Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3b/8b4e84-becd-4ecf-beb5-96a79a1d1bb3/1/NnKePw-_oywEb4qfNL0fsmUkLL0.roa
File:                     NnKePw-_oywEb4qfNL0fsmUkLL0.roa (raw, json)
Hash identifier:          42QB5rJJaSTPJYC/g23BcTtSHTE0xCthwS9OBZjTmBk=
Subject key identifier:   36:72:9E:3F:0F:BF:A3:2C:04:6F:8A:9F:34:BD:1F:B2:65:24:2C:BD
Certificate issuer:       /CN=7870621fc0afc8ec18eef20633f6148813279976
Certificate serial:       018F15B2A2D46627C89BE0D232D85D01CE90
Authority key identifier: 78:70:62:1F:C0:AF:C8:EC:18:EE:F2:06:33:F6:14:88:13:27:99:76
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eHBiH8CvyOwY7vIGM_YUiBMnmXY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3b/8b4e84-becd-4ecf-beb5-96a79a1d1bb3/1/NnKePw-_oywEb4qfNL0fsmUkLL0.roa
Signing time:             Thu 25 Apr 2024 14:39:39 +0000
ROA not before:           Thu 25 Apr 2024 14:39:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16189
IP address blocks:        2001:67c:e20::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3b/8b4e84-becd-4ecf-beb5-96a79a1d1bb3/1/eHBiH8CvyOwY7vIGM_YUiBMnmXY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3b/8b4e84-becd-4ecf-beb5-96a79a1d1bb3/1/eHBiH8CvyOwY7vIGM_YUiBMnmXY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eHBiH8CvyOwY7vIGM_YUiBMnmXY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:15:b2:a2:d4:66:27:c8:9b:e0:d2:32:d8:5d:01:ce:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7870621fc0afc8ec18eef20633f6148813279976
        Validity
            Not Before: Apr 25 14:39:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=36729e3f0fbfa32c046f8a9f34bd1fb265242cbd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:15:6e:a7:c7:e6:aa:87:88:20:a7:b4:39:8c:
                    1d:15:fc:22:04:50:ca:85:ba:42:13:01:7d:50:98:
                    ce:50:e5:b4:ae:b6:09:c9:4c:4e:19:08:58:b6:be:
                    f6:e4:5e:35:fd:57:36:f0:2c:03:8e:88:ec:29:7f:
                    da:3b:a1:b8:36:8f:fc:ec:02:ae:58:65:2b:4a:33:
                    16:e3:0f:48:f4:d4:ff:10:15:1b:2b:fc:36:71:d6:
                    ea:e5:ee:21:79:1d:d0:f6:77:bf:f5:aa:c9:d9:69:
                    cf:a1:cc:c6:b1:46:18:58:c0:cd:34:07:2f:51:4d:
                    20:bd:66:69:1a:29:c1:b4:0c:a4:eb:47:4e:d6:2a:
                    68:0f:9d:1a:2e:02:7a:a0:7d:e6:03:8e:e1:d8:63:
                    ad:7c:11:0e:aa:07:8b:94:1f:56:dd:ce:86:00:93:
                    df:17:84:a7:ff:f3:5e:63:67:cd:ff:5f:e3:0f:96:
                    ab:44:77:a4:4b:99:80:03:37:b6:12:3d:fa:d2:59:
                    58:5f:bb:14:05:d2:e7:6f:58:16:2e:3a:0f:78:1e:
                    16:89:f1:2f:a2:97:08:a9:8f:cd:c3:fc:0c:e5:d8:
                    c7:60:d7:52:4b:66:2f:f7:4a:66:8b:5f:26:10:f1:
                    11:a4:24:13:50:f6:9a:48:fe:7a:da:8b:b9:fa:17:
                    92:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:72:9E:3F:0F:BF:A3:2C:04:6F:8A:9F:34:BD:1F:B2:65:24:2C:BD
            X509v3 Authority Key Identifier:
                keyid:78:70:62:1F:C0:AF:C8:EC:18:EE:F2:06:33:F6:14:88:13:27:99:76

