Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/a91884-6f58-4ddd-8932-bba860b26c02/1/PbRpkZBzrxsf_TBm0j47EbF_j4E.roa
File:                     PbRpkZBzrxsf_TBm0j47EbF_j4E.roa (raw, json)
Hash identifier:          B5RcS3KwpsZGqeilXAyA4giQes1Bj7p8G5s8GLThElQ=
Subject key identifier:   3D:B4:69:91:90:73:AF:1B:1F:FD:30:66:D2:3E:3B:11:B1:7F:8F:81
Certificate issuer:       /CN=206f1c32bc0a9006081d552fede67d6842921ec3
Certificate serial:       018CC2DB58638E4AFBB88C8332E6515251F4
Authority key identifier: 20:6F:1C:32:BC:0A:90:06:08:1D:55:2F:ED:E6:7D:68:42:92:1E:C3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IG8cMrwKkAYIHVUv7eZ9aEKSHsM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/a91884-6f58-4ddd-8932-bba860b26c02/1/PbRpkZBzrxsf_TBm0j47EbF_j4E.roa
Signing time:             Mon 01 Jan 2024 02:30:04 +0000
ROA not before:           Mon 01 Jan 2024 02:30:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204125
IP address blocks:        2a10:4741:29::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/a91884-6f58-4ddd-8932-bba860b26c02/1/IG8cMrwKkAYIHVUv7eZ9aEKSHsM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/a91884-6f58-4ddd-8932-bba860b26c02/1/IG8cMrwKkAYIHVUv7eZ9aEKSHsM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IG8cMrwKkAYIHVUv7eZ9aEKSHsM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 15:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:58:63:8e:4a:fb:b8:8c:83:32:e6:51:52:51:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=206f1c32bc0a9006081d552fede67d6842921ec3
        Validity
            Not Before: Jan  1 02:30:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3db469919073af1b1ffd3066d23e3b11b17f8f81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:9b:5f:be:92:fd:38:f1:ee:3c:e3:78:4c:4b:
                    c6:60:18:83:e6:5f:c5:4e:f1:32:d3:94:de:d3:d7:
                    e8:0a:55:44:d0:69:fb:6d:e5:91:07:39:3b:89:5f:
                    d0:bf:37:91:34:59:6d:fb:c8:57:7d:2d:7f:f1:6e:
                    ad:66:b7:fc:25:06:df:bc:46:0d:b2:23:ae:c9:cf:
                    a8:bd:07:29:6c:b8:ca:ba:45:a9:05:91:f5:99:0c:
                    50:96:db:2d:99:cf:bd:af:ae:88:2d:fe:f3:9b:67:
                    13:55:da:93:1f:23:e7:97:13:12:a7:c9:21:3d:21:
                    c6:e6:7f:92:df:bf:0e:ac:0c:01:2e:2b:d3:26:23:
                    4e:a1:80:3e:ff:be:6e:e8:62:c1:35:1b:58:ca:5e:
                    a4:64:d5:db:04:a9:65:b9:c3:bb:f8:5c:70:9c:44:
                    0d:e7:c4:85:2d:bb:dc:85:81:51:a6:6a:99:60:18:
                    e4:bd:e1:42:1f:96:65:34:d7:df:61:57:66:1b:21:
                    ce:a9:a6:4f:1e:58:1c:4a:84:62:d1:8c:4e:57:17:
                    bb:14:ee:b8:7e:f0:fe:1e:1b:b6:05:f4:49:e8:3d:
                    7e:f5:57:83:b6:0f:74:19:de:b2:9c:13:7e:35:5c:
                    42:44:ab:56:a0:30:29:c7:aa:c9:c5:6d:70:24:5a:
                    52:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:B4:69:91:90:73:AF:1B:1F:FD:30:66:D2:3E:3B:11:B1:7F:8F:81
            X509v3 Authority Key Identifier:
                keyid:20:6F:1C:32:BC:0A:90:06:08:1D:55:2F:ED:E6:7D:68:42:92:1E:C3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IG8cMrwKkAYIHVUv7eZ9aEKSHsM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/a91884-6f58-4ddd-8932-bba860b26c02/1/PbRpkZBzrxsf_TBm0j47EbF_j4E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/a91884-6f58-4ddd-8932-bba860b26c02/1/IG8cMrwKkAYIHVUv7eZ9aEKSHsM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:4741:29::/48

    Signature Algorithm: sha256WithRSAEncryption
         42:11:19:ee:e0:8f:86:81:2e:6a:75:29:d0:25:ed:e8:c5:5e:
         67:41:6c:fb:71:0e:d7:a8:8e:e5:ce:6f:99:35:07:c9:bc:0d:
         b7:25:3b:bb:e1:24:bc:c2:bc:37:b0:52:5a:cf:37:4d:71:71:
         43:5b:eb:29:05:bd:2c:e5:4e:02:82:2c:91:09:4d:cd:5d:54:
         46:2f:62:87:2c:76:b7:ac:cd:c6:00:51:6b:28:06:1f:a4:42:
         30:d8:b1:b6:59:1f:eb:c7:c8:0b:b6:34:8f:ca:5f:8a:5b:e8:
         81:f2:84:3d:57:2d:ca:b2:bc:ad:f3:98:d6:f2:f4:08:ef:e1:
         15:40:27:fe:7e:a5:b8:f9:12:d6:a2:1c:c4:e3:fa:fd:11:9c:
         13:ea:52:ef:20:29:46:9c:59:ab:10:7f:72:83:24:b9:66:db:
         b3:a2:f6:a3:10:ae:ce:f9:34:92:ad:68:15:64:b4:62:35:4a:
         4e:25:21:bd:a3:eb:ad:83:9b:66:7d:2f:31:a6:24:7f:ea:6a:
         b1:e1:f7:d1:09:0e:1b:e1:cc:44:62:20:bb:9c:ca:df:27:17:
         e6:94:40:e2:fa:ef:8a:47:8f:72:cd:da:6d:49:6d:37:c7:14:
         09:e5:b3:88:96:71:36:ae:de:b9:2f:1c:0d:93:bc:b5:a9:c0:
         90:72:b9:3d
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzC21hjjkr7uIyDMuZRUlH0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIwNmYxYzMyYmMwYTkwMDYwODFkNTUyZmVkZTY3ZDY4NDI5
MjFlYzMwHhcNMjQwMTAxMDIzMDA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZGI0Njk5MTkwNzNhZjFiMWZmZDMwNjZkMjNlM2IxMWIxN2Y4ZjgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnptfvpL9OPHuPON4TEvGYBiD5l/F
TvEy05Te09foClVE0Gn7beWRBzk7iV/QvzeRNFlt+8hXfS1/8W6tZrf8JQbfvEYN
siOuyc+ovQcpbLjKukWpBZH1mQxQltstmc+9r66ILf7zm2cTVdqTHyPnlxMSp8kh
PSHG5n+S378OrAwBLivTJiNOoYA+/75u6GLBNRtYyl6kZNXbBKllucO7+FxwnEQN
58SFLbvchYFRpmqZYBjkveFCH5ZlNNffYVdmGyHOqaZPHlgcSoRi0YxOVxe7FO64
fvD+Hhu2BfRJ6D1+9VeDtg90Gd6ynBN+NVxCRKtWoDApx6rJxW1wJFpSkwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFD20aZGQc68bH/0wZtI+OxGxf4+BMB8GA1UdIwQY
MBaAFCBvHDK8CpAGCB1VL+3mfWhCkh7DMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSUc4Y01yd0trQVlJSFZVdjdlWjlhRUtTSHNNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9hOTE4ODQtNmY1OC00ZGRkLTg5MzIt
YmJhODYwYjI2YzAyLzEvUGJScGtaQnpyeHNmX1RCbTBqNDdFYkZfajRFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9hOTE4ODQtNmY1OC00ZGRkLTg5MzItYmJhODYwYjI2YzAy
LzEvSUc4Y01yd0trQVlJSFZVdjdlWjlhRUtTSHNNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhBHQQAp
MA0GCSqGSIb3DQEBCwUAA4IBAQBCERnu4I+GgS5qdSnQJe3oxV5nQWz7cQ7XqI7l
zm+ZNQfJvA23JTu74SS8wrw3sFJazzdNcXFDW+spBb0s5U4CgiyRCU3NXVRGL2KH
LHa3rM3GAFFrKAYfpEIw2LG2WR/rx8gLtjSPyl+KW+iB8oQ9Vy3Ksryt85jW8vQI
7+EVQCf+fqW4+RLWohzE4/r9EZwT6lLvIClGnFmrEH9ygyS5ZtuzovajEK7O+TSS
rWgVZLRiNUpOJSG9o+utg5tmfS8xpiR/6mqx4ffRCQ4b4cxEYiC7nMrfJxfmlEDi
+u+KR49yzdptSW03xxQJ5bOIlnE2rt65LxwNk7y1qcCQcrk9
-----END CERTIFICATE-----