Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7a/bad4a0-3e9b-4764-8a24-f3a26f055f4e/1/1-PVeIAL7XkTCr4WowsaQiN6DMMw.roa
File:                     1-PVeIAL7XkTCr4WowsaQiN6DMMw.roa (raw, json)
Hash identifier:          mZYPDOQs56vNIWwg3XG8DXD+eDtc2gMkTpMMeO84Qmg=
Subject key identifier:   F8:F5:5E:20:02:FB:5E:44:C2:AF:85:A8:C2:C6:90:88:DE:83:30:CC
Certificate issuer:       /CN=9803c40f77bc88faf209f31d361ebbab5caeac4a
Certificate serial:       018CCA2AE8B271B0BE8CCC0B67D178D0B37E
Authority key identifier: 98:03:C4:0F:77:BC:88:FA:F2:09:F3:1D:36:1E:BB:AB:5C:AE:AC:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mAPED3e8iPryCfMdNh67q1yurEo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7a/bad4a0-3e9b-4764-8a24-f3a26f055f4e/1/1-PVeIAL7XkTCr4WowsaQiN6DMMw.roa
Signing time:             Tue 02 Jan 2024 12:34:18 +0000
ROA not before:           Tue 02 Jan 2024 12:34:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207186
IP address blocks:        2001:67c:984::/48 maxlen: 48
                          2001:67c:980::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7a/bad4a0-3e9b-4764-8a24-f3a26f055f4e/1/mAPED3e8iPryCfMdNh67q1yurEo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7a/bad4a0-3e9b-4764-8a24-f3a26f055f4e/1/mAPED3e8iPryCfMdNh67q1yurEo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mAPED3e8iPryCfMdNh67q1yurEo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 01:01:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:e8:b2:71:b0:be:8c:cc:0b:67:d1:78:d0:b3:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9803c40f77bc88faf209f31d361ebbab5caeac4a
        Validity
            Not Before: Jan  2 12:34:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f8f55e2002fb5e44c2af85a8c2c69088de8330cc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:27:f9:fc:e1:8a:b4:6c:f1:e9:ad:7a:44:cc:
                    3c:71:c6:61:c5:e7:48:86:47:57:6a:23:02:35:27:
                    af:27:d7:ce:1e:43:16:e3:3f:8a:82:d7:ab:83:12:
                    dd:98:80:41:8d:a8:03:73:24:5b:5b:86:24:06:3e:
                    ed:10:18:58:ff:71:7b:e0:6b:14:9b:db:99:94:0e:
                    94:5d:4e:aa:41:46:e8:10:28:6a:75:25:de:c1:32:
                    82:b3:08:82:73:6b:4a:12:65:3c:a0:59:70:87:7f:
                    b7:cf:9b:cc:e0:1e:63:45:5e:27:25:db:36:fe:27:
                    8c:26:8e:b4:45:a7:d6:b4:5e:5a:b7:36:ec:6b:6f:
                    56:ba:5a:4e:52:8d:e1:3c:5c:24:c7:c1:73:cc:61:
                    db:99:ea:1a:99:43:d3:50:af:a6:33:e2:7e:59:e2:
                    59:88:fa:b6:cb:50:c0:b9:bf:6c:cf:51:c4:2e:72:
                    9e:e4:02:f7:a8:cf:d6:48:c3:7d:0c:82:ea:b3:17:
                    2d:89:93:ae:6c:c8:94:3b:52:69:5f:a8:7e:e6:6c:
                    a0:7b:09:c2:46:f8:cb:70:a1:51:84:3f:47:e5:9a:
                    dc:f3:37:99:43:22:f1:4b:08:36:d2:06:fe:13:b2:
                    5a:b7:b2:70:c6:3e:4c:87:76:c5:14:4c:7f:83:73:
                    50:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F8:F5:5E:20:02:FB:5E:44:C2:AF:85:A8:C2:C6:90:88:DE:83:30:CC
            X509v3 Authority Key Identifier:
                keyid:98:03:C4:0F:77:BC:88:FA:F2:09:F3:1D:36:1E:BB:AB:5C:AE:AC:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mAPED3e8iPryCfMdNh67q1yurEo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/bad4a0-3e9b-4764-8a24-f3a26f055f4e/1/1-PVeIAL7XkTCr4WowsaQiN6DMMw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/bad4a0-3e9b-4764-8a24-f3a26f055f4e/1/mAPED3e8iPryCfMdNh67q1yurEo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:980::/48
                  2001:67c:984::/48

    Signature Algorithm: sha256WithRSAEncryption
         2a:df:bb:59:c3:b1:b3:08:8a:27:bc:eb:e1:d6:bf:ea:45:ba:
         ad:92:41:c9:74:a7:ab:67:49:92:fe:0c:4e:93:c9:dd:c3:fd:
         20:b9:e2:1f:df:53:db:c9:ac:d8:66:32:3b:c2:0b:01:6a:19:
         61:a5:35:d9:8c:54:12:31:aa:9e:e5:c0:67:47:11:a1:17:60:
         b1:6f:ab:27:b2:d3:b1:1f:ac:af:9b:1c:b1:ed:92:43:ae:da:
         1f:dc:52:ca:18:14:17:7e:f4:c4:49:a3:67:16:bb:0f:16:f1:
         23:5e:59:af:0f:9a:25:c3:e0:a3:f4:75:85:a6:59:a0:50:ff:
         55:f9:6d:92:01:ad:59:e9:d5:7c:75:75:31:a7:42:00:40:fa:
         00:9e:e7:bd:fe:bf:87:7b:a7:f7:e0:01:2e:75:38:e2:07:7d:
         c3:2b:66:3d:62:29:8d:66:7b:62:05:f9:a1:30:e1:f4:6f:6a:
         36:61:6d:fa:05:d2:eb:4e:da:32:f9:b1:bf:4a:89:cd:51:35:
         17:5a:1a:ca:20:86:d1:83:4d:7a:b5:b2:39:13:2e:23:95:86:
         3c:70:6d:f4:b6:7a:d3:e6:55:8c:49:69:a1:d8:e4:a6:69:cd:
         f7:72:df:ee:3b:45:52:2d:3c:d3:28:97:1e:e5:02:c6:4e:4a:
         ac:73:50:20
-----BEGIN CERTIFICATE-----
MIIFCjCCA/KgAwIBAgISAYzKKuiycbC+jMwLZ9F40LN+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk4MDNjNDBmNzdiYzg4ZmFmMjA5ZjMxZDM2MWViYmFiNWNh
ZWFjNGEwHhcNMjQwMTAyMTIzNDE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOGY1NWUyMDAyZmI1ZTQ0YzJhZjg1YThjMmM2OTA4OGRlODMzMGNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhif5/OGKtGzx6a16RMw8ccZhxedI
hkdXaiMCNSevJ9fOHkMW4z+KgtergxLdmIBBjagDcyRbW4YkBj7tEBhY/3F74GsU
m9uZlA6UXU6qQUboEChqdSXewTKCswiCc2tKEmU8oFlwh3+3z5vM4B5jRV4nJds2
/ieMJo60RafWtF5atzbsa29WulpOUo3hPFwkx8FzzGHbmeoamUPTUK+mM+J+WeJZ
iPq2y1DAub9sz1HELnKe5AL3qM/WSMN9DILqsxctiZOubMiUO1JpX6h+5mygewnC
RvjLcKFRhD9H5Zrc8zeZQyLxSwg20gb+E7Jat7Jwxj5Mh3bFFEx/g3NQVQIDAQAB
o4ICFjCCAhIwHQYDVR0OBBYEFPj1XiAC+15Ewq+FqMLGkIjegzDMMB8GA1UdIwQY
MBaAFJgDxA93vIj68gnzHTYeu6tcrqxKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbUFQRUQzZThpUHJ5Q2ZNZE5oNjdxMXl1ckVvLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83YS9iYWQ0YTAtM2U5Yi00NzY0LThhMjQt
ZjNhMjZmMDU1ZjRlLzEvMS1QVmVJQUw3WGtUQ3I0V293c2FRaU42RE1Ndy5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvN2EvYmFkNGEwLTNlOWItNDc2NC04YTI0LWYzYTI2ZjA1NWY0
ZS8xL21BUEVEM2U4aVByeUNmTWROaDY3cTF5dXJFby5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjArBggrBgEFBQcBBwEB/wQcMBowGAQCAAIwEgMHACABBnwJ
gAMHACABBnwJhDANBgkqhkiG9w0BAQsFAAOCAQEAKt+7WcOxswiKJ7zr4da/6kW6
rZJByXSnq2dJkv4MTpPJ3cP9ILniH99T28ms2GYyO8ILAWoZYaU12YxUEjGqnuXA
Z0cRoRdgsW+rJ7LTsR+sr5scse2SQ67aH9xSyhgUF370xEmjZxa7DxbxI15Zrw+a
JcPgo/R1haZZoFD/VfltkgGtWenVfHV1MadCAED6AJ7nvf6/h3un9+ABLnU44gd9
wytmPWIpjWZ7YgX5oTDh9G9qNmFt+gXS607aMvmxv0qJzVE1F1oayiCG0YNNerWy
ORMuI5WGPHBt9LZ60+ZVjElpodjkpmnN93Lf7jtFUi080yiXHuUCxk5KrHNQIA==
-----END CERTIFICATE-----