Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/fncC1g2pWsCTM3tWpZkZHciWadU.roa
File:                     fncC1g2pWsCTM3tWpZkZHciWadU.roa (raw, json)
Hash identifier:          1VH4nC0t9870vd3z+4xA5PlHkyxYkPzlKSh1h3M2DVE=
Subject key identifier:   7E:77:02:D6:0D:A9:5A:C0:93:33:7B:56:A5:99:19:1D:C8:96:69:D5
Certificate issuer:       /CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
Certificate serial:       018CC4256072829DF8C0C26B15F488B38F54
Authority key identifier: B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/fncC1g2pWsCTM3tWpZkZHciWadU.roa
Signing time:             Mon 01 Jan 2024 08:30:32 +0000
ROA not before:           Mon 01 Jan 2024 08:30:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51999
IP address blocks:        2a0b:b83:d5::/48 maxlen: 48
                          2a0b:b83:d6::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:12:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:60:72:82:9d:f8:c0:c2:6b:15:f4:88:b3:8f:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
        Validity
            Not Before: Jan  1 08:30:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7e7702d60da95ac093337b56a599191dc89669d5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:81:37:fe:52:b8:04:fa:69:02:9a:d0:42:e5:
                    80:f9:f9:c3:b2:f6:8d:bf:88:41:5a:19:dd:2e:4c:
                    a7:04:1a:be:93:20:8d:c1:0e:1c:ad:86:b9:63:3e:
                    ef:b3:06:56:60:d4:d3:39:70:85:4b:00:53:be:b4:
                    0c:ed:24:9e:b1:84:73:82:69:34:a7:40:54:b5:a2:
                    c2:81:aa:90:9f:1f:0a:df:cf:88:bd:c4:70:c1:2a:
                    4e:b1:b6:73:e1:b6:35:d2:4f:15:d6:aa:4b:07:1f:
                    e6:11:a6:01:61:f7:b5:ff:4b:f0:e5:83:b8:19:46:
                    71:70:64:16:57:f2:26:fe:a4:cf:25:6b:35:65:5f:
                    87:d9:20:72:34:74:fa:94:f3:8c:26:e4:48:d9:e1:
                    88:82:93:2a:6a:14:b3:61:fb:de:cc:38:4d:6a:55:
                    af:63:4d:25:45:1c:c3:06:b4:46:93:c0:20:b9:a0:
                    21:4a:5a:7c:44:58:7b:35:93:75:fa:dd:45:28:47:
                    da:27:f1:ba:36:a6:b6:cc:14:58:f0:08:90:20:4c:
                    25:47:0c:f7:ac:2f:89:7c:02:04:a3:50:9f:96:db:
                    51:8a:f0:99:bc:8c:ab:b7:3a:82:92:77:46:60:26:
                    3b:d5:06:ae:d9:2e:d7:1d:1c:50:06:90:b2:55:50:
                    2e:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:77:02:D6:0D:A9:5A:C0:93:33:7B:56:A5:99:19:1D:C8:96:69:D5
            X509v3 Authority Key Identifier:
                keyid:B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/fncC1g2pWsCTM3tWpZkZHciWadU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:b83:d5::-2a0b:b83:d6:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         63:16:72:cc:02:9a:8b:c7:fb:b4:6d:da:02:8e:47:5b:88:67:
         67:64:89:4c:9d:8d:5f:32:63:d5:9f:6c:e7:77:72:a5:02:d6:
         b7:b0:54:37:d7:87:3a:68:4c:1d:5d:59:e6:80:c2:b7:1c:c5:
         38:51:16:6d:53:79:70:47:eb:a8:49:df:9f:47:57:e5:b3:2b:
         9c:f1:46:83:16:a1:6c:9c:fb:c6:cf:92:27:74:72:91:e7:03:
         e4:bc:f9:5d:ab:5e:14:53:6b:db:59:40:18:e1:59:f5:e2:a7:
         80:53:18:5b:24:b6:bd:2b:e3:11:ef:62:f0:7a:37:34:8c:ac:
         f6:df:28:2f:f7:5f:2c:b7:b8:a3:ba:16:a9:4e:03:40:d6:ba:
         5e:60:52:57:25:3e:4a:c8:eb:28:86:1c:89:fb:5b:7d:0f:7c:
         1d:58:52:67:98:9a:6a:db:7b:eb:0b:75:80:b2:f5:fe:04:83:
         03:e1:c9:1f:3b:84:bb:ad:18:93:dc:e9:a9:cf:31:3a:6f:3a:
         0a:9b:d4:74:79:96:37:0e:09:67:b8:8f:af:d3:52:ae:aa:bc:
         46:53:a5:30:6f:d7:e2:d4:92:43:93:01:26:e5:51:b9:1a:b8:
         ae:98:34:a0:21:ce:1f:0f:4e:0c:27:ec:0c:d9:94:87:21:25:
         63:bf:f9:7d
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAYzEJWBygp34wMJrFfSIs49UMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxYTdiMGQ4ZGU4MjUxZDM2ZDdjODNmYWY2YmM3ZWZlYzcz
YjUwMzQwHhcNMjQwMTAxMDgzMDMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZTc3MDJkNjBkYTk1YWMwOTMzMzdiNTZhNTk5MTkxZGM4OTY2OWQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh4E3/lK4BPppAprQQuWA+fnDsvaN
v4hBWhndLkynBBq+kyCNwQ4crYa5Yz7vswZWYNTTOXCFSwBTvrQM7SSesYRzgmk0
p0BUtaLCgaqQnx8K38+IvcRwwSpOsbZz4bY10k8V1qpLBx/mEaYBYfe1/0vw5YO4
GUZxcGQWV/Im/qTPJWs1ZV+H2SByNHT6lPOMJuRI2eGIgpMqahSzYfvezDhNalWv
Y00lRRzDBrRGk8AguaAhSlp8RFh7NZN1+t1FKEfaJ/G6Nqa2zBRY8AiQIEwlRwz3
rC+JfAIEo1CflttRivCZvIyrtzqCkndGYCY71Qau2S7XHRxQBpCyVVAudwIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFH53AtYNqVrAkzN7VqWZGR3IlmnVMB8GA1UdIwQY
MBaAFLGnsNjeglHTbXyD+va8fv7HO1A0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2It
Mzk0YWNkMjFmMzliLzEvZm5jQzFnMnBXc0NUTTN0V3Baa1pIY2lXYWRVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2ItMzk0YWNkMjFmMzli
LzEvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAAjAUMBIDBwAqCwuD
ANUDBwAqCwuDANYwDQYJKoZIhvcNAQELBQADggEBAGMWcswCmovH+7Rt2gKOR1uI
Z2dkiUydjV8yY9WfbOd3cqUC1rewVDfXhzpoTB1dWeaAwrccxThRFm1TeXBH66hJ
359HV+WzK5zxRoMWoWyc+8bPkid0cpHnA+S8+V2rXhRTa9tZQBjhWfXip4BTGFsk
tr0r4xHvYvB6NzSMrPbfKC/3Xyy3uKO6FqlOA0DWul5gUlclPkrI6yiGHIn7W30P
fB1YUmeYmmrbe+sLdYCy9f4EgwPhyR87hLutGJPc6anPMTpvOgqb1HR5ljcOCWe4
j6/TUq6qvEZTpTBv1+LUkkOTASblUbkauK6YNKAhzh8PTgwn7AzZlIchJWO/+X0=
-----END CERTIFICATE-----