Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/cc7247-6f0c-4b74-8690-051076744a65/1/3jxhFd9dq-tEv7ewk60uRKpaclk.roa
File:                     3jxhFd9dq-tEv7ewk60uRKpaclk.roa (raw, json)
Hash identifier:          nJ/KUP/aYJmRdP7lZIRS4ck90C5wXzK7hMqjWGpXPE4=
Subject key identifier:   DE:3C:61:15:DF:5D:AB:EB:44:BF:B7:B0:93:AD:2E:44:AA:5A:72:59
Certificate issuer:       /CN=6b3a735d09aaa7970def12c4ac60e827fdb3f825
Certificate serial:       0190A5B35EF4854DDA88D0D7F4006C857E7F
Authority key identifier: 6B:3A:73:5D:09:AA:A7:97:0D:EF:12:C4:AC:60:E8:27:FD:B3:F8:25
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/azpzXQmqp5cN7xLErGDoJ_2z-CU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/cc7247-6f0c-4b74-8690-051076744a65/1/3jxhFd9dq-tEv7ewk60uRKpaclk.roa
Signing time:             Fri 12 Jul 2024 06:48:34 +0000
ROA not before:           Fri 12 Jul 2024 06:48:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     40676
IP address blocks:        2a0b:2280::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bf/cc7247-6f0c-4b74-8690-051076744a65/1/azpzXQmqp5cN7xLErGDoJ_2z-CU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bf/cc7247-6f0c-4b74-8690-051076744a65/1/azpzXQmqp5cN7xLErGDoJ_2z-CU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/azpzXQmqp5cN7xLErGDoJ_2z-CU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Oct 2024 14:44:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:a5:b3:5e:f4:85:4d:da:88:d0:d7:f4:00:6c:85:7e:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6b3a735d09aaa7970def12c4ac60e827fdb3f825
        Validity
            Not Before: Jul 12 06:48:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=de3c6115df5dabeb44bfb7b093ad2e44aa5a7259
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:b9:49:f9:36:84:02:49:93:37:bb:5b:4d:f0:
                    dd:fe:cc:79:09:0b:1a:dc:4f:cd:07:17:83:49:71:
                    f9:69:bc:84:26:fd:ef:21:d1:11:bb:3c:3f:3b:38:
                    6b:09:3f:f8:ba:1a:e6:a0:ee:aa:67:e2:60:f2:47:
                    64:d5:0e:9a:b8:a8:eb:b1:2f:ed:53:5a:c4:de:51:
                    72:d2:13:0b:00:ce:d8:f6:43:b7:e6:dc:e5:3a:80:
                    1c:e8:5d:2b:5a:15:f1:b3:de:33:25:90:30:46:29:
                    de:0b:ce:0b:4a:4a:ad:e8:b4:3e:c2:2f:a2:82:6b:
                    52:0b:52:b2:9c:4c:4b:33:5f:10:50:5b:4a:0f:8c:
                    ae:d2:84:e7:79:78:42:f8:ac:43:a4:c5:f7:b2:cc:
                    90:bf:e7:60:42:19:f4:fb:e2:34:0d:35:5a:b3:e5:
                    ca:b7:48:7d:f0:fe:6a:94:f3:10:a7:ac:bf:49:50:
                    d5:a1:0d:be:d4:97:0c:b7:4f:4e:c5:e2:f9:c8:58:
                    a8:d8:16:b2:97:59:32:d4:6b:48:e4:ea:ea:c1:fb:
                    8a:47:39:52:90:75:66:42:02:e8:9f:e1:82:5a:a3:
                    36:06:01:cb:52:af:c2:b8:76:61:94:b8:f1:bf:38:
                    6c:a3:81:f7:2e:6c:7b:3d:77:23:08:af:d3:87:a9:
                    29:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:3C:61:15:DF:5D:AB:EB:44:BF:B7:B0:93:AD:2E:44:AA:5A:72:59
            X509v3 Authority Key Identifier:
                keyid:6B:3A:73:5D:09:AA:A7:97:0D:EF:12:C4:AC:60:E8:27:FD:B3:F8:25

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/azpzXQmqp5cN7xLErGDoJ_2z-CU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/cc7247-6f0c-4b74-8690-051076744a65/1/3jxhFd9dq-tEv7ewk60uRKpaclk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/cc7247-6f0c-4b74-8690-051076744a65/1/azpzXQmqp5cN7xLErGDoJ_2z-CU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:2280::/32

    Signature Algorithm: sha256WithRSAEncryption
         99:4c:1d:d5:eb:ab:f4:e1:68:cb:40:fe:04:c9:7e:94:fd:17:
         98:26:14:e5:bf:e9:d1:9d:b7:21:cc:ec:c4:7c:e5:f1:73:d4:
         e3:ff:b0:71:d5:64:24:75:cc:82:f8:f2:77:a8:dc:78:bf:d8:
         60:98:b9:bb:2f:fd:fd:d3:24:07:7d:85:2f:1b:b9:f0:5f:9d:
         a9:51:91:d4:9c:64:9e:f0:c0:4c:63:8e:bc:44:fa:f8:a7:7a:
         a2:30:dc:36:77:f7:07:e1:61:31:48:e4:b3:c4:da:c2:0d:6a:
         53:77:6c:9a:81:99:50:0d:e2:ae:97:90:90:5b:3c:d9:24:a9:
         39:b1:23:0b:c7:0f:5d:2f:0a:50:b5:e6:82:f1:9b:d6:0d:d6:
         dc:b6:11:e6:f5:24:15:1d:4f:fe:66:d4:37:01:72:c9:fc:4a:
         d1:51:37:73:ca:90:f7:00:a1:f9:c2:2d:26:cc:e9:d9:98:62:
         c4:e9:99:59:3c:1c:89:f9:b3:d5:67:af:a7:76:4a:9f:bf:93:
         5c:e7:8c:d4:cc:f5:78:d3:19:37:4a:c2:1c:fb:2e:06:e0:4b:
         7f:d9:b9:d1:78:31:33:be:5c:3f:dd:2d:b1:bf:97:a7:7d:fb:
         b5:76:3e:15:2b:ca:15:dc:5e:fb:3f:ac:7d:49:06:e8:74:bd:
         c8:d8:86:34
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZCls170hU3aiNDX9ABshX5/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZiM2E3MzVkMDlhYWE3OTcwZGVmMTJjNGFjNjBlODI3ZmRi
M2Y4MjUwHhcNMjQwNzEyMDY0ODM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZTNjNjExNWRmNWRhYmViNDRiZmI3YjA5M2FkMmU0NGFhNWE3MjU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtLlJ+TaEAkmTN7tbTfDd/sx5CQsa
3E/NBxeDSXH5abyEJv3vIdERuzw/OzhrCT/4uhrmoO6qZ+Jg8kdk1Q6auKjrsS/t
U1rE3lFy0hMLAM7Y9kO35tzlOoAc6F0rWhXxs94zJZAwRineC84LSkqt6LQ+wi+i
gmtSC1KynExLM18QUFtKD4yu0oTneXhC+KxDpMX3ssyQv+dgQhn0++I0DTVas+XK
t0h98P5qlPMQp6y/SVDVoQ2+1JcMt09OxeL5yFio2Bayl1ky1GtI5OrqwfuKRzlS
kHVmQgLon+GCWqM2BgHLUq/CuHZhlLjxvzhso4H3Lmx7PXcjCK/Th6kp0QIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFN48YRXfXavrRL+3sJOtLkSqWnJZMB8GA1UdIwQY
MBaAFGs6c10JqqeXDe8SxKxg6Cf9s/glMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYXpwelhRbXFwNWNON3hMRXJHRG9KXzJ6LUNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi9jYzcyNDctNmYwYy00Yjc0LTg2OTAt
MDUxMDc2NzQ0YTY1LzEvM2p4aEZkOWRxLXRFdjdld2s2MHVSS3BhY2xrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi9jYzcyNDctNmYwYy00Yjc0LTg2OTAtMDUxMDc2NzQ0YTY1
LzEvYXpwelhRbXFwNWNON3hMRXJHRG9KXzJ6LUNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgsigDAN
BgkqhkiG9w0BAQsFAAOCAQEAmUwd1eur9OFoy0D+BMl+lP0XmCYU5b/p0Z23Iczs
xHzl8XPU4/+wcdVkJHXMgvjyd6jceL/YYJi5uy/9/dMkB32FLxu58F+dqVGR1Jxk
nvDATGOOvET6+Kd6ojDcNnf3B+FhMUjks8Tawg1qU3dsmoGZUA3irpeQkFs82SSp
ObEjC8cPXS8KULXmgvGb1g3W3LYR5vUkFR1P/mbUNwFyyfxK0VE3c8qQ9wCh+cIt
Jszp2ZhixOmZWTwcifmz1Wevp3ZKn7+TXOeM1Mz1eNMZN0rCHPsuBuBLf9m50Xgx
M75cP90tsb+Xp337tXY+FSvKFdxe+z+sfUkG6HS9yNiGNA==
-----END CERTIFICATE-----