Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/PSke3DXH3xVvwGvbIObk1H6K3D4.roa
File:                     PSke3DXH3xVvwGvbIObk1H6K3D4.roa (raw, json)
Hash identifier:          aXCBT1NaTAeU1PsrnEqzm8DlkGz8uGJrcbTXU7BdTr0=
Subject key identifier:   3D:29:1E:DC:35:C7:DF:15:6F:C0:6B:DB:20:E6:E4:D4:7E:8A:DC:3E
Certificate issuer:       /CN=cfcead390625edba1408108df57cea47160d70e5
Certificate serial:       0190777F6F8E4117B561E6DECD3AD0807361
Authority key identifier: CF:CE:AD:39:06:25:ED:BA:14:08:10:8D:F5:7C:EA:47:16:0D:70:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/z86tOQYl7boUCBCN9XzqRxYNcOU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/PSke3DXH3xVvwGvbIObk1H6K3D4.roa
Signing time:             Wed 03 Jul 2024 07:29:18 +0000
ROA not before:           Wed 03 Jul 2024 07:29:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     151331
IP address blocks:        2a0f:7802:e000::/40 maxlen: 48
                          2a0f:7802:e100::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/z86tOQYl7boUCBCN9XzqRxYNcOU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/z86tOQYl7boUCBCN9XzqRxYNcOU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/z86tOQYl7boUCBCN9XzqRxYNcOU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:77:7f:6f:8e:41:17:b5:61:e6:de:cd:3a:d0:80:73:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cfcead390625edba1408108df57cea47160d70e5
        Validity
            Not Before: Jul  3 07:29:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3d291edc35c7df156fc06bdb20e6e4d47e8adc3e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:71:ba:8f:e9:22:74:d4:f7:62:6d:57:4c:0d:
                    8c:91:60:cf:dd:48:f5:a1:0e:e5:7f:28:9f:37:3a:
                    58:07:b2:7d:ba:3a:62:4a:9a:6b:f3:08:d9:ef:fa:
                    7c:e9:1a:5c:2b:11:4c:79:6f:4d:70:32:d1:2d:0d:
                    68:b3:7b:1e:9d:6f:5e:d5:b1:a5:31:66:2a:28:85:
                    6f:e0:f4:15:a5:79:46:46:6c:42:bf:7a:89:12:0a:
                    8e:1a:6e:56:90:82:73:c7:07:93:1c:95:f9:b5:4a:
                    f0:20:ba:15:35:45:13:da:60:04:34:17:62:2a:ef:
                    e4:6e:f6:b0:bd:8a:33:49:ec:2f:16:9d:03:d2:b4:
                    04:db:aa:fa:5a:da:bc:f1:de:44:e4:35:48:3f:fe:
                    9d:d9:e8:da:eb:00:fd:e2:5b:ee:91:03:06:e4:c4:
                    72:2b:e7:85:33:27:a9:4e:9d:5a:d6:33:5f:c1:b8:
                    e0:74:4d:05:a8:de:01:e9:8c:42:88:4f:1c:92:f9:
                    df:b9:f2:0a:96:bf:88:03:03:d0:12:aa:4c:8e:20:
                    b9:82:43:72:e2:ff:7c:67:bc:3c:87:61:6f:d8:b1:
                    04:6d:0b:f3:01:56:f7:ca:47:84:de:41:67:ef:5b:
                    cf:93:48:5c:99:0c:97:be:7f:e5:d5:64:92:fa:76:
                    bd:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:29:1E:DC:35:C7:DF:15:6F:C0:6B:DB:20:E6:E4:D4:7E:8A:DC:3E
            X509v3 Authority Key Identifier:
                keyid:CF:CE:AD:39:06:25:ED:BA:14:08:10:8D:F5:7C:EA:47:16:0D:70:E5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/z86tOQYl7boUCBCN9XzqRxYNcOU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/PSke3DXH3xVvwGvbIObk1H6K3D4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/z86tOQYl7boUCBCN9XzqRxYNcOU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:7802:e000::/39

    Signature Algorithm: sha256WithRSAEncryption
         80:87:bf:02:b8:c5:10:4f:4c:4e:63:11:d3:e6:67:30:14:6c:
         57:a3:d5:5c:e3:9f:29:e0:a8:03:a7:b0:69:9d:f7:ee:3a:b5:
         f7:7b:1c:64:ae:fc:e9:73:0b:32:a4:ab:f7:c2:51:d2:f2:50:
         f6:72:88:60:34:42:72:6e:0d:a0:08:ce:fb:68:52:22:4b:a6:
         13:12:d8:8f:72:26:a1:16:9a:69:14:ba:6d:b1:a8:6b:dc:ac:
         e6:a7:5e:c2:2b:5a:a3:c7:d9:0b:eb:0f:c0:8c:0e:2e:19:14:
         72:ea:5d:7d:44:5c:4c:ea:82:bd:b2:8b:89:50:af:20:ee:74:
         d2:b9:d5:3c:73:17:bb:46:e3:47:4b:53:e0:31:a3:40:76:82:
         c5:3a:9b:67:37:b9:e7:5e:e6:2c:02:2e:47:76:c6:09:27:d5:
         22:57:29:a0:1e:a6:9d:a4:9e:c4:37:a1:8b:27:70:47:42:7d:
         13:0f:6a:13:15:53:88:51:c5:da:01:5c:c0:ec:5f:0a:db:12:
         ba:40:43:c7:52:7c:81:2f:d8:78:54:23:a8:55:a5:fc:c2:0b:
         2b:2a:b4:e4:b8:5b:33:67:d4:35:20:6c:9c:98:f5:8a:07:50:
         41:1c:14:de:cf:63:71:79:ad:d8:fd:d3:4b:07:6d:3f:20:e9:
         42:6c:f5:3e
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZB3f2+OQRe1YebezTrQgHNhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmY2VhZDM5MDYyNWVkYmExNDA4MTA4ZGY1N2NlYTQ3MTYw
ZDcwZTUwHhcNMjQwNzAzMDcyOTE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZDI5MWVkYzM1YzdkZjE1NmZjMDZiZGIyMGU2ZTRkNDdlOGFkYzNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk3G6j+kidNT3Ym1XTA2MkWDP3Uj1
oQ7lfyifNzpYB7J9ujpiSppr8wjZ7/p86RpcKxFMeW9NcDLRLQ1os3senW9e1bGl
MWYqKIVv4PQVpXlGRmxCv3qJEgqOGm5WkIJzxweTHJX5tUrwILoVNUUT2mAENBdi
Ku/kbvawvYozSewvFp0D0rQE26r6Wtq88d5E5DVIP/6d2eja6wD94lvukQMG5MRy
K+eFMyepTp1a1jNfwbjgdE0FqN4B6YxCiE8ckvnfufIKlr+IAwPQEqpMjiC5gkNy
4v98Z7w8h2Fv2LEEbQvzAVb3ykeE3kFn71vPk0hcmQyXvn/l1WSS+na95wIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFD0pHtw1x98Vb8Br2yDm5NR+itw+MB8GA1UdIwQY
MBaAFM/OrTkGJe26FAgQjfV86kcWDXDlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvejg2dE9RWWw3Ym9VQ0JDTjlYenFSeFlOY09VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNS9jNDY0N2EtNjA0Mi00ZmU4LWEyNzYt
ZjViNmE3MThmNGI1LzEvUFNrZTNEWEgzeFZ2d0d2YklPYmsxSDZLM0Q0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNS9jNDY0N2EtNjA0Mi00ZmU4LWEyNzYtZjViNmE3MThmNGI1
LzEvejg2dE9RWWw3Ym9VQ0JDTjlYenFSeFlOY09VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYBKg94AuAw
DQYJKoZIhvcNAQELBQADggEBAICHvwK4xRBPTE5jEdPmZzAUbFej1VzjnyngqAOn
sGmd9+46tfd7HGSu/OlzCzKkq/fCUdLyUPZyiGA0QnJuDaAIzvtoUiJLphMS2I9y
JqEWmmkUum2xqGvcrOanXsIrWqPH2QvrD8CMDi4ZFHLqXX1EXEzqgr2yi4lQryDu
dNK51TxzF7tG40dLU+Axo0B2gsU6m2c3uede5iwCLkd2xgkn1SJXKaAepp2knsQ3
oYsncEdCfRMPahMVU4hRxdoBXMDsXwrbErpAQ8dSfIEv2HhUI6hVpfzCCysqtOS4
WzNn1DUgbJyY9YoHUEEcFN7PY3F5rdj900sHbT8g6UJs9T4=
-----END CERTIFICATE-----