Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/52/128588-3207-4f36-983c-f79ad8122ef5/1/ER70bOsq28_IkLLwUAcVYXN-050.roa
File:                     ER70bOsq28_IkLLwUAcVYXN-050.roa (raw, json)
Hash identifier:          yjBrrt3OA0XReVFmCtvhCix2bkA6pyNnAsLyo/F8WIo=
Subject key identifier:   11:1E:F4:6C:EB:2A:DB:CF:C8:90:B2:F0:50:07:15:61:73:7E:D3:9D
Certificate issuer:       /CN=f3d494b8b271afb7c62f1397f712cf2dcd364185
Certificate serial:       018CC3494E70125F6BAD3A503AD61DF33BA5
Authority key identifier: F3:D4:94:B8:B2:71:AF:B7:C6:2F:13:97:F7:12:CF:2D:CD:36:41:85
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/89SUuLJxr7fGLxOX9xLPLc02QYU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/52/128588-3207-4f36-983c-f79ad8122ef5/1/ER70bOsq28_IkLLwUAcVYXN-050.roa
Signing time:             Mon 01 Jan 2024 04:30:10 +0000
ROA not before:           Mon 01 Jan 2024 04:30:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206885
IP address blocks:        2001:678:284::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/52/128588-3207-4f36-983c-f79ad8122ef5/1/89SUuLJxr7fGLxOX9xLPLc02QYU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/52/128588-3207-4f36-983c-f79ad8122ef5/1/89SUuLJxr7fGLxOX9xLPLc02QYU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/89SUuLJxr7fGLxOX9xLPLc02QYU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:12:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:4e:70:12:5f:6b:ad:3a:50:3a:d6:1d:f3:3b:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f3d494b8b271afb7c62f1397f712cf2dcd364185
        Validity
            Not Before: Jan  1 04:30:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=111ef46ceb2adbcfc890b2f050071561737ed39d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:38:f7:37:cf:8d:be:9c:50:44:59:17:8e:8f:
                    43:6f:c0:85:27:1e:4e:18:e9:f3:7e:c5:1a:d6:1e:
                    ac:da:c7:d7:e1:89:2a:56:af:24:5e:44:f2:4d:6b:
                    d8:84:e1:63:fa:3c:e1:50:50:81:68:b1:de:8b:43:
                    bf:3b:76:b8:6f:ee:fa:be:85:cb:b0:36:2f:5f:ef:
                    fd:0f:c3:b6:3b:df:af:da:2b:e2:8f:cd:61:c8:23:
                    bf:e6:84:34:3c:3e:26:c3:2c:97:ca:46:1b:53:1a:
                    fd:19:3c:2c:78:23:f5:c5:87:49:d9:8a:31:60:75:
                    9a:67:68:18:85:2c:ae:cc:77:32:1c:5c:3b:ec:4f:
                    82:1a:09:19:2e:f9:34:d6:80:b1:b9:73:d3:0e:94:
                    da:c6:13:c3:09:14:26:64:ae:77:ad:65:e4:5b:b8:
                    5e:21:3f:af:15:b5:0e:8c:c6:fa:d4:8f:a8:71:c4:
                    9e:91:33:d6:28:ff:84:3f:30:f7:50:64:d8:29:c7:
                    b0:7c:3d:ac:4e:85:ab:af:c4:62:a3:de:45:4b:26:
                    c0:58:7c:16:78:5a:76:51:bd:d3:81:3e:bd:7a:8e:
                    85:80:7e:21:12:55:ad:62:ed:61:9d:d3:d2:a1:84:
                    5c:50:70:aa:a3:fe:38:d2:ab:9a:4b:f8:5b:3f:bf:
                    d4:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:1E:F4:6C:EB:2A:DB:CF:C8:90:B2:F0:50:07:15:61:73:7E:D3:9D
            X509v3 Authority Key Identifier:
                keyid:F3:D4:94:B8:B2:71:AF:B7:C6:2F:13:97:F7:12:CF:2D:CD:36:41:85

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/89SUuLJxr7fGLxOX9xLPLc02QYU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/52/128588-3207-4f36-983c-f79ad8122ef5/1/ER70bOsq28_IkLLwUAcVYXN-050.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/52/128588-3207-4f36-983c-f79ad8122ef5/1/89SUuLJxr7fGLxOX9xLPLc02QYU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:284::/48

    Signature Algorithm: sha256WithRSAEncryption
         15:05:a2:cf:09:92:af:99:b3:39:ab:5f:83:e5:d6:26:b5:56:
         49:18:f9:3f:2f:63:c5:09:85:19:aa:0b:f0:93:04:da:38:9c:
         b4:03:62:40:1d:9f:5e:4f:7b:e5:64:89:8d:17:3f:15:f3:12:
         ba:0e:ec:93:41:03:da:c7:a2:14:e9:cc:20:e5:08:a2:5c:40:
         29:7e:b9:6c:41:91:c2:9e:8b:25:de:90:f6:88:9e:f9:65:50:
         4d:a5:49:27:23:cd:9b:41:92:64:be:82:a6:02:1b:e9:a8:b9:
         bd:4c:1b:84:fb:64:f1:d3:bd:97:76:88:42:56:41:ff:c0:a2:
         87:f7:a3:cc:24:e7:6e:11:bc:3a:35:b9:55:09:3e:ec:42:62:
         1f:49:64:cd:91:d5:0a:15:35:d0:b5:e7:43:37:75:ba:64:a3:
         a7:51:48:94:8a:bb:38:63:c6:cb:47:df:64:0f:9f:73:df:77:
         ba:4d:e3:0f:66:ce:e6:bc:e7:6a:dd:da:8c:74:df:29:b8:9a:
         be:24:7e:19:b4:18:ba:ce:ed:fa:04:a6:b5:a6:5f:c2:50:68:
         6b:8c:56:27:b0:14:7a:e3:28:a3:c2:f2:92:fd:8d:80:30:43:
         5e:d2:07:c8:e4:3a:80:15:ee:c0:2b:e4:a3:26:5d:18:d8:6c:
         98:44:72:cd
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzDSU5wEl9rrTpQOtYd8zulMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYzZDQ5NGI4YjI3MWFmYjdjNjJmMTM5N2Y3MTJjZjJkY2Qz
NjQxODUwHhcNMjQwMTAxMDQzMDEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMTFlZjQ2Y2ViMmFkYmNmYzg5MGIyZjA1MDA3MTU2MTczN2VkMzlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwDj3N8+NvpxQRFkXjo9Db8CFJx5O
GOnzfsUa1h6s2sfX4YkqVq8kXkTyTWvYhOFj+jzhUFCBaLHei0O/O3a4b+76voXL
sDYvX+/9D8O2O9+v2ivij81hyCO/5oQ0PD4mwyyXykYbUxr9GTwseCP1xYdJ2Yox
YHWaZ2gYhSyuzHcyHFw77E+CGgkZLvk01oCxuXPTDpTaxhPDCRQmZK53rWXkW7he
IT+vFbUOjMb61I+occSekTPWKP+EPzD3UGTYKcewfD2sToWrr8Rio95FSybAWHwW
eFp2Ub3TgT69eo6FgH4hElWtYu1hndPSoYRcUHCqo/440quaS/hbP7/U7wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFBEe9GzrKtvPyJCy8FAHFWFzftOdMB8GA1UdIwQY
MBaAFPPUlLiyca+3xi8Tl/cSzy3NNkGFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvODlTVXVMSnhyN2ZHTHhPWDl4TFBMYzAyUVlVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Mi8xMjg1ODgtMzIwNy00ZjM2LTk4M2Mt
Zjc5YWQ4MTIyZWY1LzEvRVI3MGJPc3EyOF9Ja0xMd1VBY1ZZWE4tMDUwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Mi8xMjg1ODgtMzIwNy00ZjM2LTk4M2MtZjc5YWQ4MTIyZWY1
LzEvODlTVXVMSnhyN2ZHTHhPWDl4TFBMYzAyUVlVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeAKE
MA0GCSqGSIb3DQEBCwUAA4IBAQAVBaLPCZKvmbM5q1+D5dYmtVZJGPk/L2PFCYUZ
qgvwkwTaOJy0A2JAHZ9eT3vlZImNFz8V8xK6DuyTQQPax6IU6cwg5QiiXEApfrls
QZHCnosl3pD2iJ75ZVBNpUknI82bQZJkvoKmAhvpqLm9TBuE+2Tx072XdohCVkH/
wKKH96PMJOduEbw6NblVCT7sQmIfSWTNkdUKFTXQtedDN3W6ZKOnUUiUirs4Y8bL
R99kD59z33e6TeMPZs7mvOdq3dqMdN8puJq+JH4ZtBi6zu36BKa1pl/CUGhrjFYn
sBR64yijwvKS/Y2AMENe0gfI5DqAFe7AK+SjJl0Y2GyYRHLN
-----END CERTIFICATE-----