Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/50/2b6e16-9ce8-49da-9ed3-6829d68e2a54/1/pz5bCRuvd6z-RD4chv0pzccNWTw.roa
File:                     pz5bCRuvd6z-RD4chv0pzccNWTw.roa (raw, json)
Hash identifier:          XtQSOTeQQOn8p4RuYP9OcJgxwEDG2SOhur2g2DyCxiY=
Subject key identifier:   A7:3E:5B:09:1B:AF:77:AC:FE:44:3E:1C:86:FD:29:CD:C7:0D:59:3C
Certificate issuer:       /CN=3a12854a8400d8c87ea4de7a22fdf1bf574a9031
Certificate serial:       018CC9BB24265A002609B962B67A52C95287
Authority key identifier: 3A:12:85:4A:84:00:D8:C8:7E:A4:DE:7A:22:FD:F1:BF:57:4A:90:31
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OhKFSoQA2Mh-pN56Iv3xv1dKkDE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/50/2b6e16-9ce8-49da-9ed3-6829d68e2a54/1/pz5bCRuvd6z-RD4chv0pzccNWTw.roa
Signing time:             Tue 02 Jan 2024 10:32:14 +0000
ROA not before:           Tue 02 Jan 2024 10:32:14 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213210
IP address blocks:        2001:678:9b4::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/50/2b6e16-9ce8-49da-9ed3-6829d68e2a54/1/OhKFSoQA2Mh-pN56Iv3xv1dKkDE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/50/2b6e16-9ce8-49da-9ed3-6829d68e2a54/1/OhKFSoQA2Mh-pN56Iv3xv1dKkDE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OhKFSoQA2Mh-pN56Iv3xv1dKkDE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bb:24:26:5a:00:26:09:b9:62:b6:7a:52:c9:52:87
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3a12854a8400d8c87ea4de7a22fdf1bf574a9031
        Validity
            Not Before: Jan  2 10:32:14 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a73e5b091baf77acfe443e1c86fd29cdc70d593c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:88:0b:9a:83:74:73:be:49:cb:26:11:8f:37:
                    fe:5a:db:cf:1e:1f:96:f4:89:e2:55:d0:8e:a8:a0:
                    cc:21:f4:6f:14:ad:7a:7e:d5:0b:21:8b:6c:5c:6c:
                    09:5f:24:47:be:41:62:3a:1b:c8:cf:30:11:c7:df:
                    bc:1b:7d:2d:ee:ee:c1:d3:55:b5:c9:dc:e9:e3:9a:
                    57:24:b3:9f:36:2a:4d:a2:c2:4e:05:bf:b3:1f:fd:
                    ce:35:89:76:05:69:3a:d1:ee:0f:b9:b1:54:15:02:
                    ca:60:ac:f2:6a:9f:c1:52:37:ef:9d:0c:d5:05:f5:
                    26:7e:84:a0:c4:78:4b:75:cc:c0:6a:47:c8:3e:d2:
                    d6:29:ae:f7:45:6f:3d:f6:7b:65:df:05:0b:a4:cf:
                    2b:f3:7f:cd:71:b1:7e:7f:0b:fe:b2:28:5a:ff:f7:
                    86:5b:3a:c0:8d:52:f1:ec:7b:39:73:31:5f:fa:0c:
                    38:4d:04:34:48:9c:ea:0c:71:34:47:15:be:00:ec:
                    4a:52:fa:a7:ea:89:ed:58:93:f8:17:77:05:8d:ab:
                    82:61:f8:8b:75:08:e1:98:45:28:5b:52:a4:42:6c:
                    04:02:f0:f2:b8:6e:f2:70:6b:d9:6d:da:c8:3a:c4:
                    7e:0c:6f:b4:5e:4a:7a:e1:d0:f4:39:dc:f4:cc:b9:
                    c4:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:3E:5B:09:1B:AF:77:AC:FE:44:3E:1C:86:FD:29:CD:C7:0D:59:3C
            X509v3 Authority Key Identifier:
                keyid:3A:12:85:4A:84:00:D8:C8:7E:A4:DE:7A:22:FD:F1:BF:57:4A:90:31

