Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/bba973-7c9f-4b11-b611-ad575522b365/1/9tNttYWI4f0PjtGAlQcbHsh-0XE.roa
File:                     9tNttYWI4f0PjtGAlQcbHsh-0XE.roa (raw, json)
Hash identifier:          GLFOJARe2jYxcBeT/DSJVGNs+uA97ZMqqd+qWq5ZmFY=
Subject key identifier:   F6:D3:6D:B5:85:88:E1:FD:0F:8E:D1:80:95:07:1B:1E:C8:7E:D1:71
Certificate issuer:       /CN=b05d28d16626bc5dcabf2e915435782b96e14071
Certificate serial:       018DF4D5CC47CE4B76E58669FA336A244F0E
Authority key identifier: B0:5D:28:D1:66:26:BC:5D:CA:BF:2E:91:54:35:78:2B:96:E1:40:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sF0o0WYmvF3Kvy6RVDV4K5bhQHE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/bba973-7c9f-4b11-b611-ad575522b365/1/9tNttYWI4f0PjtGAlQcbHsh-0XE.roa
Signing time:             Thu 29 Feb 2024 12:27:48 +0000
ROA not before:           Thu 29 Feb 2024 12:27:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212151
IP address blocks:        2a07:3500:13b8::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/bba973-7c9f-4b11-b611-ad575522b365/1/sF0o0WYmvF3Kvy6RVDV4K5bhQHE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/bba973-7c9f-4b11-b611-ad575522b365/1/sF0o0WYmvF3Kvy6RVDV4K5bhQHE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sF0o0WYmvF3Kvy6RVDV4K5bhQHE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:f4:d5:cc:47:ce:4b:76:e5:86:69:fa:33:6a:24:4f:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b05d28d16626bc5dcabf2e915435782b96e14071
        Validity
            Not Before: Feb 29 12:27:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f6d36db58588e1fd0f8ed18095071b1ec87ed171
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:84:3f:bb:6b:f9:63:49:74:7f:81:8b:21:e7:
                    2b:85:fb:28:ae:de:b0:9d:18:b0:f9:ae:35:f6:54:
                    f6:82:27:db:59:b0:c7:96:73:9b:45:3f:5b:36:63:
                    ff:1b:55:7f:10:8b:c0:b9:9b:0a:3a:a4:fa:9a:9a:
                    b4:59:62:c4:92:58:90:32:2b:eb:6b:7c:21:5a:04:
                    29:68:bc:b1:20:53:48:26:97:5c:b5:f0:6b:a7:a6:
                    2a:b1:aa:ce:0f:5f:53:6b:cd:f5:29:5d:07:ba:70:
                    ae:3e:fc:5f:4a:f4:08:88:6d:8b:1a:cb:03:f3:54:
                    8e:de:73:f8:73:46:a7:1a:22:86:24:aa:25:50:f4:
                    83:99:d4:17:a6:3c:78:01:5f:c8:51:d3:bd:d8:86:
                    a0:57:0b:3a:c0:12:7d:00:49:39:3a:29:e4:1e:f0:
                    95:cb:a6:52:0b:08:5a:06:fd:08:de:28:14:3a:12:
                    6c:df:80:69:08:b9:c6:d6:2a:bd:36:e6:c6:e6:82:
                    28:47:01:80:7d:7b:3f:51:31:73:44:3e:b7:19:db:
                    31:a4:9e:9b:9e:43:25:b8:31:a8:06:f1:bc:00:7a:
                    46:72:da:30:ba:65:cd:23:23:6c:32:91:44:a3:bc:
                    a3:6e:53:ea:6e:7c:20:66:33:43:f7:9a:70:9d:2b:
                    41:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F6:D3:6D:B5:85:88:E1:FD:0F:8E:D1:80:95:07:1B:1E:C8:7E:D1:71
            X509v3 Authority Key Identifier:
                keyid:B0:5D:28:D1:66:26:BC:5D:CA:BF:2E:91:54:35:78:2B:96:E1:40:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sF0o0WYmvF3Kvy6RVDV4K5bhQHE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/bba973-7c9f-4b11-b611-ad575522b365/1/9tNttYWI4f0PjtGAlQcbHsh-0XE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/bba973-7c9f-4b11-b611-ad575522b365/1/sF0o0WYmvF3Kvy6RVDV4K5bhQHE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a07:3500:13b8::/48

    Signature Algorithm: sha256WithRSAEncryption
         c8:ac:da:5a:bf:6b:39:55:a5:b5:13:b4:e1:20:5a:0f:76:07:
         32:1c:e4:68:79:e3:8d:2f:7d:3c:a1:5b:ec:4b:10:da:39:e0:
         ce:ba:d0:96:61:ea:1b:35:40:ba:fd:68:cb:f9:8c:2e:7e:52:
         c5:e3:1d:55:ec:dd:9b:d8:2e:76:d0:d6:fb:84:ea:15:dc:8e:
         3e:3d:c9:1c:be:a5:d8:6c:73:8b:0a:45:86:07:b3:53:68:bc:
         4c:41:0d:c2:d9:3e:26:3b:eb:4b:c4:c4:0f:df:75:ba:6c:cd:
         6e:17:84:9e:ff:46:22:0a:d4:aa:44:ab:62:67:14:76:e0:20:
         de:95:a5:ca:f2:7a:3f:5a:06:45:b1:71:15:93:92:fb:61:4c:
         9d:e6:68:50:9e:ee:d0:3b:d7:05:4f:49:82:1f:8f:7d:5f:1e:
         56:a4:26:ba:53:74:74:76:a9:a3:60:55:93:98:cc:44:b9:75:
         8d:15:f1:00:5e:37:17:ad:b1:fa:0f:4e:f2:64:63:2e:bd:52:
         e2:88:5b:a3:09:a3:7a:80:05:8d:c8:d0:fb:93:30:3b:41:06:
         48:65:f5:e0:7a:41:c6:15:cd:34:a5:de:c5:65:45:24:be:f0:
         e6:fd:9b:13:17:49:ec:c8:f2:cc:88:d3:de:68:95:d8:c7:bb:
         ad:7a:79:c4
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY301cxHzkt25YZp+jNqJE8OMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIwNWQyOGQxNjYyNmJjNWRjYWJmMmU5MTU0MzU3ODJiOTZl
MTQwNzEwHhcNMjQwMjI5MTIyNzQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNmQzNmRiNTg1ODhlMWZkMGY4ZWQxODA5NTA3MWIxZWM4N2VkMTcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlIQ/u2v5Y0l0f4GLIecrhfsort6w
nRiw+a419lT2gifbWbDHlnObRT9bNmP/G1V/EIvAuZsKOqT6mpq0WWLEkliQMivr
a3whWgQpaLyxIFNIJpdctfBrp6YqsarOD19Ta831KV0HunCuPvxfSvQIiG2LGssD
81SO3nP4c0anGiKGJKolUPSDmdQXpjx4AV/IUdO92IagVws6wBJ9AEk5OinkHvCV
y6ZSCwhaBv0I3igUOhJs34BpCLnG1iq9NubG5oIoRwGAfXs/UTFzRD63GdsxpJ6b
nkMluDGoBvG8AHpGctowumXNIyNsMpFEo7yjblPqbnwgZjND95pwnStBkwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFPbTbbWFiOH9D47RgJUHGx7IftFxMB8GA1UdIwQY
MBaAFLBdKNFmJrxdyr8ukVQ1eCuW4UBxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc0YwbzBXWW12RjNLdnk2UlZEVjRLNWJoUUhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy9iYmE5NzMtN2M5Zi00YjExLWI2MTEt
YWQ1NzU1MjJiMzY1LzEvOXROdHRZV0k0ZjBQanRHQWxRY2JIc2gtMFhFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy9iYmE5NzMtN2M5Zi00YjExLWI2MTEtYWQ1NzU1MjJiMzY1
LzEvc0YwbzBXWW12RjNLdnk2UlZEVjRLNWJoUUhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgc1ABO4
MA0GCSqGSIb3DQEBCwUAA4IBAQDIrNpav2s5VaW1E7ThIFoPdgcyHORoeeONL308
oVvsSxDaOeDOutCWYeobNUC6/WjL+YwuflLF4x1V7N2b2C520Nb7hOoV3I4+Pckc
vqXYbHOLCkWGB7NTaLxMQQ3C2T4mO+tLxMQP33W6bM1uF4Se/0YiCtSqRKtiZxR2
4CDelaXK8no/WgZFsXEVk5L7YUyd5mhQnu7QO9cFT0mCH499Xx5WpCa6U3R0dqmj
YFWTmMxEuXWNFfEAXjcXrbH6D07yZGMuvVLiiFujCaN6gAWNyND7kzA7QQZIZfXg
ekHGFc00pd7FZUUkvvDm/ZsTF0nsyPLMiNPeaJXYx7utennE
-----END CERTIFICATE-----