Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/59/4a4b66-4845-4007-a6e0-10693881dad8/1/_vR8mIbonKuQaKzNe02h_UaJtRc.roa
File:                     _vR8mIbonKuQaKzNe02h_UaJtRc.roa (raw, json)
Hash identifier:          YGvzHjzclpKWU30sgdT+37Q5JDJ+Tn4BYSLh0KhLMoA=
Subject key identifier:   FE:F4:7C:98:86:E8:9C:AB:90:68:AC:CD:7B:4D:A1:FD:46:89:B5:17
Certificate issuer:       /CN=779ee00dd8baa59f53384dd0277a50e8b9802908
Certificate serial:       018CC72741A46CF8FAB7365582CA1B9FD37E
Authority key identifier: 77:9E:E0:0D:D8:BA:A5:9F:53:38:4D:D0:27:7A:50:E8:B9:80:29:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/d57gDdi6pZ9TOE3QJ3pQ6LmAKQg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/59/4a4b66-4845-4007-a6e0-10693881dad8/1/_vR8mIbonKuQaKzNe02h_UaJtRc.roa
Signing time:             Mon 01 Jan 2024 22:31:27 +0000
ROA not before:           Mon 01 Jan 2024 22:31:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43065
IP address blocks:        2001:67c:2448::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/59/4a4b66-4845-4007-a6e0-10693881dad8/1/d57gDdi6pZ9TOE3QJ3pQ6LmAKQg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/59/4a4b66-4845-4007-a6e0-10693881dad8/1/d57gDdi6pZ9TOE3QJ3pQ6LmAKQg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/d57gDdi6pZ9TOE3QJ3pQ6LmAKQg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:41:a4:6c:f8:fa:b7:36:55:82:ca:1b:9f:d3:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=779ee00dd8baa59f53384dd0277a50e8b9802908
        Validity
            Not Before: Jan  1 22:31:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fef47c9886e89cab9068accd7b4da1fd4689b517
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:25:2e:e2:b8:c9:50:12:bf:9b:f0:9a:70:2d:
                    88:8b:66:69:56:fe:be:a9:85:64:4f:43:4a:af:77:
                    98:ed:a6:0a:4b:43:4f:f5:7d:d5:c6:6c:92:25:25:
                    dc:28:8c:4a:7f:8c:4f:54:e0:50:43:7e:3d:e3:34:
                    28:30:c3:d7:e6:5b:48:97:5e:63:b3:86:8a:0d:60:
                    8d:ff:17:91:7d:01:5e:44:ad:79:50:d6:66:2c:24:
                    3c:cb:3b:c6:6f:35:1d:21:2a:79:c9:22:90:cd:44:
                    fc:0a:8c:7b:14:bf:c2:3d:bc:8a:7d:04:ed:9a:40:
                    f6:73:19:a0:41:8c:d6:b2:ac:cc:d6:c3:80:6a:5e:
                    3b:02:83:46:3f:57:d6:96:f8:fe:b0:ce:f0:01:59:
                    45:e3:7d:c6:36:1e:e7:59:0a:f3:4b:02:4f:17:58:
                    2c:83:70:c9:47:7c:42:2c:ad:b6:d6:2c:f0:85:88:
                    3c:f0:d5:1a:23:17:d5:56:b7:65:d6:87:29:65:cd:
                    9a:6a:07:31:20:bd:37:48:ae:fe:9e:0d:b7:e3:31:
                    91:8b:15:35:2b:0c:9c:9c:f6:d6:2f:47:bd:11:f7:
                    b7:4b:58:8b:c3:71:b8:d3:32:34:7c:63:17:06:2b:
                    8b:d1:26:91:48:17:e8:25:4e:dc:82:63:f6:03:94:
                    72:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FE:F4:7C:98:86:E8:9C:AB:90:68:AC:CD:7B:4D:A1:FD:46:89:B5:17
            X509v3 Authority Key Identifier:
                keyid:77:9E:E0:0D:D8:BA:A5:9F:53:38:4D:D0:27:7A:50:E8:B9:80:29:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/d57gDdi6pZ9TOE3QJ3pQ6LmAKQg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/4a4b66-4845-4007-a6e0-10693881dad8/1/_vR8mIbonKuQaKzNe02h_UaJtRc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/59/4a4b66-4845-4007-a6e0-10693881dad8/1/d57gDdi6pZ9TOE3QJ3pQ6LmAKQg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:2448::/48

    Signature Algorithm: sha256WithRSAEncryption
         21:82:f8:0e:80:7e:37:9e:ae:42:6b:54:12:a1:dc:1b:ad:f5:
         8d:c0:0d:ea:87:56:13:a5:38:27:35:d6:df:0d:a3:17:6c:4a:
         16:83:13:98:c0:e4:7f:7b:13:53:9e:4e:26:20:1e:e7:51:34:
         68:95:87:ab:bc:10:d3:e9:9a:41:57:17:0b:8e:64:da:79:3e:
         ae:f6:be:0a:79:d5:b1:c2:4a:7f:71:ca:bb:9f:2d:b0:77:44:
         87:a0:61:85:3e:68:60:7d:46:d0:23:3d:75:0e:9f:9e:e5:7b:
         a6:5a:7f:fb:2d:37:ae:4b:b9:67:e8:d8:17:3f:a2:ff:b5:dd:
         76:f4:bc:bf:43:e8:d9:5a:80:9e:95:bb:97:f8:29:ba:c8:e3:
         0b:06:35:e6:66:cc:c8:09:e5:26:db:54:4a:cd:d6:ce:31:05:
         6f:b6:e8:a0:ce:df:ab:4e:1b:ca:f4:ed:f3:2f:cb:24:42:43:
         43:cf:1e:eb:9b:07:2c:30:92:18:5a:17:16:74:72:2a:51:03:
         af:9a:96:6b:83:cf:e9:bb:bf:2b:6c:e6:3d:af:6c:93:29:49:
         f9:5d:29:0f:ce:9c:11:ca:e3:b0:29:fe:22:6f:5b:f9:53:59:
         45:d8:ae:85:18:d0:38:4a:67:01:78:08:94:67:f8:ca:de:67:
         78:c6:fa:87
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzHJ0GkbPj6tzZVgsobn9N+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc3OWVlMDBkZDhiYWE1OWY1MzM4NGRkMDI3N2E1MGU4Yjk4
MDI5MDgwHhcNMjQwMTAxMjIzMTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZWY0N2M5ODg2ZTg5Y2FiOTA2OGFjY2Q3YjRkYTFmZDQ2ODliNTE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhiUu4rjJUBK/m/CacC2Ii2ZpVv6+
qYVkT0NKr3eY7aYKS0NP9X3VxmySJSXcKIxKf4xPVOBQQ3494zQoMMPX5ltIl15j
s4aKDWCN/xeRfQFeRK15UNZmLCQ8yzvGbzUdISp5ySKQzUT8Cox7FL/CPbyKfQTt
mkD2cxmgQYzWsqzM1sOAal47AoNGP1fWlvj+sM7wAVlF433GNh7nWQrzSwJPF1gs
g3DJR3xCLK221izwhYg88NUaIxfVVrdl1ocpZc2aagcxIL03SK7+ng234zGRixU1
KwycnPbWL0e9Efe3S1iLw3G40zI0fGMXBiuL0SaRSBfoJU7cgmP2A5RybwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFP70fJiG6JyrkGiszXtNof1GibUXMB8GA1UdIwQY
MBaAFHee4A3YuqWfUzhN0Cd6UOi5gCkIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZDU3Z0RkaTZwWjlUT0UzUUozcFE2TG1BS1FnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OS80YTRiNjYtNDg0NS00MDA3LWE2ZTAt
MTA2OTM4ODFkYWQ4LzEvX3ZSOG1JYm9uS3VRYUt6TmUwMmhfVWFKdFJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OS80YTRiNjYtNDg0NS00MDA3LWE2ZTAtMTA2OTM4ODFkYWQ4
LzEvZDU3Z0RkaTZwWjlUT0UzUUozcFE2TG1BS1FnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfCRI
MA0GCSqGSIb3DQEBCwUAA4IBAQAhgvgOgH43nq5Ca1QSodwbrfWNwA3qh1YTpTgn
NdbfDaMXbEoWgxOYwOR/exNTnk4mIB7nUTRolYervBDT6ZpBVxcLjmTaeT6u9r4K
edWxwkp/ccq7ny2wd0SHoGGFPmhgfUbQIz11Dp+e5XumWn/7LTeuS7ln6NgXP6L/
td129Ly/Q+jZWoCelbuX+Cm6yOMLBjXmZszICeUm21RKzdbOMQVvtuigzt+rThvK
9O3zL8skQkNDzx7rmwcsMJIYWhcWdHIqUQOvmpZrg8/pu78rbOY9r2yTKUn5XSkP
zpwRyuOwKf4ib1v5U1lF2K6FGNA4SmcBeAiUZ/jK3md4xvqH
-----END CERTIFICATE-----