Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/348789-3208-4847-9c3f-982d1f21a32b/1/1-DQg-sN04KHNXbX_xEX3XTwL0rY.roa
File:                     1-DQg-sN04KHNXbX_xEX3XTwL0rY.roa (raw, json)
Hash identifier:          Bd3ayJ7YdjIjgfbD7/O9p8YZ6g+MJ7j+2m7Oxze4BR8=
Subject key identifier:   F8:34:20:FA:C3:74:E0:A1:CD:5D:B5:FF:C4:45:F7:5D:3C:0B:D2:B6
Certificate issuer:       /CN=cbf74cd846493138f522c57c0065b5c60512dd09
Certificate serial:       018CC348952FDB427F87299584DCFF2EC275
Authority key identifier: CB:F7:4C:D8:46:49:31:38:F5:22:C5:7C:00:65:B5:C6:05:12:DD:09
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/y_dM2EZJMTj1IsV8AGW1xgUS3Qk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/40/348789-3208-4847-9c3f-982d1f21a32b/1/1-DQg-sN04KHNXbX_xEX3XTwL0rY.roa
Signing time:             Mon 01 Jan 2024 04:29:23 +0000
ROA not before:           Mon 01 Jan 2024 04:29:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        2a06:3b80:154::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/40/348789-3208-4847-9c3f-982d1f21a32b/1/y_dM2EZJMTj1IsV8AGW1xgUS3Qk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/40/348789-3208-4847-9c3f-982d1f21a32b/1/y_dM2EZJMTj1IsV8AGW1xgUS3Qk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/y_dM2EZJMTj1IsV8AGW1xgUS3Qk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:95:2f:db:42:7f:87:29:95:84:dc:ff:2e:c2:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cbf74cd846493138f522c57c0065b5c60512dd09
        Validity
            Not Before: Jan  1 04:29:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f83420fac374e0a1cd5db5ffc445f75d3c0bd2b6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:6f:aa:f4:52:c6:0b:d1:0a:09:c7:6d:67:de:
                    cc:59:03:d5:e0:df:63:1d:f8:a1:a1:05:40:38:05:
                    62:51:91:70:26:7e:d2:f2:95:9f:55:37:fc:84:2a:
                    84:41:ca:e0:82:59:b8:00:a8:c5:d7:a6:ef:be:50:
                    0d:c5:51:18:0e:c0:0f:da:ac:21:d6:03:45:e5:ee:
                    b9:41:e9:5d:24:31:b5:59:b4:77:22:1c:98:0f:8f:
                    b7:56:1a:45:93:9a:e5:03:cb:ac:ce:23:e7:2c:c5:
                    f6:ea:fe:59:58:6e:60:11:16:2b:dc:dd:25:f2:8d:
                    ff:62:d5:03:e4:94:5c:27:29:65:0a:35:a2:2c:af:
                    1b:b4:7e:97:8e:3b:eb:46:dc:47:a1:04:2f:01:e5:
                    a3:da:93:63:2e:de:f6:9f:83:10:86:d9:3a:fa:ea:
                    db:c2:36:4c:77:e1:9a:a1:88:95:7d:bf:6c:ab:4e:
                    60:9b:56:b9:c2:0b:0b:6f:8c:ad:9f:80:6d:95:44:
                    72:51:08:6f:0c:34:f6:02:d7:82:00:25:9f:11:07:
                    8d:54:8f:92:06:cb:a2:1e:19:e3:93:53:8d:1c:c0:
                    64:da:29:07:f6:54:b1:93:96:64:5e:09:37:2e:be:
                    bd:0f:d3:9b:4e:93:ee:89:9b:97:e6:e6:1a:84:c2:
                    e9:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F8:34:20:FA:C3:74:E0:A1:CD:5D:B5:FF:C4:45:F7:5D:3C:0B:D2:B6
            X509v3 Authority Key Identifier:
                keyid:CB:F7:4C:D8:46:49:31:38:F5:22:C5:7C:00:65:B5:C6:05:12:DD:09

