Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/df/66fff3-bfa9-4732-b4b5-19769f578efd/1/7pNcq3TXWzbiE40eI1Wknl946II.roa
File:                     7pNcq3TXWzbiE40eI1Wknl946II.roa (raw, json)
Hash identifier:          Ie8QBX4Vs5YGncvCczK8DcSItzkYkI0YdOq0L5To3jU=
Subject key identifier:   EE:93:5C:AB:74:D7:5B:36:E2:13:8D:1E:23:55:A4:9E:5F:78:E8:82
Certificate issuer:       /CN=ffdbfbdb6e975ddca8f6dd968c37a7d5560e691d
Certificate serial:       018D7DA872B975E36B2816C3967D4DB152AC
Authority key identifier: FF:DB:FB:DB:6E:97:5D:DC:A8:F6:DD:96:8C:37:A7:D5:56:0E:69:1D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_9v7226XXdyo9t2WjDen1VYOaR0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/df/66fff3-bfa9-4732-b4b5-19769f578efd/1/7pNcq3TXWzbiE40eI1Wknl946II.roa
Signing time:             Tue 06 Feb 2024 09:03:27 +0000
ROA not before:           Tue 06 Feb 2024 09:03:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215568
IP address blocks:        2a10:3580::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/df/66fff3-bfa9-4732-b4b5-19769f578efd/1/_9v7226XXdyo9t2WjDen1VYOaR0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/df/66fff3-bfa9-4732-b4b5-19769f578efd/1/_9v7226XXdyo9t2WjDen1VYOaR0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_9v7226XXdyo9t2WjDen1VYOaR0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 27 Jun 2024 08:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:7d:a8:72:b9:75:e3:6b:28:16:c3:96:7d:4d:b1:52:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ffdbfbdb6e975ddca8f6dd968c37a7d5560e691d
        Validity
            Not Before: Feb  6 09:03:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ee935cab74d75b36e2138d1e2355a49e5f78e882
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:5c:18:f3:99:3c:ab:13:aa:bc:e5:36:50:09:
                    a1:e1:c1:23:8a:af:b0:ea:87:83:d3:d3:58:90:88:
                    9a:55:b3:53:ed:c5:8e:0a:44:3f:18:a1:2b:e8:43:
                    4d:17:ae:a5:52:97:5e:3e:8e:74:95:54:fc:02:b0:
                    fd:33:d4:42:16:46:d8:d8:c7:ae:62:26:b2:e4:e2:
                    49:94:5e:5d:5d:31:ce:81:c7:22:4d:9b:9a:e3:49:
                    f0:c7:56:91:fb:1f:53:b5:2b:9e:47:30:8c:be:f1:
                    66:39:13:a2:5a:fd:15:9c:e7:04:ec:00:6a:16:83:
                    c0:25:bd:91:44:c9:8c:10:9e:f2:ed:8d:a2:b1:1b:
                    f1:13:2e:11:44:1c:dd:01:69:30:bd:8b:45:80:e6:
                    29:a1:41:1b:70:c1:46:ec:0a:07:87:97:3c:91:6d:
                    2e:1e:b3:7b:2b:2e:cf:07:cf:44:7c:cd:a3:41:3b:
                    8d:d9:6d:fc:d2:f4:78:fa:f3:13:0a:fc:8f:a3:e8:
                    91:d7:8e:56:d7:7c:79:89:36:7f:f2:e7:0a:37:00:
                    0b:f5:17:58:53:90:1a:89:54:4d:6a:5f:ff:17:39:
                    60:29:ff:10:ce:cf:d6:59:33:85:a5:e0:5a:c5:9b:
                    87:1c:24:12:1e:b5:6d:8f:91:2b:b1:37:0a:de:8f:
                    12:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:93:5C:AB:74:D7:5B:36:E2:13:8D:1E:23:55:A4:9E:5F:78:E8:82
            X509v3 Authority Key Identifier:
                keyid:FF:DB:FB:DB:6E:97:5D:DC:A8:F6:DD:96:8C:37:A7:D5:56:0E:69:1D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_9v7226XXdyo9t2WjDen1VYOaR0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/df/66fff3-bfa9-4732-b4b5-19769f578efd/1/7pNcq3TXWzbiE40eI1Wknl946II.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/df/66fff3-bfa9-4732-b4b5-19769f578efd/1/_9v7226XXdyo9t2WjDen1VYOaR0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:3580::/29

    Signature Algorithm: sha256WithRSAEncryption
         69:6e:83:e6:63:ba:f0:26:83:18:13:5c:47:11:2b:b3:98:ef:
         4d:da:f2:f6:47:9d:5e:03:99:23:73:e3:92:5b:9e:02:17:ad:
         28:5c:f9:32:e6:f7:d1:81:e6:33:ac:f4:18:39:4f:01:5f:ed:
         ca:19:d9:52:1f:e8:ae:5e:ca:5b:2f:95:3d:c9:f0:8c:af:fe:
         a2:30:93:83:38:96:37:81:1d:f8:67:f6:5f:a4:02:32:47:f1:
         ad:cc:5b:41:63:33:d3:8c:af:5b:d8:8c:b5:d2:70:34:d0:b1:
         56:ea:ba:c4:66:00:5d:20:c3:6e:09:76:fb:cb:45:ea:ec:54:
         67:86:c7:fb:85:80:2a:d7:40:01:bc:83:12:c1:45:9d:02:65:
         3a:83:fb:bb:e7:9b:84:e0:cc:72:7d:40:99:92:82:d2:6f:81:
         10:40:2c:da:7b:ee:1f:5e:1b:10:b1:8e:00:50:e6:8f:96:1f:
         36:a9:9c:f7:3c:8a:aa:82:d4:c5:b6:a8:2a:aa:70:86:5a:1a:
         8d:44:3a:0d:ae:c5:25:9f:e3:9f:32:63:c1:91:42:77:72:68:
         45:3e:1b:ba:34:59:f5:2e:95:58:3d:3f:9b:df:6a:05:69:6f:
         9d:64:ac:4c:d5:f5:29:7b:e8:6f:a3:7a:40:fe:be:c8:33:45:
         af:9c:b2:fd
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAY19qHK5deNrKBbDln1NsVKsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmZGJmYmRiNmU5NzVkZGNhOGY2ZGQ5NjhjMzdhN2Q1NTYw
ZTY5MWQwHhcNMjQwMjA2MDkwMzI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZTkzNWNhYjc0ZDc1YjM2ZTIxMzhkMWUyMzU1YTQ5ZTVmNzhlODgyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqFwY85k8qxOqvOU2UAmh4cEjiq+w
6oeD09NYkIiaVbNT7cWOCkQ/GKEr6ENNF66lUpdePo50lVT8ArD9M9RCFkbY2Meu
Yiay5OJJlF5dXTHOgcciTZua40nwx1aR+x9TtSueRzCMvvFmOROiWv0VnOcE7ABq
FoPAJb2RRMmMEJ7y7Y2isRvxEy4RRBzdAWkwvYtFgOYpoUEbcMFG7AoHh5c8kW0u
HrN7Ky7PB89EfM2jQTuN2W380vR4+vMTCvyPo+iR145W13x5iTZ/8ucKNwAL9RdY
U5AaiVRNal//FzlgKf8Qzs/WWTOFpeBaxZuHHCQSHrVtj5ErsTcK3o8SgwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFO6TXKt011s24hONHiNVpJ5feOiCMB8GA1UdIwQY
MBaAFP/b+9tul13cqPbdlow3p9VWDmkdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzl2NzIyNlhYZHlvOXQyV2pEZW4xVllPYVIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZi82NmZmZjMtYmZhOS00NzMyLWI0YjUt
MTk3NjlmNTc4ZWZkLzEvN3BOY3EzVFhXemJpRTQwZUkxV2tubDk0NklJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZi82NmZmZjMtYmZhOS00NzMyLWI0YjUtMTk3NjlmNTc4ZWZk
LzEvXzl2NzIyNlhYZHlvOXQyV2pEZW4xVllPYVIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhA1gDAN
BgkqhkiG9w0BAQsFAAOCAQEAaW6D5mO68CaDGBNcRxErs5jvTdry9kedXgOZI3Pj
klueAhetKFz5Mub30YHmM6z0GDlPAV/tyhnZUh/orl7KWy+VPcnwjK/+ojCTgziW
N4Ed+Gf2X6QCMkfxrcxbQWMz04yvW9iMtdJwNNCxVuq6xGYAXSDDbgl2+8tF6uxU
Z4bH+4WAKtdAAbyDEsFFnQJlOoP7u+ebhODMcn1AmZKC0m+BEEAs2nvuH14bELGO
AFDmj5YfNqmc9zyKqoLUxbaoKqpwhloajUQ6Da7FJZ/jnzJjwZFCd3JoRT4bujRZ
9S6VWD0/m99qBWlvnWSsTNX1KXvob6N6QP6+yDNFr5yy/Q==
-----END CERTIFICATE-----