Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/6d854c-c513-4290-95d4-93f9aefeeb12/1/16SVhbUlz4IQ9tIN3DumwLTziZI.roa
File:                     16SVhbUlz4IQ9tIN3DumwLTziZI.roa (raw, json)
Hash identifier:          ODSAhdKnM6LGhLx7U0Owo54N8V1Kfo82QfWRh4pPAE0=
Subject key identifier:   D7:A4:95:85:B5:25:CF:82:10:F6:D2:0D:DC:3B:A6:C0:B4:F3:89:92
Certificate issuer:       /CN=2bc27de0816f7e0b87a733dd3199089e537f261c
Certificate serial:       018CC49340551CB91F1A7F0B87D624B7CFCF
Authority key identifier: 2B:C2:7D:E0:81:6F:7E:0B:87:A7:33:DD:31:99:08:9E:53:7F:26:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/K8J94IFvfguHpzPdMZkInlN_Jhw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/6d854c-c513-4290-95d4-93f9aefeeb12/1/16SVhbUlz4IQ9tIN3DumwLTziZI.roa
Signing time:             Mon 01 Jan 2024 10:30:33 +0000
ROA not before:           Mon 01 Jan 2024 10:30:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201395
IP address blocks:        2001:678:740::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/6d854c-c513-4290-95d4-93f9aefeeb12/1/K8J94IFvfguHpzPdMZkInlN_Jhw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/6d854c-c513-4290-95d4-93f9aefeeb12/1/K8J94IFvfguHpzPdMZkInlN_Jhw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/K8J94IFvfguHpzPdMZkInlN_Jhw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:40:55:1c:b9:1f:1a:7f:0b:87:d6:24:b7:cf:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2bc27de0816f7e0b87a733dd3199089e537f261c
        Validity
            Not Before: Jan  1 10:30:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d7a49585b525cf8210f6d20ddc3ba6c0b4f38992
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:d9:76:64:1a:66:91:8f:45:5d:6b:9f:2d:c0:
                    05:f2:2b:54:e2:6a:1c:5d:a6:36:fa:16:c2:ea:59:
                    48:18:20:41:eb:4b:5a:b3:69:b2:5c:b5:4a:48:0c:
                    d9:46:86:4a:6a:d2:d0:06:b5:40:01:28:67:6a:f5:
                    ca:59:b7:af:f5:da:26:4a:08:90:d1:69:fc:93:57:
                    04:c9:e0:bb:29:65:97:5d:3e:7b:30:78:17:6f:90:
                    b9:3e:a8:d3:d9:81:2b:a2:6e:60:6d:5f:6b:43:e6:
                    25:ad:27:a8:b6:23:73:37:3b:4e:2c:30:99:cf:8d:
                    01:b7:90:d3:7c:41:65:bb:31:56:25:63:fe:79:28:
                    20:85:b3:5c:b0:67:2a:aa:ba:d0:54:0e:9a:1d:b6:
                    01:06:af:ff:06:8d:3e:68:12:18:aa:9c:95:3f:51:
                    9f:8d:95:a7:24:ca:c4:ca:8a:e6:6d:83:06:b3:ba:
                    6d:ac:78:d1:1a:57:7b:ce:e6:b2:73:a6:ec:76:aa:
                    a1:28:ac:35:74:3d:88:42:a9:c6:c0:1c:a2:51:86:
                    89:c4:18:ad:d1:79:08:56:ec:8b:64:9b:71:9a:db:
                    e2:72:89:83:d8:ce:9d:d9:8a:f6:75:13:49:5e:f3:
                    25:0b:1e:e1:ae:bc:c8:60:9b:4e:68:45:de:ca:92:
                    b8:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:A4:95:85:B5:25:CF:82:10:F6:D2:0D:DC:3B:A6:C0:B4:F3:89:92
            X509v3 Authority Key Identifier:
                keyid:2B:C2:7D:E0:81:6F:7E:0B:87:A7:33:DD:31:99:08:9E:53:7F:26:1C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/K8J94IFvfguHpzPdMZkInlN_Jhw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/6d854c-c513-4290-95d4-93f9aefeeb12/1/16SVhbUlz4IQ9tIN3DumwLTziZI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/6d854c-c513-4290-95d4-93f9aefeeb12/1/K8J94IFvfguHpzPdMZkInlN_Jhw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:740::/48

    Signature Algorithm: sha256WithRSAEncryption
         18:d7:f4:7e:cd:02:64:0f:ea:52:1e:50:24:12:2a:5d:26:1f:
         d6:c3:7e:a1:49:23:55:d2:88:89:8b:93:5d:73:b8:78:e2:b8:
         f3:cb:38:94:d0:dd:fe:7d:1d:49:89:02:b1:9b:8a:de:a9:dd:
         0b:cb:85:12:dd:87:2e:0f:85:f9:16:59:03:83:63:e4:53:5b:
         af:9f:99:86:47:fc:cb:df:a3:f8:37:15:38:c5:dc:d6:98:db:
         ee:7f:0b:6b:69:7d:99:f2:1c:76:0b:32:84:11:6a:fb:f2:6a:
         f2:e9:90:26:9b:76:dc:d0:8e:08:1f:c6:40:c1:1e:09:dd:c8:
         18:4f:0f:98:f7:17:e2:78:da:58:af:8e:2a:b1:10:05:97:c6:
         49:2f:08:2c:46:65:00:08:fa:a4:aa:5a:ce:0d:7f:21:40:c8:
         97:c8:77:63:6a:a1:5f:36:17:22:f6:75:23:1c:4b:7d:8e:57:
         a8:63:86:bc:2d:4f:83:b1:f1:cd:9b:56:f3:d4:eb:8f:81:b6:
         8c:a5:c9:a4:8c:5d:40:1b:9c:3b:16:a6:a5:fc:a7:d5:46:6b:
         71:d1:82:f8:a6:1b:e3:ae:cf:69:ab:5e:aa:ca:1e:f6:13:fe:
         87:21:1c:6e:26:ac:e5:b0:25:82:3f:68:c5:e5:b5:48:34:4b:
         f7:0f:83:c3
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzEk0BVHLkfGn8Lh9Ykt8/PMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJiYzI3ZGUwODE2ZjdlMGI4N2E3MzNkZDMxOTkwODllNTM3
ZjI2MWMwHhcNMjQwMTAxMTAzMDMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkN2E0OTU4NWI1MjVjZjgyMTBmNmQyMGRkYzNiYTZjMGI0ZjM4OTkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4tl2ZBpmkY9FXWufLcAF8itU4moc
XaY2+hbC6llIGCBB60tas2myXLVKSAzZRoZKatLQBrVAAShnavXKWbev9domSgiQ
0Wn8k1cEyeC7KWWXXT57MHgXb5C5PqjT2YErom5gbV9rQ+YlrSeotiNzNztOLDCZ
z40Bt5DTfEFluzFWJWP+eSgghbNcsGcqqrrQVA6aHbYBBq//Bo0+aBIYqpyVP1Gf
jZWnJMrEyormbYMGs7ptrHjRGld7zuayc6bsdqqhKKw1dD2IQqnGwByiUYaJxBit
0XkIVuyLZJtxmtvicomD2M6d2Yr2dRNJXvMlCx7hrrzIYJtOaEXeypK43QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFNeklYW1Jc+CEPbSDdw7psC084mSMB8GA1UdIwQY
MBaAFCvCfeCBb34Lh6cz3TGZCJ5TfyYcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSzhKOTRJRnZmZ3VIcHpQZE1aa0lubE5fSmh3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy82ZDg1NGMtYzUxMy00MjkwLTk1ZDQt
OTNmOWFlZmVlYjEyLzEvMTZTVmhiVWx6NElROXRJTjNEdW13TFR6aVpJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy82ZDg1NGMtYzUxMy00MjkwLTk1ZDQtOTNmOWFlZmVlYjEy
LzEvSzhKOTRJRnZmZ3VIcHpQZE1aa0lubE5fSmh3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeAdA
MA0GCSqGSIb3DQEBCwUAA4IBAQAY1/R+zQJkD+pSHlAkEipdJh/Ww36hSSNV0oiJ
i5Ndc7h44rjzyziU0N3+fR1JiQKxm4reqd0Ly4US3YcuD4X5FlkDg2PkU1uvn5mG
R/zL36P4NxU4xdzWmNvufwtraX2Z8hx2CzKEEWr78mry6ZAmm3bc0I4IH8ZAwR4J
3cgYTw+Y9xfieNpYr44qsRAFl8ZJLwgsRmUACPqkqlrODX8hQMiXyHdjaqFfNhci
9nUjHEt9jleoY4a8LU+DsfHNm1bz1OuPgbaMpcmkjF1AG5w7Fqal/KfVRmtx0YL4
phvjrs9pq16qyh72E/6HIRxuJqzlsCWCP2jF5bVINEv3D4PD
-----END CERTIFICATE-----