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eHBiH8CvyOwY7vIGM_YUiBMnmXY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3b/8b4e84-becd-4ecf-beb5-96a79a1d1bb3/1/NnKePw-_oywEb4qfNL0fsmUkLL0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3b/8b4e84-becd-4ecf-beb5-96a79a1d1bb3/1/eHBiH8CvyOwY7vIGM_YUiBMnmXY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:e20::/48

    Signature Algorithm: sha256WithRSAEncryption
         0d:8e:27:53:db:04:83:41:8a:a6:41:c9:fa:31:b4:f3:36:50:
         97:18:57:35:21:88:1e:74:cc:66:fe:c3:a5:a6:6a:8a:c3:1a:
         d6:da:6e:65:5d:99:b7:b1:af:17:06:c0:25:1c:d7:9b:09:88:
         c0:79:f9:0d:89:b1:27:11:29:ba:a6:19:31:d5:5c:5f:1b:59:
         7a:74:f8:9a:87:08:d5:3a:1a:c5:3b:9f:cf:2a:26:3e:80:36:
         c7:e0:08:9b:62:b8:62:b5:1a:d3:2b:fb:84:83:fa:1d:cd:4a:
         0b:8f:c2:2b:12:59:c5:cf:c1:cd:50:90:99:df:a3:df:56:58:
         18:cb:bf:9b:39:53:7e:44:69:eb:a8:83:62:b9:63:28:e9:77:
         37:a5:f2:b0:cd:dd:1e:c6:08:17:6e:cb:25:22:cd:4d:1e:7c:
         0d:ec:29:db:a4:2b:98:00:05:ef:0a:24:6a:36:fe:b9:7e:96:
         dd:58:85:3b:88:0f:a4:d4:da:a7:59:67:3d:3f:d2:2a:f2:ce:
         67:77:8e:01:f5:78:4f:7c:73:fd:c7:bf:9f:00:e0:70:c4:31:
         d9:d9:78:21:1e:3e:1f:5c:e7:f5:f6:63:91:2c:e3:a5:7b:fc:
         19:ae:28:12:e2:ad:f6:5d:d3:a7:9a:92:56:5b:51:9f:09:db:
         2b:de:4f:7e
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY8VsqLUZifIm+DSMthdAc6QMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc4NzA2MjFmYzBhZmM4ZWMxOGVlZjIwNjMzZjYxNDg4MTMy
Nzk5NzYwHhcNMjQwNDI1MTQzOTM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNjcyOWUzZjBmYmZhMzJjMDQ2ZjhhOWYzNGJkMWZiMjY1MjQyY2JkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhBVup8fmqoeIIKe0OYwdFfwiBFDK
hbpCEwF9UJjOUOW0rrYJyUxOGQhYtr725F41/Vc28CwDjojsKX/aO6G4No/87AKu
WGUrSjMW4w9I9NT/EBUbK/w2cdbq5e4heR3Q9ne/9arJ2WnPoczGsUYYWMDNNAcv
UU0gvWZpGinBtAyk60dO1ipoD50aLgJ6oH3mA47h2GOtfBEOqgeLlB9W3c6GAJPf
F4Sn//NeY2fN/1/jD5arRHekS5mAAze2Ej360llYX7sUBdLnb1gWLjoPeB4WifEv
opcIqY/Nw/wM5djHYNdSS2Yv90pmi18mEPERpCQTUPaaSP562ou5+heS4QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFDZynj8Pv6MsBG+KnzS9H7JlJCy9MB8GA1UdIwQY
MBaAFHhwYh/Ar8jsGO7yBjP2FIgTJ5l2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZUhCaUg4Q3Z5T3dZN3ZJR01fWVVpQk1ubVhZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYi84YjRlODQtYmVjZC00ZWNmLWJlYjUt
OTZhNzlhMWQxYmIzLzEvTm5LZVB3LV9veXdFYjRxZk5MMGZzbVVrTEwwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYi84YjRlODQtYmVjZC00ZWNmLWJlYjUtOTZhNzlhMWQxYmIz
LzEvZUhCaUg4Q3Z5T3dZN3ZJR01fWVVpQk1ubVhZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfA4g
MA0GCSqGSIb3DQEBCwUAA4IBAQANjidT2wSDQYqmQcn6MbTzNlCXGFc1IYgedMxm
/sOlpmqKwxrW2m5lXZm3sa8XBsAlHNebCYjAefkNibEnESm6phkx1VxfG1l6dPia
hwjVOhrFO5/PKiY+gDbH4AibYrhitRrTK/uEg/odzUoLj8IrElnFz8HNUJCZ36Pf
VlgYy7+bOVN+RGnrqINiuWMo6Xc3pfKwzd0exggXbsslIs1NHnwN7CnbpCuYAAXv
CiRqNv65fpbdWIU7iA+k1NqnWWc9P9Iq8s5nd44B9XhPfHP9x7+fAOBwxDHZ2Xgh
Hj4fXOf19mORLOOle/wZrigS4q32XdOnmpJWW1GfCdsr3k9+
-----END CERTIFICATE-----