Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/cc083c-fe76-443f-a214-54d20d88915d/1/0c5UM22NrPug-PHarETLG-UCccg.roa
File:                     0c5UM22NrPug-PHarETLG-UCccg.roa (raw, json)
Hash identifier:          XLBscBgSKAn4G0BeDwUgfwpl7vCzp2VbaXlIgzu9HUQ=
Subject key identifier:   D1:CE:54:33:6D:8D:AC:FB:A0:F8:F1:DA:AC:44:CB:1B:E5:02:71:C8
Certificate issuer:       /CN=c6b36fea22c366d08a4b546ac83f4485b2b1e159
Certificate serial:       018E3A09322996FA7BE90A12C3011819FAC1
Authority key identifier: C6:B3:6F:EA:22:C3:66:D0:8A:4B:54:6A:C8:3F:44:85:B2:B1:E1:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xrNv6iLDZtCKS1RqyD9EhbKx4Vk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/cc083c-fe76-443f-a214-54d20d88915d/1/0c5UM22NrPug-PHarETLG-UCccg.roa
Signing time:             Wed 13 Mar 2024 22:57:44 +0000
ROA not before:           Wed 13 Mar 2024 22:57:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215332
IP address blocks:        2001:67c:93c::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4e/cc083c-fe76-443f-a214-54d20d88915d/1/xrNv6iLDZtCKS1RqyD9EhbKx4Vk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4e/cc083c-fe76-443f-a214-54d20d88915d/1/xrNv6iLDZtCKS1RqyD9EhbKx4Vk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xrNv6iLDZtCKS1RqyD9EhbKx4Vk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 02 Jul 2024 10:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:3a:09:32:29:96:fa:7b:e9:0a:12:c3:01:18:19:fa:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c6b36fea22c366d08a4b546ac83f4485b2b1e159
        Validity
            Not Before: Mar 13 22:57:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d1ce54336d8dacfba0f8f1daac44cb1be50271c8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:93:ed:ea:64:60:e1:a5:37:32:18:81:9c:ba:
                    c2:ea:7f:d2:36:5a:13:a8:56:d1:0a:5a:37:5a:68:
                    97:39:52:34:bc:bb:c5:12:64:13:a0:30:e3:27:7b:
                    af:81:5f:eb:49:bf:ee:9f:5d:2e:1e:75:87:d6:dd:
                    4d:98:45:d6:06:b6:33:bf:4e:83:d2:8b:fc:81:14:
                    c5:4a:61:1b:7d:34:26:5f:c1:db:12:de:fe:99:5a:
                    92:e3:a1:ce:86:be:4f:64:97:58:c6:a2:15:95:1b:
                    97:8e:a7:d8:69:0c:57:06:4c:92:3a:0e:64:5e:f9:
                    4c:a4:c0:a8:f8:a3:77:17:0e:f1:cd:0d:83:83:66:
                    fe:25:99:2c:43:98:c4:b6:6d:62:a1:40:65:a3:3e:
                    64:e1:54:6f:7f:24:65:46:30:92:c5:be:d2:4c:4d:
                    08:7e:d9:35:a9:77:8c:cb:7f:a2:ed:99:8a:25:6f:
                    50:43:3c:60:d1:cf:ab:4e:75:52:01:27:01:00:4a:
                    8e:b6:72:76:c8:d4:2a:2e:44:25:04:1a:c3:65:88:
                    64:b9:95:ae:c5:d4:31:ba:07:36:14:25:35:c5:51:
                    15:50:b3:11:e5:a6:f5:f2:cc:42:e8:2a:9a:d6:e7:
                    7b:83:0c:8c:1e:9d:c2:ed:32:70:b4:a6:6c:2b:fa:
                    c9:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:CE:54:33:6D:8D:AC:FB:A0:F8:F1:DA:AC:44:CB:1B:E5:02:71:C8
            X509v3 Authority Key Identifier:
                keyid:C6:B3:6F:EA:22:C3:66:D0:8A:4B:54:6A:C8:3F:44:85:B2:B1:E1:59

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xrNv6iLDZtCKS1RqyD9EhbKx4Vk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/cc083c-fe76-443f-a214-54d20d88915d/1/0c5UM22NrPug-PHarETLG-UCccg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/cc083c-fe76-443f-a214-54d20d88915d/1/xrNv6iLDZtCKS1RqyD9EhbKx4Vk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:93c::/48

    Signature Algorithm: sha256WithRSAEncryption
         79:82:b5:e3:56:14:50:ae:6a:83:75:b3:8a:66:59:b5:76:ab:
         71:7c:9f:56:3e:57:08:1e:7d:32:9c:1e:c0:fd:52:6c:3e:2b:
         80:90:a2:80:2e:3b:b1:4b:16:67:1c:6d:3b:d0:96:79:67:58:
         56:1a:7b:c7:6e:e7:88:42:f0:da:4c:5d:35:c9:81:7e:0f:e7:
         60:b1:a4:ac:dd:02:7e:48:e7:a7:40:0d:a1:c7:35:92:22:44:
         e3:8d:58:61:b6:5b:b5:61:84:d7:1f:e5:13:76:e5:94:4d:43:
         08:76:b7:a5:c9:ca:32:cc:44:2c:9e:33:b4:90:08:98:27:ad:
         ed:48:fa:85:75:e4:ac:2c:07:a8:8c:cf:78:6d:90:a6:b4:59:
         07:b7:fe:a0:7a:25:c4:cc:b7:da:1d:51:fb:19:69:66:66:6a:
         fb:c4:7e:ab:56:f8:aa:82:d2:ee:b3:4a:10:f1:be:ed:ff:98:
         de:e4:2a:4f:44:fa:10:8e:ee:b3:fb:6e:e0:5f:c9:e8:db:b9:
         60:69:7a:7e:ff:fe:99:66:70:61:53:cc:d9:59:5e:66:ae:9e:
         64:4a:5c:09:2c:38:dd:2d:2b:a6:71:35:8b:8e:8e:ff:39:31:
         38:eb:00:f7:35:9d:d6:49:9b:50:b0:a5:03:7e:a6:26:e9:75:
         11:ce:1b:0c
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY46CTIplvp76QoSwwEYGfrBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2YjM2ZmVhMjJjMzY2ZDA4YTRiNTQ2YWM4M2Y0NDg1YjJi
MWUxNTkwHhcNMjQwMzEzMjI1NzQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMWNlNTQzMzZkOGRhY2ZiYTBmOGYxZGFhYzQ0Y2IxYmU1MDI3MWM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjZPt6mRg4aU3MhiBnLrC6n/SNloT
qFbRClo3WmiXOVI0vLvFEmQToDDjJ3uvgV/rSb/un10uHnWH1t1NmEXWBrYzv06D
0ov8gRTFSmEbfTQmX8HbEt7+mVqS46HOhr5PZJdYxqIVlRuXjqfYaQxXBkySOg5k
XvlMpMCo+KN3Fw7xzQ2Dg2b+JZksQ5jEtm1ioUBloz5k4VRvfyRlRjCSxb7STE0I
ftk1qXeMy3+i7ZmKJW9QQzxg0c+rTnVSAScBAEqOtnJ2yNQqLkQlBBrDZYhkuZWu
xdQxugc2FCU1xVEVULMR5ab18sxC6Cqa1ud7gwyMHp3C7TJwtKZsK/rJ/QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFNHOVDNtjaz7oPjx2qxEyxvlAnHIMB8GA1UdIwQY
MBaAFMazb+oiw2bQiktUasg/RIWyseFZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveHJOdjZpTERadENLUzFScXlEOUVoYkt4NFZrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZS9jYzA4M2MtZmU3Ni00NDNmLWEyMTQt
NTRkMjBkODg5MTVkLzEvMGM1VU0yMk5yUHVnLVBIYXJFVExHLVVDY2NnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZS9jYzA4M2MtZmU3Ni00NDNmLWEyMTQtNTRkMjBkODg5MTVk
LzEveHJOdjZpTERadENLUzFScXlEOUVoYkt4NFZrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfAk8
MA0GCSqGSIb3DQEBCwUAA4IBAQB5grXjVhRQrmqDdbOKZlm1dqtxfJ9WPlcIHn0y
nB7A/VJsPiuAkKKALjuxSxZnHG070JZ5Z1hWGnvHbueIQvDaTF01yYF+D+dgsaSs
3QJ+SOenQA2hxzWSIkTjjVhhtlu1YYTXH+UTduWUTUMIdrelycoyzEQsnjO0kAiY
J63tSPqFdeSsLAeojM94bZCmtFkHt/6geiXEzLfaHVH7GWlmZmr7xH6rVviqgtLu
s0oQ8b7t/5je5CpPRPoQju6z+27gX8no27lgaXp+//6ZZnBhU8zZWV5mrp5kSlwJ
LDjdLSumcTWLjo7/OTE46wD3NZ3WSZtQsKUDfqYm6XURzhsM
-----END CERTIFICATE-----