Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/1-Y7esaTKAGIVDrBG1z5ejsXBn5E.roa
File:                     1-Y7esaTKAGIVDrBG1z5ejsXBn5E.roa (raw, json)
Hash identifier:          EahPqw1qVnPFOLL9WPioNOZp7aW7OgzrQLzcu1t4Xhc=
Subject key identifier:   F9:8E:DE:B1:A4:CA:00:62:15:0E:B0:46:D7:3E:5E:8E:C5:C1:9F:91
Certificate issuer:       /CN=885b857706dac54e20ca0d11bd6416cb634203b4
Certificate serial:       018CC7941931EF0E5903A8E0C95411DE0D13
Authority key identifier: 88:5B:85:77:06:DA:C5:4E:20:CA:0D:11:BD:64:16:CB:63:42:03:B4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/1-Y7esaTKAGIVDrBG1z5ejsXBn5E.roa
Signing time:             Tue 02 Jan 2024 00:30:20 +0000
ROA not before:           Tue 02 Jan 2024 00:30:20 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49183
IP address blocks:        2001:146b::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 22:00:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:19:31:ef:0e:59:03:a8:e0:c9:54:11:de:0d:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=885b857706dac54e20ca0d11bd6416cb634203b4
        Validity
            Not Before: Jan  2 00:30:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f98edeb1a4ca0062150eb046d73e5e8ec5c19f91
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:77:9a:65:1e:a5:9f:86:30:7a:cb:64:b6:af:
                    fe:25:55:c1:fb:b7:b6:7d:7c:94:f1:bb:86:7a:49:
                    27:87:bb:0a:df:de:77:fc:99:96:79:43:ab:5a:8b:
                    66:b2:51:b5:15:05:bb:b3:d9:46:50:d5:f0:94:7c:
                    5a:92:e7:2a:0e:b4:a5:cb:99:34:06:61:8f:b2:9c:
                    24:3f:b2:02:65:10:9c:eb:07:6d:db:77:83:a8:fb:
                    53:75:38:51:5e:1a:85:28:2c:c0:5d:a1:d8:82:40:
                    e4:54:4a:c9:a8:72:62:28:4e:b6:45:39:db:e8:eb:
                    0a:12:61:23:02:cd:57:0b:59:da:7b:5c:13:b2:92:
                    21:5c:87:46:96:5c:ee:3d:32:4b:4c:9d:32:a8:d7:
                    6b:cc:05:d7:4e:f9:af:52:37:07:fc:1d:6d:36:48:
                    4c:4a:bb:35:1d:6b:fa:bf:85:55:3c:35:2f:84:ae:
                    8c:f2:91:e6:17:9c:a0:48:3b:d3:7d:67:e6:ab:aa:
                    85:4e:a4:86:73:bb:55:8b:39:b3:91:a8:13:aa:e5:
                    0c:a7:dc:b2:5f:b5:c8:ec:3e:76:86:42:9b:b7:50:
                    cf:c4:f0:99:f2:7a:0a:bc:da:5b:58:24:9f:34:e4:
                    e2:e6:aa:21:31:0a:ae:81:8e:a8:9b:e9:61:30:51:
                    71:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:8E:DE:B1:A4:CA:00:62:15:0E:B0:46:D7:3E:5E:8E:C5:C1:9F:91
            X509v3 Authority Key Identifier:
                keyid:88:5B:85:77:06:DA:C5:4E:20:CA:0D:11:BD:64:16:CB:63:42:03:B4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/1-Y7esaTKAGIVDrBG1z5ejsXBn5E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:146b::/32

