Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/41/f4ff52-64ba-420b-bff4-f07dd2606267/1/fQpvOgag-JJCHGruto4b2DF5O0A.roa
File:                     fQpvOgag-JJCHGruto4b2DF5O0A.roa (raw, json)
Hash identifier:          5VQin2Nxl9eSR1+jSBQIeLK1+cdyP86jUnPJVsynKh0=
Subject key identifier:   7D:0A:6F:3A:06:A0:F8:92:42:1C:6A:EE:B6:8E:1B:D8:31:79:3B:40
Certificate issuer:       /CN=27032f79023052100c4393c9e690f97d7896926f
Certificate serial:       018CC86F9CF42CA67F0A57B402A61688348A
Authority key identifier: 27:03:2F:79:02:30:52:10:0C:43:93:C9:E6:90:F9:7D:78:96:92:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JwMveQIwUhAMQ5PJ5pD5fXiWkm8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/41/f4ff52-64ba-420b-bff4-f07dd2606267/1/fQpvOgag-JJCHGruto4b2DF5O0A.roa
Signing time:             Tue 02 Jan 2024 04:30:06 +0000
ROA not before:           Tue 02 Jan 2024 04:30:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206161
IP address blocks:        2001:678:c88::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/41/f4ff52-64ba-420b-bff4-f07dd2606267/1/JwMveQIwUhAMQ5PJ5pD5fXiWkm8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/41/f4ff52-64ba-420b-bff4-f07dd2606267/1/JwMveQIwUhAMQ5PJ5pD5fXiWkm8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JwMveQIwUhAMQ5PJ5pD5fXiWkm8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:9c:f4:2c:a6:7f:0a:57:b4:02:a6:16:88:34:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=27032f79023052100c4393c9e690f97d7896926f
        Validity
            Not Before: Jan  2 04:30:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7d0a6f3a06a0f892421c6aeeb68e1bd831793b40
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:3c:e5:5a:8d:0f:4f:03:dd:31:7b:c7:16:8d:
                    13:98:63:2d:45:0d:fa:c5:68:46:c3:07:9e:52:79:
                    c5:fd:cb:1f:32:4b:c0:a9:ff:f2:06:00:db:f6:4c:
                    d2:aa:ae:10:57:a3:c4:0f:5f:ce:b5:bd:52:5b:e8:
                    ae:19:5c:53:e5:a3:0b:19:65:81:34:33:29:45:ba:
                    61:9a:2a:f3:ff:7f:5b:8c:a5:54:1a:e8:a4:f4:af:
                    a1:7e:1b:0f:75:10:8a:0f:cd:7b:c5:a0:f0:2a:94:
                    03:37:7b:54:35:6e:b1:9d:33:e6:19:92:fc:b1:21:
                    c0:6a:89:c9:22:f8:61:7c:2e:c2:4e:31:74:81:d2:
                    25:4e:9a:3d:eb:1f:cc:14:c2:42:0b:fc:ee:89:32:
                    d2:f3:cd:b0:ec:79:e8:e9:37:27:54:15:1b:03:d4:
                    90:4c:58:bc:d1:50:06:cd:11:53:4c:67:05:48:2a:
                    7a:e0:0e:bd:80:64:26:13:df:58:89:78:2f:dc:81:
                    34:c2:4c:a1:19:d8:64:7d:cd:d9:79:3d:63:b3:c8:
                    97:8e:fe:a2:9e:f1:cd:80:29:21:fc:44:b3:ee:26:
                    5f:30:01:29:75:a0:32:4a:26:5e:3a:ca:4b:14:65:
                    8e:05:55:d9:f2:65:04:f6:a3:bc:4d:a4:f1:d3:b6:
                    b9:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:0A:6F:3A:06:A0:F8:92:42:1C:6A:EE:B6:8E:1B:D8:31:79:3B:40
            X509v3 Authority Key Identifier:
