Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/43/c8406d-a564-4795-98b0-868160668382/1/5yTT4LbWRIqMO89X0PQNBanVEbk.roa
File:                     5yTT4LbWRIqMO89X0PQNBanVEbk.roa (raw, json)
Hash identifier:          WNMlSF1s7JQQ+lhKB/nU5P1Ta+4+wXDnnXGc7JYmI2A=
Subject key identifier:   E7:24:D3:E0:B6:D6:44:8A:8C:3B:CF:57:D0:F4:0D:05:A9:D5:11:B9
Certificate issuer:       /CN=1cadfb9cfcda8426212dd7d8873b5fe48b412f2a
Certificate serial:       018CC26D3CF9AC847A9B17D3E39D7A2A2B3A
Authority key identifier: 1C:AD:FB:9C:FC:DA:84:26:21:2D:D7:D8:87:3B:5F:E4:8B:41:2F:2A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HK37nPzahCYhLdfYhztf5ItBLyo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/43/c8406d-a564-4795-98b0-868160668382/1/5yTT4LbWRIqMO89X0PQNBanVEbk.roa
Signing time:             Mon 01 Jan 2024 00:29:48 +0000
ROA not before:           Mon 01 Jan 2024 00:29:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211551
IP address blocks:        2001:678:f20::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/43/c8406d-a564-4795-98b0-868160668382/1/HK37nPzahCYhLdfYhztf5ItBLyo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/43/c8406d-a564-4795-98b0-868160668382/1/HK37nPzahCYhLdfYhztf5ItBLyo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HK37nPzahCYhLdfYhztf5ItBLyo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 18 Jun 2024 01:00:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:3c:f9:ac:84:7a:9b:17:d3:e3:9d:7a:2a:2b:3a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1cadfb9cfcda8426212dd7d8873b5fe48b412f2a
        Validity
            Not Before: Jan  1 00:29:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e724d3e0b6d6448a8c3bcf57d0f40d05a9d511b9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:98:4d:6e:c5:c1:4d:5c:5e:56:e2:43:7e:60:
                    5e:a8:5a:67:52:2a:3b:09:cd:f6:61:ac:cd:bd:97:
                    0b:03:02:01:5b:a5:67:1e:12:47:93:23:9a:da:ac:
                    d7:a3:11:b1:6b:3a:c7:8c:2d:ed:00:53:21:49:ba:
                    59:53:14:24:77:78:02:c3:02:36:06:e4:04:93:4d:
                    0e:46:fe:02:34:9d:c4:a3:0b:83:84:70:f7:84:4e:
                    02:fe:a6:9d:7a:95:4d:ca:2c:89:cf:cc:69:32:27:
                    73:d7:7d:1e:bf:3a:12:b2:43:46:56:26:5b:50:56:
                    be:2f:d3:26:a1:7f:a9:67:dd:d4:42:15:af:9c:08:
                    aa:d1:49:2a:ec:50:ce:9b:69:11:d3:7b:d5:ce:4e:
                    41:fa:c9:c8:2a:34:c9:79:9d:9c:6a:9a:be:2c:84:
                    4d:fa:96:cb:0f:f2:28:86:99:73:31:30:59:b8:3a:
                    d1:b0:3f:16:e5:10:0a:f7:21:f3:99:43:2f:07:23:
                    04:55:6f:3f:65:b6:66:3f:1b:05:f6:f9:9f:32:fe:
                    c3:30:3b:bd:fa:8d:e5:9b:de:a2:2c:10:0a:cb:b8:
                    27:f3:c8:d4:e1:ec:6c:69:8d:d8:62:74:01:a5:5b:
                    c9:17:4c:b4:6a:13:34:c3:d6:84:1e:60:11:a7:fe:
                    3a:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:24:D3:E0:B6:D6:44:8A:8C:3B:CF:57:D0:F4:0D:05:A9:D5:11:B9
            X509v3 Authority Key Identifier:
                keyid:1C:AD:FB:9C:FC:DA:84:26:21:2D:D7:D8:87:3B:5F:E4:8B:41:2F:2A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HK37nPzahCYhLdfYhztf5ItBLyo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/43/c8406d-a564-4795-98b0-868160668382/1/5yTT4LbWRIqMO89X0PQNBanVEbk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/43/c8406d-a564-4795-98b0-868160668382/1/HK37nPzahCYhLdfYhztf5ItBLyo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:f20::/48

    Signature Algorithm: sha256WithRSAEncryption
         44:a0:30:e3:75:3b:91:89:29:37:22:38:46:d5:75:3f:ff:9e:
         a1:7c:38:c6:a0:a5:4d:60:73:70:3e:75:ee:0c:86:1f:78:73:
         48:30:e8:2e:e0:6f:29:a0:7a:33:9e:ec:de:36:e5:c6:48:37:
         c5:9f:2e:2e:58:6c:aa:a0:c7:15:cb:73:0e:89:29:20:69:a7:
         61:49:34:a4:b1:f8:88:b8:f0:51:59:3f:6e:5b:29:e3:63:fa:
         d7:10:3c:e6:29:d5:b9:5c:48:88:d2:5e:b0:c7:2e:63:1e:ff:
         bf:06:9f:6e:a4:7a:61:dd:3f:d6:16:fe:e8:79:43:5a:b7:d2:
         97:6c:c3:c6:86:17:c3:d3:bd:30:db:dc:c7:eb:b7:58:65:5e:
         b0:d3:14:b9:68:02:11:d1:6b:b0:58:1c:9a:e3:99:c8:1a:4d:
         17:4f:7d:4a:49:63:0b:b4:a7:9d:25:22:60:9d:53:51:2c:1c:
         72:61:ae:94:83:78:1b:47:ec:eb:9b:58:64:ca:cd:ee:df:bf:
         19:4c:91:31:d9:72:a4:34:6a:7c:07:25:00:a8:bb:bf:57:0b:
         4d:c7:61:28:8b:d7:e4:4a:5d:af:ca:9b:82:58:6c:49:db:bf:
         53:9c:66:a5:e1:d1:b7:b3:eb:2b:88:4b:ae:5a:d0:52:04:43:
         aa:00:11:2e
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzCbTz5rIR6mxfT4516Kis6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjYWRmYjljZmNkYTg0MjYyMTJkZDdkODg3M2I1ZmU0OGI0
MTJmMmEwHhcNMjQwMTAxMDAyOTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNzI0ZDNlMGI2ZDY0NDhhOGMzYmNmNTdkMGY0MGQwNWE5ZDUxMWI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhphNbsXBTVxeVuJDfmBeqFpnUio7
Cc32YazNvZcLAwIBW6VnHhJHkyOa2qzXoxGxazrHjC3tAFMhSbpZUxQkd3gCwwI2
BuQEk00ORv4CNJ3EowuDhHD3hE4C/qadepVNyiyJz8xpMidz130evzoSskNGViZb
UFa+L9MmoX+pZ93UQhWvnAiq0Ukq7FDOm2kR03vVzk5B+snIKjTJeZ2capq+LIRN
+pbLD/IohplzMTBZuDrRsD8W5RAK9yHzmUMvByMEVW8/ZbZmPxsF9vmfMv7DMDu9
+o3lm96iLBAKy7gn88jU4exsaY3YYnQBpVvJF0y0ahM0w9aEHmARp/461wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFOck0+C21kSKjDvPV9D0DQWp1RG5MB8GA1UdIwQY
MBaAFByt+5z82oQmIS3X2Ic7X+SLQS8qMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEszN25QemFoQ1loTGRmWWh6dGY1SXRCTHlvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80My9jODQwNmQtYTU2NC00Nzk1LTk4YjAt
ODY4MTYwNjY4MzgyLzEvNXlUVDRMYldSSXFNTzg5WDBQUU5CYW5WRWJrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80My9jODQwNmQtYTU2NC00Nzk1LTk4YjAtODY4MTYwNjY4Mzgy
LzEvSEszN25QemFoQ1loTGRmWWh6dGY1SXRCTHlvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeA8g
MA0GCSqGSIb3DQEBCwUAA4IBAQBEoDDjdTuRiSk3IjhG1XU//56hfDjGoKVNYHNw
PnXuDIYfeHNIMOgu4G8poHoznuzeNuXGSDfFny4uWGyqoMcVy3MOiSkgaadhSTSk
sfiIuPBRWT9uWynjY/rXEDzmKdW5XEiI0l6wxy5jHv+/Bp9upHph3T/WFv7oeUNa
t9KXbMPGhhfD070w29zH67dYZV6w0xS5aAIR0WuwWBya45nIGk0XT31KSWMLtKed
JSJgnVNRLBxyYa6Ug3gbR+zrm1hkys3u378ZTJEx2XKkNGp8ByUAqLu/VwtNx2Eo
i9fkSl2vypuCWGxJ279TnGal4dG3s+sriEuuWtBSBEOqABEu
-----END CERTIFICATE-----