Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/bba973-7c9f-4b11-b611-ad575522b365/1/i3VJ7XfJAiGswTTDAZ07nE-pPCU.roa
File:                     i3VJ7XfJAiGswTTDAZ07nE-pPCU.roa (raw, json)
Hash identifier:          esGs24Gesg3PD7ZBishEi32Jx7wn3YZGtlZ6kvza5qY=
Subject key identifier:   8B:75:49:ED:77:C9:02:21:AC:C1:34:C3:01:9D:3B:9C:4F:A9:3C:25
Certificate issuer:       /CN=b05d28d16626bc5dcabf2e915435782b96e14071
Certificate serial:       018DA14C80DE04F1C68637B3458D71EAB63E
Authority key identifier: B0:5D:28:D1:66:26:BC:5D:CA:BF:2E:91:54:35:78:2B:96:E1:40:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sF0o0WYmvF3Kvy6RVDV4K5bhQHE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/bba973-7c9f-4b11-b611-ad575522b365/1/i3VJ7XfJAiGswTTDAZ07nE-pPCU.roa
Signing time:             Tue 13 Feb 2024 07:09:21 +0000
ROA not before:           Tue 13 Feb 2024 07:09:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212778
IP address blocks:        2a07:3500:12c0::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/bba973-7c9f-4b11-b611-ad575522b365/1/sF0o0WYmvF3Kvy6RVDV4K5bhQHE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/bba973-7c9f-4b11-b611-ad575522b365/1/sF0o0WYmvF3Kvy6RVDV4K5bhQHE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sF0o0WYmvF3Kvy6RVDV4K5bhQHE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:a1:4c:80:de:04:f1:c6:86:37:b3:45:8d:71:ea:b6:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b05d28d16626bc5dcabf2e915435782b96e14071
        Validity
            Not Before: Feb 13 07:09:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8b7549ed77c90221acc134c3019d3b9c4fa93c25
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:fa:e7:4f:57:bd:1a:03:f5:d3:e6:65:e6:a7:
                    80:7f:8d:5d:40:ef:aa:65:11:d0:95:6c:51:66:b6:
                    08:60:3e:74:86:da:50:36:86:6e:7f:d1:fb:3f:b9:
                    4e:09:70:1f:5f:fc:4c:c7:7b:d2:db:6e:8e:0c:62:
                    d0:32:36:46:34:c1:63:79:d3:f9:89:8d:3b:8f:74:
                    90:23:cf:a7:16:a7:0e:4a:b5:8d:92:1f:99:d2:d0:
                    53:6a:65:38:0e:30:9a:81:1f:15:a3:06:36:bb:3d:
                    30:2d:59:be:5d:47:39:1a:2d:82:71:6d:51:f3:1e:
                    d8:0a:46:5d:59:94:62:fb:75:19:ee:6c:72:a4:a7:
                    cc:a3:f1:17:e0:81:dc:7b:af:4a:fc:f4:13:c4:f3:
                    16:0f:78:b2:85:64:c5:b9:94:f7:52:43:ab:f1:21:
                    85:25:6d:02:ad:3e:fd:cb:8d:f1:45:11:e8:65:aa:
                    82:98:6b:bb:c6:f4:cc:1f:cf:35:9a:ae:b2:80:10:
                    9d:44:d8:c2:d2:bf:17:8b:b0:ce:67:b4:46:6e:ac:
                    ed:8f:c2:ea:76:cd:7c:c4:63:cd:c4:20:6a:d4:27:
                    f0:d9:d0:bc:73:ec:1d:84:cc:a8:e3:88:b3:31:53:
                    e9:2b:fb:f0:c3:a3:5b:c6:ba:4d:fb:21:ce:7a:4e:
                    b9:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:75:49:ED:77:C9:02:21:AC:C1:34:C3:01:9D:3B:9C:4F:A9:3C:25
            X509v3 Authority Key Identifier:
                keyid:B0:5D:28:D1:66:26:BC:5D:CA:BF:2E:91:54:35:78:2B:96:E1:40:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sF0o0WYmvF3Kvy6RVDV4K5bhQHE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/bba973-7c9f-4b11-b611-ad575522b365/1/i3VJ7XfJAiGswTTDAZ07nE-pPCU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/bba973-7c9f-4b11-b611-ad575522b365/1/sF0o0WYmvF3Kvy6RVDV4K5bhQHE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a07:3500:12c0::/48

    Signature Algorithm: sha256WithRSAEncryption
         4f:43:68:f5:1f:6d:65:90:bc:47:0b:c7:33:21:cb:81:25:9b:
         cf:66:19:6e:7a:f6:b6:13:ea:0d:a0:db:cb:3f:6f:b7:0f:6b:
         51:5b:9d:b4:44:d6:52:98:22:3a:0c:63:43:3b:74:48:d1:ef:
         4e:10:29:b3:57:1f:f9:e0:87:53:a8:af:b6:a1:fa:14:68:5b:
         ea:f6:44:36:cc:91:48:c8:b6:92:96:10:d8:50:f5:e4:fa:79:
         50:fd:e9:7a:f3:df:37:ba:12:71:32:26:2a:de:a7:37:96:5d:
         df:c9:57:72:3e:07:c9:b6:c6:aa:0c:77:ea:49:a9:fc:29:1a:
         45:b8:60:d6:b7:be:39:c8:25:33:07:2e:f6:74:2d:ac:fa:c9:
         43:ab:ac:8d:78:28:34:a5:9f:33:a1:ec:7f:2e:96:91:ee:05:
         8a:4a:1e:8f:af:d7:7e:87:7c:46:31:56:a7:ea:27:c6:54:89:
         a8:ad:11:56:67:7b:37:23:a4:2d:ba:11:b2:5a:4d:83:c7:3e:
         f5:02:7e:60:35:06:7e:f0:2c:90:c5:84:b9:fd:62:05:e8:81:
         b4:3f:69:72:9b:f1:b5:16:1b:a1:d5:02:31:f6:44:ac:f5:99:
         2f:52:08:07:be:2b:59:23:1e:51:c6:c1:01:ca:4c:79:60:a5:
         e1:b4:7d:c3
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY2hTIDeBPHGhjezRY1x6rY+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIwNWQyOGQxNjYyNmJjNWRjYWJmMmU5MTU0MzU3ODJiOTZl
MTQwNzEwHhcNMjQwMjEzMDcwOTIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4Yjc1NDllZDc3YzkwMjIxYWNjMTM0YzMwMTlkM2I5YzRmYTkzYzI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtvrnT1e9GgP10+Zl5qeAf41dQO+q
ZRHQlWxRZrYIYD50htpQNoZuf9H7P7lOCXAfX/xMx3vS226ODGLQMjZGNMFjedP5
iY07j3SQI8+nFqcOSrWNkh+Z0tBTamU4DjCagR8VowY2uz0wLVm+XUc5Gi2CcW1R
8x7YCkZdWZRi+3UZ7mxypKfMo/EX4IHce69K/PQTxPMWD3iyhWTFuZT3UkOr8SGF
JW0CrT79y43xRRHoZaqCmGu7xvTMH881mq6ygBCdRNjC0r8Xi7DOZ7RGbqztj8Lq
ds18xGPNxCBq1Cfw2dC8c+wdhMyo44izMVPpK/vww6NbxrpN+yHOek65pwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFIt1Se13yQIhrME0wwGdO5xPqTwlMB8GA1UdIwQY
MBaAFLBdKNFmJrxdyr8ukVQ1eCuW4UBxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc0YwbzBXWW12RjNLdnk2UlZEVjRLNWJoUUhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy9iYmE5NzMtN2M5Zi00YjExLWI2MTEt
YWQ1NzU1MjJiMzY1LzEvaTNWSjdYZkpBaUdzd1RUREFaMDduRS1wUENVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy9iYmE5NzMtN2M5Zi00YjExLWI2MTEtYWQ1NzU1MjJiMzY1
LzEvc0YwbzBXWW12RjNLdnk2UlZEVjRLNWJoUUhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgc1ABLA
MA0GCSqGSIb3DQEBCwUAA4IBAQBPQ2j1H21lkLxHC8czIcuBJZvPZhlueva2E+oN
oNvLP2+3D2tRW520RNZSmCI6DGNDO3RI0e9OECmzVx/54IdTqK+2ofoUaFvq9kQ2
zJFIyLaSlhDYUPXk+nlQ/el68983uhJxMiYq3qc3ll3fyVdyPgfJtsaqDHfqSan8
KRpFuGDWt745yCUzBy72dC2s+slDq6yNeCg0pZ8zoex/LpaR7gWKSh6Pr9d+h3xG
MVan6ifGVImorRFWZ3s3I6QtuhGyWk2Dxz71An5gNQZ+8CyQxYS5/WIF6IG0P2ly
m/G1Fhuh1QIx9kSs9ZkvUggHvitZIx5RxsEBykx5YKXhtH3D
-----END CERTIFICATE-----