Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/uyAectNt_m2j8Nejsu-QcNBI7mM.roa
File:                     uyAectNt_m2j8Nejsu-QcNBI7mM.roa (raw, json)
Hash identifier:          rHyOilKPbuSneFevSnRSEWQ4qZZFUa7oU80/fphs/zs=
Subject key identifier:   BB:20:1E:72:D3:6D:FE:6D:A3:F0:D7:A3:B2:EF:90:70:D0:48:EE:63
Certificate issuer:       /CN=cfcead390625edba1408108df57cea47160d70e5
Certificate serial:       018D08F6129842087F34AE4A73A10FE04FEF
Authority key identifier: CF:CE:AD:39:06:25:ED:BA:14:08:10:8D:F5:7C:EA:47:16:0D:70:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/z86tOQYl7boUCBCN9XzqRxYNcOU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/uyAectNt_m2j8Nejsu-QcNBI7mM.roa
Signing time:             Sun 14 Jan 2024 17:12:40 +0000
ROA not before:           Sun 14 Jan 2024 17:12:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215829
IP address blocks:        2a0f:7803:fe20::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/z86tOQYl7boUCBCN9XzqRxYNcOU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/z86tOQYl7boUCBCN9XzqRxYNcOU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/z86tOQYl7boUCBCN9XzqRxYNcOU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 09:01:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:08:f6:12:98:42:08:7f:34:ae:4a:73:a1:0f:e0:4f:ef
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cfcead390625edba1408108df57cea47160d70e5
        Validity
            Not Before: Jan 14 17:12:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bb201e72d36dfe6da3f0d7a3b2ef9070d048ee63
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:37:8c:ea:c7:2a:77:80:f4:46:bc:24:f5:08:
                    d5:fb:3d:74:66:f0:48:1e:9d:4c:3a:e5:fa:c4:38:
                    56:ee:09:93:c1:b6:6a:44:6b:f7:6a:26:c1:ff:c7:
                    83:38:ac:f5:a0:45:b7:3b:05:25:6e:2a:53:d8:0d:
                    95:1e:a5:66:36:81:e5:78:0a:46:b9:e3:2e:46:e3:
                    73:10:b3:72:07:61:82:2b:71:3f:80:7d:65:e5:a2:
                    6c:d9:d6:f5:83:6d:10:fd:67:fd:57:f7:8d:5a:d0:
                    44:8c:b2:1a:2c:e6:5a:03:76:80:e9:99:05:ea:46:
                    a8:e8:6e:b6:89:be:39:9b:80:a7:92:73:b0:86:f3:
                    f9:f2:de:3d:28:f4:3f:15:e4:6b:3d:02:29:2d:cf:
                    b0:db:0a:a4:91:d5:bf:3e:2d:38:38:0b:05:6f:86:
                    db:af:30:49:b7:07:cc:a9:f3:78:13:45:f7:d3:ad:
                    b0:33:aa:51:41:a7:d5:33:3d:11:b9:b6:d2:6b:9b:
                    59:7a:70:2e:da:77:59:08:57:71:ac:55:26:5a:8b:
                    fb:51:3c:e2:72:ce:82:5d:19:17:6d:9d:35:49:7d:
                    f7:ed:ad:53:c8:00:9b:e2:e8:9e:d4:19:05:c3:42:
                    d2:2c:be:d1:f7:d0:51:fd:08:1d:e0:88:aa:4e:b5:
                    2f:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:20:1E:72:D3:6D:FE:6D:A3:F0:D7:A3:B2:EF:90:70:D0:48:EE:63
            X509v3 Authority Key Identifier:
