Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/ZFZgyzsJo23MF37jbPNPcIQrTaA.roa
File:                     ZFZgyzsJo23MF37jbPNPcIQrTaA.roa (raw, json)
Hash identifier:          msZfx8GketImOIcaInpiRC8iBGYCd0XqACLHdjGc1Vo=
Subject key identifier:   64:56:60:CB:3B:09:A3:6D:CC:17:7E:E3:6C:F3:4F:70:84:2B:4D:A0
Certificate issuer:       /CN=6e87104a4db4c46371a7f8b6a441fc30ecdfe20f
Certificate serial:       018D81F0B69D35D0E14E74A91998933FBD32
Authority key identifier: 6E:87:10:4A:4D:B4:C4:63:71:A7:F8:B6:A4:41:FC:30:EC:DF:E2:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bocQSk20xGNxp_i2pEH8MOzf4g8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/ZFZgyzsJo23MF37jbPNPcIQrTaA.roa
Signing time:             Wed 07 Feb 2024 05:00:52 +0000
ROA not before:           Wed 07 Feb 2024 05:00:52 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215810
IP address blocks:        2a0f:b241:56::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/bocQSk20xGNxp_i2pEH8MOzf4g8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/bocQSk20xGNxp_i2pEH8MOzf4g8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bocQSk20xGNxp_i2pEH8MOzf4g8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 08:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:81:f0:b6:9d:35:d0:e1:4e:74:a9:19:98:93:3f:bd:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6e87104a4db4c46371a7f8b6a441fc30ecdfe20f
        Validity
            Not Before: Feb  7 05:00:52 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=645660cb3b09a36dcc177ee36cf34f70842b4da0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:fe:df:2d:b5:8e:ad:f5:72:7b:f5:7a:5b:f0:
                    21:96:e8:a6:57:c1:79:e6:61:b4:97:2f:b0:16:dd:
                    f6:0b:24:55:28:90:87:a8:73:8f:eb:de:32:26:14:
                    35:a5:d8:d7:39:82:a2:ae:2b:15:19:54:ff:d6:03:
                    c9:ad:be:ed:03:81:b3:8e:66:96:07:8f:c5:1c:f2:
                    29:e3:51:79:e3:00:5d:b7:6a:2e:75:40:0a:5f:1c:
                    24:00:0b:53:f6:39:96:84:c4:46:c0:9c:ec:d8:9d:
                    d5:17:da:ea:14:ac:99:c5:35:6e:53:cd:f9:1e:1d:
                    b2:20:2b:f6:ec:bc:39:92:3b:46:74:16:2c:45:25:
                    37:25:4b:df:4b:f3:3f:60:b2:7b:f0:35:d0:4d:e5:
                    55:44:1f:7f:dc:65:13:38:4f:cb:ef:2c:9c:06:31:
                    49:5c:0f:63:7e:15:39:cf:91:96:ec:a8:cf:df:74:
                    29:39:4a:9a:c0:3b:ce:4b:d4:0c:13:66:73:73:01:
                    7e:d1:66:8a:7b:71:8d:58:82:36:ad:cc:d0:27:2f:
                    b3:34:92:59:b7:cf:d9:cd:d0:c6:39:06:c5:72:99:
                    fa:b2:bd:95:52:5d:65:07:06:c2:17:d1:c5:77:d0:
                    01:66:88:f6:fd:c2:98:a2:8f:5c:05:39:89:77:52:
                    46:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:56:60:CB:3B:09:A3:6D:CC:17:7E:E3:6C:F3:4F:70:84:2B:4D:A0
            X509v3 Authority Key Identifier:
                keyid:6E:87:10:4A:4D:B4:C4:63:71:A7:F8:B6:A4:41:FC:30:EC:DF:E2:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bocQSk20xGNxp_i2pEH8MOzf4g8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/ZFZgyzsJo23MF37jbPNPcIQrTaA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/bocQSk20xGNxp_i2pEH8MOzf4g8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:b241:56::/48

    Signature Algorithm: sha256WithRSAEncryption
         8b:27:5d:30:c1:99:37:e3:2c:8d:66:e8:87:18:ee:f4:81:4f:
         b1:88:ab:6e:09:de:53:15:bb:29:dd:0b:ec:59:8e:0f:45:9e:
         d2:fb:1c:a8:ff:16:fd:cb:02:a3:27:38:67:e9:42:1b:d9:40:
         80:4f:52:cc:e6:f6:32:2c:04:b6:f5:ff:7c:3a:62:a3:eb:97:
         f9:ae:34:de:95:06:8f:19:c4:8e:62:3f:e8:03:21:8d:b0:77:
         e0:43:db:06:0a:e1:12:15:34:9f:57:aa:9a:9c:83:7a:ea:0d:
         db:7b:ee:4b:6b:cf:d8:07:af:aa:9c:ad:57:a2:e9:5f:35:06:
         d1:ee:67:32:17:a1:84:a7:62:fa:d5:9e:5c:bd:39:24:c5:1d:
         2a:a0:25:ac:67:f0:c4:26:57:6c:38:20:c2:97:5c:ca:8a:90:
         cc:fa:6d:eb:0a:fe:15:65:1a:8a:34:27:1b:bd:cf:3e:d2:0a:
         5b:37:9d:6f:6c:94:e3:84:80:fd:91:38:1d:7e:29:c5:86:3f:
         37:c2:cd:fc:2d:04:64:09:14:be:0e:91:44:75:fb:f0:24:7c:
         1f:eb:8e:13:50:6a:ed:41:1a:86:f5:ee:77:ad:b9:ff:e7:4f:
         1a:11:a6:63:68:ac:47:9d:a9:e8:f5:a5:1b:c8:9c:7e:0b:89:
         90:b1:75:75
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY2B8LadNdDhTnSpGZiTP70yMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZlODcxMDRhNGRiNGM0NjM3MWE3ZjhiNmE0NDFmYzMwZWNk
ZmUyMGYwHhcNMjQwMjA3MDUwMDUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NDU2NjBjYjNiMDlhMzZkY2MxNzdlZTM2Y2YzNGY3MDg0MmI0ZGEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhf7fLbWOrfVye/V6W/AhluimV8F5
5mG0ly+wFt32CyRVKJCHqHOP694yJhQ1pdjXOYKirisVGVT/1gPJrb7tA4GzjmaW
B4/FHPIp41F54wBdt2oudUAKXxwkAAtT9jmWhMRGwJzs2J3VF9rqFKyZxTVuU835
Hh2yICv27Lw5kjtGdBYsRSU3JUvfS/M/YLJ78DXQTeVVRB9/3GUTOE/L7yycBjFJ
XA9jfhU5z5GW7KjP33QpOUqawDvOS9QME2ZzcwF+0WaKe3GNWII2rczQJy+zNJJZ
t8/ZzdDGOQbFcpn6sr2VUl1lBwbCF9HFd9ABZoj2/cKYoo9cBTmJd1JG+wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFGRWYMs7CaNtzBd+42zzT3CEK02gMB8GA1UdIwQY
MBaAFG6HEEpNtMRjcaf4tqRB/DDs3+IPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYm9jUVNrMjB4R054cF9pMnBFSDhNT3pmNGc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9iODdlYzAtZjc1YS00YmJlLWIwNjct
YjcxNzk4MGU0YWQ2LzEvWkZaZ3l6c0pvMjNNRjM3amJQTlBjSVFyVGFBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9iODdlYzAtZjc1YS00YmJlLWIwNjctYjcxNzk4MGU0YWQ2
LzEvYm9jUVNrMjB4R054cF9pMnBFSDhNT3pmNGc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+yQQBW
MA0GCSqGSIb3DQEBCwUAA4IBAQCLJ10wwZk34yyNZuiHGO70gU+xiKtuCd5TFbsp
3QvsWY4PRZ7S+xyo/xb9ywKjJzhn6UIb2UCAT1LM5vYyLAS29f98OmKj65f5rjTe
lQaPGcSOYj/oAyGNsHfgQ9sGCuESFTSfV6qanIN66g3be+5La8/YB6+qnK1Xoulf
NQbR7mcyF6GEp2L61Z5cvTkkxR0qoCWsZ/DEJldsOCDCl1zKipDM+m3rCv4VZRqK
NCcbvc8+0gpbN51vbJTjhID9kTgdfinFhj83ws38LQRkCRS+DpFEdfvwJHwf644T
UGrtQRqG9e53rbn/508aEaZjaKxHnano9aUbyJx+C4mQsXV1
-----END CERTIFICATE-----