Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7b/444437-6843-4ad4-b764-79cc52c06d4f/1/8MfZ80s9lVSXl_wOG0ks7ccbqVk.roa
File:                     8MfZ80s9lVSXl_wOG0ks7ccbqVk.roa (raw, json)
Hash identifier:          oD0Cyqed+CYgNER2PRAuKOWU+IG3acP1Eni8xWOvuRE=
Subject key identifier:   F0:C7:D9:F3:4B:3D:95:54:97:97:FC:0E:1B:49:2C:ED:C7:1B:A9:59
Certificate issuer:       /CN=b3398b5b1d9a96e4115b7bcf6fca63fbaf639ca7
Certificate serial:       018CC50005AE0386A18D00DF7127CE00D9BE
Authority key identifier: B3:39:8B:5B:1D:9A:96:E4:11:5B:7B:CF:6F:CA:63:FB:AF:63:9C:A7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/szmLWx2aluQRW3vPb8pj-69jnKc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7b/444437-6843-4ad4-b764-79cc52c06d4f/1/8MfZ80s9lVSXl_wOG0ks7ccbqVk.roa
Signing time:             Mon 01 Jan 2024 12:29:21 +0000
ROA not before:           Mon 01 Jan 2024 12:29:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     52192
IP address blocks:        2001:678:f40::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7b/444437-6843-4ad4-b764-79cc52c06d4f/1/szmLWx2aluQRW3vPb8pj-69jnKc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7b/444437-6843-4ad4-b764-79cc52c06d4f/1/szmLWx2aluQRW3vPb8pj-69jnKc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/szmLWx2aluQRW3vPb8pj-69jnKc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 25 Jun 2024 06:01:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:05:ae:03:86:a1:8d:00:df:71:27:ce:00:d9:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b3398b5b1d9a96e4115b7bcf6fca63fbaf639ca7
        Validity
            Not Before: Jan  1 12:29:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f0c7d9f34b3d95549797fc0e1b492cedc71ba959
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:88:cd:8c:f3:39:e2:c9:ec:35:fb:5a:87:f9:
                    55:da:bf:b6:74:07:c7:23:a3:ef:db:ce:8f:fb:37:
                    a5:af:98:57:35:a8:ed:ba:f6:9c:dd:6b:c2:b8:bc:
                    83:47:cd:9f:73:f6:42:d4:18:cf:ef:b0:82:6b:aa:
                    08:73:c9:28:e4:e6:44:9e:7e:e0:0c:31:39:0c:28:
                    41:14:31:6f:9a:08:79:33:fc:89:38:89:54:6e:5a:
                    16:0a:f1:cf:db:65:da:90:07:e7:f4:d9:d2:73:a1:
                    26:45:8c:cf:17:56:26:e6:51:66:87:b7:e2:8b:34:
                    de:08:12:51:39:e0:a6:36:f5:46:38:5e:e1:38:c0:
                    e1:78:ae:b9:82:dd:79:46:86:27:fa:65:e5:fc:f7:
                    6f:2f:9c:fb:19:b0:b5:3b:12:be:68:88:0e:ed:d8:
                    37:ff:be:cc:83:ca:ea:47:1c:1c:15:e3:04:d3:32:
                    aa:dc:a4:eb:3f:43:c8:51:1c:4b:5e:c6:d4:5a:ac:
                    5b:b3:da:68:75:07:76:47:7e:e9:20:a3:cb:97:fe:
                    db:e5:33:08:11:8c:56:53:f4:ed:a5:85:7b:ec:4f:
                    f6:e3:d9:37:f1:aa:d9:13:86:34:6c:9f:d6:9a:49:
                    0d:bb:0a:57:cc:a7:b6:47:63:eb:0e:e4:83:f8:8e:
                    0d:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:C7:D9:F3:4B:3D:95:54:97:97:FC:0E:1B:49:2C:ED:C7:1B:A9:59
            X509v3 Authority Key Identifier:
                keyid:B3:39:8B:5B:1D:9A:96:E4:11:5B:7B:CF:6F:CA:63:FB:AF:63:9C:A7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/szmLWx2aluQRW3vPb8pj-69jnKc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/444437-6843-4ad4-b764-79cc52c06d4f/1/8MfZ80s9lVSXl_wOG0ks7ccbqVk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/444437-6843-4ad4-b764-79cc52c06d4f/1/szmLWx2aluQRW3vPb8pj-69jnKc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:f40::/48

    Signature Algorithm: sha256WithRSAEncryption
         1a:ad:f8:c4:32:6a:c0:ad:12:d9:b5:a2:af:2d:86:ff:e6:3b:
         30:12:aa:a8:85:65:91:b6:e0:b7:d4:6c:91:66:07:94:8b:9f:
         95:e2:31:35:07:46:3b:f2:b8:81:c4:0a:bd:cf:00:fb:f6:34:
         31:13:12:8f:5a:9d:ec:e3:7c:e6:02:f0:ff:16:ce:76:2b:0f:
         71:fb:52:a5:3f:fa:99:e5:89:4c:72:b1:c2:6a:8e:97:49:38:
         c3:e7:92:20:98:76:87:e2:ed:68:07:c4:5b:d7:c2:d1:87:2b:
         03:35:b5:71:29:12:54:9c:c9:a8:73:75:4b:1f:ba:5d:1e:15:
         0b:7e:41:07:06:97:69:cd:4c:50:16:79:cb:d9:ae:e7:51:1f:
         0a:e6:0d:0f:e0:97:00:81:fb:f0:6d:8a:54:a8:15:a4:9c:3d:
         31:0c:06:c3:c8:ff:21:ac:fd:05:4e:14:fa:6c:51:27:db:e0:
         ba:1b:ee:b5:f5:ce:1c:4b:07:3d:47:aa:c4:a6:a9:75:68:b3:
         bc:91:78:91:b8:e4:81:7a:9e:65:da:39:ee:0a:a9:5d:72:4d:
         44:56:37:76:0e:41:79:ac:a5:e5:e6:61:0b:1f:35:42:c7:7e:
         e2:08:82:64:6c:b3:6e:e2:66:72:49:d9:4d:85:c7:c2:bb:d5:
         9d:60:91:36
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzFAAWuA4ahjQDfcSfOANm+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzMzk4YjViMWQ5YTk2ZTQxMTViN2JjZjZmY2E2M2ZiYWY2
MzljYTcwHhcNMjQwMTAxMTIyOTIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMGM3ZDlmMzRiM2Q5NTU0OTc5N2ZjMGUxYjQ5MmNlZGM3MWJhOTU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi4jNjPM54snsNftah/lV2r+2dAfH
I6Pv286P+zelr5hXNajtuvac3WvCuLyDR82fc/ZC1BjP77CCa6oIc8ko5OZEnn7g
DDE5DChBFDFvmgh5M/yJOIlUbloWCvHP22XakAfn9NnSc6EmRYzPF1Ym5lFmh7fi
izTeCBJROeCmNvVGOF7hOMDheK65gt15RoYn+mXl/PdvL5z7GbC1OxK+aIgO7dg3
/77Mg8rqRxwcFeME0zKq3KTrP0PIURxLXsbUWqxbs9podQd2R37pIKPLl/7b5TMI
EYxWU/TtpYV77E/249k38arZE4Y0bJ/WmkkNuwpXzKe2R2PrDuSD+I4NRwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFPDH2fNLPZVUl5f8DhtJLO3HG6lZMB8GA1UdIwQY
MBaAFLM5i1sdmpbkEVt7z2/KY/uvY5ynMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc3ptTFd4MmFsdVFSVzN2UGI4cGotNjlqbktjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yi80NDQ0MzctNjg0My00YWQ0LWI3NjQt
NzljYzUyYzA2ZDRmLzEvOE1mWjgwczlsVlNYbF93T0cwa3M3Y2NicVZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yi80NDQ0MzctNjg0My00YWQ0LWI3NjQtNzljYzUyYzA2ZDRm
LzEvc3ptTFd4MmFsdVFSVzN2UGI4cGotNjlqbktjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeA9A
MA0GCSqGSIb3DQEBCwUAA4IBAQAarfjEMmrArRLZtaKvLYb/5jswEqqohWWRtuC3
1GyRZgeUi5+V4jE1B0Y78riBxAq9zwD79jQxExKPWp3s43zmAvD/Fs52Kw9x+1Kl
P/qZ5YlMcrHCao6XSTjD55IgmHaH4u1oB8Rb18LRhysDNbVxKRJUnMmoc3VLH7pd
HhULfkEHBpdpzUxQFnnL2a7nUR8K5g0P4JcAgfvwbYpUqBWknD0xDAbDyP8hrP0F
ThT6bFEn2+C6G+619c4cSwc9R6rEpql1aLO8kXiRuOSBep5l2jnuCqldck1EVjd2
DkF5rKXl5mELHzVCx37iCIJkbLNu4mZySdlNhcfCu9WdYJE2
-----END CERTIFICATE-----