Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ca/ebc266-c5b8-4c15-b12b-58702cda711f/1/FtpWCuAYqThVl6o8doljX27eX8Q.roa
File:                     FtpWCuAYqThVl6o8doljX27eX8Q.roa (raw, json)
Hash identifier:          JmSKqwukfpyxf6mlAm5xh2F2FIGPN12gIyBdYw2zpS0=
Subject key identifier:   16:DA:56:0A:E0:18:A9:38:55:97:AA:3C:76:89:63:5F:6E:DE:5F:C4
Certificate issuer:       /CN=2938caa6a97178e209b7c23791d016b67c9dcaa4
Certificate serial:       018CF30BE676EDE7C3E6C8966E4347AC791A
Authority key identifier: 29:38:CA:A6:A9:71:78:E2:09:B7:C2:37:91:D0:16:B6:7C:9D:CA:A4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KTjKpqlxeOIJt8I3kdAWtnydyqQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ca/ebc266-c5b8-4c15-b12b-58702cda711f/1/FtpWCuAYqThVl6o8doljX27eX8Q.roa
Signing time:             Wed 10 Jan 2024 11:04:52 +0000
ROA not before:           Wed 10 Jan 2024 11:04:52 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204012
IP address blocks:        2001:67c:d80::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ca/ebc266-c5b8-4c15-b12b-58702cda711f/1/KTjKpqlxeOIJt8I3kdAWtnydyqQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ca/ebc266-c5b8-4c15-b12b-58702cda711f/1/KTjKpqlxeOIJt8I3kdAWtnydyqQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KTjKpqlxeOIJt8I3kdAWtnydyqQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Jun 2024 22:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:f3:0b:e6:76:ed:e7:c3:e6:c8:96:6e:43:47:ac:79:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2938caa6a97178e209b7c23791d016b67c9dcaa4
        Validity
            Not Before: Jan 10 11:04:52 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=16da560ae018a9385597aa3c7689635f6ede5fc4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:ff:6c:b8:b4:e8:af:74:5f:f3:6c:6d:9c:9e:
                    70:2d:27:df:55:06:b0:cd:c0:ed:5f:fc:a7:01:8c:
                    80:17:f0:cf:0b:12:ae:94:2c:35:01:1f:3a:07:af:
                    54:d8:3e:52:74:1f:74:81:7a:e1:13:bf:6f:27:19:
                    61:4e:8b:73:05:56:8e:c1:74:17:23:5b:7b:ea:ce:
                    65:40:c5:5a:a3:30:63:db:e5:62:49:4f:59:c0:bf:
                    d1:d4:d4:63:50:2d:c5:08:fe:2b:50:37:ca:0a:40:
                    d0:d0:65:0b:9e:7b:d2:58:d6:2b:f8:4c:88:1c:79:
                    54:3b:eb:06:ee:82:ed:05:2e:8d:ee:df:92:66:ad:
                    3e:12:32:87:f1:eb:ef:5b:2d:22:70:5f:50:3b:5a:
                    5f:e9:7a:28:2b:95:19:20:d1:b9:57:f0:fd:76:bb:
                    87:ee:48:71:ff:4c:85:7c:d3:cd:f2:4a:4b:a6:29:
                    c8:63:a4:5f:d6:b7:3f:18:25:4f:d7:ca:7e:31:6a:
                    31:ea:9a:b6:71:f5:f8:cc:df:71:55:13:b8:af:46:
                    7e:ec:da:0f:9f:a0:66:7d:48:3d:5a:2c:ac:a1:22:
                    44:c3:96:25:d5:95:42:71:f1:03:ca:e5:60:8c:f9:
                    c2:73:46:d3:68:e8:bb:ed:b3:fa:c7:59:9b:f2:d3:
                    b3:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:DA:56:0A:E0:18:A9:38:55:97:AA:3C:76:89:63:5F:6E:DE:5F:C4
            X509v3 Authority Key Identifier:
                keyid:29:38:CA:A6:A9:71:78:E2:09:B7:C2:37:91:D0:16:B6:7C:9D:CA:A4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KTjKpqlxeOIJt8I3kdAWtnydyqQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/ebc266-c5b8-4c15-b12b-58702cda711f/1/FtpWCuAYqThVl6o8doljX27eX8Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/ebc266-c5b8-4c15-b12b-58702cda711f/1/KTjKpqlxeOIJt8I3kdAWtnydyqQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:d80::/48

    Signature Algorithm: sha256WithRSAEncryption
         04:8e:20:71:0f:a1:d3:a6:2c:d1:e7:c7:28:ac:12:71:f5:70:
         fa:bf:5b:5a:97:95:dc:8d:88:c5:4f:d3:b2:00:a0:85:11:cc:
         49:79:7d:4f:f1:34:c8:f2:2d:e7:55:2f:aa:a3:5b:a4:58:61:
         55:43:65:6b:d3:dc:3c:92:e0:a2:ec:3b:67:62:94:c8:e9:64:
         52:ce:85:00:7e:db:c1:4b:43:83:49:68:4d:d0:ca:eb:ba:ce:
         fa:8e:95:4a:84:aa:5c:ee:b7:24:42:45:67:45:aa:76:24:b1:
         c1:a8:88:01:47:df:ef:1e:dd:b2:68:45:31:67:72:4d:c5:1c:
         5e:06:21:99:d5:38:c4:fc:45:46:1e:22:84:d9:4e:a5:ea:76:
         45:4a:e2:88:e1:9d:e1:e6:d3:2a:f8:08:e8:b9:e3:47:9c:97:
         11:e9:f3:73:70:8e:41:7a:02:0e:cf:dc:36:a1:31:06:e2:64:
         ec:0e:2a:43:b8:ac:35:13:ab:fc:60:47:dc:ec:d0:16:d4:e5:
         a9:07:f3:4f:f2:f6:97:ec:2d:77:5b:df:23:7f:67:95:62:bd:
         fa:2a:b0:66:fd:9e:9a:c3:d1:96:52:ee:45:91:6d:52:11:7c:
         ff:33:68:e6:04:bd:8a:1e:6e:3e:d8:00:ac:76:21:30:9f:5e:
         37:be:eb:0e
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzzC+Z27efD5siWbkNHrHkaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5MzhjYWE2YTk3MTc4ZTIwOWI3YzIzNzkxZDAxNmI2N2M5
ZGNhYTQwHhcNMjQwMTEwMTEwNDUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNmRhNTYwYWUwMThhOTM4NTU5N2FhM2M3Njg5NjM1ZjZlZGU1ZmM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm/9suLTor3Rf82xtnJ5wLSffVQaw
zcDtX/ynAYyAF/DPCxKulCw1AR86B69U2D5SdB90gXrhE79vJxlhTotzBVaOwXQX
I1t76s5lQMVaozBj2+ViSU9ZwL/R1NRjUC3FCP4rUDfKCkDQ0GULnnvSWNYr+EyI
HHlUO+sG7oLtBS6N7t+SZq0+EjKH8evvWy0icF9QO1pf6XooK5UZING5V/D9druH
7khx/0yFfNPN8kpLpinIY6Rf1rc/GCVP18p+MWox6pq2cfX4zN9xVRO4r0Z+7NoP
n6BmfUg9WiysoSJEw5Yl1ZVCcfEDyuVgjPnCc0bTaOi77bP6x1mb8tOz4wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFBbaVgrgGKk4VZeqPHaJY19u3l/EMB8GA1UdIwQY
MBaAFCk4yqapcXjiCbfCN5HQFrZ8ncqkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1RqS3BxbHhlT0lKdDhJM2tkQVd0bnlkeXFRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYS9lYmMyNjYtYzViOC00YzE1LWIxMmIt
NTg3MDJjZGE3MTFmLzEvRnRwV0N1QVlxVGhWbDZvOGRvbGpYMjdlWDhRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYS9lYmMyNjYtYzViOC00YzE1LWIxMmItNTg3MDJjZGE3MTFm
LzEvS1RqS3BxbHhlT0lKdDhJM2tkQVd0bnlkeXFRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfA2A
MA0GCSqGSIb3DQEBCwUAA4IBAQAEjiBxD6HTpizR58corBJx9XD6v1tal5XcjYjF
T9OyAKCFEcxJeX1P8TTI8i3nVS+qo1ukWGFVQ2Vr09w8kuCi7DtnYpTI6WRSzoUA
ftvBS0ODSWhN0Mrrus76jpVKhKpc7rckQkVnRap2JLHBqIgBR9/vHt2yaEUxZ3JN
xRxeBiGZ1TjE/EVGHiKE2U6l6nZFSuKI4Z3h5tMq+AjoueNHnJcR6fNzcI5BegIO
z9w2oTEG4mTsDipDuKw1E6v8YEfc7NAW1OWpB/NP8vaX7C13W98jf2eVYr36KrBm
/Z6aw9GWUu5FkW1SEXz/M2jmBL2KHm4+2ACsdiEwn143vusO
-----END CERTIFICATE-----