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OhKFSoQA2Mh-pN56Iv3xv1dKkDE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/50/2b6e16-9ce8-49da-9ed3-6829d68e2a54/1/pz5bCRuvd6z-RD4chv0pzccNWTw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/50/2b6e16-9ce8-49da-9ed3-6829d68e2a54/1/OhKFSoQA2Mh-pN56Iv3xv1dKkDE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:9b4::/48

    Signature Algorithm: sha256WithRSAEncryption
         69:bb:9e:d3:7f:8a:3f:d9:c5:0f:31:a5:54:05:f0:e8:e7:ca:
         ed:14:4a:6e:4c:79:e6:c9:d2:75:26:de:fe:ab:76:83:4a:2b:
         bf:1d:63:b3:5e:05:a3:f6:c6:27:2a:37:eb:6b:0c:ce:fe:2c:
         75:36:b2:a4:4b:d3:56:cc:df:17:4e:89:67:67:cc:db:d6:9a:
         6d:64:36:ab:9d:86:0b:8e:99:8e:54:de:d3:1b:e8:7b:34:1d:
         95:15:c2:ec:80:ee:ca:d8:9e:64:3b:a0:51:99:b0:01:12:b1:
         a0:4c:c3:c6:7c:a2:e5:27:07:23:41:42:bc:17:85:d5:d2:d0:
         51:be:34:c6:44:09:35:a3:f1:39:98:d2:0b:c0:d2:2d:79:25:
         cf:ce:73:91:db:68:de:de:07:41:a0:5f:db:f3:4b:d7:ad:b3:
         7e:12:9c:79:91:54:1a:3d:a3:5f:e4:94:80:b5:e9:d8:84:37:
         e7:c9:8c:2e:23:b6:5b:3c:87:fb:c9:53:aa:39:99:2e:0f:3c:
         11:6a:d7:60:70:e5:03:30:26:29:a9:92:88:f1:2f:73:8a:5b:
         09:d8:fe:f3:22:e3:d5:02:86:17:b5:48:e3:93:ea:f5:8e:01:
         59:53:7b:34:6e:6b:f9:3c:38:5b:74:14:25:54:9e:c2:d1:e1:
         ef:59:77:de
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzJuyQmWgAmCblitnpSyVKHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhMTI4NTRhODQwMGQ4Yzg3ZWE0ZGU3YTIyZmRmMWJmNTc0
YTkwMzEwHhcNMjQwMTAyMTAzMjE0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNzNlNWIwOTFiYWY3N2FjZmU0NDNlMWM4NmZkMjljZGM3MGQ1OTNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmIgLmoN0c75JyyYRjzf+WtvPHh+W
9IniVdCOqKDMIfRvFK16ftULIYtsXGwJXyRHvkFiOhvIzzARx9+8G30t7u7B01W1
ydzp45pXJLOfNipNosJOBb+zH/3ONYl2BWk60e4PubFUFQLKYKzyap/BUjfvnQzV
BfUmfoSgxHhLdczAakfIPtLWKa73RW899ntl3wULpM8r83/NcbF+fwv+siha//eG
WzrAjVLx7Hs5czFf+gw4TQQ0SJzqDHE0RxW+AOxKUvqn6ontWJP4F3cFjauCYfiL
dQjhmEUoW1KkQmwEAvDyuG7ycGvZbdrIOsR+DG+0Xkp64dD0Odz0zLnEUwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFKc+Wwkbr3es/kQ+HIb9Kc3HDVk8MB8GA1UdIwQY
MBaAFDoShUqEANjIfqTeeiL98b9XSpAxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT2hLRlNvUUEyTWgtcE41Nkl2M3h2MWRLa0RFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MC8yYjZlMTYtOWNlOC00OWRhLTllZDMt
NjgyOWQ2OGUyYTU0LzEvcHo1YkNSdXZkNnotUkQ0Y2h2MHB6Y2NOV1R3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MC8yYjZlMTYtOWNlOC00OWRhLTllZDMtNjgyOWQ2OGUyYTU0
LzEvT2hLRlNvUUEyTWgtcE41Nkl2M3h2MWRLa0RFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeAm0
MA0GCSqGSIb3DQEBCwUAA4IBAQBpu57Tf4o/2cUPMaVUBfDo58rtFEpuTHnmydJ1
Jt7+q3aDSiu/HWOzXgWj9sYnKjfrawzO/ix1NrKkS9NWzN8XTolnZ8zb1pptZDar
nYYLjpmOVN7TG+h7NB2VFcLsgO7K2J5kO6BRmbABErGgTMPGfKLlJwcjQUK8F4XV
0tBRvjTGRAk1o/E5mNILwNIteSXPznOR22je3gdBoF/b80vXrbN+Epx5kVQaPaNf
5JSAtenYhDfnyYwuI7ZbPIf7yVOqOZkuDzwRatdgcOUDMCYpqZKI8S9zilsJ2P7z
IuPVAoYXtUjjk+r1jgFZU3s0bmv5PDhbdBQlVJ7C0eHvWXfe
-----END CERTIFICATE-----