Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5d/098cf4-07c0-4ab7-9cc7-be8c78c06fc7/1/TiiwjhAFdF5JsyY2G9GQRli8DdU.roa
File:                     TiiwjhAFdF5JsyY2G9GQRli8DdU.roa (raw, json)
Hash identifier:          iENWlEcfhBGGaO8BAmQ5iLHum4ZBQPIv9CyBnbgwgx0=
Subject key identifier:   4E:28:B0:8E:10:05:74:5E:49:B3:26:36:1B:D1:90:46:58:BC:0D:D5
Certificate issuer:       /CN=3acd90cb637d3d2c73d99dea9a4fe813e6485843
Certificate serial:       018CCA2BA08DB50DEA7899856F18509ACBB9
Authority key identifier: 3A:CD:90:CB:63:7D:3D:2C:73:D9:9D:EA:9A:4F:E8:13:E6:48:58:43
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Os2Qy2N9PSxz2Z3qmk_oE-ZIWEM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5d/098cf4-07c0-4ab7-9cc7-be8c78c06fc7/1/TiiwjhAFdF5JsyY2G9GQRli8DdU.roa
Signing time:             Tue 02 Jan 2024 12:35:05 +0000
ROA not before:           Tue 02 Jan 2024 12:35:05 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211042
IP address blocks:        2001:678:fb8::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5d/098cf4-07c0-4ab7-9cc7-be8c78c06fc7/1/Os2Qy2N9PSxz2Z3qmk_oE-ZIWEM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5d/098cf4-07c0-4ab7-9cc7-be8c78c06fc7/1/Os2Qy2N9PSxz2Z3qmk_oE-ZIWEM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Os2Qy2N9PSxz2Z3qmk_oE-ZIWEM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:a0:8d:b5:0d:ea:78:99:85:6f:18:50:9a:cb:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3acd90cb637d3d2c73d99dea9a4fe813e6485843
        Validity
            Not Before: Jan  2 12:35:05 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4e28b08e1005745e49b326361bd1904658bc0dd5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:84:75:cb:f7:ee:7d:ab:4e:c0:de:cd:39:f8:
                    d4:de:90:71:e0:0a:2f:22:f2:d2:fc:33:2e:e3:c0:
                    71:d2:d0:8f:01:15:ca:58:d9:6f:6b:f9:27:fa:4e:
                    4d:4a:40:f5:fc:5e:0b:78:fe:a8:eb:23:83:15:00:
                    15:ec:81:ce:53:3e:54:78:f7:b7:f7:e7:9d:68:0d:
                    ff:6b:da:4d:d2:f2:88:5e:30:af:fa:1a:0d:2f:5f:
                    91:ed:43:07:3c:df:6f:07:1e:1b:8a:a1:ff:f3:8b:
                    76:23:9d:c9:ab:8b:4f:99:02:d1:2b:31:ce:c1:2f:
                    d9:39:d5:6d:e8:ae:12:3e:0d:4e:20:72:d5:0a:4b:
                    b7:89:29:e8:da:b3:01:ed:e2:9c:51:39:51:34:2b:
                    e1:78:e8:a2:a2:e4:aa:e1:82:29:cf:e1:21:76:fc:
                    95:8c:61:8e:f9:3f:eb:4b:8c:b3:4b:cd:cb:98:1b:
                    e8:59:bc:3b:c7:9c:e7:6f:a5:a7:5e:2a:80:78:d0:
                    5f:f4:5a:14:13:0e:fb:9e:98:8b:c8:9c:10:0b:68:
                    a5:4d:0e:52:1e:c5:9e:2e:7b:78:69:26:5c:a1:90:
                    c5:22:21:ce:d5:c6:3b:64:0e:9f:3f:5c:17:de:58:
                    4f:22:79:e3:a5:b9:8f:d2:87:da:19:b6:0a:56:50:
                    bf:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:28:B0:8E:10:05:74:5E:49:B3:26:36:1B:D1:90:46:58:BC:0D:D5
            X509v3 Authority Key Identifier:
                keyid:3A:CD:90:CB:63:7D:3D:2C:73:D9:9D:EA:9A:4F:E8:13:E6:48:58:43

