Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/28/dd062a-1319-4019-a551-876c7fca4b34/1/SBggCHtF1hUBUR-EMYoiUgZq9qo.roa
File:                     SBggCHtF1hUBUR-EMYoiUgZq9qo.roa (raw, json)
Hash identifier:          j8FSq0CNuCHVr2hn/QvFdqMB8wgxE2PQBOApQSUEl1w=
Subject key identifier:   48:18:20:08:7B:45:D6:15:01:51:1F:84:31:8A:22:52:06:6A:F6:AA
Certificate issuer:       /CN=255876412d20fbb6cab823481782ac47703b4404
Certificate serial:       01933B6CDCCE22FB03D8A06C48435B7FC437
Authority key identifier: 25:58:76:41:2D:20:FB:B6:CA:B8:23:48:17:82:AC:47:70:3B:44:04
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JVh2QS0g-7bKuCNIF4KsR3A7RAQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/28/dd062a-1319-4019-a551-876c7fca4b34/1/SBggCHtF1hUBUR-EMYoiUgZq9qo.roa
Signing time:             Sun 17 Nov 2024 18:40:10 +0000
ROA not before:           Sun 17 Nov 2024 18:40:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204901
IP address blocks:        2a01:ffc6:8000::/34 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/28/dd062a-1319-4019-a551-876c7fca4b34/1/JVh2QS0g-7bKuCNIF4KsR3A7RAQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/28/dd062a-1319-4019-a551-876c7fca4b34/1/JVh2QS0g-7bKuCNIF4KsR3A7RAQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JVh2QS0g-7bKuCNIF4KsR3A7RAQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:3b:6c:dc:ce:22:fb:03:d8:a0:6c:48:43:5b:7f:c4:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=255876412d20fbb6cab823481782ac47703b4404
        Validity
            Not Before: Nov 17 18:40:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=481820087b45d61501511f84318a2252066af6aa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:2b:bd:0c:62:4a:91:65:a4:86:08:98:ae:d1:
                    0a:fc:38:26:1c:84:9f:4b:bc:6d:64:bf:1b:11:2c:
                    9d:5f:c5:47:d4:aa:a5:0b:da:43:ee:c1:aa:0f:57:
                    99:a5:5e:23:f6:a7:21:ab:09:0f:a0:d7:f4:a8:54:
                    eb:d5:23:a6:ec:f0:5b:72:05:97:11:e0:54:a8:d3:
                    06:c6:20:9e:40:d3:37:12:7f:90:22:24:57:f6:a0:
                    6c:d5:ad:a3:c9:15:71:31:17:1c:ca:1d:94:d0:b6:
                    91:44:d6:8e:75:05:a8:cd:4e:bc:8b:0c:2c:29:f4:
                    95:a9:69:20:9b:e2:c1:c8:fe:f5:dd:9f:4d:a4:84:
                    03:11:f9:a3:b0:95:17:f0:03:47:c4:72:65:0c:ff:
                    19:36:ed:2d:74:ad:dc:48:9e:de:dc:df:fe:d2:4e:
                    28:c8:25:0f:a3:25:51:db:8e:6d:6d:93:0c:b8:09:
                    e1:db:24:af:f4:e9:59:1b:fe:3a:77:e2:30:46:cf:
                    c0:ae:34:4f:aa:cc:fb:5a:57:15:a3:51:0e:b5:d6:
                    12:57:fd:51:c1:26:7c:41:ba:c5:e4:5c:44:56:be:
                    2f:0e:3e:1a:eb:b5:8a:2b:6d:0a:de:9e:77:97:78:
                    8a:85:0d:af:4c:42:bf:79:55:0b:49:9f:01:2a:c8:
                    ee:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                48:18:20:08:7B:45:D6:15:01:51:1F:84:31:8A:22:52:06:6A:F6:AA
            X509v3 Authority Key Identifier:
                keyid:25:58:76:41:2D:20:FB:B6:CA:B8:23:48:17:82:AC:47:70:3B:44:04