                keyid:27:03:2F:79:02:30:52:10:0C:43:93:C9:E6:90:F9:7D:78:96:92:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JwMveQIwUhAMQ5PJ5pD5fXiWkm8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/41/f4ff52-64ba-420b-bff4-f07dd2606267/1/fQpvOgag-JJCHGruto4b2DF5O0A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/41/f4ff52-64ba-420b-bff4-f07dd2606267/1/JwMveQIwUhAMQ5PJ5pD5fXiWkm8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:c88::/48

    Signature Algorithm: sha256WithRSAEncryption
         3f:ed:0b:87:17:20:1d:e7:c0:01:46:a2:42:27:73:32:da:db:
         b4:b3:c8:3b:13:17:f8:c9:c8:49:1f:cb:c2:2e:c2:99:d0:cb:
         0b:00:08:1f:4f:fd:b4:e0:ed:e0:3c:0c:ea:30:62:56:1f:e6:
         5c:6c:ef:cc:33:92:bf:3b:d7:f0:94:36:d0:7a:4f:6e:47:c3:
         95:dc:68:cd:b5:ad:6a:02:f0:03:c2:c9:56:99:0c:91:f5:13:
         19:4d:25:8a:2e:79:f5:97:c4:45:3c:b0:b6:9f:31:29:e0:e0:
         05:28:22:72:05:b3:4d:03:bd:2e:6e:dd:b0:e5:7a:5c:33:0c:
         0c:fa:68:5c:d8:6f:96:ab:37:e3:ba:d7:0a:f7:8d:99:88:21:
         3e:64:cd:ce:bf:e3:75:be:71:7f:23:03:b8:da:98:3f:1a:18:
         3c:de:0b:47:14:a2:64:fc:16:58:98:e7:d5:81:8d:e3:9e:9d:
         2b:56:d1:78:73:0c:91:1f:fb:26:d8:48:ef:34:b3:ae:7c:3a:
         7a:44:50:25:9b:35:6e:1c:93:6c:0a:cc:13:55:3d:c5:76:8f:
         e6:94:70:b7:56:77:be:cc:f0:73:4f:9b:fe:80:5f:df:b7:d7:
         b5:2d:21:32:06:87:45:99:5c:c5:fa:dd:cd:2e:67:bf:5f:9c:
         05:42:42:96
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzIb5z0LKZ/Cle0AqYWiDSKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3MDMyZjc5MDIzMDUyMTAwYzQzOTNjOWU2OTBmOTdkNzg5
NjkyNmYwHhcNMjQwMTAyMDQzMDA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZDBhNmYzYTA2YTBmODkyNDIxYzZhZWViNjhlMWJkODMxNzkzYjQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArzzlWo0PTwPdMXvHFo0TmGMtRQ36
xWhGwweeUnnF/csfMkvAqf/yBgDb9kzSqq4QV6PED1/Otb1SW+iuGVxT5aMLGWWB
NDMpRbphmirz/39bjKVUGuik9K+hfhsPdRCKD817xaDwKpQDN3tUNW6xnTPmGZL8
sSHAaonJIvhhfC7CTjF0gdIlTpo96x/MFMJCC/zuiTLS882w7Hno6TcnVBUbA9SQ
TFi80VAGzRFTTGcFSCp64A69gGQmE99YiXgv3IE0wkyhGdhkfc3ZeT1js8iXjv6i
nvHNgCkh/ESz7iZfMAEpdaAySiZeOspLFGWOBVXZ8mUE9qO8TaTx07a5DQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFH0KbzoGoPiSQhxq7raOG9gxeTtAMB8GA1UdIwQY
MBaAFCcDL3kCMFIQDEOTyeaQ+X14lpJvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSndNdmVRSXdVaEFNUTVQSjVwRDVmWGlXa204LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MS9mNGZmNTItNjRiYS00MjBiLWJmZjQt
ZjA3ZGQyNjA2MjY3LzEvZlFwdk9nYWctSkpDSEdydXRvNGIyREY1TzBBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MS9mNGZmNTItNjRiYS00MjBiLWJmZjQtZjA3ZGQyNjA2MjY3
LzEvSndNdmVRSXdVaEFNUTVQSjVwRDVmWGlXa204LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeAyI
MA0GCSqGSIb3DQEBCwUAA4IBAQA/7QuHFyAd58ABRqJCJ3My2tu0s8g7Exf4ychJ
H8vCLsKZ0MsLAAgfT/204O3gPAzqMGJWH+ZcbO/MM5K/O9fwlDbQek9uR8OV3GjN
ta1qAvADwslWmQyR9RMZTSWKLnn1l8RFPLC2nzEp4OAFKCJyBbNNA70ubt2w5Xpc
MwwM+mhc2G+WqzfjutcK942ZiCE+ZM3Ov+N1vnF/IwO42pg/Ghg83gtHFKJk/BZY
mOfVgY3jnp0rVtF4cwyRH/sm2EjvNLOufDp6RFAlmzVuHJNsCswTVT3Fdo/mlHC3
Vne+zPBzT5v+gF/ft9e1LSEyBodFmVzF+t3NLme/X5wFQkKW
-----END CERTIFICATE-----