Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/cd6a7b-1580-4102-9aa6-a4b6e3d0d830/1/HICJ1m61XVT9LQCC6B28cyUo6vY.roa
File:                     HICJ1m61XVT9LQCC6B28cyUo6vY.roa (raw, json)
Hash identifier:          ZN6VAWiOzex5ztsZ45Ev6igvEny6iSb+RmMjw8+BLLs=
Subject key identifier:   1C:80:89:D6:6E:B5:5D:54:FD:2D:00:82:E8:1D:BC:73:25:28:EA:F6
Certificate issuer:       /CN=3c2a267dce072238e9c04515e67eb992672e351b
Certificate serial:       018CC9BC0F3C89FFD8557270221E7C775A2C
Authority key identifier: 3C:2A:26:7D:CE:07:22:38:E9:C0:45:15:E6:7E:B9:92:67:2E:35:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PComfc4HIjjpwEUV5n65kmcuNRs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/cd6a7b-1580-4102-9aa6-a4b6e3d0d830/1/HICJ1m61XVT9LQCC6B28cyUo6vY.roa
Signing time:             Tue 02 Jan 2024 10:33:14 +0000
ROA not before:           Tue 02 Jan 2024 10:33:14 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204867
IP address blocks:        2001:678:b28::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/cd6a7b-1580-4102-9aa6-a4b6e3d0d830/1/PComfc4HIjjpwEUV5n65kmcuNRs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/cd6a7b-1580-4102-9aa6-a4b6e3d0d830/1/PComfc4HIjjpwEUV5n65kmcuNRs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PComfc4HIjjpwEUV5n65kmcuNRs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 13:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:0f:3c:89:ff:d8:55:72:70:22:1e:7c:77:5a:2c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3c2a267dce072238e9c04515e67eb992672e351b
        Validity
            Not Before: Jan  2 10:33:14 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1c8089d66eb55d54fd2d0082e81dbc732528eaf6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:ac:f1:6c:a1:9c:b8:87:8f:12:ca:d2:a8:24:
                    1a:04:6d:82:8a:54:c6:54:b3:27:cd:42:54:5c:0f:
                    4b:ee:36:a0:80:c1:e8:ea:c9:84:7a:44:60:14:ea:
                    12:c1:6d:4b:46:90:3c:bd:9e:21:31:ed:38:0d:2b:
                    c6:16:bc:69:50:b2:f7:31:29:1c:d0:8f:34:55:33:
                    29:f1:79:6d:9d:1f:63:ba:e1:cb:19:85:14:1f:11:
                    e7:88:e7:ec:bb:9f:14:90:6c:0b:3d:e6:2c:e0:78:
                    51:b6:67:b5:81:25:1f:d0:57:1d:a5:bc:8c:c7:b1:
                    8a:78:09:7e:47:86:b4:1e:84:71:d1:00:18:f6:91:
                    a0:42:f5:cc:3f:41:58:27:c0:92:f8:85:51:d6:ad:
                    f6:15:27:f3:90:63:78:8c:7c:3f:a7:55:95:7f:90:
                    ee:0e:5c:a2:3c:fb:45:50:b7:5a:9f:ee:77:a3:8d:
                    75:5b:70:44:9d:50:ea:47:78:d1:67:29:34:fb:1a:
                    a8:a2:41:d8:d6:e3:40:5b:37:b7:60:fc:e7:4a:f5:
                    f5:58:5a:56:bf:13:88:a5:46:d2:57:cd:cd:15:5d:
                    32:6b:e3:b4:2a:96:4f:9e:dd:f2:5b:41:51:2d:c9:
                    3f:8e:2d:8d:c3:66:6a:3b:29:a8:c4:ac:8c:7f:c3:
                    c1:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:80:89:D6:6E:B5:5D:54:FD:2D:00:82:E8:1D:BC:73:25:28:EA:F6
            X509v3 Authority Key Identifier:
                keyid:3C:2A:26:7D:CE:07:22:38:E9:C0:45:15:E6:7E:B9:92:67:2E:35:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PComfc4HIjjpwEUV5n65kmcuNRs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/cd6a7b-1580-4102-9aa6-a4b6e3d0d830/1/HICJ1m61XVT9LQCC6B28cyUo6vY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/cd6a7b-1580-4102-9aa6-a4b6e3d0d830/1/PComfc4HIjjpwEUV5n65kmcuNRs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:b28::/48

    Signature Algorithm: sha256WithRSAEncryption
         32:27:50:4c:7b:86:ac:a2:74:63:f5:19:4d:a7:2b:f2:99:3d:
         85:eb:14:6c:68:e3:c2:be:7c:e5:47:62:bc:be:1d:40:62:1d:
         03:f6:b6:bf:4a:d5:eb:71:cc:1b:2f:31:80:88:5e:f8:7d:b5:
         23:7b:69:7d:01:27:19:48:aa:a8:55:ac:03:3f:35:04:8e:d3:
         b9:7a:95:da:6e:34:1c:48:4a:7b:20:6c:5b:5a:99:39:25:06:
         ba:79:16:32:ef:98:37:6b:1d:e5:47:77:ce:c5:2c:93:da:6a:
         e6:37:c7:8b:ce:0b:5d:48:fe:d0:d4:ba:38:52:00:47:0e:a5:
         f8:be:ff:3b:f5:5a:44:a8:f1:42:aa:c4:6d:b0:1f:55:6b:33:
         d8:04:66:f6:42:e2:dd:1d:c9:4e:8f:82:63:dc:f8:03:6a:d4:
         ee:f2:ef:fc:ef:d0:27:29:a0:0c:45:54:5e:ec:89:cb:83:a7:
         c2:c6:41:0b:5e:15:d9:93:26:e6:c9:1f:1a:9c:40:ca:15:72:
         d2:37:17:da:c0:21:8d:a6:10:05:05:7d:20:df:89:d3:c4:a9:
         c0:1f:1b:3c:d8:9f:5d:e5:ef:f2:7d:04:ac:c9:1f:f4:e7:d7:
         aa:d2:1d:01:0b:72:11:f2:a3:c9:ff:22:a1:79:04:87:ba:52:
         3a:f1:58:76
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzJvA88if/YVXJwIh58d1osMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNjMmEyNjdkY2UwNzIyMzhlOWMwNDUxNWU2N2ViOTkyNjcy
ZTM1MWIwHhcNMjQwMTAyMTAzMzE0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYzgwODlkNjZlYjU1ZDU0ZmQyZDAwODJlODFkYmM3MzI1MjhlYWY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0qzxbKGcuIePEsrSqCQaBG2CilTG
VLMnzUJUXA9L7jaggMHo6smEekRgFOoSwW1LRpA8vZ4hMe04DSvGFrxpULL3MSkc
0I80VTMp8XltnR9juuHLGYUUHxHniOfsu58UkGwLPeYs4HhRtme1gSUf0FcdpbyM
x7GKeAl+R4a0HoRx0QAY9pGgQvXMP0FYJ8CS+IVR1q32FSfzkGN4jHw/p1WVf5Du
DlyiPPtFULdan+53o411W3BEnVDqR3jRZyk0+xqookHY1uNAWze3YPznSvX1WFpW
vxOIpUbSV83NFV0ya+O0KpZPnt3yW0FRLck/ji2Nw2ZqOymoxKyMf8PBSwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFByAidZutV1U/S0AgugdvHMlKOr2MB8GA1UdIwQY
MBaAFDwqJn3OByI46cBFFeZ+uZJnLjUbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUENvbWZjNEhJampwd0VVVjVuNjVrbWN1TlJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS9jZDZhN2ItMTU4MC00MTAyLTlhYTYt
YTRiNmUzZDBkODMwLzEvSElDSjFtNjFYVlQ5TFFDQzZCMjhjeVVvNnZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS9jZDZhN2ItMTU4MC00MTAyLTlhYTYtYTRiNmUzZDBkODMw
LzEvUENvbWZjNEhJampwd0VVVjVuNjVrbWN1TlJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeAso
MA0GCSqGSIb3DQEBCwUAA4IBAQAyJ1BMe4asonRj9RlNpyvymT2F6xRsaOPCvnzl
R2K8vh1AYh0D9ra/StXrccwbLzGAiF74fbUje2l9AScZSKqoVawDPzUEjtO5epXa
bjQcSEp7IGxbWpk5JQa6eRYy75g3ax3lR3fOxSyT2mrmN8eLzgtdSP7Q1Lo4UgBH
DqX4vv879VpEqPFCqsRtsB9VazPYBGb2QuLdHclOj4Jj3PgDatTu8u/879AnKaAM
RVRe7InLg6fCxkELXhXZkybmyR8anEDKFXLSNxfawCGNphAFBX0g34nTxKnAHxs8
2J9d5e/yfQSsyR/059eq0h0BC3IR8qPJ/yKheQSHulI68Vh2
-----END CERTIFICATE-----