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JVh2QS0g-7bKuCNIF4KsR3A7RAQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/28/dd062a-1319-4019-a551-876c7fca4b34/1/SBggCHtF1hUBUR-EMYoiUgZq9qo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/28/dd062a-1319-4019-a551-876c7fca4b34/1/JVh2QS0g-7bKuCNIF4KsR3A7RAQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:ffc6:8000::/34

    Signature Algorithm: sha256WithRSAEncryption
         1d:dc:eb:b5:37:3e:c0:68:4f:4d:d3:1f:86:df:5b:91:c1:7d:
         e5:2c:00:e1:cb:24:29:47:91:82:99:ce:88:2f:5d:3b:38:d2:
         e8:e0:49:6e:41:3e:cb:2f:24:8e:85:ff:64:b7:b6:53:47:d0:
         0d:af:77:90:74:78:22:37:15:4c:e2:49:2d:eb:1d:68:c7:56:
         e3:12:2c:03:8c:67:a4:e4:e3:07:85:7a:a2:a0:63:1d:fd:0d:
         bc:25:97:37:99:26:56:86:e6:3c:36:ed:21:08:21:15:d4:17:
         d0:13:c1:48:cf:af:c2:1b:f0:9c:f7:e3:b3:93:6d:f1:f2:b5:
         00:be:55:8b:7c:0a:80:0a:2c:15:a4:46:1a:8a:2d:ab:c7:38:
         8d:36:84:c6:d2:6a:1b:dd:1c:3c:b5:33:d5:7a:f0:ce:79:38:
         87:4f:29:a1:90:d3:73:c7:48:4d:ba:d1:b6:79:3e:58:84:36:
         3d:5b:61:54:1d:ab:02:3d:1c:97:8f:e8:90:da:db:0a:7e:eb:
         cf:a6:f8:fc:9e:6b:a0:d4:92:41:8c:c6:16:99:ae:36:12:bb:
         47:78:f5:72:64:b5:78:5e:7a:2f:d6:01:0d:b7:5b:89:34:bd:
         2b:0a:6b:8a:96:a2:9d:f8:48:72:34:1f:07:8c:ea:15:89:1e:
         27:43:3b:36
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZM7bNzOIvsD2KBsSENbf8Q3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI1NTg3NjQxMmQyMGZiYjZjYWI4MjM0ODE3ODJhYzQ3NzAz
YjQ0MDQwHhcNMjQxMTE3MTg0MDEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ODE4MjAwODdiNDVkNjE1MDE1MTFmODQzMThhMjI1MjA2NmFmNmFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtCu9DGJKkWWkhgiYrtEK/DgmHISf
S7xtZL8bESydX8VH1KqlC9pD7sGqD1eZpV4j9qchqwkPoNf0qFTr1SOm7PBbcgWX
EeBUqNMGxiCeQNM3En+QIiRX9qBs1a2jyRVxMRccyh2U0LaRRNaOdQWozU68iwws
KfSVqWkgm+LByP713Z9NpIQDEfmjsJUX8ANHxHJlDP8ZNu0tdK3cSJ7e3N/+0k4o
yCUPoyVR245tbZMMuAnh2ySv9OlZG/46d+IwRs/ArjRPqsz7WlcVo1EOtdYSV/1R
wSZ8QbrF5FxEVr4vDj4a67WKK20K3p53l3iKhQ2vTEK/eVULSZ8BKsjuyQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFEgYIAh7RdYVAVEfhDGKIlIGavaqMB8GA1UdIwQY
MBaAFCVYdkEtIPu2yrgjSBeCrEdwO0QEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSlZoMlFTMGctN2JLdUNOSUY0S3NSM0E3UkFRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOC9kZDA2MmEtMTMxOS00MDE5LWE1NTEt
ODc2YzdmY2E0YjM0LzEvU0JnZ0NIdEYxaFVCVVItRU1Zb2lVZ1pxOXFvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOC9kZDA2MmEtMTMxOS00MDE5LWE1NTEtODc2YzdmY2E0YjM0
LzEvSlZoMlFTMGctN2JLdUNOSUY0S3NSM0E3UkFRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYGKgH/xoAw
DQYJKoZIhvcNAQELBQADggEBAB3c67U3PsBoT03TH4bfW5HBfeUsAOHLJClHkYKZ
zogvXTs40ujgSW5BPssvJI6F/2S3tlNH0A2vd5B0eCI3FUziSS3rHWjHVuMSLAOM
Z6Tk4weFeqKgYx39DbwllzeZJlaG5jw27SEIIRXUF9ATwUjPr8Ib8Jz347OTbfHy
tQC+VYt8CoAKLBWkRhqKLavHOI02hMbSahvdHDy1M9V68M55OIdPKaGQ03PHSE26
0bZ5PliENj1bYVQdqwI9HJeP6JDa2wp+68+m+Pyea6DUkkGMxhaZrjYSu0d49XJk
tXheei/WAQ23W4k0vSsKa4qWop34SHI0HweM6hWJHidDOzY=
-----END CERTIFICATE-----