Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1d/e072d7-87c0-4b73-9a4d-2f03e32bd21a/1/8ACKP4PZ5YRjKK8ZlchlSYQdHzc.roa
File:                     8ACKP4PZ5YRjKK8ZlchlSYQdHzc.roa (raw, json)
Hash identifier:          9I4OZDpHUSi0xCBE7VYp3YKPV2QIfOHWfdHs7ZImmEg=
Subject key identifier:   F0:00:8A:3F:83:D9:E5:84:63:28:AF:19:95:C8:65:49:84:1D:1F:37
Certificate issuer:       /CN=e109e278c7862254c88755e4717398a552a49040
Certificate serial:       01914C8A2DA595143722C9734EC8842CF500
Authority key identifier: E1:09:E2:78:C7:86:22:54:C8:87:55:E4:71:73:98:A5:52:A4:90:40
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4QnieMeGIlTIh1XkcXOYpVKkkEA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1d/e072d7-87c0-4b73-9a4d-2f03e32bd21a/1/8ACKP4PZ5YRjKK8ZlchlSYQdHzc.roa
Signing time:             Tue 13 Aug 2024 16:20:09 +0000
ROA not before:           Tue 13 Aug 2024 16:20:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212226
IP address blocks:        2001:67c:b54::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1d/e072d7-87c0-4b73-9a4d-2f03e32bd21a/1/4QnieMeGIlTIh1XkcXOYpVKkkEA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1d/e072d7-87c0-4b73-9a4d-2f03e32bd21a/1/4QnieMeGIlTIh1XkcXOYpVKkkEA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4QnieMeGIlTIh1XkcXOYpVKkkEA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 16:00:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:4c:8a:2d:a5:95:14:37:22:c9:73:4e:c8:84:2c:f5:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e109e278c7862254c88755e4717398a552a49040
        Validity
            Not Before: Aug 13 16:20:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f0008a3f83d9e5846328af1995c86549841d1f37
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:d2:03:8e:67:46:ea:31:22:04:30:54:3f:d3:
                    46:01:3d:c5:c7:73:7c:a5:f6:3c:c4:30:5c:2b:b4:
                    07:f1:6d:4e:e3:1a:07:3b:2b:24:a3:5c:e3:b7:14:
                    81:c7:25:f0:64:c6:ea:d3:bf:8f:1e:4d:63:aa:7a:
                    5f:40:fe:75:71:57:4b:ad:48:ee:ab:c6:d6:b4:52:
                    4c:10:39:55:1c:ad:d2:f5:fd:6c:80:2f:ea:cb:88:
                    39:a2:eb:90:ed:ae:b9:14:3c:a1:af:f8:20:92:8a:
                    b1:3d:b1:18:5c:90:9a:03:ce:3a:23:72:7a:a7:a6:
                    e4:d3:0e:99:18:4b:43:62:b4:b0:eb:e0:c7:36:dd:
                    ff:c0:00:3b:ee:c2:94:dd:76:aa:ca:c2:5b:43:3c:
                    b3:b8:66:21:2c:ee:ba:2a:ff:59:a3:fc:d2:62:0a:
                    89:54:fc:bb:87:5e:95:f6:27:24:1e:c9:b3:5c:a3:
                    0f:56:6c:44:12:a9:6e:2b:7e:6e:5e:0f:de:26:5b:
                    8b:d8:23:78:16:5f:ed:74:c5:36:d9:06:24:89:4b:
                    73:39:96:dd:2a:99:4f:f3:e8:5e:8d:8e:f7:0c:0c:
                    82:ce:3f:5b:f2:ca:58:f3:be:01:8b:3d:b6:83:c6:
                    3a:36:f0:73:8c:e1:55:3b:66:39:03:f5:77:47:2b:
                    bb:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:00:8A:3F:83:D9:E5:84:63:28:AF:19:95:C8:65:49:84:1D:1F:37
            X509v3 Authority Key Identifier:
                keyid:E1:09:E2:78:C7:86:22:54:C8:87:55:E4:71:73:98:A5:52:A4:90:40

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4QnieMeGIlTIh1XkcXOYpVKkkEA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/e072d7-87c0-4b73-9a4d-2f03e32bd21a/1/8ACKP4PZ5YRjKK8ZlchlSYQdHzc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/e072d7-87c0-4b73-9a4d-2f03e32bd21a/1/4QnieMeGIlTIh1XkcXOYpVKkkEA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:b54::/48

    Signature Algorithm: sha256WithRSAEncryption
         7f:2d:c8:58:11:03:a4:bf:af:4b:b6:5d:05:b7:62:18:fd:bc:
         27:c5:20:56:d8:f6:eb:51:56:ea:71:66:f5:c7:22:88:e4:97:
         cf:67:6b:33:bb:e9:38:93:a6:82:22:3c:21:47:8c:ce:00:c8:
         4c:1c:85:8c:7e:41:80:0f:fb:96:45:c3:98:4b:bd:85:32:11:
         be:04:88:f0:43:7c:55:e9:c4:c1:1d:d7:1f:d7:b3:e8:4d:43:
         0a:0d:43:68:f1:5b:96:d7:57:60:d9:df:be:49:ef:6c:66:5d:
         cf:b0:ac:ef:35:d8:b5:a8:ef:10:a9:06:66:5a:a4:c4:2a:6a:
         35:ae:f8:a7:1a:09:1a:64:cc:23:7f:48:df:71:67:30:ba:13:
         93:b2:11:b9:4d:6d:e5:57:c3:0e:27:7a:6a:80:ad:1f:a5:78:
         b5:24:06:04:1e:f3:fb:74:a5:3d:76:72:29:46:5e:98:79:10:
         b4:af:90:e6:d7:88:a1:d2:7d:31:e7:c8:b6:2e:85:aa:9e:36:
         a0:8c:90:af:e5:59:58:2e:f8:68:6f:b3:49:22:a7:1a:a5:81:
         66:90:7e:78:b7:f9:ad:aa:34:1e:b9:03:fe:f9:63:2b:8a:2d:
         e6:06:c4:8c:ad:20:76:dc:d9:a9:e5:22:bd:fe:15:b9:e3:c4:
         04:f8:b4:0d
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZFMii2llRQ3IslzTsiELPUAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUxMDllMjc4Yzc4NjIyNTRjODg3NTVlNDcxNzM5OGE1NTJh
NDkwNDAwHhcNMjQwODEzMTYyMDA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMDAwOGEzZjgzZDllNTg0NjMyOGFmMTk5NWM4NjU0OTg0MWQxZjM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0NIDjmdG6jEiBDBUP9NGAT3Fx3N8
pfY8xDBcK7QH8W1O4xoHOysko1zjtxSBxyXwZMbq07+PHk1jqnpfQP51cVdLrUju
q8bWtFJMEDlVHK3S9f1sgC/qy4g5ouuQ7a65FDyhr/ggkoqxPbEYXJCaA846I3J6
p6bk0w6ZGEtDYrSw6+DHNt3/wAA77sKU3XaqysJbQzyzuGYhLO66Kv9Zo/zSYgqJ
VPy7h16V9ickHsmzXKMPVmxEEqluK35uXg/eJluL2CN4Fl/tdMU22QYkiUtzOZbd
KplP8+hejY73DAyCzj9b8spY874Biz22g8Y6NvBzjOFVO2Y5A/V3Ryu7bwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFPAAij+D2eWEYyivGZXIZUmEHR83MB8GA1UdIwQY
MBaAFOEJ4njHhiJUyIdV5HFzmKVSpJBAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNFFuaWVNZUdJbFRJaDFYa2NYT1lwVktra0VBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZC9lMDcyZDctODdjMC00YjczLTlhNGQt
MmYwM2UzMmJkMjFhLzEvOEFDS1A0UFo1WVJqS0s4WmxjaGxTWVFkSHpjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZC9lMDcyZDctODdjMC00YjczLTlhNGQtMmYwM2UzMmJkMjFh
LzEvNFFuaWVNZUdJbFRJaDFYa2NYT1lwVktra0VBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfAtU
MA0GCSqGSIb3DQEBCwUAA4IBAQB/LchYEQOkv69Ltl0Ft2IY/bwnxSBW2PbrUVbq
cWb1xyKI5JfPZ2szu+k4k6aCIjwhR4zOAMhMHIWMfkGAD/uWRcOYS72FMhG+BIjw
Q3xV6cTBHdcf17PoTUMKDUNo8VuW11dg2d++Se9sZl3PsKzvNdi1qO8QqQZmWqTE
Kmo1rvinGgkaZMwjf0jfcWcwuhOTshG5TW3lV8MOJ3pqgK0fpXi1JAYEHvP7dKU9
dnIpRl6YeRC0r5Dm14ih0n0x58i2LoWqnjagjJCv5VlYLvhob7NJIqcapYFmkH54
t/mtqjQeuQP++WMrii3mBsSMrSB23Nmp5SK9/hW548QE+LQN
-----END CERTIFICATE-----