Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/3439d8-7ea3-4e32-9352-ba1ed9474ba2/1/CP1eCKxKJK4yxHojhn69x846Fr8.roa
File:                     CP1eCKxKJK4yxHojhn69x846Fr8.roa (raw, json)
Hash identifier:          NRE0vxexLmk89VN3wq8mRClcgJ9nOSvP67JRniz0xNo=
Subject key identifier:   08:FD:5E:08:AC:4A:24:AE:32:C4:7A:23:86:7E:BD:C7:CE:3A:16:BF
Certificate issuer:       /CN=f68e231d5551876e15afc6637eab7fca80088391
Certificate serial:       018CC34943AA1319FC12DF7AFF2B3E642D6D
Authority key identifier: F6:8E:23:1D:55:51:87:6E:15:AF:C6:63:7E:AB:7F:CA:80:08:83:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9o4jHVVRh24Vr8Zjfqt_yoAIg5E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/3439d8-7ea3-4e32-9352-ba1ed9474ba2/1/CP1eCKxKJK4yxHojhn69x846Fr8.roa
Signing time:             Mon 01 Jan 2024 04:30:07 +0000
ROA not before:           Mon 01 Jan 2024 04:30:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212535
IP address blocks:        2001:678:d70::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/3439d8-7ea3-4e32-9352-ba1ed9474ba2/1/9o4jHVVRh24Vr8Zjfqt_yoAIg5E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/3439d8-7ea3-4e32-9352-ba1ed9474ba2/1/9o4jHVVRh24Vr8Zjfqt_yoAIg5E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9o4jHVVRh24Vr8Zjfqt_yoAIg5E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 20:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:43:aa:13:19:fc:12:df:7a:ff:2b:3e:64:2d:6d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f68e231d5551876e15afc6637eab7fca80088391
        Validity
            Not Before: Jan  1 04:30:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=08fd5e08ac4a24ae32c47a23867ebdc7ce3a16bf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:a1:20:ed:b3:32:59:cb:74:b3:51:b3:2d:31:
                    d0:36:b6:c5:d3:a1:5a:b0:8a:02:b3:50:f9:02:c5:
                    70:03:9a:46:75:f5:81:bc:65:81:17:af:be:d1:46:
                    15:00:9f:9a:2c:03:b9:b9:e0:8d:6b:53:39:a6:cc:
                    f5:1b:4e:9a:e5:f8:41:d2:0c:14:d5:ce:7e:13:04:
                    5c:ae:af:e6:f5:ac:db:b1:ed:49:ce:c9:7a:e3:31:
                    b9:ee:eb:0c:ae:7c:e1:e6:f8:a2:76:2c:e0:3d:78:
                    d5:f2:df:1a:dd:7a:de:0e:51:92:c1:13:02:bb:ef:
                    68:09:69:a7:99:51:5e:42:c4:b5:ba:5e:d7:9b:bd:
                    1c:20:f2:78:6d:ee:35:78:8a:f9:1e:27:6e:d9:df:
                    49:2d:14:e5:4e:ae:44:3d:5e:6f:e4:0c:c8:6c:8c:
                    41:d0:d3:8b:a0:0b:3a:fd:c2:39:72:e4:18:aa:3f:
                    d9:23:e1:45:0e:a4:d0:62:42:82:43:11:3d:13:f0:
                    5d:63:be:4d:52:5e:5a:50:16:b7:e4:a9:48:d7:e8:
                    bd:4d:01:35:90:48:f2:f8:c9:9e:ba:e3:50:18:38:
                    25:4d:25:53:dd:b0:91:25:c1:94:90:9e:c2:c9:6a:
                    1d:ca:9b:38:b1:29:ab:f5:bf:bf:aa:6d:4d:af:02:
                    35:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:FD:5E:08:AC:4A:24:AE:32:C4:7A:23:86:7E:BD:C7:CE:3A:16:BF
            X509v3 Authority Key Identifier:
                keyid:F6:8E:23:1D:55:51:87:6E:15:AF:C6:63:7E:AB:7F:CA:80:08:83:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9o4jHVVRh24Vr8Zjfqt_yoAIg5E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/3439d8-7ea3-4e32-9352-ba1ed9474ba2/1/CP1eCKxKJK4yxHojhn69x846Fr8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/3439d8-7ea3-4e32-9352-ba1ed9474ba2/1/9o4jHVVRh24Vr8Zjfqt_yoAIg5E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:d70::/48

    Signature Algorithm: sha256WithRSAEncryption
         ac:25:31:83:5f:6e:34:a1:be:1a:2b:90:f7:78:a5:fe:ca:f3:
         40:dc:e6:7a:74:bd:c8:a3:cf:fa:3f:99:52:bb:61:80:00:4c:
         b6:17:93:d8:0b:9e:3f:68:e2:4b:77:60:78:76:1a:20:c6:25:
         c2:f0:d5:82:3d:20:ac:27:8b:96:fa:95:ad:a0:0d:32:88:f9:
         08:68:d9:d9:41:5a:e5:af:e3:97:4b:88:60:c2:8d:c7:fa:22:
         79:0a:9b:08:86:75:58:e9:11:b5:c2:f5:ed:58:6e:a3:15:6c:
         a8:be:31:50:a0:4d:ea:a1:22:d4:6b:09:71:fd:4c:f6:70:83:
         58:7b:0e:3f:12:49:21:f2:fd:0f:e4:af:f3:11:2f:47:76:0a:
         28:a6:42:1e:6d:dc:87:d9:e3:ca:87:d4:13:3e:9b:98:66:0f:
         2b:fb:63:5f:a9:5b:ef:8f:8d:b3:56:19:c2:41:00:ce:67:10:
         72:89:2f:1a:45:ad:74:ec:bf:c8:49:4e:83:93:71:c4:ee:15:
         23:b4:25:8d:c7:2d:52:6d:b5:89:5a:0d:be:3e:76:cc:13:60:
         b4:0c:6d:09:72:1d:4c:f2:c1:00:77:b6:30:6a:6c:2a:71:8a:
         1d:79:be:17:3c:b7:78:85:76:20:23:d3:b3:f4:b5:0a:ba:22:
         15:f8:dc:75
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzDSUOqExn8Et96/ys+ZC1tMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY2OGUyMzFkNTU1MTg3NmUxNWFmYzY2MzdlYWI3ZmNhODAw
ODgzOTEwHhcNMjQwMTAxMDQzMDA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOGZkNWUwOGFjNGEyNGFlMzJjNDdhMjM4NjdlYmRjN2NlM2ExNmJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkqEg7bMyWct0s1GzLTHQNrbF06Fa
sIoCs1D5AsVwA5pGdfWBvGWBF6++0UYVAJ+aLAO5ueCNa1M5psz1G06a5fhB0gwU
1c5+EwRcrq/m9azbse1Jzsl64zG57usMrnzh5viidizgPXjV8t8a3XreDlGSwRMC
u+9oCWmnmVFeQsS1ul7Xm70cIPJ4be41eIr5Hidu2d9JLRTlTq5EPV5v5AzIbIxB
0NOLoAs6/cI5cuQYqj/ZI+FFDqTQYkKCQxE9E/BdY75NUl5aUBa35KlI1+i9TQE1
kEjy+MmeuuNQGDglTSVT3bCRJcGUkJ7CyWodyps4sSmr9b+/qm1NrwI1iwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFAj9XgisSiSuMsR6I4Z+vcfOOha/MB8GA1UdIwQY
MBaAFPaOIx1VUYduFa/GY36rf8qACIORMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOW80akhWVlJoMjRWcjhaamZxdF95b0FJZzVFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi8zNDM5ZDgtN2VhMy00ZTMyLTkzNTIt
YmExZWQ5NDc0YmEyLzEvQ1AxZUNLeEtKSzR5eEhvamhuNjl4ODQ2RnI4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi8zNDM5ZDgtN2VhMy00ZTMyLTkzNTItYmExZWQ5NDc0YmEy
LzEvOW80akhWVlJoMjRWcjhaamZxdF95b0FJZzVFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeA1w
MA0GCSqGSIb3DQEBCwUAA4IBAQCsJTGDX240ob4aK5D3eKX+yvNA3OZ6dL3Io8/6
P5lSu2GAAEy2F5PYC54/aOJLd2B4dhogxiXC8NWCPSCsJ4uW+pWtoA0yiPkIaNnZ
QVrlr+OXS4hgwo3H+iJ5CpsIhnVY6RG1wvXtWG6jFWyovjFQoE3qoSLUawlx/Uz2
cINYew4/Ekkh8v0P5K/zES9HdgoopkIebdyH2ePKh9QTPpuYZg8r+2NfqVvvj42z
VhnCQQDOZxByiS8aRa107L/ISU6Dk3HE7hUjtCWNxy1SbbWJWg2+PnbME2C0DG0J
ch1M8sEAd7YwamwqcYodeb4XPLd4hXYgI9Oz9LUKuiIV+Nx1
-----END CERTIFICATE-----