Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/DKvh1bGlUXmNCrWmuOVG4GtGHF4.roa
File:                     DKvh1bGlUXmNCrWmuOVG4GtGHF4.roa (raw, json)
Hash identifier:          QEKE/oH8JXdZYALLSjhKrUv4RB2R8yDcTQTVgNBzQKw=
Subject key identifier:   0C:AB:E1:D5:B1:A5:51:79:8D:0A:B5:A6:B8:E5:46:E0:6B:46:1C:5E
Certificate issuer:       /CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
Certificate serial:       018CC42554EE8571A3E182C243CEE5E823BF
Authority key identifier: B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/DKvh1bGlUXmNCrWmuOVG4GtGHF4.roa
Signing time:             Mon 01 Jan 2024 08:30:29 +0000
ROA not before:           Mon 01 Jan 2024 08:30:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        2a0b:b87:ffb0::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 23:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:54:ee:85:71:a3:e1:82:c2:43:ce:e5:e8:23:bf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
        Validity
            Not Before: Jan  1 08:30:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0cabe1d5b1a551798d0ab5a6b8e546e06b461c5e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:93:f1:92:2d:10:d5:7c:98:f7:70:dd:0d:f7:
                    2d:39:93:71:9e:da:69:3d:7f:28:1e:b0:44:29:26:
                    11:7b:5b:d5:b0:0a:21:0a:fe:f8:8d:e0:65:e6:ba:
                    94:89:2d:d6:7e:9b:f2:7c:40:7d:a4:65:1c:d3:15:
                    74:60:78:8d:e9:9e:38:16:86:ea:41:26:26:bb:89:
                    e1:41:89:20:dd:92:6e:78:74:3b:c8:2b:99:86:55:
                    0d:56:5f:e4:4a:ff:d0:52:16:37:0a:48:e0:1e:7a:
                    9c:75:79:4b:e3:6f:2d:da:2e:72:48:5a:e0:6d:bd:
                    de:cf:4b:e1:c6:87:75:f9:ed:d2:1b:4c:38:69:7b:
                    7f:97:2a:ed:ae:02:06:f4:bf:33:a3:74:de:c4:8c:
                    cf:87:b9:d1:12:74:7c:6e:21:da:2c:9b:95:b4:b7:
                    bb:f6:f8:35:aa:39:93:15:64:44:b7:86:c1:f5:cf:
                    09:5b:2b:6d:50:8f:eb:f1:a2:c0:e5:ea:7b:e7:d1:
                    13:65:00:76:d8:d9:2d:4c:8d:7e:8d:ee:ec:32:76:
                    d0:94:70:c4:f3:4e:53:ac:c1:d8:22:6c:25:57:ac:
                    73:ab:8d:26:d7:24:a1:87:2f:ad:b8:9f:ba:6b:fe:
                    e8:73:d4:52:4b:62:eb:e8:89:be:ae:89:3f:3b:d5:
                    b0:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:AB:E1:D5:B1:A5:51:79:8D:0A:B5:A6:B8:E5:46:E0:6B:46:1C:5E
            X509v3 Authority Key Identifier:
                keyid:B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/DKvh1bGlUXmNCrWmuOVG4GtGHF4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:b87:ffb0::/48

    Signature Algorithm: sha256WithRSAEncryption
         3f:93:a3:be:0c:06:4e:f9:3f:c8:50:dc:12:97:eb:cd:77:3f:
         07:11:2e:7a:65:a3:7a:8c:92:8d:03:3f:1a:c6:a8:4b:88:d3:
         b0:ba:73:59:07:66:f6:30:94:72:54:fe:38:d2:8d:8b:22:b1:
         c8:dc:85:50:55:0b:05:e7:26:70:e6:f4:18:7e:ee:66:a6:46:
         cd:81:c3:6b:e7:2f:e3:46:90:ff:bc:0a:44:c4:0e:4b:44:73:
         81:26:bf:e0:a8:e2:05:df:8a:69:27:a6:e9:47:db:11:e5:07:
         e3:28:36:60:0b:5f:ef:d4:67:dc:c0:4b:1f:2f:51:5c:d3:57:
         bd:38:96:5d:c9:e0:bd:9e:86:41:e8:36:db:d3:db:56:c5:15:
         08:2e:69:fd:2a:e6:de:fd:44:ee:d4:4a:37:d7:bc:a7:37:88:
         db:85:ad:a7:a9:de:93:77:99:2d:dd:68:6a:e2:5d:e7:96:6f:
         f0:45:c7:e5:b2:e2:8e:38:b0:e0:10:30:24:16:fc:30:32:1d:
         ea:f2:0b:be:08:00:31:ab:86:6a:24:0d:8e:5e:96:29:94:3e:
         54:5a:82:d3:98:0d:2d:32:a3:77:34:30:5b:b3:78:5b:5d:6b:
         ff:ae:d4:fd:78:d8:3e:f7:e4:e2:a2:1e:e7:db:51:00:0b:84:
         e0:1c:af:f0
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzEJVTuhXGj4YLCQ87l6CO/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxYTdiMGQ4ZGU4MjUxZDM2ZDdjODNmYWY2YmM3ZWZlYzcz
YjUwMzQwHhcNMjQwMTAxMDgzMDI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwY2FiZTFkNWIxYTU1MTc5OGQwYWI1YTZiOGU1NDZlMDZiNDYxYzVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv5Pxki0Q1XyY93DdDfctOZNxntpp
PX8oHrBEKSYRe1vVsAohCv74jeBl5rqUiS3WfpvyfEB9pGUc0xV0YHiN6Z44Fobq
QSYmu4nhQYkg3ZJueHQ7yCuZhlUNVl/kSv/QUhY3CkjgHnqcdXlL428t2i5ySFrg
bb3ez0vhxod1+e3SG0w4aXt/lyrtrgIG9L8zo3TexIzPh7nREnR8biHaLJuVtLe7
9vg1qjmTFWREt4bB9c8JWyttUI/r8aLA5ep759ETZQB22NktTI1+je7sMnbQlHDE
805TrMHYImwlV6xzq40m1yShhy+tuJ+6a/7oc9RSS2Lr6Im+rok/O9WwhwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFAyr4dWxpVF5jQq1prjlRuBrRhxeMB8GA1UdIwQY
MBaAFLGnsNjeglHTbXyD+va8fv7HO1A0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2It
Mzk0YWNkMjFmMzliLzEvREt2aDFiR2xVWG1OQ3JXbXVPVkc0R3RHSEY0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2ItMzk0YWNkMjFmMzli
LzEvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgsLh/+w
MA0GCSqGSIb3DQEBCwUAA4IBAQA/k6O+DAZO+T/IUNwSl+vNdz8HES56ZaN6jJKN
Az8axqhLiNOwunNZB2b2MJRyVP440o2LIrHI3IVQVQsF5yZw5vQYfu5mpkbNgcNr
5y/jRpD/vApExA5LRHOBJr/gqOIF34ppJ6bpR9sR5QfjKDZgC1/v1GfcwEsfL1Fc
01e9OJZdyeC9noZB6Dbb09tWxRUILmn9Kube/UTu1Eo317ynN4jbha2nqd6Td5kt
3Whq4l3nlm/wRcflsuKOOLDgEDAkFvwwMh3q8gu+CAAxq4ZqJA2OXpYplD5UWoLT
mA0tMqN3NDBbs3hbXWv/rtT9eNg+9+Tioh7n21EAC4TgHK/w
-----END CERTIFICATE-----