Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/71/eca809-d942-4d89-b438-a1c29992bfbe/1/cmerOHdLLAuOFdlqZI-FH0o2q6Y.roa
File:                     cmerOHdLLAuOFdlqZI-FH0o2q6Y.roa (raw, json)
Hash identifier:          2PInMkZKvYyDht9MkGE5hCBijfvCRSuG7eSfiOT+jAQ=
Subject key identifier:   72:67:AB:38:77:4B:2C:0B:8E:15:D9:6A:64:8F:85:1F:4A:36:AB:A6
Certificate issuer:       /CN=5251b40b33198ac5a1edf50fff08628160335dfd
Certificate serial:       018CC86F1002F9B75DF4D6468E3DF1562473
Authority key identifier: 52:51:B4:0B:33:19:8A:C5:A1:ED:F5:0F:FF:08:62:81:60:33:5D:FD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UlG0CzMZisWh7fUP_whigWAzXf0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/71/eca809-d942-4d89-b438-a1c29992bfbe/1/cmerOHdLLAuOFdlqZI-FH0o2q6Y.roa
Signing time:             Tue 02 Jan 2024 04:29:30 +0000
ROA not before:           Tue 02 Jan 2024 04:29:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62041
IP address blocks:        2001:67c:4e8::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/71/eca809-d942-4d89-b438-a1c29992bfbe/1/UlG0CzMZisWh7fUP_whigWAzXf0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/71/eca809-d942-4d89-b438-a1c29992bfbe/1/UlG0CzMZisWh7fUP_whigWAzXf0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UlG0CzMZisWh7fUP_whigWAzXf0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 01:00:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:10:02:f9:b7:5d:f4:d6:46:8e:3d:f1:56:24:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5251b40b33198ac5a1edf50fff08628160335dfd
        Validity
            Not Before: Jan  2 04:29:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7267ab38774b2c0b8e15d96a648f851f4a36aba6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:5a:f8:9a:03:64:21:73:54:bf:70:a7:77:81:
                    92:e6:9c:a9:bc:43:71:00:79:1e:10:1b:4b:c7:c9:
                    40:c5:5c:84:dc:93:20:b8:c2:6a:98:dd:9e:b9:08:
                    94:9c:d4:c2:70:3b:80:08:9c:96:1f:a9:50:42:99:
                    51:30:e4:c6:12:74:9e:3b:a2:94:24:75:bc:7f:55:
                    d0:3d:97:15:72:69:96:8a:57:8a:82:c4:09:22:9a:
                    0f:89:0d:47:f3:8a:2a:5a:f8:8f:12:3a:7a:47:79:
                    d4:74:ba:e9:d2:c8:25:5d:1f:5f:8a:d6:c9:21:af:
                    f3:36:0b:37:8f:b9:5f:10:f9:e5:d6:dd:26:40:c8:
                    05:63:41:61:7e:e0:da:08:7c:9a:54:02:3a:87:ae:
                    d8:c0:d5:3d:9c:8f:33:96:9b:11:ef:da:62:8d:f5:
                    9f:95:82:94:27:17:54:d6:b8:c4:76:40:5e:99:e5:
                    23:64:2a:fa:a2:c4:bf:5e:11:a2:61:26:41:b8:ea:
                    9f:27:7a:9f:a8:af:09:70:42:10:34:8f:7e:aa:6a:
                    62:93:60:e1:de:6e:13:b5:8f:5e:47:1a:9a:60:ee:
                    c8:7f:20:a7:92:cd:c3:07:b3:9c:d1:b2:70:f0:21:
                    5b:30:87:e3:7f:f0:89:08:65:9b:66:0a:c1:9d:73:
                    26:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:67:AB:38:77:4B:2C:0B:8E:15:D9:6A:64:8F:85:1F:4A:36:AB:A6
            X509v3 Authority Key Identifier:
                keyid:52:51:B4:0B:33:19:8A:C5:A1:ED:F5:0F:FF:08:62:81:60:33:5D:FD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UlG0CzMZisWh7fUP_whigWAzXf0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/71/eca809-d942-4d89-b438-a1c29992bfbe/1/cmerOHdLLAuOFdlqZI-FH0o2q6Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/71/eca809-d942-4d89-b438-a1c29992bfbe/1/UlG0CzMZisWh7fUP_whigWAzXf0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:4e8::/48

    Signature Algorithm: sha256WithRSAEncryption
         76:b7:88:e8:4d:d3:27:de:3a:d1:60:c8:44:70:60:5d:89:d7:
         3b:a4:5a:b8:3a:ba:13:d6:10:92:3a:42:f2:bc:e0:2a:f5:aa:
         39:db:19:bf:83:3b:70:0b:fa:62:22:94:50:9f:1e:4c:eb:e9:
         26:9d:2f:73:ab:af:08:e8:50:8e:20:27:f2:6c:5b:28:0c:61:
         33:4f:a2:c6:55:a9:9e:c8:b2:ee:59:3d:c0:77:c5:43:e0:e3:
         2b:74:f1:df:00:45:07:a2:6b:eb:95:c8:37:f0:26:0c:1f:19:
         91:fc:2d:f9:20:77:60:ab:0b:91:49:c9:a6:0e:7e:04:82:d2:
         66:40:af:e6:65:e0:cb:f3:cd:e1:f5:91:ab:e7:3f:71:7e:14:
         cf:81:9f:f5:3d:05:85:a9:19:1a:13:b8:ce:3a:9b:65:34:62:
         66:65:52:59:68:8e:08:de:9d:62:50:14:a9:97:6f:d1:fd:95:
         71:e8:84:4b:9d:8f:24:3c:d6:04:38:0c:28:fc:19:f5:15:0c:
         0b:cf:5c:2d:f9:f1:0c:7a:e2:8e:55:01:bd:d0:f9:33:6d:39:
         fb:af:5f:70:94:b8:19:8e:ba:62:1d:17:3b:87:60:6f:b0:e5:
         ea:48:ea:f8:a4:45:f9:e6:03:e3:2c:8f:62:91:c8:74:13:73:
         f1:ed:46:2c
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzIbxAC+bdd9NZGjj3xViRzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyNTFiNDBiMzMxOThhYzVhMWVkZjUwZmZmMDg2MjgxNjAz
MzVkZmQwHhcNMjQwMTAyMDQyOTMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MjY3YWIzODc3NGIyYzBiOGUxNWQ5NmE2NDhmODUxZjRhMzZhYmE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsVr4mgNkIXNUv3Cnd4GS5pypvENx
AHkeEBtLx8lAxVyE3JMguMJqmN2euQiUnNTCcDuACJyWH6lQQplRMOTGEnSeO6KU
JHW8f1XQPZcVcmmWileKgsQJIpoPiQ1H84oqWviPEjp6R3nUdLrp0sglXR9fitbJ
Ia/zNgs3j7lfEPnl1t0mQMgFY0FhfuDaCHyaVAI6h67YwNU9nI8zlpsR79pijfWf
lYKUJxdU1rjEdkBemeUjZCr6osS/XhGiYSZBuOqfJ3qfqK8JcEIQNI9+qmpik2Dh
3m4TtY9eRxqaYO7IfyCnks3DB7Oc0bJw8CFbMIfjf/CJCGWbZgrBnXMmtQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFHJnqzh3SywLjhXZamSPhR9KNqumMB8GA1UdIwQY
MBaAFFJRtAszGYrFoe31D/8IYoFgM139MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVWxHMEN6TVppc1doN2ZVUF93aGlnV0F6WGYwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MS9lY2E4MDktZDk0Mi00ZDg5LWI0Mzgt
YTFjMjk5OTJiZmJlLzEvY21lck9IZExMQXVPRmRscVpJLUZIMG8ycTZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MS9lY2E4MDktZDk0Mi00ZDg5LWI0MzgtYTFjMjk5OTJiZmJl
LzEvVWxHMEN6TVppc1doN2ZVUF93aGlnV0F6WGYwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfATo
MA0GCSqGSIb3DQEBCwUAA4IBAQB2t4joTdMn3jrRYMhEcGBdidc7pFq4OroT1hCS
OkLyvOAq9ao52xm/gztwC/piIpRQnx5M6+kmnS9zq68I6FCOICfybFsoDGEzT6LG
VameyLLuWT3Ad8VD4OMrdPHfAEUHomvrlcg38CYMHxmR/C35IHdgqwuRScmmDn4E
gtJmQK/mZeDL883h9ZGr5z9xfhTPgZ/1PQWFqRkaE7jOOptlNGJmZVJZaI4I3p1i
UBSpl2/R/ZVx6IRLnY8kPNYEOAwo/Bn1FQwLz1wt+fEMeuKOVQG90PkzbTn7r19w
lLgZjrpiHRc7h2BvsOXqSOr4pEX55gPjLI9ikch0E3Px7UYs
-----END CERTIFICATE-----