Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/120715-2689-4b1c-a6b8-417320cbae55/1/496ByrzWPl8PJun-VzRpUvKDKvE.roa
File:                     496ByrzWPl8PJun-VzRpUvKDKvE.roa (raw, json)
Hash identifier:          kOOTJUwY0teprOOKuLVPs3tfw09y5ojZzXuKu2Veukg=
Subject key identifier:   E3:DE:81:CA:BC:D6:3E:5F:0F:26:E9:FE:57:34:69:52:F2:83:2A:F1
Certificate issuer:       /CN=bb70b89281cdb761a04adcbc0ac41705413150e9
Certificate serial:       018CC49342C8DFC085DDBEF1C56DB171BFC1
Authority key identifier: BB:70:B8:92:81:CD:B7:61:A0:4A:DC:BC:0A:C4:17:05:41:31:50:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/u3C4koHNt2GgSty8CsQXBUExUOk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/120715-2689-4b1c-a6b8-417320cbae55/1/496ByrzWPl8PJun-VzRpUvKDKvE.roa
Signing time:             Mon 01 Jan 2024 10:30:34 +0000
ROA not before:           Mon 01 Jan 2024 10:30:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199545
IP address blocks:        2001:67c:bec::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/120715-2689-4b1c-a6b8-417320cbae55/1/u3C4koHNt2GgSty8CsQXBUExUOk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/120715-2689-4b1c-a6b8-417320cbae55/1/u3C4koHNt2GgSty8CsQXBUExUOk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/u3C4koHNt2GgSty8CsQXBUExUOk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:42:c8:df:c0:85:dd:be:f1:c5:6d:b1:71:bf:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bb70b89281cdb761a04adcbc0ac41705413150e9
        Validity
            Not Before: Jan  1 10:30:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e3de81cabcd63e5f0f26e9fe57346952f2832af1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:af:fe:eb:98:b2:dc:e5:45:14:25:b0:ec:82:
                    fd:15:2d:b8:2e:40:13:93:9e:44:ba:5c:b7:43:ff:
                    12:c8:42:81:30:fb:06:ca:77:40:5c:1d:00:fc:cc:
                    5d:7d:d8:a2:d9:7c:6a:70:f1:99:31:24:a1:bf:84:
                    c8:29:f5:4f:00:14:1d:fd:8f:af:b3:ae:c1:51:8d:
                    cd:6f:aa:14:1f:ba:64:0e:1d:0b:f9:aa:31:4f:de:
                    3b:91:05:5f:44:b2:ed:27:71:7a:c3:df:95:29:3b:
                    33:66:0c:a7:cd:00:4c:7b:9a:54:0c:07:59:9a:f9:
                    c2:af:55:d1:29:8d:f4:39:c1:70:68:ca:ee:65:2f:
                    e3:ef:dc:cf:39:c0:ec:46:a5:e2:4d:73:0c:1d:7a:
                    12:93:5e:a6:77:e4:22:c9:c2:f3:56:8a:fc:c4:fd:
                    1c:35:6a:69:dd:45:3d:13:bf:de:34:ca:d7:fd:e1:
                    3a:09:c5:b0:91:0a:a3:a0:fc:09:02:f7:b0:9b:ec:
                    57:bf:46:3b:63:ec:d8:ba:eb:7e:4b:9a:43:02:75:
                    d1:72:4f:51:ab:9d:0d:ab:55:e4:e7:8b:86:9d:1b:
                    09:9a:22:89:41:f6:88:40:73:c9:cd:76:ad:37:3d:
                    6e:93:96:63:f4:67:b5:a0:f6:19:53:eb:cc:f1:35:
                    15:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:DE:81:CA:BC:D6:3E:5F:0F:26:E9:FE:57:34:69:52:F2:83:2A:F1
            X509v3 Authority Key Identifier:
                keyid:BB:70:B8:92:81:CD:B7:61:A0:4A:DC:BC:0A:C4:17:05:41:31:50:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/u3C4koHNt2GgSty8CsQXBUExUOk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/120715-2689-4b1c-a6b8-417320cbae55/1/496ByrzWPl8PJun-VzRpUvKDKvE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/120715-2689-4b1c-a6b8-417320cbae55/1/u3C4koHNt2GgSty8CsQXBUExUOk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:bec::/48

    Signature Algorithm: sha256WithRSAEncryption
         5a:ed:9e:36:d0:76:fa:84:6a:5d:0b:5a:10:86:aa:18:a9:53:
         e6:dd:2f:0c:0e:bf:86:d9:ed:25:92:f0:70:aa:e9:ee:19:59:
         30:c6:fb:6b:da:00:4d:25:30:9c:f8:08:04:4b:0a:2d:a3:0a:
         be:9e:47:2d:fe:94:de:c1:49:3f:85:bc:b9:b8:5d:f1:93:25:
         24:03:ac:a7:12:46:b8:6d:b8:b5:dd:12:b2:37:75:66:a3:5c:
         96:08:f8:2b:95:38:bb:4f:e9:5c:9c:10:39:17:8c:b5:2b:a9:
         17:e0:3c:55:cd:f8:4b:b0:d8:df:6c:c7:59:02:bc:57:0f:89:
         a5:5c:2d:c8:f2:14:9d:b8:46:e7:af:af:32:4b:04:2d:39:cd:
         58:4e:33:41:9b:97:18:12:e7:00:6b:09:ec:a8:dd:89:d5:3f:
         65:32:98:12:54:87:c1:7a:95:f5:fb:de:47:ec:74:ab:c6:84:
         08:61:ad:fe:1c:0c:dd:88:95:b6:e6:80:9a:72:38:59:aa:e4:
         cf:cf:eb:d7:86:82:67:99:1e:45:4b:de:b3:e1:b3:8b:32:15:
         a2:b6:28:f4:dd:df:de:81:d5:59:ca:03:a4:47:07:b7:94:71:
         13:e3:0f:1d:94:98:68:93:4f:5d:08:95:80:b1:50:de:d0:36:
         10:41:65:9b
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzEk0LI38CF3b7xxW2xcb/BMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJiNzBiODkyODFjZGI3NjFhMDRhZGNiYzBhYzQxNzA1NDEz
MTUwZTkwHhcNMjQwMTAxMTAzMDM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlM2RlODFjYWJjZDYzZTVmMGYyNmU5ZmU1NzM0Njk1MmYyODMyYWYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwK/+65iy3OVFFCWw7IL9FS24LkAT
k55Euly3Q/8SyEKBMPsGyndAXB0A/Mxdfdii2XxqcPGZMSShv4TIKfVPABQd/Y+v
s67BUY3Nb6oUH7pkDh0L+aoxT947kQVfRLLtJ3F6w9+VKTszZgynzQBMe5pUDAdZ
mvnCr1XRKY30OcFwaMruZS/j79zPOcDsRqXiTXMMHXoSk16md+QiycLzVor8xP0c
NWpp3UU9E7/eNMrX/eE6CcWwkQqjoPwJAvewm+xXv0Y7Y+zYuut+S5pDAnXRck9R
q50Nq1Xk54uGnRsJmiKJQfaIQHPJzXatNz1uk5Zj9Ge1oPYZU+vM8TUVXQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFOPegcq81j5fDybp/lc0aVLygyrxMB8GA1UdIwQY
MBaAFLtwuJKBzbdhoErcvArEFwVBMVDpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdTNDNGtvSE50MkdnU3R5OENzUVhCVUV4VU9rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy8xMjA3MTUtMjY4OS00YjFjLWE2Yjgt
NDE3MzIwY2JhZTU1LzEvNDk2QnlyeldQbDhQSnVuLVZ6UnBVdktES3ZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy8xMjA3MTUtMjY4OS00YjFjLWE2YjgtNDE3MzIwY2JhZTU1
LzEvdTNDNGtvSE50MkdnU3R5OENzUVhCVUV4VU9rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfAvs
MA0GCSqGSIb3DQEBCwUAA4IBAQBa7Z420Hb6hGpdC1oQhqoYqVPm3S8MDr+G2e0l
kvBwqunuGVkwxvtr2gBNJTCc+AgESwotowq+nkct/pTewUk/hby5uF3xkyUkA6yn
Eka4bbi13RKyN3Vmo1yWCPgrlTi7T+lcnBA5F4y1K6kX4DxVzfhLsNjfbMdZArxX
D4mlXC3I8hSduEbnr68ySwQtOc1YTjNBm5cYEucAawnsqN2J1T9lMpgSVIfBepX1
+95H7HSrxoQIYa3+HAzdiJW25oCacjhZquTPz+vXhoJnmR5FS96z4bOLMhWitij0
3d/egdVZygOkRwe3lHET4w8dlJhok09dCJWAsVDe0DYQQWWb
-----END CERTIFICATE-----