                keyid:CF:CE:AD:39:06:25:ED:BA:14:08:10:8D:F5:7C:EA:47:16:0D:70:E5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/z86tOQYl7boUCBCN9XzqRxYNcOU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/uyAectNt_m2j8Nejsu-QcNBI7mM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/z86tOQYl7boUCBCN9XzqRxYNcOU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:7803:fe20::/44

    Signature Algorithm: sha256WithRSAEncryption
         6f:81:35:d9:d3:7e:e2:0e:34:6b:b6:2b:07:06:60:68:1f:c6:
         04:60:a4:0d:33:56:40:2f:d2:01:2e:18:e8:7a:94:89:e5:e7:
         56:fe:11:00:fc:1f:ae:58:d5:b2:62:4d:9e:c5:f7:89:7d:d8:
         ee:c3:95:f9:9f:63:ab:8e:ef:d4:5e:77:6f:1a:9a:41:c8:b9:
         72:38:53:b8:f0:f5:3a:be:44:1a:80:d2:56:a1:89:02:76:11:
         d0:c6:1a:ef:dc:31:9b:70:5b:a5:31:fc:9a:bc:4e:a2:d1:e4:
         ea:9d:a0:22:e9:23:24:62:a1:42:e7:b9:06:e2:7f:23:20:b8:
         8f:70:14:de:1f:14:aa:a0:e1:86:9a:34:9f:6e:2f:b9:d6:a9:
         99:ee:b2:14:0d:1d:43:0c:0d:7f:1a:5b:95:d5:8b:67:9c:11:
         20:d2:e4:d3:12:e9:eb:8a:62:0c:76:0e:bf:c1:ec:73:1b:97:
         e8:dc:08:f5:b6:c3:30:e3:f3:f3:84:a4:fe:8f:db:f6:25:34:
         aa:4d:83:28:5f:1a:10:d8:a5:69:c2:3b:9f:22:c9:33:50:3b:
         88:3c:a5:12:44:30:73:ad:6e:07:4c:73:16:bf:d5:36:45:c3:
         63:00:84:bb:25:ef:99:54:c2:c6:10:92:83:c5:7f:82:02:2c:
         e1:1c:ce:34
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY0I9hKYQgh/NK5Kc6EP4E/vMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmY2VhZDM5MDYyNWVkYmExNDA4MTA4ZGY1N2NlYTQ3MTYw
ZDcwZTUwHhcNMjQwMTE0MTcxMjQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYjIwMWU3MmQzNmRmZTZkYTNmMGQ3YTNiMmVmOTA3MGQwNDhlZTYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlDeM6scqd4D0Rrwk9QjV+z10ZvBI
Hp1MOuX6xDhW7gmTwbZqRGv3aibB/8eDOKz1oEW3OwUlbipT2A2VHqVmNoHleApG
ueMuRuNzELNyB2GCK3E/gH1l5aJs2db1g20Q/Wf9V/eNWtBEjLIaLOZaA3aA6ZkF
6kao6G62ib45m4CnknOwhvP58t49KPQ/FeRrPQIpLc+w2wqkkdW/Pi04OAsFb4bb
rzBJtwfMqfN4E0X3062wM6pRQafVMz0RubbSa5tZenAu2ndZCFdxrFUmWov7UTzi
cs6CXRkXbZ01SX337a1TyACb4uie1BkFw0LSLL7R99BR/Qgd4IiqTrUv2wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFLsgHnLTbf5to/DXo7LvkHDQSO5jMB8GA1UdIwQY
MBaAFM/OrTkGJe26FAgQjfV86kcWDXDlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvejg2dE9RWWw3Ym9VQ0JDTjlYenFSeFlOY09VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNS9jNDY0N2EtNjA0Mi00ZmU4LWEyNzYt
ZjViNmE3MThmNGI1LzEvdXlBZWN0TnRfbTJqOE5lanN1LVFjTkJJN21NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNS9jNDY0N2EtNjA0Mi00ZmU4LWEyNzYtZjViNmE3MThmNGI1
LzEvejg2dE9RWWw3Ym9VQ0JDTjlYenFSeFlOY09VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg94A/4g
MA0GCSqGSIb3DQEBCwUAA4IBAQBvgTXZ037iDjRrtisHBmBoH8YEYKQNM1ZAL9IB
LhjoepSJ5edW/hEA/B+uWNWyYk2exfeJfdjuw5X5n2Orju/UXndvGppByLlyOFO4
8PU6vkQagNJWoYkCdhHQxhrv3DGbcFulMfyavE6i0eTqnaAi6SMkYqFC57kG4n8j
ILiPcBTeHxSqoOGGmjSfbi+51qmZ7rIUDR1DDA1/GluV1YtnnBEg0uTTEunrimIM
dg6/wexzG5fo3Aj1tsMw4/PzhKT+j9v2JTSqTYMoXxoQ2KVpwjufIskzUDuIPKUS
RDBzrW4HTHMWv9U2RcNjAIS7Je+ZVMLGEJKDxX+CAizhHM40
-----END CERTIFICATE-----