:30:ec:6a:1e:d0:f9:4a:6b:15:16:
                    a0:6f:93:18:e6:f6:aa:9e:e7:d7:08:58:23:38:d0:
                    ce:4c:dc:71:55:68:9c:4c:fb:c9:ed:6b:bc:92:d1:
                    70:ee:ee:17:d3:18:49:6a:e3:d0:f1:fc:49:cc:ad:
                    51:12:d3:88:47:db:4c:3a:cf:5f:ad:7f:a3:93:da:
                    f4:6d:5d:47:91:03:5b:6e:1c:7b:7a:02:88:7d:6e:
                    53:a8:8f:c3:4d:30:3e:e7:57:59:64:39:31:7a:a5:
                    e2:3f:0f:87:3a:3e:ee:e1:b8:3a:42:06:64:3f:84:
                    f0:e2:73:af:2a:80:9c:27:d0:15:1a:b7:6c:87:90:
                    bc:56:a0:d4:6a:0a:7c:1c:24:f8:1b:dc:a9:02:7e:
                    96:c9:bf:f2:ff:eb:be:d4:ab:55:ea:5e:ce:0f:4d:
                    30:9d:29:e4:8c:2b:d8:4e:5f:4d:3e:b6:a1:b2:a2:
                    53:25:43:d5:8f:58:26:9a:41:49:ff:07:43:5b:6b:
                    5f:f3:1f:89:2e:d6:ec:39:e0:8d:49:fc:65:57:a9:
                    8e:f8:17:d0:42:38:75:54:7e:40:da:d6:d6:8e:ca:
                    f8:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FB:2A:48:32:9E:CC:BE:B7:8C:B6:0F:B7:06:E1:01:4D:A4:86:68:CB
            X509v3 Authority Key Identifier:
                keyid:F1:24:65:BD:24:6F:22:31:1C:E9:B0:5E:EB:49:F7:B7:91:4B:2A:0A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8SRlvSRvIjEc6bBe60n3t5FLKgo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/96fa68-f2b1-4aaf-b50f-91e27b9cfba6/1/1-ypIMp7MvreMtg-3BuEBTaSGaMs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/96fa68-f2b1-4aaf-b50f-91e27b9cfba6/1/8SRlvSRvIjEc6bBe60n3t5FLKgo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a07:2700::/29

    Signature Algorithm: sha256WithRSAEncryption
         b1:00:00:fb:e7:b6:8b:96:d4:ff:e1:b0:5c:1e:c7:b5:fe:4f:
         a9:79:bb:26:2a:11:82:1c:b5:78:07:9c:be:de:29:4f:47:15:
         5e:a9:ab:9f:a2:65:fa:e0:f4:bc:aa:9d:30:aa:68:b5:97:e6:
         64:ac:82:0e:e2:95:11:19:3f:6d:fb:b2:46:3e:03:1f:fa:dd:
         8c:17:28:61:c8:17:2b:82:f2:13:4a:6a:5e:90:dd:6f:05:a1:
         e0:dd:3f:7e:ab:16:0e:2a:93:e2:97:9e:57:73:d1:1d:04:3a:
         7f:7a:08:06:68:ee:20:fd:71:5e:57:e0:60:32:82:22:d6:49:
         a2:ec:72:9a:04:1e:4d:07:8f:7c:37:dd:73:1f:66:08:ec:1a:
         a0:d5:89:4e:08:17:88:0f:7e:e2:c3:91:c3:99:88:ae:66:db:
         ea:63:d2:28:78:9c:ff:c1:cb:7b:01:20:23:21:23:cc:e0:0e:
         82:49:31:3d:10:35:3b:a0:7f:48:79:e0:93:aa:71:87:3f:f9:
         be:0a:91:b0:28:70:96:6b:8b:ea:16:70:3d:98:86:f1:40:38:
         ae:0a:58:2b:f8:b2:14:4c:8a:a0:17:4e:fe:67:b9:15:b7:5a:
         1b:08:fc:cc:51:02:72:77:5e:46:9c:57:db:26:ae:9c:64:3b:
         f2:8c:68:8f
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAY/nN/6EqoLqkEsfwQAzTI2+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxMjQ2NWJkMjQ2ZjIyMzExY2U5YjA1ZWViNDlmN2I3OTE0
YjJhMGEwHhcNMjQwNjA1MDcwNTU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYjJhNDgzMjllY2NiZWI3OGNiNjBmYjcwNmUxMDE0ZGE0ODY2OGNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzggAqjFvTr7RfgjVDOqUXv+bDzma
Xe2y2yGDpJl0DGtcVTDsah7Q+UprFRagb5MY5vaqnufXCFgjONDOTNxxVWicTPvJ
7Wu8ktFw7u4X0xhJauPQ8fxJzK1REtOIR9tMOs9frX+jk9r0bV1HkQNbbhx7egKI
fW5TqI/DTTA+51dZZDkxeqXiPw+HOj7u4bg6QgZkP4Tw4nOvKoCcJ9AVGrdsh5C8
VqDUagp8HCT4G9ypAn6Wyb/y/+u+1KtV6l7OD00wnSnkjCvYTl9NPrahsqJTJUPV
j1gmmkFJ/wdDW2tf8x+JLtbsOeCNSfxlV6mO+BfQQjh1VH5A2tbWjsr4SwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFPsqSDKezL63jLYPtwbhAU2khmjLMB8GA1UdIwQY
MBaAFPEkZb0kbyIxHOmwXutJ97eRSyoKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOFNSbHZTUnZJakVjNmJCZTYwbjN0NUZMS2dvLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi85NmZhNjgtZjJiMS00YWFmLWI1MGYt
OTFlMjdiOWNmYmE2LzEvMS15cElNcDdNdnJlTXRnLTNCdUVCVGFTR2FNcy5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvYmYvOTZmYTY4LWYyYjEtNGFhZi1iNTBmLTkxZTI3YjljZmJh
Ni8xLzhTUmx2U1J2SWpFYzZiQmU2MG4zdDVGTEtnby5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFAyoHJwAw
DQYJKoZIhvcNAQELBQADggEBALEAAPvntouW1P/hsFwex7X+T6l5uyYqEYIctXgH
nL7eKU9HFV6pq5+iZfrg9LyqnTCqaLWX5mSsgg7ilREZP237skY+Ax/63YwXKGHI
FyuC8hNKal6Q3W8FoeDdP36rFg4qk+KXnldz0R0EOn96CAZo7iD9cV5X4GAygiLW
SaLscpoEHk0Hj3w33XMfZgjsGqDViU4IF4gPfuLDkcOZiK5m2+pj0ih4nP/By3sB
ICMhI8zgDoJJMT0QNTugf0h54JOqcYc/+b4KkbAocJZri+oWcD2YhvFAOK4KWCv4
shRMiqAXTv5nuRW3WhsI/MxRAnJ3XkacV9smrpxkO/KMaI8=
-----END CERTIFICATE-----