Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7d/f0172e-69c2-422f-8296-9e80d0d87c2d/1/R4Vtq_d1YLRz_d1GIT6LVEsEFOs.roa
File:                     R4Vtq_d1YLRz_d1GIT6LVEsEFOs.roa (raw, json)
Hash identifier:          1NSjeL8528ng1jDaAmfPCg9OrzDs9qXsNxga4azUuoQ=
Subject key identifier:   47:85:6D:AB:F7:75:60:B4:73:FD:DD:46:21:3E:8B:54:4B:04:14:EB
Certificate issuer:       /CN=73975d5da9da8a074b33fbcb5c09d503a3b443a1
Certificate serial:       018CC56EAB2081A7DEAEC1787B9BE970347A
Authority key identifier: 73:97:5D:5D:A9:DA:8A:07:4B:33:FB:CB:5C:09:D5:03:A3:B4:43:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/c5ddXanaigdLM_vLXAnVA6O0Q6E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7d/f0172e-69c2-422f-8296-9e80d0d87c2d/1/R4Vtq_d1YLRz_d1GIT6LVEsEFOs.roa
Signing time:             Mon 01 Jan 2024 14:30:13 +0000
ROA not before:           Mon 01 Jan 2024 14:30:13 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     13030
IP address blocks:        2001:67c:2648::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7d/f0172e-69c2-422f-8296-9e80d0d87c2d/1/c5ddXanaigdLM_vLXAnVA6O0Q6E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7d/f0172e-69c2-422f-8296-9e80d0d87c2d/1/c5ddXanaigdLM_vLXAnVA6O0Q6E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/c5ddXanaigdLM_vLXAnVA6O0Q6E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 21:03:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:ab:20:81:a7:de:ae:c1:78:7b:9b:e9:70:34:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=73975d5da9da8a074b33fbcb5c09d503a3b443a1
        Validity
            Not Before: Jan  1 14:30:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=47856dabf77560b473fddd46213e8b544b0414eb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:76:78:11:19:8b:86:96:0b:a9:46:20:7c:0b:
                    b3:93:6a:ab:8b:b1:33:c4:f4:12:d1:37:54:9e:15:
                    64:1b:4b:6f:0b:f2:52:48:e9:b3:9f:45:ff:75:c0:
                    50:fa:83:da:fd:ee:ba:e3:a1:09:ac:a9:cc:f1:e1:
                    39:f7:41:e0:fc:e2:1f:0a:ed:a6:3c:1a:95:6a:d4:
                    63:56:af:a1:84:dc:de:3f:a1:42:ca:61:43:62:b6:
                    c5:a1:85:10:80:c0:36:d3:ab:cd:dc:0a:40:98:78:
                    26:5d:33:cc:6f:a6:65:b9:a7:07:59:ff:10:4e:b5:
                    ac:e8:4b:57:c6:a9:fb:02:03:ed:f3:67:ee:29:6a:
                    38:29:0d:3d:e2:b9:ba:37:bd:02:99:2e:bc:3f:6d:
                    0f:d7:df:ea:b8:d3:c9:9c:b9:97:d9:d4:90:f6:9a:
                    fd:8f:78:cb:69:8d:21:c9:7c:0e:b8:94:cd:83:56:
                    d9:1c:bb:fb:7c:be:93:f5:2f:d1:4b:27:2c:03:d4:
                    93:da:d9:8d:0c:38:eb:83:db:7e:c7:fa:62:20:ea:
                    ca:4b:77:4f:f9:f8:ee:bb:1f:e6:f2:fc:ec:65:b0:
                    78:17:17:7b:8f:cb:9f:b5:e7:ee:70:4e:b6:c5:04:
                    22:a8:39:43:48:cf:91:96:01:2a:8e:45:93:f8:cb:
                    fa:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:85:6D:AB:F7:75:60:B4:73:FD:DD:46:21:3E:8B:54:4B:04:14:EB
            X509v3 Authority Key Identifier:
                keyid:73:97:5D:5D:A9:DA:8A:07:4B:33:FB:CB:5C:09:D5:03:A3:B4:43:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5ddXanaigdLM_vLXAnVA6O0Q6E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/f0172e-69c2-422f-8296-9e80d0d87c2d/1/R4Vtq_d1YLRz_d1GIT6LVEsEFOs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/f0172e-69c2-422f-8296-9e80d0d87c2d/1/c5ddXanaigdLM_vLXAnVA6O0Q6E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:2648::/48

    Signature Algorithm: sha256WithRSAEncryption
         37:94:cf:1d:ff:7f:62:98:8e:b1:c2:80:f2:8b:8a:92:8f:e2:
         b5:a1:13:1c:05:f1:e1:f8:c6:7b:cf:2f:69:70:0c:e0:e0:92:
         9e:d2:27:62:fc:4d:99:5c:b9:f1:07:c5:97:b5:a8:16:ef:52:
         07:c8:46:3a:60:6e:bb:62:6e:44:c5:51:70:9a:89:3f:67:1f:
         90:84:b1:c3:f3:71:2c:dc:27:d6:69:cf:e0:34:08:e9:3b:96:
         45:e3:55:68:cb:b9:44:a1:37:ee:79:46:dc:45:30:ad:ef:5b:
         62:14:25:9a:34:5a:b8:a6:52:25:ec:91:fc:ce:7a:3f:25:7c:
         39:f4:53:79:6f:d7:50:36:ad:b2:b9:ca:b5:71:3c:63:d1:d8:
         8b:55:a5:9a:00:73:57:bf:59:af:a7:f2:7f:8e:56:86:37:68:
         d7:c7:cc:ba:82:3b:f9:34:73:6a:b6:f6:ac:82:48:43:44:45:
         48:52:26:46:92:e3:08:2f:12:de:84:54:21:68:23:04:e3:bc:
         26:93:73:be:d2:b8:37:0f:9c:17:05:dc:94:49:1f:4b:6d:d7:
         e0:bd:b4:73:ba:09:6c:92:5e:c5:6e:17:d4:2e:79:f8:a8:f8:
         83:19:41:15:cc:8c:49:67:ce:1a:10:59:47:4f:d9:07:01:2d:
         37:8c:68:89
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzFbqsggafersF4e5vpcDR6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDczOTc1ZDVkYTlkYThhMDc0YjMzZmJjYjVjMDlkNTAzYTNi
NDQzYTEwHhcNMjQwMTAxMTQzMDEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0Nzg1NmRhYmY3NzU2MGI0NzNmZGRkNDYyMTNlOGI1NDRiMDQxNGViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtnZ4ERmLhpYLqUYgfAuzk2qri7Ez
xPQS0TdUnhVkG0tvC/JSSOmzn0X/dcBQ+oPa/e6646EJrKnM8eE590Hg/OIfCu2m
PBqVatRjVq+hhNzeP6FCymFDYrbFoYUQgMA206vN3ApAmHgmXTPMb6ZluacHWf8Q
TrWs6EtXxqn7AgPt82fuKWo4KQ094rm6N70CmS68P20P19/quNPJnLmX2dSQ9pr9
j3jLaY0hyXwOuJTNg1bZHLv7fL6T9S/RSycsA9ST2tmNDDjrg9t+x/piIOrKS3dP
+fjuux/m8vzsZbB4Fxd7j8uftefucE62xQQiqDlDSM+RlgEqjkWT+Mv6DQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFEeFbav3dWC0c/3dRiE+i1RLBBTrMB8GA1UdIwQY
MBaAFHOXXV2p2ooHSzP7y1wJ1QOjtEOhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYzVkZFhhbmFpZ2RMTV92TFhBblZBNk8wUTZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZC9mMDE3MmUtNjljMi00MjJmLTgyOTYt
OWU4MGQwZDg3YzJkLzEvUjRWdHFfZDFZTFJ6X2QxR0lUNkxWRXNFRk9zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZC9mMDE3MmUtNjljMi00MjJmLTgyOTYtOWU4MGQwZDg3YzJk
LzEvYzVkZFhhbmFpZ2RMTV92TFhBblZBNk8wUTZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfCZI
MA0GCSqGSIb3DQEBCwUAA4IBAQA3lM8d/39imI6xwoDyi4qSj+K1oRMcBfHh+MZ7
zy9pcAzg4JKe0idi/E2ZXLnxB8WXtagW71IHyEY6YG67Ym5ExVFwmok/Zx+QhLHD
83Es3CfWac/gNAjpO5ZF41Voy7lEoTfueUbcRTCt71tiFCWaNFq4plIl7JH8zno/
JXw59FN5b9dQNq2yucq1cTxj0diLVaWaAHNXv1mvp/J/jlaGN2jXx8y6gjv5NHNq
tvasgkhDREVIUiZGkuMILxLehFQhaCME47wmk3O+0rg3D5wXBdyUSR9LbdfgvbRz
uglskl7FbhfULnn4qPiDGUEVzIxJZ84aEFlHT9kHAS03jGiJ
-----END CERTIFICATE-----