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Os2Qy2N9PSxz2Z3qmk_oE-ZIWEM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/098cf4-07c0-4ab7-9cc7-be8c78c06fc7/1/TiiwjhAFdF5JsyY2G9GQRli8DdU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/098cf4-07c0-4ab7-9cc7-be8c78c06fc7/1/Os2Qy2N9PSxz2Z3qmk_oE-ZIWEM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:fb8::/48

    Signature Algorithm: sha256WithRSAEncryption
         05:bb:65:68:8c:ad:90:23:0f:70:87:02:84:cf:ce:41:a5:36:
         d9:de:52:ea:a7:70:d0:b5:92:cd:8a:de:bb:e5:31:9b:33:0b:
         39:ef:00:5f:25:e6:d7:6e:6f:6a:9e:30:27:82:eb:3a:97:0f:
         e4:cb:28:ca:3e:33:60:6c:14:51:de:8d:35:72:80:c1:d6:84:
         72:cb:94:2b:c2:d1:87:58:06:06:09:72:fd:0d:ef:68:8f:fa:
         8d:46:d6:8b:95:c5:e6:cf:7a:d8:67:1a:c2:8a:11:0a:24:43:
         cc:ca:a2:93:ad:81:50:cc:4b:5e:76:69:44:28:f1:3a:f7:db:
         39:67:c5:e7:84:ef:5d:69:77:c9:07:03:22:4d:64:6a:8f:ea:
         07:b8:4e:b3:b7:33:7c:6e:a0:e4:8c:9e:9d:43:3e:5a:5d:9b:
         a6:27:da:d7:75:de:e7:58:ab:0d:19:ce:34:f1:76:41:04:e5:
         1f:3a:e4:5e:4f:06:cd:b4:4e:73:59:03:b7:bd:44:2d:e6:38:
         de:68:e6:1b:54:6b:71:1f:bd:2e:0d:be:cd:86:3f:02:4f:bf:
         c9:b5:59:44:00:5d:98:a5:07:25:0c:9b:fc:a7:55:e9:5a:98:
         45:88:26:e3:79:b6:35:fd:10:a2:ee:e5:a7:6f:a8:37:bb:41:
         99:24:3c:df
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzKK6CNtQ3qeJmFbxhQmsu5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhY2Q5MGNiNjM3ZDNkMmM3M2Q5OWRlYTlhNGZlODEzZTY0
ODU4NDMwHhcNMjQwMTAyMTIzNTA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZTI4YjA4ZTEwMDU3NDVlNDliMzI2MzYxYmQxOTA0NjU4YmMwZGQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiIR1y/fufatOwN7NOfjU3pBx4Aov
IvLS/DMu48Bx0tCPARXKWNlva/kn+k5NSkD1/F4LeP6o6yODFQAV7IHOUz5UePe3
9+edaA3/a9pN0vKIXjCv+hoNL1+R7UMHPN9vBx4biqH/84t2I53Jq4tPmQLRKzHO
wS/ZOdVt6K4SPg1OIHLVCku3iSno2rMB7eKcUTlRNCvheOiiouSq4YIpz+EhdvyV
jGGO+T/rS4yzS83LmBvoWbw7x5znb6WnXiqAeNBf9FoUEw77npiLyJwQC2ilTQ5S
HsWeLnt4aSZcoZDFIiHO1cY7ZA6fP1wX3lhPInnjpbmP0ofaGbYKVlC/+QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFE4osI4QBXReSbMmNhvRkEZYvA3VMB8GA1UdIwQY
MBaAFDrNkMtjfT0sc9md6ppP6BPmSFhDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3MyUXkyTjlQU3h6MlozcW1rX29FLVpJV0VNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZC8wOThjZjQtMDdjMC00YWI3LTljYzct
YmU4Yzc4YzA2ZmM3LzEvVGlpd2poQUZkRjVKc3lZMkc5R1FSbGk4RGRVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZC8wOThjZjQtMDdjMC00YWI3LTljYzctYmU4Yzc4YzA2ZmM3
LzEvT3MyUXkyTjlQU3h6MlozcW1rX29FLVpJV0VNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeA+4
MA0GCSqGSIb3DQEBCwUAA4IBAQAFu2VojK2QIw9whwKEz85BpTbZ3lLqp3DQtZLN
it675TGbMws57wBfJebXbm9qnjAngus6lw/kyyjKPjNgbBRR3o01coDB1oRyy5Qr
wtGHWAYGCXL9De9oj/qNRtaLlcXmz3rYZxrCihEKJEPMyqKTrYFQzEtedmlEKPE6
99s5Z8XnhO9daXfJBwMiTWRqj+oHuE6ztzN8bqDkjJ6dQz5aXZumJ9rXdd7nWKsN
Gc408XZBBOUfOuReTwbNtE5zWQO3vUQt5jjeaOYbVGtxH70uDb7Nhj8CT7/JtVlE
AF2YpQclDJv8p1XpWphFiCbjebY1/RCi7uWnb6g3u0GZJDzf
-----END CERTIFICATE-----