Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6a/5d7192-a719-4cd7-994a-62c01dc69cca/1/9oB5EY6H4chqE60KbQjL5thhACk.roa
File:                     9oB5EY6H4chqE60KbQjL5thhACk.roa (raw, json)
Hash identifier:          2LtNkjjt1zTi9x6e6D8XwNIpqiYAeT5mYL5crE1VMNA=
Subject key identifier:   F6:80:79:11:8E:87:E1:C8:6A:13:AD:0A:6D:08:CB:E6:D8:61:00:29
Certificate issuer:       /CN=67ce179cbe13ddb14012985a067100ef98a55601
Certificate serial:       018CC7261AF47BCE92D6088522FB01275878
Authority key identifier: 67:CE:17:9C:BE:13:DD:B1:40:12:98:5A:06:71:00:EF:98:A5:56:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Z84XnL4T3bFAEphaBnEA75ilVgE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6a/5d7192-a719-4cd7-994a-62c01dc69cca/1/9oB5EY6H4chqE60KbQjL5thhACk.roa
Signing time:             Mon 01 Jan 2024 22:30:12 +0000
ROA not before:           Mon 01 Jan 2024 22:30:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51144
IP address blocks:        2a13:1c47:ffe0::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6a/5d7192-a719-4cd7-994a-62c01dc69cca/1/Z84XnL4T3bFAEphaBnEA75ilVgE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6a/5d7192-a719-4cd7-994a-62c01dc69cca/1/Z84XnL4T3bFAEphaBnEA75ilVgE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Z84XnL4T3bFAEphaBnEA75ilVgE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:26:1a:f4:7b:ce:92:d6:08:85:22:fb:01:27:58:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=67ce179cbe13ddb14012985a067100ef98a55601
        Validity
            Not Before: Jan  1 22:30:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f68079118e87e1c86a13ad0a6d08cbe6d8610029
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:83:06:f1:f0:1b:7f:7d:d0:d5:c8:f3:95:a0:
                    46:a4:b3:67:4d:fe:3f:35:03:c3:f3:ee:26:45:5e:
                    cd:8f:b5:bb:78:7e:6b:1b:e4:a8:31:c2:e5:23:dc:
                    62:5d:9e:1f:68:8d:be:a1:18:1b:e1:cf:23:d8:19:
                    29:0b:ea:81:99:8f:a9:3d:77:3d:b4:04:ac:9e:69:
                    e2:bb:ae:e8:54:a5:97:01:b6:f4:26:39:d5:fe:f1:
                    8a:bf:b1:9e:51:08:9f:1e:68:71:84:3a:06:b7:a3:
                    ee:f3:10:dd:89:23:78:2a:ee:ac:d8:c9:3e:6e:e3:
                    51:81:56:b2:5a:46:2e:b7:11:de:ee:1b:ee:30:91:
                    21:71:d6:67:38:85:34:77:90:de:64:c7:9b:8f:f7:
                    8e:82:58:d4:df:58:22:b6:ec:92:a9:85:98:5d:2c:
                    6f:82:d5:30:a9:3d:2c:1e:dd:7f:5d:50:66:23:c7:
                    5b:04:c2:ce:d9:5e:ce:c0:cb:77:d3:fe:bb:62:fd:
                    e2:5f:83:85:bb:6f:34:85:3e:76:5b:1e:c1:05:39:
                    48:5e:2c:a9:cc:ba:7e:a6:e4:c3:dc:d6:37:e2:bb:
                    9a:83:ea:11:87:51:11:50:4b:02:6f:65:25:cf:1e:
                    73:b3:cf:bc:f5:80:88:df:91:b8:8a:a9:2f:c2:bf:
                    04:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F6:80:79:11:8E:87:E1:C8:6A:13:AD:0A:6D:08:CB:E6:D8:61:00:29
            X509v3 Authority Key Identifier:
                keyid:67:CE:17:9C:BE:13:DD:B1:40:12:98:5A:06:71:00:EF:98:A5:56:01

