Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/hbiTMVLhsVNi_V5BVrQocDba2e0.roa
File:                     hbiTMVLhsVNi_V5BVrQocDba2e0.roa (raw, json)
Hash identifier:          oPOH4wTui7nPWhJ/DL7745IDmrYvWmNcfalOYEq8qCY=
Subject key identifier:   85:B8:93:31:52:E1:B1:53:62:FD:5E:41:56:B4:28:70:36:DA:D9:ED
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       018D1BCD6424A0C2190046A8EB7743DCB9E8
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/hbiTMVLhsVNi_V5BVrQocDba2e0.roa
Signing time:             Thu 18 Jan 2024 09:01:01 +0000
ROA not before:           Thu 18 Jan 2024 09:01:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210623
IP address blocks:        2a0e:b107:1780::/46 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 09:38:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:1b:cd:64:24:a0:c2:19:00:46:a8:eb:77:43:dc:b9:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan 18 09:01:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=85b8933152e1b15362fd5e4156b4287036dad9ed
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:df:2c:e7:f2:2e:e4:da:e7:4a:76:e0:77:81:
                    51:25:fc:35:9a:2d:2a:60:4d:15:ed:56:b1:1e:bd:
                    2c:8d:a7:cb:3e:0a:91:41:1a:91:c8:f0:9c:58:5f:
                    2f:f3:c8:fe:88:e6:6f:80:bd:84:a4:e8:97:0b:96:
                    be:bf:a7:49:f2:21:8e:f1:5d:42:6d:79:3d:56:e5:
                    40:20:38:2b:00:a4:35:33:cc:a6:6d:44:54:ee:1c:
                    18:ff:b7:4a:b0:cd:51:f2:a5:b8:e6:fb:3c:77:79:
                    00:20:90:2e:dc:d0:97:f8:30:b4:0b:a0:53:54:72:
                    40:d9:35:3f:59:57:fc:86:70:ba:7c:92:99:16:0c:
                    b7:37:83:a1:39:d0:1b:df:5d:cf:dd:6b:db:28:c2:
                    ed:6d:c3:38:c2:41:44:1a:b3:b1:f5:17:b3:21:a7:
                    5c:c0:13:79:b3:62:fc:51:a6:29:8e:23:73:c0:af:
                    32:11:2f:e7:6e:88:cf:7d:d8:12:8b:36:e4:49:41:
                    44:25:2f:5b:fb:ad:f6:c8:9e:34:4b:f9:e3:f4:fe:
                    04:e3:22:71:c6:67:d2:2c:e3:08:ca:d8:87:e2:7c:
                    b6:38:68:98:d0:da:e5:85:ff:e8:5f:33:6d:2d:ea:
                    54:aa:01:de:a0:a8:ac:17:e4:2c:bb:d1:0c:16:96:
                    2a:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:B8:93:31:52:E1:B1:53:62:FD:5E:41:56:B4:28:70:36:DA:D9:ED
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/hbiTMVLhsVNi_V5BVrQocDba2e0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:b107:1780::/46

    Signature Algorithm: sha256WithRSAEncryption
         23:e4:f6:bd:84:8f:db:2b:5c:47:4b:89:54:64:96:4b:7c:91:
         7c:e3:58:cf:6e:0e:c6:89:a9:7b:d5:fe:53:8c:6e:dd:3b:fb:
         f7:ff:f9:ab:f7:c4:db:3c:6d:13:28:3b:9e:7b:0d:e1:14:98:
         c8:99:0c:c1:08:d9:77:d1:61:3d:30:d3:da:01:58:9f:06:4a:
         b5:2e:f9:eb:64:9a:cc:6e:74:ed:e5:4d:42:eb:e3:61:43:c0:
         60:8c:18:4a:ee:ae:92:ff:e2:a5:1d:4e:af:f7:2e:3d:de:af:
         3f:64:c9:6c:8a:37:99:a0:c4:c5:dc:6a:fb:b8:91:bb:35:56:
         b5:c3:b3:54:23:c0:20:e0:b6:c0:8a:61:78:2c:26:60:20:2b:
         12:0c:d6:76:28:77:d6:26:2b:8f:47:7e:c3:46:49:41:ec:9c:
         3a:cd:2a:71:25:45:10:8f:a2:eb:96:cf:2e:7f:cd:c1:be:85:
         a0:80:d9:e3:55:5e:ad:ee:e1:d4:95:2e:19:c0:70:91:5f:c2:
         63:a5:94:50:13:e4:e1:e3:11:78:c7:6b:19:d1:49:8d:2e:c2:
         c0:15:8c:c9:81:8b:2b:12:86:e6:55:7d:b8:da:c2:8f:68:18:
         fa:74:10:93:25:ad:cc:b5:ea:07:d6:70:72:ad:21:42:62:f1:
         33:b3:35:23
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY0bzWQkoMIZAEao63dD3LnoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQwMTE4MDkwMTAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NWI4OTMzMTUyZTFiMTUzNjJmZDVlNDE1NmI0Mjg3MDM2ZGFkOWVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwN8s5/Iu5NrnSnbgd4FRJfw1mi0q
YE0V7VaxHr0sjafLPgqRQRqRyPCcWF8v88j+iOZvgL2EpOiXC5a+v6dJ8iGO8V1C
bXk9VuVAIDgrAKQ1M8ymbURU7hwY/7dKsM1R8qW45vs8d3kAIJAu3NCX+DC0C6BT
VHJA2TU/WVf8hnC6fJKZFgy3N4OhOdAb313P3WvbKMLtbcM4wkFEGrOx9RezIadc
wBN5s2L8UaYpjiNzwK8yES/nbojPfdgSizbkSUFEJS9b+632yJ40S/nj9P4E4yJx
xmfSLOMIytiH4ny2OGiY0Nrlhf/oXzNtLepUqgHeoKisF+Qsu9EMFpYqRQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFIW4kzFS4bFTYv1eQVa0KHA22tntMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvaGJpVE1WTGhzVk5pX1Y1QlZyUW9jRGJhMmUwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcCKg6xBxeA
MA0GCSqGSIb3DQEBCwUAA4IBAQAj5Pa9hI/bK1xHS4lUZJZLfJF841jPbg7Gial7
1f5TjG7dO/v3//mr98TbPG0TKDueew3hFJjImQzBCNl30WE9MNPaAVifBkq1Lvnr
ZJrMbnTt5U1C6+NhQ8BgjBhK7q6S/+KlHU6v9y493q8/ZMlsijeZoMTF3Gr7uJG7
NVa1w7NUI8Ag4LbAimF4LCZgICsSDNZ2KHfWJiuPR37DRklB7Jw6zSpxJUUQj6Lr
ls8uf83BvoWggNnjVV6t7uHUlS4ZwHCRX8JjpZRQE+Th4xF4x2sZ0UmNLsLAFYzJ
gYsrEobmVX242sKPaBj6dBCTJa3MteoH1nByrSFCYvEzszUj
-----END CERTIFICATE-----