Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/49/c7b573-2768-473c-a5c4-57ef7fee759c/1/cabMKH94uPuY3lWJmtq4FbH2IF8.roa
File:                     cabMKH94uPuY3lWJmtq4FbH2IF8.roa (raw, json)
Hash identifier:          xM6jrMDiF2EruWNrJHzUFzpgh+InRTZZafeB0FYLlx4=
Subject key identifier:   71:A6:CC:28:7F:78:B8:FB:98:DE:55:89:9A:DA:B8:15:B1:F6:20:5F
Certificate issuer:       /CN=ac9bbf9f623313eb2b1827350b45a9ba1fd9da5f
Certificate serial:       018CC80169B6B2F71F680D618953C39EB74E
Authority key identifier: AC:9B:BF:9F:62:33:13:EB:2B:18:27:35:0B:45:A9:BA:1F:D9:DA:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rJu_n2IzE-srGCc1C0Wpuh_Z2l8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/49/c7b573-2768-473c-a5c4-57ef7fee759c/1/cabMKH94uPuY3lWJmtq4FbH2IF8.roa
Signing time:             Tue 02 Jan 2024 02:29:44 +0000
ROA not before:           Tue 02 Jan 2024 02:29:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15404
IP address blocks:        2001:67c:6d4::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/49/c7b573-2768-473c-a5c4-57ef7fee759c/1/rJu_n2IzE-srGCc1C0Wpuh_Z2l8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/49/c7b573-2768-473c-a5c4-57ef7fee759c/1/rJu_n2IzE-srGCc1C0Wpuh_Z2l8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rJu_n2IzE-srGCc1C0Wpuh_Z2l8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:69:b6:b2:f7:1f:68:0d:61:89:53:c3:9e:b7:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ac9bbf9f623313eb2b1827350b45a9ba1fd9da5f
        Validity
            Not Before: Jan  2 02:29:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=71a6cc287f78b8fb98de55899adab815b1f6205f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:c7:3e:96:c4:7a:0c:2e:17:9e:58:10:11:3e:
                    5e:a1:3a:ad:e7:cf:05:73:ea:7a:76:5b:ba:04:50:
                    de:03:e7:77:2a:a2:1b:08:2d:20:b8:a5:47:61:4e:
                    b2:77:ad:37:86:82:8a:43:4b:5f:54:14:9a:cc:14:
                    8a:70:91:c7:33:fe:0c:ee:a4:77:07:28:12:ab:10:
                    45:5c:00:55:bc:6a:81:c1:a8:b9:e0:e6:e6:8c:77:
                    57:bb:1b:82:3c:bf:27:4f:a6:5f:0a:48:ee:cc:1a:
                    a0:bf:56:dd:20:84:17:d7:e4:0f:c6:60:45:73:5f:
                    0d:a8:46:39:9c:af:ba:f6:56:05:72:1a:e5:7b:5d:
                    cb:5a:2f:e6:a6:f0:26:66:34:f7:0d:d2:c6:98:c0:
                    ad:1d:66:57:a4:6c:1c:d2:6c:75:ab:bf:cb:78:42:
                    5c:93:89:13:c6:ab:d2:94:d7:b0:c6:9a:75:12:27:
                    6a:76:5b:f2:dc:c4:a6:af:de:29:4a:a2:65:9a:a0:
                    1e:29:7b:f8:75:e5:e1:39:50:fc:ff:e5:3e:57:b0:
                    aa:16:a7:56:ab:2f:df:77:bd:82:db:88:d2:13:c5:
                    2e:4c:c4:59:2c:12:f4:65:1f:7b:42:4b:db:d8:0a:
                    1d:2a:e9:ab:82:3d:fb:f0:f8:2c:85:02:20:da:6e:
                    93:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:A6:CC:28:7F:78:B8:FB:98:DE:55:89:9A:DA:B8:15:B1:F6:20:5F
            X509v3 Authority Key Identifier:
