Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7e/2fad84-e8c9-4f13-b6c1-4e6f26dd3ddb/1/vGRL3OWhaHljAP5xsmgK5sjCLGc.roa
File:                     vGRL3OWhaHljAP5xsmgK5sjCLGc.roa (raw, json)
Hash identifier:          LoIbpfsK0A0uSUzIaFc4GIV7Mz1GCf9ayNoavk0uae0=
Subject key identifier:   BC:64:4B:DC:E5:A1:68:79:63:00:FE:71:B2:68:0A:E6:C8:C2:2C:67
Certificate issuer:       /CN=38493361df7f38ab5574db8220a6c4fe5cfe6b40
Certificate serial:       018E1E6921D95E6F847EE5359491DBE438D6
Authority key identifier: 38:49:33:61:DF:7F:38:AB:55:74:DB:82:20:A6:C4:FE:5C:FE:6B:40
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OEkzYd9_OKtVdNuCIKbE_lz-a0A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7e/2fad84-e8c9-4f13-b6c1-4e6f26dd3ddb/1/vGRL3OWhaHljAP5xsmgK5sjCLGc.roa
Signing time:             Fri 08 Mar 2024 14:13:10 +0000
ROA not before:           Fri 08 Mar 2024 14:13:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215345
IP address blocks:        2001:67c:88::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7e/2fad84-e8c9-4f13-b6c1-4e6f26dd3ddb/1/OEkzYd9_OKtVdNuCIKbE_lz-a0A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7e/2fad84-e8c9-4f13-b6c1-4e6f26dd3ddb/1/OEkzYd9_OKtVdNuCIKbE_lz-a0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OEkzYd9_OKtVdNuCIKbE_lz-a0A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 08:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:1e:69:21:d9:5e:6f:84:7e:e5:35:94:91:db:e4:38:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=38493361df7f38ab5574db8220a6c4fe5cfe6b40
        Validity
            Not Before: Mar  8 14:13:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bc644bdce5a168796300fe71b2680ae6c8c22c67
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:b4:06:be:95:24:02:e7:38:8e:c2:cf:d6:9a:
                    82:ff:34:73:06:00:1a:62:ac:ab:5d:b3:11:b8:04:
                    14:8e:ff:d9:07:08:48:70:40:e0:4f:08:60:b7:47:
                    d6:88:4e:c5:b9:29:3a:7f:8a:04:14:d3:c0:a4:19:
                    99:14:58:02:14:a6:67:78:bb:ef:81:c7:ff:21:a9:
                    42:d8:5a:f9:4f:2f:ab:01:35:a9:c1:09:30:6f:25:
                    d7:a9:78:76:bc:bf:bd:2b:5b:2e:a7:e5:df:f6:25:
                    55:37:a4:37:30:79:36:12:cf:53:2f:e4:b6:c6:54:
                    d0:02:de:51:c0:89:fc:59:b4:b3:66:f5:2d:59:69:
                    5d:bc:42:4a:cb:d9:38:b3:53:10:04:36:88:23:79:
                    ec:d2:cd:c9:4d:34:97:b2:91:f5:63:ea:4f:7e:18:
                    e6:ec:0a:e6:4a:bb:aa:9d:25:4c:99:d6:69:72:ee:
                    26:d6:55:ad:99:cf:56:73:da:6d:cb:75:51:02:1e:
                    04:ff:2e:bf:c8:28:13:d1:b9:42:77:a8:38:a1:05:
                    f1:6a:ee:3e:ed:ae:3e:f0:26:be:c4:a0:d4:a1:7d:
                    4a:e6:eb:77:69:c8:6a:c1:fa:d0:85:ca:dc:46:aa:
                    9d:da:a7:bf:5b:56:14:ed:b9:d1:23:d0:f9:19:f9:
                    d7:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:64:4B:DC:E5:A1:68:79:63:00:FE:71:B2:68:0A:E6:C8:C2:2C:67
            X509v3 Authority Key Identifier:
                keyid:38:49:33:61:DF:7F:38:AB:55:74:DB:82:20:A6:C4:FE:5C:FE:6B:40

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OEkzYd9_OKtVdNuCIKbE_lz-a0A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/2fad84-e8c9-4f13-b6c1-4e6f26dd3ddb/1/vGRL3OWhaHljAP5xsmgK5sjCLGc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/2fad84-e8c9-4f13-b6c1-4e6f26dd3ddb/1/OEkzYd9_OKtVdNuCIKbE_lz-a0A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:88::/48

    Signature Algorithm: sha256WithRSAEncryption
         1f:dd:ea:72:4f:93:05:1a:fc:aa:fa:33:b2:d7:ee:2b:6c:b4:
         5f:a6:16:b7:03:b2:77:20:f6:27:6f:44:e5:7e:75:fb:bb:6d:
         f9:5c:49:08:d7:db:6e:87:f3:38:95:d0:fe:d8:4b:eb:7a:76:
         5b:1f:8b:ce:3f:03:4e:41:1d:59:82:88:15:39:de:4d:6c:fe:
         8f:0e:e7:ac:cb:c7:0c:35:18:c4:6c:c4:cb:0f:3a:6c:a6:8d:
         66:25:99:fd:19:92:ce:88:bc:c4:4d:9c:4d:d7:0d:e7:6f:41:
         f1:f9:66:6d:4b:7e:12:73:f5:c0:bf:11:ea:17:b5:32:ec:b3:
         bc:2d:f5:ca:67:a5:f4:88:e9:b1:6b:f9:03:34:a5:80:06:13:
         20:43:ff:81:6c:13:e1:85:82:ed:62:41:22:6c:6f:d2:05:97:
         ca:e1:9a:78:c7:56:ef:1a:ac:06:12:95:05:dd:2c:3d:64:f9:
         07:ad:08:0a:d3:ab:66:dc:51:dd:46:92:ab:84:53:d4:40:83:
         24:84:e0:30:90:ed:2e:08:76:d7:2b:8c:3f:ee:78:e2:89:8b:
         ea:27:7c:45:06:cc:1d:f3:85:91:74:2b:f3:8e:1e:f0:a1:5c:
         2b:d0:4e:cc:80:88:38:b0:12:68:ec:f6:f0:ed:a1:cc:23:d3:
         0a:72:24:4f
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY4eaSHZXm+EfuU1lJHb5DjWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM4NDkzMzYxZGY3ZjM4YWI1NTc0ZGI4MjIwYTZjNGZlNWNm
ZTZiNDAwHhcNMjQwMzA4MTQxMzEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYzY0NGJkY2U1YTE2ODc5NjMwMGZlNzFiMjY4MGFlNmM4YzIyYzY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxbQGvpUkAuc4jsLP1pqC/zRzBgAa
YqyrXbMRuAQUjv/ZBwhIcEDgTwhgt0fWiE7FuSk6f4oEFNPApBmZFFgCFKZneLvv
gcf/IalC2Fr5Ty+rATWpwQkwbyXXqXh2vL+9K1sup+Xf9iVVN6Q3MHk2Es9TL+S2
xlTQAt5RwIn8WbSzZvUtWWldvEJKy9k4s1MQBDaII3ns0s3JTTSXspH1Y+pPfhjm
7ArmSruqnSVMmdZpcu4m1lWtmc9Wc9pty3VRAh4E/y6/yCgT0blCd6g4oQXxau4+
7a4+8Ca+xKDUoX1K5ut3achqwfrQhcrcRqqd2qe/W1YU7bnRI9D5GfnXjQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFLxkS9zloWh5YwD+cbJoCubIwixnMB8GA1UdIwQY
MBaAFDhJM2HffzirVXTbgiCmxP5c/mtAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT0VrellkOV9PS3RWZE51Q0lLYkVfbHotYTBBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZS8yZmFkODQtZThjOS00ZjEzLWI2YzEt
NGU2ZjI2ZGQzZGRiLzEvdkdSTDNPV2hhSGxqQVA1eHNtZ0s1c2pDTEdjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZS8yZmFkODQtZThjOS00ZjEzLWI2YzEtNGU2ZjI2ZGQzZGRi
LzEvT0VrellkOV9PS3RWZE51Q0lLYkVfbHotYTBBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfACI
MA0GCSqGSIb3DQEBCwUAA4IBAQAf3epyT5MFGvyq+jOy1+4rbLRfpha3A7J3IPYn
b0TlfnX7u235XEkI19tuh/M4ldD+2EvrenZbH4vOPwNOQR1ZgogVOd5NbP6PDues
y8cMNRjEbMTLDzpspo1mJZn9GZLOiLzETZxN1w3nb0Hx+WZtS34Sc/XAvxHqF7Uy
7LO8LfXKZ6X0iOmxa/kDNKWABhMgQ/+BbBPhhYLtYkEibG/SBZfK4Zp4x1bvGqwG
EpUF3Sw9ZPkHrQgK06tm3FHdRpKrhFPUQIMkhOAwkO0uCHbXK4w/7njiiYvqJ3xF
Bswd84WRdCvzjh7woVwr0E7MgIg4sBJo7Pbw7aHMI9MKciRP
-----END CERTIFICATE-----