Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fHBB-3AMTqamZUYcAHlUWea8SnI.roa
File:                     fHBB-3AMTqamZUYcAHlUWea8SnI.roa (raw, json)
Hash identifier:          Yj8I5fGWZUMWcZjP2Z04xBIpO2vp7++Ib8v/oq0kFlw=
Subject key identifier:   7C:70:41:FB:70:0C:4E:A6:A6:65:46:1C:00:79:54:59:E6:BC:4A:72
Certificate issuer:       /CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Certificate serial:       018CED246289A6EEB676456032C5331FCC9E
Authority key identifier: 7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fHBB-3AMTqamZUYcAHlUWea8SnI.roa
Signing time:             Tue 09 Jan 2024 07:33:53 +0000
ROA not before:           Tue 09 Jan 2024 07:33:53 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199925
IP address blocks:        2a0f:e040::/29 maxlen: 29
                          2a0f:1480::/29 maxlen: 29
                          2a13:2b40::/29 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 23 May 2024 22:35:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ed:24:62:89:a6:ee:b6:76:45:60:32:c5:33:1f:cc:9e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
        Validity
            Not Before: Jan  9 07:33:53 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7c7041fb700c4ea6a665461c00795459e6bc4a72
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:e8:9b:8e:9f:dd:04:6c:88:87:6b:5a:5c:eb:
                    23:6e:96:e6:f6:db:7c:a3:2c:68:2f:46:e7:17:eb:
                    8c:f7:ad:8f:07:be:fa:98:2f:e1:bd:5c:18:d6:60:
                    81:df:84:fa:2d:12:3d:c6:1e:71:95:fa:71:9f:48:
                    7b:d7:c7:17:f7:d4:18:3a:1d:c8:4c:ce:ea:fe:54:
                    87:5a:b1:83:5e:27:08:96:d0:13:13:81:d6:92:50:
                    5c:fc:e0:a2:50:74:3f:48:53:ad:9c:de:a1:d4:9f:
                    c9:3f:4d:31:43:4c:65:07:fa:21:5e:9c:db:6d:ea:
                    52:e2:80:d1:be:28:b7:17:7e:e5:84:e6:57:1a:20:
                    21:29:a0:45:ea:9f:36:34:a7:2f:b8:c8:6c:f8:41:
                    88:f7:c5:f8:77:9a:29:b0:dc:2a:05:08:ea:3d:14:
                    29:92:3b:04:d1:a2:5a:f0:12:56:21:a8:25:30:98:
                    a6:f5:a3:e7:cc:8a:58:46:a5:a0:8b:ce:d1:88:3f:
                    18:7a:8d:44:89:e4:c8:1b:99:5b:05:54:70:17:eb:
                    97:b6:9d:dc:e3:7b:d0:ba:67:82:ad:56:67:e4:ab:
                    87:32:ad:f3:0c:64:0f:a2:04:cc:75:da:ea:75:0a:
                    0b:1d:53:03:81:ac:a5:30:9b:af:4f:96:a8:4d:54:
                    65:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:70:41:FB:70:0C:4E:A6:A6:65:46:1C:00:79:54:59:E6:BC:4A:72
            X509v3 Authority Key Identifier:
                keyid:7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fHBB-3AMTqamZUYcAHlUWea8SnI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:1480::/29
                  2a0f:e040::/29
                  2a13:2b40::/29

    Signature Algorithm: sha256WithRSAEncryption
         61:91:2a:7c:61:03:f0:42:40:cf:b0:bf:ac:8d:e4:e7:cb:08:
         f7:f2:e4:92:c6:92:1b:a0:ff:bc:49:9a:d5:57:ff:77:76:5d:
         76:bc:72:a7:cd:a5:ec:b7:14:ac:f2:ab:93:2f:97:73:e4:44:
         5c:49:2d:ae:f7:7d:49:15:41:ca:0c:f1:c1:75:cd:8b:25:ff:
         3f:02:fc:2a:24:3f:73:67:69:4f:3a:a8:e8:78:59:10:1e:da:
         70:88:6a:0f:1a:4f:06:a8:f6:d4:f2:3e:b5:18:9d:ba:bd:32:
         96:8b:bb:50:7b:31:b8:74:bd:46:35:7f:55:4a:30:60:e3:dd:
         5f:28:2a:78:a7:e1:13:44:a6:90:83:f1:8a:6c:21:c3:a7:ae:
         fa:c4:e1:1f:c2:80:df:8a:4e:e6:1a:e0:e4:8e:5e:5a:9b:ff:
         24:26:39:f2:c4:e8:7b:ec:3e:64:8a:a3:bc:a0:05:ca:81:27:
         3f:23:05:27:dd:4a:ca:2e:91:a0:95:11:07:eb:76:5e:ca:69:
         b7:8c:ec:e2:05:2b:ce:c3:51:52:34:77:3c:43:8d:f3:6f:d4:
         df:ab:0f:a4:bd:45:34:94:8e:8c:a4:73:37:20:bc:04:8f:1f:
         d2:79:2d:34:d5:b9:0a:cd:b4:18:dd:19:0e:9b:36:37:a6:7b:
         fe:42:52:41
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYztJGKJpu62dkVgMsUzH8yeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTU5YWFmYmZjMDkzMTI0MmUxZDYzNzI5OGNmMWRkMjIz
ZTRjMjYwHhcNMjQwMTA5MDczMzUzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YzcwNDFmYjcwMGM0ZWE2YTY2NTQ2MWMwMDc5NTQ1OWU2YmM0YTcyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAluibjp/dBGyIh2taXOsjbpbm9tt8
oyxoL0bnF+uM962PB776mC/hvVwY1mCB34T6LRI9xh5xlfpxn0h718cX99QYOh3I
TM7q/lSHWrGDXicIltATE4HWklBc/OCiUHQ/SFOtnN6h1J/JP00xQ0xlB/ohXpzb
bepS4oDRvii3F37lhOZXGiAhKaBF6p82NKcvuMhs+EGI98X4d5opsNwqBQjqPRQp
kjsE0aJa8BJWIaglMJim9aPnzIpYRqWgi87RiD8Yeo1EieTIG5lbBVRwF+uXtp3c
43vQumeCrVZn5KuHMq3zDGQPogTMddrqdQoLHVMDgaylMJuvT5aoTVRlNwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFHxwQftwDE6mpmVGHAB5VFnmvEpyMB8GA1UdIwQY
MBaAFH1Vmq+/wJMSQuHWNymM8d0iPkwmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTkt
OGM1MDA3YzJhNGI2LzEvZkhCQi0zQU1UcWFtWlVZY0FIbFVXZWE4U25JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTktOGM1MDA3YzJhNGI2
LzEvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAbBAIAAjAVAwUDKg8UgAMF
AyoP4EADBQMqEytAMA0GCSqGSIb3DQEBCwUAA4IBAQBhkSp8YQPwQkDPsL+sjeTn
ywj38uSSxpIboP+8SZrVV/93dl12vHKnzaXstxSs8quTL5dz5ERcSS2u931JFUHK
DPHBdc2LJf8/AvwqJD9zZ2lPOqjoeFkQHtpwiGoPGk8GqPbU8j61GJ26vTKWi7tQ
ezG4dL1GNX9VSjBg491fKCp4p+ETRKaQg/GKbCHDp676xOEfwoDfik7mGuDkjl5a
m/8kJjnyxOh77D5kiqO8oAXKgSc/IwUn3UrKLpGglREH63Zeymm3jOziBSvOw1FS
NHc8Q43zb9Tfqw+kvUU0lI6MpHM3ILwEjx/SeS001bkKzbQY3RkOmzY3pnv+QlJB
-----END CERTIFICATE-----