Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e1/825cce-0643-4b0b-94b8-b7273c8e3023/1/qTmNMBa38DUTGYBd4-h32UJvRZ4.roa
File:                     qTmNMBa38DUTGYBd4-h32UJvRZ4.roa (raw, json)
Hash identifier:          M6rJj8By9fDnWAaQx41VPQnFFrSQ4+uiQZEFFWeIjEs=
Subject key identifier:   A9:39:8D:30:16:B7:F0:35:13:19:80:5D:E3:E8:77:D9:42:6F:45:9E
Certificate issuer:       /CN=9dd642fd4e35595b5fd458a43a3acac8b91395ce
Certificate serial:       018CC6B93C37476295140BC47543FCB62565
Authority key identifier: 9D:D6:42:FD:4E:35:59:5B:5F:D4:58:A4:3A:3A:CA:C8:B9:13:95:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ndZC_U41WVtf1FikOjrKyLkTlc4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e1/825cce-0643-4b0b-94b8-b7273c8e3023/1/qTmNMBa38DUTGYBd4-h32UJvRZ4.roa
Signing time:             Mon 01 Jan 2024 20:31:17 +0000
ROA not before:           Mon 01 Jan 2024 20:31:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203496
IP address blocks:        2001:67c:1948::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e1/825cce-0643-4b0b-94b8-b7273c8e3023/1/ndZC_U41WVtf1FikOjrKyLkTlc4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e1/825cce-0643-4b0b-94b8-b7273c8e3023/1/ndZC_U41WVtf1FikOjrKyLkTlc4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ndZC_U41WVtf1FikOjrKyLkTlc4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 24 Jun 2024 10:01:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b9:3c:37:47:62:95:14:0b:c4:75:43:fc:b6:25:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9dd642fd4e35595b5fd458a43a3acac8b91395ce
        Validity
            Not Before: Jan  1 20:31:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a9398d3016b7f0351319805de3e877d9426f459e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:0e:ab:9f:c3:fe:8a:0c:e8:05:27:7f:76:30:
                    21:3b:99:f0:69:c3:28:28:0e:68:aa:38:89:d5:13:
                    ae:60:63:38:53:72:20:d3:b8:63:46:d7:07:9b:2d:
                    46:89:3a:40:4a:21:66:a1:9a:1d:df:57:e5:39:26:
                    88:28:ef:61:71:c4:5f:8d:54:00:c3:91:e0:00:99:
                    e8:5a:70:0c:3a:89:39:c0:8b:9e:bf:ba:b8:49:78:
                    6f:11:87:5f:37:ac:24:ad:e9:71:fd:06:0c:2b:5b:
                    9e:cc:fc:33:24:d4:5e:ff:48:e8:fc:4a:02:f1:8d:
                    41:94:46:f5:5c:e3:7c:b8:35:c7:5a:45:8a:8c:04:
                    88:16:8c:a0:d4:3e:18:78:a7:ee:55:65:a6:a5:42:
                    a6:16:54:51:5f:32:1a:9a:c3:d0:36:86:ba:74:79:
                    ed:67:14:00:bb:ec:91:b4:45:eb:96:10:8b:43:7e:
                    7d:65:ea:c6:ec:24:5c:16:e7:86:bc:f9:95:31:3e:
                    89:b9:42:f5:0d:19:2a:6c:21:13:7a:91:8d:5e:2d:
                    17:0f:fe:10:24:10:c5:4e:8d:f2:66:81:e6:32:b4:
                    7f:76:2d:5d:d5:e9:1c:8c:07:7b:13:88:d2:a1:b7:
                    16:11:ae:79:97:cd:ef:37:fd:8f:e1:43:fe:04:cd:
                    75:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:39:8D:30:16:B7:F0:35:13:19:80:5D:E3:E8:77:D9:42:6F:45:9E
            X509v3 Authority Key Identifier:
                keyid:9D:D6:42:FD:4E:35:59:5B:5F:D4:58:A4:3A:3A:CA:C8:B9:13:95:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ndZC_U41WVtf1FikOjrKyLkTlc4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/825cce-0643-4b0b-94b8-b7273c8e3023/1/qTmNMBa38DUTGYBd4-h32UJvRZ4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/825cce-0643-4b0b-94b8-b7273c8e3023/1/ndZC_U41WVtf1FikOjrKyLkTlc4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:1948::/48

    Signature Algorithm: sha256WithRSAEncryption
         4c:d2:8b:d5:91:03:cd:0e:8a:7f:ac:19:48:dd:9f:b7:4e:24:
         0f:c3:5a:cb:f9:81:dc:6d:4d:3f:c1:8e:34:0f:20:84:9b:bc:
         9a:22:d4:62:e9:bd:63:8d:ef:f6:e0:4d:e4:27:49:c3:15:f8:
         3f:7c:55:18:b8:26:12:fa:62:55:3d:77:bb:c4:27:fd:cf:3c:
         4a:89:af:d2:e0:9b:3e:00:73:e4:73:4c:95:d3:f8:94:b1:53:
         cb:3b:b1:3a:fe:91:07:96:4f:5e:c0:58:87:37:20:1d:45:8f:
         44:ce:a4:26:8e:de:ae:55:53:ac:f3:9c:d0:c1:51:53:5c:4b:
         5a:9a:75:4c:f9:cb:6d:ed:7b:19:4b:f8:a3:ae:65:8f:b8:0f:
         f4:e8:92:67:f6:29:30:07:d7:0e:5d:cc:e6:77:8b:7b:ec:94:
         6b:10:4b:ba:c3:55:62:c3:35:c0:c9:ca:66:99:07:7b:aa:de:
         00:ad:af:90:09:7b:6b:fc:f1:ab:8b:3a:14:6b:1d:09:b4:bb:
         fc:0e:bd:b9:49:16:ce:cc:f1:f8:7b:85:55:9f:50:44:02:4c:
         0c:6e:07:51:f4:58:fe:4d:86:98:1d:08:9b:6b:85:84:fa:48:
         eb:86:13:d6:b4:b2:14:49:ec:56:28:2e:95:1d:e2:30:61:ae:
         cd:2c:1b:99
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzGuTw3R2KVFAvEdUP8tiVlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkZDY0MmZkNGUzNTU5NWI1ZmQ0NThhNDNhM2FjYWM4Yjkx
Mzk1Y2UwHhcNMjQwMTAxMjAzMTE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOTM5OGQzMDE2YjdmMDM1MTMxOTgwNWRlM2U4NzdkOTQyNmY0NTllMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqQ6rn8P+igzoBSd/djAhO5nwacMo
KA5oqjiJ1ROuYGM4U3Ig07hjRtcHmy1GiTpASiFmoZod31flOSaIKO9hccRfjVQA
w5HgAJnoWnAMOok5wIuev7q4SXhvEYdfN6wkrelx/QYMK1uezPwzJNRe/0jo/EoC
8Y1BlEb1XON8uDXHWkWKjASIFoyg1D4YeKfuVWWmpUKmFlRRXzIamsPQNoa6dHnt
ZxQAu+yRtEXrlhCLQ359ZerG7CRcFueGvPmVMT6JuUL1DRkqbCETepGNXi0XD/4Q
JBDFTo3yZoHmMrR/di1d1ekcjAd7E4jSobcWEa55l83vN/2P4UP+BM11EQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFKk5jTAWt/A1ExmAXePod9lCb0WeMB8GA1UdIwQY
MBaAFJ3WQv1ONVlbX9RYpDo6ysi5E5XOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbmRaQ19VNDFXVnRmMUZpa09qckt5TGtUbGM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMS84MjVjY2UtMDY0My00YjBiLTk0Yjgt
YjcyNzNjOGUzMDIzLzEvcVRtTk1CYTM4RFVUR1lCZDQtaDMyVUp2Ulo0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMS84MjVjY2UtMDY0My00YjBiLTk0YjgtYjcyNzNjOGUzMDIz
LzEvbmRaQ19VNDFXVnRmMUZpa09qckt5TGtUbGM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfBlI
MA0GCSqGSIb3DQEBCwUAA4IBAQBM0ovVkQPNDop/rBlI3Z+3TiQPw1rL+YHcbU0/
wY40DyCEm7yaItRi6b1jje/24E3kJ0nDFfg/fFUYuCYS+mJVPXe7xCf9zzxKia/S
4Js+AHPkc0yV0/iUsVPLO7E6/pEHlk9ewFiHNyAdRY9EzqQmjt6uVVOs85zQwVFT
XEtamnVM+ctt7XsZS/ijrmWPuA/06JJn9ikwB9cOXczmd4t77JRrEEu6w1ViwzXA
ycpmmQd7qt4Ara+QCXtr/PGrizoUax0JtLv8Dr25SRbOzPH4e4VVn1BEAkwMbgdR
9Fj+TYaYHQiba4WE+kjrhhPWtLIUSexWKC6VHeIwYa7NLBuZ
-----END CERTIFICATE-----