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z84XnL4T3bFAEphaBnEA75ilVgE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/5d7192-a719-4cd7-994a-62c01dc69cca/1/9oB5EY6H4chqE60KbQjL5thhACk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/5d7192-a719-4cd7-994a-62c01dc69cca/1/Z84XnL4T3bFAEphaBnEA75ilVgE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:1c47:ffe0::/44

    Signature Algorithm: sha256WithRSAEncryption
         07:b4:ed:be:5d:e8:52:b3:9c:d1:4c:3b:18:d5:84:d2:75:97:
         38:ad:e1:a5:0f:5a:e8:ca:e9:02:9c:f5:6b:70:17:23:cb:16:
         08:96:91:b7:11:d5:f6:8a:eb:8f:ee:9d:38:33:e9:63:a3:87:
         e0:6c:cc:58:61:77:2c:62:88:7a:fd:56:b9:30:a4:70:96:29:
         a9:61:fd:f9:78:21:32:fc:c4:0f:6f:0a:30:83:89:5e:9e:13:
         89:59:1c:21:6e:7b:11:92:64:50:8f:21:89:0b:d1:1e:2b:e6:
         2b:bb:50:41:80:c2:83:99:ad:2a:ba:b2:ec:5d:b6:88:60:52:
         e1:7e:0c:7a:23:f2:8c:4f:92:c8:2e:a2:cd:b6:dc:9c:6e:b5:
         54:be:7f:d2:30:b0:4f:ea:8e:c3:1a:9b:64:ba:64:dd:cd:73:
         a2:20:4f:98:9a:cc:12:84:b6:e5:22:7a:92:d5:26:55:e0:03:
         f5:e9:3a:f0:2b:0c:dc:7b:47:74:a9:ed:ba:1f:8f:5d:20:ca:
         9d:3d:48:e0:4e:fa:4b:3f:41:cf:0a:97:1f:df:dc:4c:60:f5:
         84:33:66:ae:12:b6:0b:0a:e3:01:75:db:7f:b1:c1:a2:2f:5e:
         0f:f2:2a:38:60:f0:09:d5:8a:98:ab:7a:2f:c4:60:d2:31:c7:
         7d:34:1f:50
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzHJhr0e86S1giFIvsBJ1h4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3Y2UxNzljYmUxM2RkYjE0MDEyOTg1YTA2NzEwMGVmOThh
NTU2MDEwHhcNMjQwMTAxMjIzMDEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNjgwNzkxMThlODdlMWM4NmExM2FkMGE2ZDA4Y2JlNmQ4NjEwMDI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhYMG8fAbf33Q1cjzlaBGpLNnTf4/
NQPD8+4mRV7Nj7W7eH5rG+SoMcLlI9xiXZ4faI2+oRgb4c8j2BkpC+qBmY+pPXc9
tASsnmniu67oVKWXAbb0JjnV/vGKv7GeUQifHmhxhDoGt6Pu8xDdiSN4Ku6s2Mk+
buNRgVayWkYutxHe7hvuMJEhcdZnOIU0d5DeZMebj/eOgljU31gituySqYWYXSxv
gtUwqT0sHt1/XVBmI8dbBMLO2V7OwMt30/67Yv3iX4OFu280hT52Wx7BBTlIXiyp
zLp+puTD3NY34ruag+oRh1ERUEsCb2Ulzx5zs8+89YCI35G4iqkvwr8EQQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFPaAeRGOh+HIahOtCm0Iy+bYYQApMB8GA1UdIwQY
MBaAFGfOF5y+E92xQBKYWgZxAO+YpVYBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWjg0WG5MNFQzYkZBRXBoYUJuRUE3NWlsVmdFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82YS81ZDcxOTItYTcxOS00Y2Q3LTk5NGEt
NjJjMDFkYzY5Y2NhLzEvOW9CNUVZNkg0Y2hxRTYwS2JRakw1dGhoQUNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82YS81ZDcxOTItYTcxOS00Y2Q3LTk5NGEtNjJjMDFkYzY5Y2Nh
LzEvWjg0WG5MNFQzYkZBRXBoYUJuRUE3NWlsVmdFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhMcR//g
MA0GCSqGSIb3DQEBCwUAA4IBAQAHtO2+XehSs5zRTDsY1YTSdZc4reGlD1royukC
nPVrcBcjyxYIlpG3EdX2iuuP7p04M+ljo4fgbMxYYXcsYoh6/Va5MKRwlimpYf35
eCEy/MQPbwowg4lenhOJWRwhbnsRkmRQjyGJC9EeK+Yru1BBgMKDma0qurLsXbaI
YFLhfgx6I/KMT5LILqLNttycbrVUvn/SMLBP6o7DGptkumTdzXOiIE+YmswShLbl
InqS1SZV4AP16TrwKwzce0d0qe26H49dIMqdPUjgTvpLP0HPCpcf39xMYPWEM2au
ErYLCuMBddt/scGiL14P8io4YPAJ1YqYq3ovxGDSMcd9NB9Q
-----END CERTIFICATE-----