Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ba/f3d834-ceed-4bbd-abe1-5a37126705ad/1/z3sfCaCrVYowOLMqU83svc0_e88.roa
File:                     z3sfCaCrVYowOLMqU83svc0_e88.roa (raw, json)
Hash identifier:          tXmcQddBFp9h9uEZGIi82JzUDcZAdC/peB+oOKJxAQ4=
Subject key identifier:   CF:7B:1F:09:A0:AB:55:8A:30:38:B3:2A:53:CD:EC:BD:CD:3F:7B:CF
Certificate issuer:       /CN=0fabeb6ef820d3d52f05372233c541ee4b14f361
Certificate serial:       018CC64B8056BEAF9EBD73FABDEF4C3AE995
Authority key identifier: 0F:AB:EB:6E:F8:20:D3:D5:2F:05:37:22:33:C5:41:EE:4B:14:F3:61
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/D6vrbvgg09UvBTciM8VB7ksU82E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ba/f3d834-ceed-4bbd-abe1-5a37126705ad/1/z3sfCaCrVYowOLMqU83svc0_e88.roa
Signing time:             Mon 01 Jan 2024 18:31:25 +0000
ROA not before:           Mon 01 Jan 2024 18:31:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207632
IP address blocks:        2001:678:be0::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ba/f3d834-ceed-4bbd-abe1-5a37126705ad/1/D6vrbvgg09UvBTciM8VB7ksU82E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ba/f3d834-ceed-4bbd-abe1-5a37126705ad/1/D6vrbvgg09UvBTciM8VB7ksU82E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/D6vrbvgg09UvBTciM8VB7ksU82E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 07:01:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:80:56:be:af:9e:bd:73:fa:bd:ef:4c:3a:e9:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0fabeb6ef820d3d52f05372233c541ee4b14f361
        Validity
            Not Before: Jan  1 18:31:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cf7b1f09a0ab558a3038b32a53cdecbdcd3f7bcf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ef:99:b6:17:6b:1b:e6:3f:e3:2b:f9:cc:1d:9a:
                    cd:b3:fc:d9:90:3b:09:90:89:01:b4:c1:ae:97:03:
                    50:e0:b1:53:5a:43:8e:7d:cc:79:58:d1:36:7c:38:
                    7a:a7:61:06:4c:fa:c5:d6:ec:f7:a3:28:31:b9:a0:
                    d4:33:2a:c9:7e:67:b7:e5:7b:d2:48:21:bb:9e:cc:
                    fa:ff:1f:e0:31:58:72:db:3f:f2:87:cd:16:3a:2a:
                    51:3f:04:02:b1:a7:4e:5b:a7:c3:51:12:1c:a0:82:
                    0d:7a:46:98:ff:ac:be:f6:bb:0c:17:77:1f:59:0c:
                    ba:2e:e9:3f:4b:d8:f5:54:31:31:09:93:5d:bb:8c:
                    52:89:74:c0:b1:4e:b8:f7:76:54:5e:9a:3f:15:2b:
                    31:c0:6d:6e:6c:3b:e8:86:37:9e:57:fa:2a:71:af:
                    6e:b8:54:84:38:bc:6c:50:58:a2:93:48:c8:5b:97:
                    43:94:aa:43:ba:ad:cb:1f:97:f0:77:56:23:c6:4e:
                    12:70:cc:32:e7:46:f5:88:9e:24:0e:96:2e:24:e0:
                    ae:2e:65:f8:e4:40:73:01:bb:0e:f5:7a:8b:35:16:
                    46:82:26:68:3a:93:ff:23:ef:05:35:bf:7d:c6:e6:
                    c0:a7:d0:8e:8e:68:bd:a4:66:e3:f4:4b:48:57:d1:
                    0d:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:7B:1F:09:A0:AB:55:8A:30:38:B3:2A:53:CD:EC:BD:CD:3F:7B:CF
            X509v3 Authority Key Identifier:
                keyid:0F:AB:EB:6E:F8:20:D3:D5:2F:05:37:22:33:C5:41:EE:4B:14:F3:61

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/D6vrbvgg09UvBTciM8VB7ksU82E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/f3d834-ceed-4bbd-abe1-5a37126705ad/1/z3sfCaCrVYowOLMqU83svc0_e88.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/f3d834-ceed-4bbd-abe1-5a37126705ad/1/D6vrbvgg09UvBTciM8VB7ksU82E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:be0::/48

    Signature Algorithm: sha256WithRSAEncryption
         73:0b:2e:3e:50:5b:48:ed:2f:4d:df:49:ee:71:1e:9e:55:21:
         6a:ac:b5:b4:b3:14:18:f9:29:05:09:b4:f6:8c:e6:d2:49:cb:
         d3:48:09:89:57:55:14:5a:15:18:bb:4a:fc:e2:0f:8c:75:4d:
         62:c9:c7:c7:89:d3:cf:28:69:1b:ed:e3:f6:8c:37:24:1d:4c:
         a1:e0:7e:ab:8d:04:f8:61:76:41:c5:af:d6:b4:e0:6b:30:4b:
         95:49:c2:c1:f6:8a:36:c9:b3:84:f3:6c:11:1b:04:42:e4:55:
         65:35:5b:8c:83:74:dd:a1:75:f5:54:6b:cd:3e:49:c7:20:08:
         7c:fa:af:97:92:09:0d:49:a6:b6:e4:f8:d1:6e:11:30:46:08:
         bf:ce:c5:b1:ed:20:d3:3b:d6:d3:a4:71:35:20:20:fe:b8:80:
         81:08:7a:53:5c:b7:50:27:56:3a:5d:59:d4:94:4c:e3:72:ba:
         0f:42:da:28:ea:47:41:27:09:11:37:b1:64:13:d8:73:8a:e8:
         d3:32:d2:4d:24:d7:d5:db:b8:7f:f2:a9:91:70:09:f8:11:18:
         1c:ad:c6:49:e6:8f:3e:30:a2:3d:1a:e6:06:e6:5a:b6:30:ea:
         92:a4:ca:d8:6b:89:bf:0e:8c:9c:8a:64:80:39:62:21:69:59:
         32:cc:82:4d
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzGS4BWvq+evXP6ve9MOumVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBmYWJlYjZlZjgyMGQzZDUyZjA1MzcyMjMzYzU0MWVlNGIx
NGYzNjEwHhcNMjQwMTAxMTgzMTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZjdiMWYwOWEwYWI1NThhMzAzOGIzMmE1M2NkZWNiZGNkM2Y3YmNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA75m2F2sb5j/jK/nMHZrNs/zZkDsJ
kIkBtMGulwNQ4LFTWkOOfcx5WNE2fDh6p2EGTPrF1uz3oygxuaDUMyrJfme35XvS
SCG7nsz6/x/gMVhy2z/yh80WOipRPwQCsadOW6fDURIcoIINekaY/6y+9rsMF3cf
WQy6Luk/S9j1VDExCZNdu4xSiXTAsU6493ZUXpo/FSsxwG1ubDvohjeeV/oqca9u
uFSEOLxsUFiik0jIW5dDlKpDuq3LH5fwd1Yjxk4ScMwy50b1iJ4kDpYuJOCuLmX4
5EBzAbsO9XqLNRZGgiZoOpP/I+8FNb99xubAp9COjmi9pGbj9EtIV9ENPwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFM97Hwmgq1WKMDizKlPN7L3NP3vPMB8GA1UdIwQY
MBaAFA+r6274INPVLwU3IjPFQe5LFPNhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRDZ2cmJ2Z2cwOVV2QlRjaU04VkI3a3NVODJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYS9mM2Q4MzQtY2VlZC00YmJkLWFiZTEt
NWEzNzEyNjcwNWFkLzEvejNzZkNhQ3JWWW93T0xNcVU4M3N2YzBfZTg4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYS9mM2Q4MzQtY2VlZC00YmJkLWFiZTEtNWEzNzEyNjcwNWFk
LzEvRDZ2cmJ2Z2cwOVV2QlRjaU04VkI3a3NVODJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeAvg
MA0GCSqGSIb3DQEBCwUAA4IBAQBzCy4+UFtI7S9N30nucR6eVSFqrLW0sxQY+SkF
CbT2jObSScvTSAmJV1UUWhUYu0r84g+MdU1iycfHidPPKGkb7eP2jDckHUyh4H6r
jQT4YXZBxa/WtOBrMEuVScLB9oo2ybOE82wRGwRC5FVlNVuMg3TdoXX1VGvNPknH
IAh8+q+XkgkNSaa25PjRbhEwRgi/zsWx7SDTO9bTpHE1ICD+uICBCHpTXLdQJ1Y6
XVnUlEzjcroPQtoo6kdBJwkRN7FkE9hziujTMtJNJNfV27h/8qmRcAn4ERgcrcZJ
5o8+MKI9GuYG5lq2MOqSpMrYa4m/DoycimSAOWIhaVkyzIJN
-----END CERTIFICATE-----