Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/16fbbf-6cdd-49b7-8c21-883b90cd134a/1/SFBvlA-ILounK2XT_78UlxkYn0U.roa
File:                     SFBvlA-ILounK2XT_78UlxkYn0U.roa (raw, json)
Hash identifier:          SDbCdX96M7TlW1nt3PBR/VjAPgQG/P4aSNI76eNxG44=
Subject key identifier:   48:50:6F:94:0F:88:2E:8B:A7:2B:65:D3:FF:BF:14:97:19:18:9F:45
Certificate issuer:       /CN=4cef78082c07292aaae240f6ecfd3afdba78b8ca
Certificate serial:       01913D0A823C67D8F8181B59333D96A4C7EC
Authority key identifier: 4C:EF:78:08:2C:07:29:2A:AA:E2:40:F6:EC:FD:3A:FD:BA:78:B8:CA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TO94CCwHKSqq4kD27P06_bp4uMo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/16fbbf-6cdd-49b7-8c21-883b90cd134a/1/SFBvlA-ILounK2XT_78UlxkYn0U.roa
Signing time:             Sat 10 Aug 2024 16:06:24 +0000
ROA not before:           Sat 10 Aug 2024 16:06:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214380
IP address blocks:        2001:67c:139c::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/24/16fbbf-6cdd-49b7-8c21-883b90cd134a/1/TO94CCwHKSqq4kD27P06_bp4uMo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/24/16fbbf-6cdd-49b7-8c21-883b90cd134a/1/TO94CCwHKSqq4kD27P06_bp4uMo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TO94CCwHKSqq4kD27P06_bp4uMo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:3d:0a:82:3c:67:d8:f8:18:1b:59:33:3d:96:a4:c7:ec
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4cef78082c07292aaae240f6ecfd3afdba78b8ca
        Validity
            Not Before: Aug 10 16:06:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=48506f940f882e8ba72b65d3ffbf149719189f45
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:91:7f:f8:60:fa:97:81:28:97:8b:27:93:cc:
                    09:da:34:10:2b:b4:0f:9c:23:a9:8e:63:d9:1f:a2:
                    6b:b2:ea:ca:f3:f0:a3:dd:78:8b:df:9a:e9:6b:88:
                    84:57:1e:0c:95:9b:d2:d8:e4:f2:d3:f1:04:ee:27:
                    58:a6:ae:f2:0b:20:bb:45:52:a7:ae:f3:b4:66:02:
                    9f:64:8f:46:7d:c3:08:d3:d4:8b:91:f5:08:17:4c:
                    92:7c:df:09:7e:5c:cb:97:ea:57:e9:61:52:05:17:
                    ba:fb:da:01:cb:45:15:a8:2e:2d:96:fa:a1:6b:58:
                    06:b3:9c:94:75:75:53:c1:f1:9d:fd:62:f6:76:db:
                    9a:d2:2e:d9:13:31:41:dd:08:f4:ca:c7:d1:ff:53:
                    89:e5:d9:80:6e:66:0d:9e:3b:27:00:7f:d8:11:ec:
                    cf:f3:b8:43:3d:fd:98:d8:e5:93:96:81:35:3e:c7:
                    5d:37:79:3d:22:68:6b:96:61:05:89:11:31:20:05:
                    b5:a4:96:06:11:0d:38:03:74:a9:55:b0:9e:ad:41:
                    46:3b:68:0a:b0:b9:39:08:a9:1e:80:b5:b8:85:85:
                    b8:76:b7:ac:34:e0:6f:6e:4a:bb:d3:91:2e:03:08:
                    00:e7:09:51:db:7b:00:80:2f:c5:4f:6b:80:e3:9d:
                    9a:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                48:50:6F:94:0F:88:2E:8B:A7:2B:65:D3:FF:BF:14:97:19:18:9F:45
            X509v3 Authority Key Identifier:
                keyid:4C:EF:78:08:2C:07:29:2A:AA:E2:40:F6:EC:FD:3A:FD:BA:78:B8:CA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TO94CCwHKSqq4kD27P06_bp4uMo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/16fbbf-6cdd-49b7-8c21-883b90cd134a/1/SFBvlA-ILounK2XT_78UlxkYn0U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/16fbbf-6cdd-49b7-8c21-883b90cd134a/1/TO94CCwHKSqq4kD27P06_bp4uMo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:139c::/48

    Signature Algorithm: sha256WithRSAEncryption
         0b:12:01:8e:97:3b:45:0d:30:a1:14:42:85:b9:db:51:35:ce:
         d2:2a:03:37:99:05:3e:97:4a:99:29:62:cc:a2:76:e1:f1:3c:
         bd:75:9e:ee:0c:5a:af:8c:5a:f8:95:a1:3d:84:6b:3c:b9:73:
         34:78:6a:6c:45:6b:9e:83:69:4d:8f:7e:58:ad:9f:64:d7:43:
         8a:91:a1:a6:b6:0e:f9:89:5a:e6:28:04:90:f0:24:c2:72:51:
         68:e5:ca:68:47:be:a8:c2:b6:38:bb:79:b5:cd:f2:0b:71:67:
         39:3a:f1:ae:67:12:9f:93:88:63:a1:38:58:a7:34:70:81:32:
         2b:14:45:c2:6a:e7:c9:ee:78:c2:e2:53:01:c4:d5:cc:9c:16:
         52:86:1b:ea:9e:60:19:c3:60:0c:c8:e6:28:10:d2:dd:a1:6a:
         e5:f1:86:79:dc:7e:08:87:0d:97:58:d4:bb:de:28:28:f0:0a:
         82:88:97:aa:aa:f7:23:09:8c:0a:0d:bf:ae:28:7d:be:7a:34:
         c2:35:c5:ba:58:e9:d1:07:c9:e2:28:59:48:46:f2:f4:74:a3:
         be:fd:36:92:a9:3a:3e:49:c5:79:07:00:99:32:9e:4d:79:b1:
         f6:9e:e1:01:da:63:51:78:54:d0:2f:ff:b6:da:f5:f6:ba:97:
         ee:fb:9a:0e
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZE9CoI8Z9j4GBtZMz2WpMfsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRjZWY3ODA4MmMwNzI5MmFhYWUyNDBmNmVjZmQzYWZkYmE3
OGI4Y2EwHhcNMjQwODEwMTYwNjI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ODUwNmY5NDBmODgyZThiYTcyYjY1ZDNmZmJmMTQ5NzE5MTg5ZjQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoZF/+GD6l4Eol4snk8wJ2jQQK7QP
nCOpjmPZH6JrsurK8/Cj3XiL35rpa4iEVx4MlZvS2OTy0/EE7idYpq7yCyC7RVKn
rvO0ZgKfZI9GfcMI09SLkfUIF0ySfN8JflzLl+pX6WFSBRe6+9oBy0UVqC4tlvqh
a1gGs5yUdXVTwfGd/WL2dtua0i7ZEzFB3Qj0ysfR/1OJ5dmAbmYNnjsnAH/YEezP
87hDPf2Y2OWTloE1PsddN3k9ImhrlmEFiRExIAW1pJYGEQ04A3SpVbCerUFGO2gK
sLk5CKkegLW4hYW4dresNOBvbkq705EuAwgA5wlR23sAgC/FT2uA452a2wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFEhQb5QPiC6Lpytl0/+/FJcZGJ9FMB8GA1UdIwQY
MBaAFEzveAgsBykqquJA9uz9Ov26eLjKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVE85NENDd0hLU3FxNGtEMjdQMDZfYnA0dU1vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC8xNmZiYmYtNmNkZC00OWI3LThjMjEt
ODgzYjkwY2QxMzRhLzEvU0ZCdmxBLUlMb3VuSzJYVF83OFVseGtZbjBVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC8xNmZiYmYtNmNkZC00OWI3LThjMjEtODgzYjkwY2QxMzRh
LzEvVE85NENDd0hLU3FxNGtEMjdQMDZfYnA0dU1vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfBOc
MA0GCSqGSIb3DQEBCwUAA4IBAQALEgGOlztFDTChFEKFudtRNc7SKgM3mQU+l0qZ
KWLMonbh8Ty9dZ7uDFqvjFr4laE9hGs8uXM0eGpsRWueg2lNj35YrZ9k10OKkaGm
tg75iVrmKASQ8CTCclFo5cpoR76owrY4u3m1zfILcWc5OvGuZxKfk4hjoThYpzRw
gTIrFEXCaufJ7njC4lMBxNXMnBZShhvqnmAZw2AMyOYoENLdoWrl8YZ53H4Ihw2X
WNS73igo8AqCiJeqqvcjCYwKDb+uKH2+ejTCNcW6WOnRB8niKFlIRvL0dKO+/TaS
qTo+ScV5BwCZMp5NebH2nuEB2mNReFTQL/+22vX2upfu+5oO
-----END CERTIFICATE-----