Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/77/082f12-513b-4eb9-a171-c6f6d444915f/1/S7GnJg00RRzCDWmb9lqUBvYiAkE.roa
File:                     S7GnJg00RRzCDWmb9lqUBvYiAkE.roa (raw, json)
Hash identifier:          kIwTInHX1LBMA4NpgL3pzI3tKUpDLcr/V4UkDat7fmw=
Subject key identifier:   4B:B1:A7:26:0D:34:45:1C:C2:0D:69:9B:F6:5A:94:06:F6:22:02:41
Certificate issuer:       /CN=cbd942d96ee94a7a5a652ef7ac855dc9401415df
Certificate serial:       018CC64AF780CD6E786E468010E6AAE8DF6A
Authority key identifier: CB:D9:42:D9:6E:E9:4A:7A:5A:65:2E:F7:AC:85:5D:C9:40:14:15:DF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/y9lC2W7pSnpaZS73rIVdyUAUFd8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/77/082f12-513b-4eb9-a171-c6f6d444915f/1/S7GnJg00RRzCDWmb9lqUBvYiAkE.roa
Signing time:             Mon 01 Jan 2024 18:30:50 +0000
ROA not before:           Mon 01 Jan 2024 18:30:50 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     64404
IP address blocks:        2001:678:814::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/77/082f12-513b-4eb9-a171-c6f6d444915f/1/y9lC2W7pSnpaZS73rIVdyUAUFd8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/77/082f12-513b-4eb9-a171-c6f6d444915f/1/y9lC2W7pSnpaZS73rIVdyUAUFd8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/y9lC2W7pSnpaZS73rIVdyUAUFd8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:f7:80:cd:6e:78:6e:46:80:10:e6:aa:e8:df:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cbd942d96ee94a7a5a652ef7ac855dc9401415df
        Validity
            Not Before: Jan  1 18:30:50 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4bb1a7260d34451cc20d699bf65a9406f6220241
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:b3:2c:65:bc:86:e9:4c:1c:b3:34:c3:d1:7f:
                    af:98:63:fd:fd:1e:fa:51:1e:6c:fa:bb:28:59:37:
                    e3:b6:a9:d6:68:2c:53:ce:21:e7:00:78:3f:63:c1:
                    ad:40:04:dc:c3:60:82:84:1f:bf:71:3c:52:54:95:
                    bd:87:3b:c5:14:9e:07:c3:db:4e:dc:e8:db:da:6c:
                    21:be:ba:da:71:4d:98:18:f1:ad:91:ad:54:2b:a5:
                    f0:1f:7d:0d:4c:16:43:12:ba:d5:95:21:7f:f9:0b:
                    9c:19:54:8f:e9:2e:94:ca:f5:34:99:71:48:89:a2:
                    0a:59:1e:53:3b:54:53:8d:2b:01:2c:74:2f:5e:73:
                    08:17:95:85:5a:1e:44:dd:ad:4f:16:ba:2c:03:60:
                    b5:2a:a9:73:15:ad:e9:09:aa:4e:68:0d:34:c7:18:
                    70:a1:5e:ff:85:09:0c:3f:84:11:22:2f:49:a4:e2:
                    11:ca:38:97:aa:16:51:69:41:2f:87:9c:bf:55:67:
                    ba:c3:6e:bb:96:bb:ce:30:ce:9d:9c:37:59:5d:f6:
                    eb:f7:f0:f2:f9:74:17:66:98:f2:95:cc:af:e4:6f:
                    fe:71:ce:1b:49:39:8c:49:a9:5d:15:5a:4c:44:ce:
                    d1:60:22:e8:73:20:9c:3d:30:21:8b:21:02:3c:4f:
                    79:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:B1:A7:26:0D:34:45:1C:C2:0D:69:9B:F6:5A:94:06:F6:22:02:41
            X509v3 Authority Key Identifier:
                keyid:CB:D9:42:D9:6E:E9:4A:7A:5A:65:2E:F7:AC:85:5D:C9:40:14:15:DF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/y9lC2W7pSnpaZS73rIVdyUAUFd8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/77/082f12-513b-4eb9-a171-c6f6d444915f/1/S7GnJg00RRzCDWmb9lqUBvYiAkE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/77/082f12-513b-4eb9-a171-c6f6d444915f/1/y9lC2W7pSnpaZS73rIVdyUAUFd8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:814::/48

    Signature Algorithm: sha256WithRSAEncryption
         85:43:fd:7b:6b:c7:a9:55:b7:04:82:ba:48:34:43:24:73:a9:
         05:0e:9c:56:93:86:39:59:1e:c6:7a:c8:e5:0d:8d:ee:da:b8:
         d5:4b:14:ba:e8:b5:05:08:9a:8a:40:8f:e6:6e:d9:fe:04:fc:
         43:90:74:a7:d2:7f:e3:18:c4:44:f6:05:21:dd:55:a7:ff:0d:
         64:41:ff:51:2d:78:42:aa:86:b8:dc:9b:50:d4:37:ea:29:af:
         47:60:73:f0:55:2f:21:71:08:d2:1e:5f:eb:80:a6:7d:c6:78:
         56:8d:4a:9e:2d:b9:95:7d:3f:16:b8:4f:e1:be:a4:a3:77:b4:
         ff:f5:43:3b:19:83:f6:c9:01:1b:51:5e:dc:09:05:9f:3d:17:
         ed:a3:42:4b:31:15:db:10:8a:ce:a0:6b:e7:39:3a:dc:85:28:
         10:dc:99:e1:ea:da:b0:5c:4c:33:56:1b:4e:e0:23:3c:7a:79:
         95:3e:0d:3e:34:d6:e5:8d:f7:0e:88:85:80:a2:10:8d:7b:36:
         8d:4a:ae:ac:53:43:ff:0b:fc:cd:79:81:82:1e:68:c1:22:f1:
         16:1a:c2:5b:87:de:c3:e2:85:86:0b:de:62:a4:50:9c:3b:e8:
         f3:61:ca:c8:e6:9d:a7:b8:8d:ab:92:48:a5:e3:e1:da:6a:5a:
         58:77:95:f8
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzGSveAzW54bkaAEOaq6N9qMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNiZDk0MmQ5NmVlOTRhN2E1YTY1MmVmN2FjODU1ZGM5NDAx
NDE1ZGYwHhcNMjQwMTAxMTgzMDUwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YmIxYTcyNjBkMzQ0NTFjYzIwZDY5OWJmNjVhOTQwNmY2MjIwMjQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA07MsZbyG6UwcszTD0X+vmGP9/R76
UR5s+rsoWTfjtqnWaCxTziHnAHg/Y8GtQATcw2CChB+/cTxSVJW9hzvFFJ4Hw9tO
3Ojb2mwhvrracU2YGPGtka1UK6XwH30NTBZDErrVlSF/+QucGVSP6S6UyvU0mXFI
iaIKWR5TO1RTjSsBLHQvXnMIF5WFWh5E3a1PFrosA2C1KqlzFa3pCapOaA00xxhw
oV7/hQkMP4QRIi9JpOIRyjiXqhZRaUEvh5y/VWe6w267lrvOMM6dnDdZXfbr9/Dy
+XQXZpjylcyv5G/+cc4bSTmMSaldFVpMRM7RYCLocyCcPTAhiyECPE95rQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFEuxpyYNNEUcwg1pm/ZalAb2IgJBMB8GA1UdIwQY
MBaAFMvZQtlu6Up6WmUu96yFXclAFBXfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveTlsQzJXN3BTbnBhWlM3M3JJVmR5VUFVRmQ4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ny8wODJmMTItNTEzYi00ZWI5LWExNzEt
YzZmNmQ0NDQ5MTVmLzEvUzdHbkpnMDBSUnpDRFdtYjlscVVCdllpQWtFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ny8wODJmMTItNTEzYi00ZWI5LWExNzEtYzZmNmQ0NDQ5MTVm
LzEveTlsQzJXN3BTbnBhWlM3M3JJVmR5VUFVRmQ4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeAgU
MA0GCSqGSIb3DQEBCwUAA4IBAQCFQ/17a8epVbcEgrpINEMkc6kFDpxWk4Y5WR7G
esjlDY3u2rjVSxS66LUFCJqKQI/mbtn+BPxDkHSn0n/jGMRE9gUh3VWn/w1kQf9R
LXhCqoa43JtQ1DfqKa9HYHPwVS8hcQjSHl/rgKZ9xnhWjUqeLbmVfT8WuE/hvqSj
d7T/9UM7GYP2yQEbUV7cCQWfPRfto0JLMRXbEIrOoGvnOTrchSgQ3Jnh6tqwXEwz
VhtO4CM8enmVPg0+NNbljfcOiIWAohCNezaNSq6sU0P/C/zNeYGCHmjBIvEWGsJb
h97D4oWGC95ipFCcO+jzYcrI5p2nuI2rkkil4+HaalpYd5X4
-----END CERTIFICATE-----