Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/c36f83-8b35-4d05-a334-f98c483015d7/1/ErRM-7tBHr28VPyWbacul1wWqwc.roa
File:                     ErRM-7tBHr28VPyWbacul1wWqwc.roa (raw, json)
Hash identifier:          E9TEC7zMvQb6WeC6nHi1DxBFQetFl0kPVwPO1lXoJzY=
Subject key identifier:   12:B4:4C:FB:BB:41:1E:BD:BC:54:FC:96:6D:A7:2E:97:5C:16:AB:07
Certificate issuer:       /CN=d301991fc343f358c0f2eebae55cf2da34521c7a
Certificate serial:       018CC726CD5EF9D639DF6054BD37524479B3
Authority key identifier: D3:01:99:1F:C3:43:F3:58:C0:F2:EE:BA:E5:5C:F2:DA:34:52:1C:7A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0wGZH8ND81jA8u665Vzy2jRSHHo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/c36f83-8b35-4d05-a334-f98c483015d7/1/ErRM-7tBHr28VPyWbacul1wWqwc.roa
Signing time:             Mon 01 Jan 2024 22:30:58 +0000
ROA not before:           Mon 01 Jan 2024 22:30:58 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211005
IP address blocks:        2001:678:fe0::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/c36f83-8b35-4d05-a334-f98c483015d7/1/0wGZH8ND81jA8u665Vzy2jRSHHo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/c36f83-8b35-4d05-a334-f98c483015d7/1/0wGZH8ND81jA8u665Vzy2jRSHHo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0wGZH8ND81jA8u665Vzy2jRSHHo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:26:cd:5e:f9:d6:39:df:60:54:bd:37:52:44:79:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d301991fc343f358c0f2eebae55cf2da34521c7a
        Validity
            Not Before: Jan  1 22:30:58 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=12b44cfbbb411ebdbc54fc966da72e975c16ab07
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:6a:1d:df:78:bd:73:66:af:f3:97:8c:47:f5:
                    7e:b0:48:52:41:8e:5d:01:e8:38:99:05:b9:32:ba:
                    48:94:f7:5e:83:51:f7:37:ca:de:5b:8c:a8:c9:97:
                    86:e0:9f:87:6b:53:58:98:8c:61:9d:6d:58:21:38:
                    aa:1c:6e:5c:60:d7:47:e5:58:0c:b7:12:42:07:1e:
                    4f:f9:21:82:a6:d5:ef:18:90:35:0d:df:39:7d:53:
                    d9:75:2b:ea:5e:4d:77:d7:01:fb:cf:86:a2:b4:ba:
                    76:c4:8b:be:87:77:58:3d:24:13:29:7d:4e:68:39:
                    6e:69:5a:7a:30:22:e1:a9:09:e2:61:56:bb:6c:01:
                    53:a1:25:eb:72:c8:92:be:63:3e:c1:5d:b4:2d:eb:
                    c3:91:8a:92:c3:46:29:47:c0:5d:91:71:3e:c3:c8:
                    59:35:65:69:ce:74:2a:06:ed:cc:59:e1:a3:dd:80:
                    b5:28:6d:02:cd:8e:16:83:0f:00:73:b6:a2:66:d7:
                    e9:2c:b9:78:e6:2b:1f:a7:6e:aa:97:f1:36:5e:d0:
                    bc:5a:84:15:48:eb:6b:96:8c:04:6a:42:89:4e:c1:
                    12:f5:60:f8:d7:60:51:da:9e:f9:f9:3e:4b:63:67:
                    a1:1c:d1:75:ff:46:2b:d9:26:f9:a0:90:98:56:c0:
                    ca:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                12:B4:4C:FB:BB:41:1E:BD:BC:54:FC:96:6D:A7:2E:97:5C:16:AB:07
            X509v3 Authority Key Identifier:
                keyid:D3:01:99:1F:C3:43:F3:58:C0:F2:EE:BA:E5:5C:F2:DA:34:52:1C:7A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0wGZH8ND81jA8u665Vzy2jRSHHo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/c36f83-8b35-4d05-a334-f98c483015d7/1/ErRM-7tBHr28VPyWbacul1wWqwc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/c36f83-8b35-4d05-a334-f98c483015d7/1/0wGZH8ND81jA8u665Vzy2jRSHHo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:fe0::/48

    Signature Algorithm: sha256WithRSAEncryption
         40:52:f2:45:a9:43:04:26:75:f8:16:a4:07:bd:4f:06:db:60:
         93:da:46:54:c5:bf:64:d0:6a:cb:8f:52:98:9c:d7:93:af:66:
         cd:37:82:6e:d2:23:71:3c:41:a8:ca:ef:13:b3:79:8c:09:d9:
         02:ad:79:07:0c:d3:b9:67:37:66:88:de:6c:da:f5:a3:17:89:
         18:ef:9c:1b:de:b6:84:bc:72:89:84:20:f4:e0:5f:9b:74:e5:
         a0:98:e7:79:02:93:a3:6d:f7:39:1f:14:98:f7:a6:8c:ee:bd:
         e8:7a:82:74:79:df:f0:7f:c4:64:b6:e5:70:1f:45:ed:a1:fb:
         73:d7:51:8a:d8:52:0c:ef:9a:f0:40:d4:fd:74:ec:48:1b:97:
         a7:6f:c8:1e:b4:b0:22:04:a0:ae:6c:37:1d:5e:fa:7f:e7:5b:
         78:6c:85:48:2a:3d:bc:1c:72:4c:b5:81:b9:23:60:59:c0:40:
         13:65:cd:4d:e9:be:4a:38:a8:b9:ff:6e:f9:f6:32:96:30:49:
         d8:78:3a:92:9a:ba:bc:ac:c7:67:9d:3c:59:12:dd:de:f0:fd:
         66:cc:c1:ca:8e:68:d0:23:27:aa:41:5e:1c:d8:50:e8:10:23:
         a3:9a:b0:07:29:fa:cf:bd:be:d9:1c:51:0a:a5:ec:ac:8f:cc:
         c5:d4:40:ae
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzHJs1e+dY532BUvTdSRHmzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzMDE5OTFmYzM0M2YzNThjMGYyZWViYWU1NWNmMmRhMzQ1
MjFjN2EwHhcNMjQwMTAxMjIzMDU4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMmI0NGNmYmJiNDExZWJkYmM1NGZjOTY2ZGE3MmU5NzVjMTZhYjA3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsWod33i9c2av85eMR/V+sEhSQY5d
Aeg4mQW5MrpIlPdeg1H3N8reW4yoyZeG4J+Ha1NYmIxhnW1YITiqHG5cYNdH5VgM
txJCBx5P+SGCptXvGJA1Dd85fVPZdSvqXk131wH7z4aitLp2xIu+h3dYPSQTKX1O
aDluaVp6MCLhqQniYVa7bAFToSXrcsiSvmM+wV20LevDkYqSw0YpR8BdkXE+w8hZ
NWVpznQqBu3MWeGj3YC1KG0CzY4Wgw8Ac7aiZtfpLLl45isfp26ql/E2XtC8WoQV
SOtrlowEakKJTsES9WD412BR2p75+T5LY2ehHNF1/0Yr2Sb5oJCYVsDKswIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFBK0TPu7QR69vFT8lm2nLpdcFqsHMB8GA1UdIwQY
MBaAFNMBmR/DQ/NYwPLuuuVc8to0Uhx6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMHdHWkg4TkQ4MWpBOHU2NjVWenkyalJTSEhvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi9jMzZmODMtOGIzNS00ZDA1LWEzMzQt
Zjk4YzQ4MzAxNWQ3LzEvRXJSTS03dEJIcjI4VlB5V2JhY3VsMXdXcXdjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi9jMzZmODMtOGIzNS00ZDA1LWEzMzQtZjk4YzQ4MzAxNWQ3
LzEvMHdHWkg4TkQ4MWpBOHU2NjVWenkyalJTSEhvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeA/g
MA0GCSqGSIb3DQEBCwUAA4IBAQBAUvJFqUMEJnX4FqQHvU8G22CT2kZUxb9k0GrL
j1KYnNeTr2bNN4Ju0iNxPEGoyu8Ts3mMCdkCrXkHDNO5ZzdmiN5s2vWjF4kY75wb
3raEvHKJhCD04F+bdOWgmOd5ApOjbfc5HxSY96aM7r3oeoJ0ed/wf8RktuVwH0Xt
oftz11GK2FIM75rwQNT9dOxIG5enb8getLAiBKCubDcdXvp/51t4bIVIKj28HHJM
tYG5I2BZwEATZc1N6b5KOKi5/2759jKWMEnYeDqSmrq8rMdnnTxZEt3e8P1mzMHK
jmjQIyeqQV4c2FDoECOjmrAHKfrPvb7ZHFEKpeysj8zF1ECu
-----END CERTIFICATE-----