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/y_dM2EZJMTj1IsV8AGW1xgUS3Qk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/348789-3208-4847-9c3f-982d1f21a32b/1/1-DQg-sN04KHNXbX_xEX3XTwL0rY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/40/348789-3208-4847-9c3f-982d1f21a32b/1/y_dM2EZJMTj1IsV8AGW1xgUS3Qk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:3b80:154::/48

    Signature Algorithm: sha256WithRSAEncryption
         65:16:25:fa:72:e7:f4:03:ff:8f:a2:21:2d:8f:a0:27:de:95:
         c1:cf:c0:dd:bb:e3:cc:44:5e:cc:72:ca:75:77:d0:52:c9:c4:
         0b:35:d0:0b:5e:3f:a9:db:91:b1:3b:8a:7d:72:71:15:65:f4:
         a1:b7:eb:8e:61:05:39:12:e8:5f:e1:d7:9e:78:11:58:37:b1:
         12:5e:01:50:00:e9:30:c8:7d:7c:6e:15:e8:66:fc:c5:67:78:
         0d:80:5d:38:e2:6b:dd:db:49:b5:30:93:df:42:9e:47:f0:81:
         c5:a1:94:ef:02:ae:4b:7b:a8:70:83:5f:3d:c5:08:e8:ac:9e:
         f9:ab:a6:ba:44:3b:38:2f:77:04:de:3e:d5:08:b2:08:68:2d:
         bf:03:4a:80:8f:2b:59:b3:78:dc:38:52:2e:a6:4a:c6:b8:10:
         c5:74:7a:b5:8f:35:90:6e:1b:22:f6:1b:11:db:4c:9e:5b:07:
         df:f0:40:21:a0:b5:a2:4a:d5:26:bf:3e:a7:cd:a2:ff:68:3b:
         97:68:a2:21:36:b9:17:08:5c:4a:a1:2b:b2:39:7c:6f:b0:76:
         a9:3d:fa:91:09:81:a7:d6:c4:3d:f4:a0:e6:c5:14:47:55:dd:
         b8:e7:0f:77:4a:34:30:af:79:d9:d1:39:15:72:2e:b8:ee:02:
         96:77:1d:69
-----BEGIN CERTIFICATE-----
MIIFATCCA+mgAwIBAgISAYzDSJUv20J/hymVhNz/LsJ1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNiZjc0Y2Q4NDY0OTMxMzhmNTIyYzU3YzAwNjViNWM2MDUx
MmRkMDkwHhcNMjQwMTAxMDQyOTIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmODM0MjBmYWMzNzRlMGExY2Q1ZGI1ZmZjNDQ1Zjc1ZDNjMGJkMmI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApG+q9FLGC9EKCcdtZ97MWQPV4N9j
HfihoQVAOAViUZFwJn7S8pWfVTf8hCqEQcrgglm4AKjF16bvvlANxVEYDsAP2qwh
1gNF5e65QeldJDG1WbR3IhyYD4+3VhpFk5rlA8usziPnLMX26v5ZWG5gERYr3N0l
8o3/YtUD5JRcJyllCjWiLK8btH6XjjvrRtxHoQQvAeWj2pNjLt72n4MQhtk6+urb
wjZMd+GaoYiVfb9sq05gm1a5wgsLb4ytn4BtlURyUQhvDDT2AteCACWfEQeNVI+S
BsuiHhnjk1ONHMBk2ikH9lSxk5ZkXgk3Lr69D9ObTpPuiZuX5uYahMLpIQIDAQAB
o4ICDTCCAgkwHQYDVR0OBBYEFPg0IPrDdOChzV21/8RF9108C9K2MB8GA1UdIwQY
MBaAFMv3TNhGSTE49SLFfABltcYFEt0JMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveV9kTTJFWkpNVGoxSXNWOEFHVzF4Z1VTM1FrLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC8zNDg3ODktMzIwOC00ODQ3LTljM2Yt
OTgyZDFmMjFhMzJiLzEvMS1EUWctc04wNEtITlhiWF94RVgzWFR3TDByWS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNDAvMzQ4Nzg5LTMyMDgtNDg0Ny05YzNmLTk4MmQxZjIxYTMy
Yi8xL3lfZE0yRVpKTVRqMUlzVjhBR1cxeGdVUzNRay5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoGO4AB
VDANBgkqhkiG9w0BAQsFAAOCAQEAZRYl+nLn9AP/j6IhLY+gJ96Vwc/A3bvjzERe
zHLKdXfQUsnECzXQC14/qduRsTuKfXJxFWX0obfrjmEFORLoX+HXnngRWDexEl4B
UADpMMh9fG4V6Gb8xWd4DYBdOOJr3dtJtTCT30KeR/CBxaGU7wKuS3uocINfPcUI
6Kye+aumukQ7OC93BN4+1QiyCGgtvwNKgI8rWbN43DhSLqZKxrgQxXR6tY81kG4b
IvYbEdtMnlsH3/BAIaC1okrVJr8+p82i/2g7l2iiITa5FwhcSqErsjl8b7B2qT36
kQmBp9bEPfSg5sUUR1XduOcPd0o0MK952dE5FXIuuO4ClncdaQ==
-----END CERTIFICATE-----