                keyid:AC:9B:BF:9F:62:33:13:EB:2B:18:27:35:0B:45:A9:BA:1F:D9:DA:5F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rJu_n2IzE-srGCc1C0Wpuh_Z2l8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/49/c7b573-2768-473c-a5c4-57ef7fee759c/1/cabMKH94uPuY3lWJmtq4FbH2IF8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/49/c7b573-2768-473c-a5c4-57ef7fee759c/1/rJu_n2IzE-srGCc1C0Wpuh_Z2l8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:6d4::/48

    Signature Algorithm: sha256WithRSAEncryption
         11:94:48:c6:d2:a7:68:1e:aa:73:8c:62:ae:17:d9:02:7b:01:
         0e:6e:22:97:74:1b:70:61:64:1a:da:ab:ef:d3:11:c0:90:73:
         ec:88:60:d2:8e:2d:fe:ec:4a:49:c3:59:16:84:54:be:b4:bf:
         b1:a7:1c:46:93:0a:7d:13:a1:76:18:c9:ff:bf:ab:f9:53:df:
         09:66:12:7f:a9:2c:77:94:13:05:fc:42:1b:1a:b0:f7:5d:d3:
         ae:f1:cd:56:58:81:95:d7:2a:90:df:d5:94:aa:3a:84:53:c9:
         55:94:ca:79:a9:98:b1:bb:ff:53:16:32:82:57:d7:19:fd:de:
         43:d6:98:97:4d:d3:85:f9:72:21:db:c6:8c:7b:ff:c6:94:bf:
         53:55:9a:e3:d7:89:10:88:c3:ae:7b:8f:f5:43:d6:fb:39:b4:
         f6:95:f6:a6:63:51:e8:b9:7b:ee:40:a2:be:de:0b:cd:e2:fa:
         00:ab:cf:31:3b:c7:c6:d5:e3:49:a1:89:39:9a:d6:4c:a4:9b:
         1b:41:68:8d:fd:d1:9e:0f:aa:c8:6d:28:91:f3:62:29:4a:e8:
         3f:0d:29:38:75:1c:62:ab:54:ad:08:9c:3c:69:34:84:83:a5:
         db:ab:b0:6e:c1:ca:6e:52:31:ab:a8:1c:81:ed:28:86:6e:38:
         6d:95:ca:fa
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzIAWm2svcfaA1hiVPDnrdOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFjOWJiZjlmNjIzMzEzZWIyYjE4MjczNTBiNDVhOWJhMWZk
OWRhNWYwHhcNMjQwMTAyMDIyOTQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MWE2Y2MyODdmNzhiOGZiOThkZTU1ODk5YWRhYjgxNWIxZjYyMDVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy8c+lsR6DC4XnlgQET5eoTqt588F
c+p6dlu6BFDeA+d3KqIbCC0guKVHYU6yd603hoKKQ0tfVBSazBSKcJHHM/4M7qR3
BygSqxBFXABVvGqBwai54ObmjHdXuxuCPL8nT6ZfCkjuzBqgv1bdIIQX1+QPxmBF
c18NqEY5nK+69lYFchrle13LWi/mpvAmZjT3DdLGmMCtHWZXpGwc0mx1q7/LeEJc
k4kTxqvSlNewxpp1Eidqdlvy3MSmr94pSqJlmqAeKXv4deXhOVD8/+U+V7CqFqdW
qy/fd72C24jSE8UuTMRZLBL0ZR97Qkvb2AodKumrgj378PgshQIg2m6TsQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFHGmzCh/eLj7mN5ViZrauBWx9iBfMB8GA1UdIwQY
MBaAFKybv59iMxPrKxgnNQtFqbof2dpfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvckp1X24ySXpFLXNyR0NjMUMwV3B1aF9aMmw4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OS9jN2I1NzMtMjc2OC00NzNjLWE1YzQt
NTdlZjdmZWU3NTljLzEvY2FiTUtIOTR1UHVZM2xXSm10cTRGYkgySUY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OS9jN2I1NzMtMjc2OC00NzNjLWE1YzQtNTdlZjdmZWU3NTlj
LzEvckp1X24ySXpFLXNyR0NjMUMwV3B1aF9aMmw4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfAbU
MA0GCSqGSIb3DQEBCwUAA4IBAQARlEjG0qdoHqpzjGKuF9kCewEObiKXdBtwYWQa
2qvv0xHAkHPsiGDSji3+7EpJw1kWhFS+tL+xpxxGkwp9E6F2GMn/v6v5U98JZhJ/
qSx3lBMF/EIbGrD3XdOu8c1WWIGV1yqQ39WUqjqEU8lVlMp5qZixu/9TFjKCV9cZ
/d5D1piXTdOF+XIh28aMe//GlL9TVZrj14kQiMOue4/1Q9b7ObT2lfamY1HouXvu
QKK+3gvN4voAq88xO8fG1eNJoYk5mtZMpJsbQWiN/dGeD6rIbSiR82IpSug/DSk4
dRxiq1StCJw8aTSEg6Xbq7BuwcpuUjGrqByB7SiGbjhtlcr6
-----END CERTIFICATE-----