Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/28/8b5d2a-4bc4-406f-97d5-ba3947c9b22b/1/Abghviajyi1YywWTN3g6p8cSwm4.roa
File:                     Abghviajyi1YywWTN3g6p8cSwm4.roa (raw, json)
Hash identifier:          fvzMjkgA/Ekbi7aJfnxsRCNXHp+ky9wQs5wyczeG+gg=
Subject key identifier:   01:B8:21:BE:26:A3:CA:2D:58:CB:05:93:37:78:3A:A7:C7:12:C2:6E
Certificate issuer:       /CN=b58522dac6bcde8c481333599132a16200e6a5be
Certificate serial:       018CC34944750F5646C587C9666280E79438
Authority key identifier: B5:85:22:DA:C6:BC:DE:8C:48:13:33:59:91:32:A1:62:00:E6:A5:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tYUi2sa83oxIEzNZkTKhYgDmpb4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/28/8b5d2a-4bc4-406f-97d5-ba3947c9b22b/1/Abghviajyi1YywWTN3g6p8cSwm4.roa
Signing time:             Mon 01 Jan 2024 04:30:07 +0000
ROA not before:           Mon 01 Jan 2024 04:30:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199678
IP address blocks:        2001:67c:12d4::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/28/8b5d2a-4bc4-406f-97d5-ba3947c9b22b/1/tYUi2sa83oxIEzNZkTKhYgDmpb4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/28/8b5d2a-4bc4-406f-97d5-ba3947c9b22b/1/tYUi2sa83oxIEzNZkTKhYgDmpb4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tYUi2sa83oxIEzNZkTKhYgDmpb4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:44:75:0f:56:46:c5:87:c9:66:62:80:e7:94:38
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b58522dac6bcde8c481333599132a16200e6a5be
        Validity
            Not Before: Jan  1 04:30:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=01b821be26a3ca2d58cb059337783aa7c712c26e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:5a:f6:b8:94:46:01:b5:c7:8e:d7:f4:63:8e:
                    a7:f9:7f:bc:28:58:01:1e:86:a0:fc:4b:7b:34:1a:
                    31:ee:7b:a8:0c:9d:d9:e6:81:1c:81:13:8b:f9:e4:
                    ec:f3:13:e8:0b:32:d8:1b:4f:df:b9:f7:8a:61:91:
                    07:ec:2a:aa:92:8b:54:50:d1:66:57:20:3b:32:87:
                    bb:f0:f3:53:39:20:6a:ee:e6:13:d6:b8:48:9c:09:
                    92:2d:9a:63:e2:d8:d1:b0:01:53:fd:48:b2:6e:00:
                    ca:d5:36:b0:91:85:20:5c:37:76:67:ba:9d:9b:8b:
                    63:56:02:cc:09:15:ea:b9:c0:2e:81:48:2b:af:01:
                    89:e8:d4:17:f4:cf:ee:10:28:67:ba:d2:90:c9:d0:
                    e9:55:ad:2c:d1:e8:e7:e2:c7:5c:81:a9:9b:e1:87:
                    56:ac:12:a3:c4:45:57:94:06:dc:ab:c0:78:4a:56:
                    59:4a:86:c4:09:d4:f8:09:f3:91:85:3f:67:3f:29:
                    f2:7a:87:50:02:97:35:4d:dc:0b:46:28:fe:a8:fc:
                    67:66:de:6e:ba:5c:17:90:62:7f:ab:74:84:3b:91:
                    3e:0a:71:fc:33:db:33:82:c5:da:db:b1:3b:88:a0:
                    17:60:8d:96:86:ba:58:cc:c6:46:22:28:25:8f:3b:
                    48:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                01:B8:21:BE:26:A3:CA:2D:58:CB:05:93:37:78:3A:A7:C7:12:C2:6E
            X509v3 Authority Key Identifier:
                keyid:B5:85:22:DA:C6:BC:DE:8C:48:13:33:59:91:32:A1:62:00:E6:A5:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tYUi2sa83oxIEzNZkTKhYgDmpb4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/28/8b5d2a-4bc4-406f-97d5-ba3947c9b22b/1/Abghviajyi1YywWTN3g6p8cSwm4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/28/8b5d2a-4bc4-406f-97d5-ba3947c9b22b/1/tYUi2sa83oxIEzNZkTKhYgDmpb4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:12d4::/48

    Signature Algorithm: sha256WithRSAEncryption
         37:f7:ce:07:56:b5:a5:c5:15:6f:7a:52:51:c8:fa:f8:69:88:
         a2:65:ec:a3:9a:5c:62:6f:37:30:28:06:3a:75:2d:cf:dd:b4:
         06:92:ae:11:75:b3:4f:77:26:0e:3b:20:ac:e7:54:81:8f:98:
         8f:c0:4b:8f:3e:e2:2d:ba:a1:a6:29:30:b5:27:4d:69:8f:de:
         1d:03:e7:2b:64:86:bd:f9:c8:e1:3d:25:db:81:00:37:6e:96:
         86:b3:10:ec:90:1c:08:24:ca:a0:1b:24:01:e0:92:3d:1c:8b:
         51:2e:c7:cf:a4:e3:b5:aa:77:76:55:5f:d9:01:53:0c:4f:f5:
         9a:28:f6:94:84:ac:b4:3f:e6:aa:b5:bf:47:2b:f7:ad:ea:2a:
         62:d5:70:38:44:fe:08:1f:44:89:43:1e:23:22:a4:a9:40:c0:
         e9:e1:5f:89:a7:78:27:ca:32:4e:3f:2b:ab:33:0f:e2:71:93:
         33:b2:3e:7f:ac:84:ef:ff:1c:6d:0d:a5:9e:fc:10:4f:55:33:
         c3:98:89:0d:ef:a2:90:1d:53:bc:73:d3:33:8b:ce:dd:7e:e6:
         bc:27:c0:2a:fa:33:39:fc:7e:c2:41:92:95:07:4b:f8:cb:55:
         51:a2:e5:5d:e8:d5:ea:0a:be:d2:26:fa:87:ba:0f:14:89:5f:
         15:09:56:77
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzDSUR1D1ZGxYfJZmKA55Q4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI1ODUyMmRhYzZiY2RlOGM0ODEzMzM1OTkxMzJhMTYyMDBl
NmE1YmUwHhcNMjQwMTAxMDQzMDA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMWI4MjFiZTI2YTNjYTJkNThjYjA1OTMzNzc4M2FhN2M3MTJjMjZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlFr2uJRGAbXHjtf0Y46n+X+8KFgB
Hoag/Et7NBox7nuoDJ3Z5oEcgROL+eTs8xPoCzLYG0/fufeKYZEH7CqqkotUUNFm
VyA7Moe78PNTOSBq7uYT1rhInAmSLZpj4tjRsAFT/UiybgDK1TawkYUgXDd2Z7qd
m4tjVgLMCRXqucAugUgrrwGJ6NQX9M/uEChnutKQydDpVa0s0ejn4sdcgamb4YdW
rBKjxEVXlAbcq8B4SlZZSobECdT4CfORhT9nPynyeodQApc1TdwLRij+qPxnZt5u
ulwXkGJ/q3SEO5E+CnH8M9szgsXa27E7iKAXYI2WhrpYzMZGIigljztI4wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFAG4Ib4mo8otWMsFkzd4OqfHEsJuMB8GA1UdIwQY
MBaAFLWFItrGvN6MSBMzWZEyoWIA5qW+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFlVaTJzYTgzb3hJRXpOWmtUS2hZZ0RtcGI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOC84YjVkMmEtNGJjNC00MDZmLTk3ZDUt
YmEzOTQ3YzliMjJiLzEvQWJnaHZpYWp5aTFZeXdXVE4zZzZwOGNTd200LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOC84YjVkMmEtNGJjNC00MDZmLTk3ZDUtYmEzOTQ3YzliMjJi
LzEvdFlVaTJzYTgzb3hJRXpOWmtUS2hZZ0RtcGI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfBLU
MA0GCSqGSIb3DQEBCwUAA4IBAQA3984HVrWlxRVvelJRyPr4aYiiZeyjmlxibzcw
KAY6dS3P3bQGkq4RdbNPdyYOOyCs51SBj5iPwEuPPuItuqGmKTC1J01pj94dA+cr
ZIa9+cjhPSXbgQA3bpaGsxDskBwIJMqgGyQB4JI9HItRLsfPpOO1qnd2VV/ZAVMM
T/WaKPaUhKy0P+aqtb9HK/et6ipi1XA4RP4IH0SJQx4jIqSpQMDp4V+Jp3gnyjJO
PyurMw/icZMzsj5/rITv/xxtDaWe/BBPVTPDmIkN76KQHVO8c9Mzi87dfua8J8Aq
+jM5/H7CQZKVB0v4y1VRouVd6NXqCr7SJvqHug8UiV8VCVZ3
-----END CERTIFICATE-----