    Signature Algorithm: sha256WithRSAEncryption
         89:22:09:d6:f0:35:f9:2e:8a:c1:ba:6f:11:7d:6f:dd:cd:fc:
         fa:03:19:27:3a:dd:ee:df:dd:63:5c:93:4e:6b:84:68:77:d3:
         36:2c:e6:da:95:e5:cd:78:dc:f4:48:6e:d9:34:58:da:55:96:
         c9:ba:87:cd:49:70:28:37:33:40:18:d6:7c:5e:b2:ad:f0:13:
         9a:55:38:bd:bf:dd:aa:6e:27:31:49:ff:47:8d:bb:a5:17:16:
         14:a2:a6:f4:6c:b4:d3:1e:e0:70:c2:2e:9a:d9:e4:51:a9:90:
         34:b9:2a:e6:86:0a:43:83:02:81:c8:88:54:1e:44:ad:0a:25:
         17:b3:3c:c5:07:dd:3c:e0:df:c7:18:eb:7c:c4:80:57:43:f6:
         be:56:6c:08:da:a8:90:5d:7d:6e:f3:d0:fa:94:46:93:5d:f9:
         14:9d:c5:08:04:39:7b:85:49:24:7c:47:71:e1:56:a6:6b:8a:
         18:c7:d0:49:77:4d:13:61:fc:68:43:aa:29:1e:df:be:63:ee:
         4d:c1:14:64:e5:aa:c8:b1:60:ed:eb:38:64:06:cb:52:21:2c:
         0c:ac:42:00:18:9b:75:42:3d:02:2b:56:21:4c:1d:20:b7:cd:
         f6:9e:79:7c:d1:cf:e7:73:19:d5:64:4d:a0:d9:31:77:15:10:
         50:71:a9:95
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzHlBkx7w5ZA6jgyVQR3g0TMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4NWI4NTc3MDZkYWM1NGUyMGNhMGQxMWJkNjQxNmNiNjM0
MjAzYjQwHhcNMjQwMTAyMDAzMDIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOThlZGViMWE0Y2EwMDYyMTUwZWIwNDZkNzNlNWU4ZWM1YzE5ZjkxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjXeaZR6ln4Ywestktq/+JVXB+7e2
fXyU8buGekknh7sK3953/JmWeUOrWotmslG1FQW7s9lGUNXwlHxakucqDrSly5k0
BmGPspwkP7ICZRCc6wdt23eDqPtTdThRXhqFKCzAXaHYgkDkVErJqHJiKE62RTnb
6OsKEmEjAs1XC1nae1wTspIhXIdGllzuPTJLTJ0yqNdrzAXXTvmvUjcH/B1tNkhM
Srs1HWv6v4VVPDUvhK6M8pHmF5ygSDvTfWfmq6qFTqSGc7tVizmzkagTquUMp9yy
X7XI7D52hkKbt1DPxPCZ8noKvNpbWCSfNOTi5qohMQqugY6om+lhMFFxJQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFPmO3rGkygBiFQ6wRtc+Xo7FwZ+RMB8GA1UdIwQY
MBaAFIhbhXcG2sVOIMoNEb1kFstjQgO0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUZ1RmR3YmF4VTRneWcwUnZXUVd5Mk5DQTdRLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8zMjFjZGMtMjE0My00YjVjLTk3MzMt
MTY2OTljOTZkZDVlLzEvMS1ZN2VzYVRLQUdJVkRyQkcxejVlanNYQm41RS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNjUvMzIxY2RjLTIxNDMtNGI1Yy05NzMzLTE2Njk5Yzk2ZGQ1
ZS8xL2lGdUZkd2JheFU0Z3lnMFJ2V1FXeTJOQ0E3US5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACABFGsw
DQYJKoZIhvcNAQELBQADggEBAIkiCdbwNfkuisG6bxF9b93N/PoDGSc63e7f3WNc
k05rhGh30zYs5tqV5c143PRIbtk0WNpVlsm6h81JcCg3M0AY1nxesq3wE5pVOL2/
3apuJzFJ/0eNu6UXFhSipvRstNMe4HDCLprZ5FGpkDS5KuaGCkODAoHIiFQeRK0K
JRezPMUH3Tzg38cY63zEgFdD9r5WbAjaqJBdfW7z0PqURpNd+RSdxQgEOXuFSSR8
R3HhVqZrihjH0El3TRNh/GhDqike375j7k3BFGTlqsixYO3rOGQGy1IhLAysQgAY
m3VCPQIrViFMHSC3zfaeeXzRz+dzGdVkTaDZMXcVEFBxqZU=
-----END CERTIFICATE-----