Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/16339a-2603-4e8f-901c-cfe2c7ff018b/1/EtTUfHNb4tiJeb7VsUD_rGasRv0.roa
File:                     EtTUfHNb4tiJeb7VsUD_rGasRv0.roa (raw, json)
Hash identifier:          aOtFN/m01U2kdNUoUNJjC3J/rzAE1Glz1Ib5/vEXeTo=
Subject key identifier:   12:D4:D4:7C:73:5B:E2:D8:89:79:BE:D5:B1:40:FF:AC:66:AC:46:FD
Certificate issuer:       /CN=be7c79e9a21db26bd6ae0750276db1b0afa7ecdb
Certificate serial:       01939B7A94F8F6E0093371021A2C88F397F4
Authority key identifier: BE:7C:79:E9:A2:1D:B2:6B:D6:AE:07:50:27:6D:B1:B0:AF:A7:EC:DB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vnx56aIdsmvWrgdQJ22xsK-n7Ns.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/16339a-2603-4e8f-901c-cfe2c7ff018b/1/EtTUfHNb4tiJeb7VsUD_rGasRv0.roa
Signing time:             Fri 06 Dec 2024 10:18:42 +0000
ROA not before:           Fri 06 Dec 2024 10:18:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213748
IP address blocks:        2001:67c:f70::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/16339a-2603-4e8f-901c-cfe2c7ff018b/1/vnx56aIdsmvWrgdQJ22xsK-n7Ns.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/16339a-2603-4e8f-901c-cfe2c7ff018b/1/vnx56aIdsmvWrgdQJ22xsK-n7Ns.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vnx56aIdsmvWrgdQJ22xsK-n7Ns.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 28 Dec 2024 18:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:9b:7a:94:f8:f6:e0:09:33:71:02:1a:2c:88:f3:97:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=be7c79e9a21db26bd6ae0750276db1b0afa7ecdb
        Validity
            Not Before: Dec  6 10:18:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=12d4d47c735be2d88979bed5b140ffac66ac46fd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:cd:ee:65:b8:44:14:87:c9:a2:83:b1:91:76:
                    49:65:2f:2b:0e:73:cc:55:56:8a:4e:ff:04:ba:e2:
                    a8:ba:5d:5e:1c:1f:89:7b:92:33:b8:be:c5:47:97:
                    a4:c8:38:20:89:a7:e5:c2:a9:92:b6:68:a0:d0:b9:
                    a5:9e:74:38:d8:ec:12:fb:fe:ba:c0:00:99:6a:8e:
                    a3:77:50:2d:71:d2:3e:5f:f9:24:64:63:d1:c0:82:
                    37:d2:0f:24:97:69:9e:26:a3:49:73:08:7e:fa:9b:
                    19:48:97:53:7a:1a:06:6c:d1:6e:4c:28:9d:62:24:
                    40:9c:9b:b7:f3:c7:be:39:a8:1d:e5:f1:7f:93:95:
                    d4:c4:84:91:e5:02:c0:67:01:8b:d7:3b:d8:27:34:
                    c0:bb:a7:58:72:4c:2e:ce:45:a4:45:bf:1a:38:ea:
                    6d:3f:b3:de:f7:4b:1a:66:cf:17:74:c1:a1:74:40:
                    20:b8:33:58:6c:ac:ca:5a:b3:4f:ad:94:7e:74:9d:
                    3f:90:fc:02:bc:7a:ac:4a:bf:97:d5:e6:b7:c9:8a:
                    f0:4d:78:fa:c5:29:91:d7:41:10:77:47:4f:ef:35:
                    10:f8:1f:96:3a:83:75:84:5a:7f:d4:3a:00:0d:89:
                    1a:a4:94:34:eb:22:8d:08:7d:08:36:5e:11:d4:45:
                    b2:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                12:D4:D4:7C:73:5B:E2:D8:89:79:BE:D5:B1:40:FF:AC:66:AC:46:FD
            X509v3 Authority Key Identifier:
                keyid:BE:7C:79:E9:A2:1D:B2:6B:D6:AE:07:50:27:6D:B1:B0:AF:A7:EC:DB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vnx56aIdsmvWrgdQJ22xsK-n7Ns.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/16339a-2603-4e8f-901c-cfe2c7ff018b/1/EtTUfHNb4tiJeb7VsUD_rGasRv0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/16339a-2603-4e8f-901c-cfe2c7ff018b/1/vnx56aIdsmvWrgdQJ22xsK-n7Ns.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:f70::/48

    Signature Algorithm: sha256WithRSAEncryption
         65:24:d1:89:7f:09:36:e8:5f:9d:25:99:e9:65:c8:51:91:07:
         06:f5:7d:20:75:6c:08:e4:5d:49:2d:50:6e:5d:d0:b7:73:25:
         12:82:7c:5d:ed:ee:64:ef:5f:32:8c:c7:0a:e2:28:4b:17:02:
         c6:41:44:11:ff:8f:11:eb:9a:7a:61:7d:e6:b1:ec:47:d0:1c:
         e0:87:75:59:f0:ef:d8:62:e9:ed:d5:6d:35:1e:3c:8b:59:6d:
         1b:8e:f6:d0:79:05:7e:b2:ac:34:04:03:a5:82:9e:7a:30:ed:
         7e:f3:37:75:45:86:86:c9:43:3a:f6:be:b5:89:22:c7:76:ad:
         08:62:b0:29:4a:eb:3a:e5:6a:5b:e3:b7:aa:80:35:66:9c:49:
         fb:48:3f:50:c6:b5:43:41:ca:13:70:08:f5:5f:1a:90:83:c8:
         25:69:a1:45:6b:37:55:9f:11:63:0a:19:f7:10:ce:05:f3:ac:
         fd:1d:54:ad:e2:24:31:15:25:f4:69:ef:37:46:5a:4e:ab:9a:
         9f:18:3c:22:cd:4b:cb:3c:77:de:4d:f3:ff:7c:3e:49:ce:ac:
         ce:e8:0f:b4:ec:91:20:6d:1a:84:56:a3:32:4b:00:66:57:e9:
         c3:aa:a5:1c:6d:07:52:de:d4:10:d9:26:fe:80:2a:c2:03:5f:
         59:14:9a:dc
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZObepT49uAJM3ECGiyI85f0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJlN2M3OWU5YTIxZGIyNmJkNmFlMDc1MDI3NmRiMWIwYWZh
N2VjZGIwHhcNMjQxMjA2MTAxODQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMmQ0ZDQ3YzczNWJlMmQ4ODk3OWJlZDViMTQwZmZhYzY2YWM0NmZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuM3uZbhEFIfJooOxkXZJZS8rDnPM
VVaKTv8EuuKoul1eHB+Je5IzuL7FR5ekyDggiaflwqmStmig0LmlnnQ42OwS+/66
wACZao6jd1AtcdI+X/kkZGPRwII30g8kl2meJqNJcwh++psZSJdTehoGbNFuTCid
YiRAnJu388e+Oagd5fF/k5XUxISR5QLAZwGL1zvYJzTAu6dYckwuzkWkRb8aOOpt
P7Pe90saZs8XdMGhdEAguDNYbKzKWrNPrZR+dJ0/kPwCvHqsSr+X1ea3yYrwTXj6
xSmR10EQd0dP7zUQ+B+WOoN1hFp/1DoADYkapJQ06yKNCH0INl4R1EWylQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFBLU1HxzW+LYiXm+1bFA/6xmrEb9MB8GA1UdIwQY
MBaAFL58eemiHbJr1q4HUCdtsbCvp+zbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdm54NTZhSWRzbXZXcmdkUUoyMnhzSy1uN05zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS8xNjMzOWEtMjYwMy00ZThmLTkwMWMt
Y2ZlMmM3ZmYwMThiLzEvRXRUVWZITmI0dGlKZWI3VnNVRF9yR2FzUnYwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS8xNjMzOWEtMjYwMy00ZThmLTkwMWMtY2ZlMmM3ZmYwMThi
LzEvdm54NTZhSWRzbXZXcmdkUUoyMnhzSy1uN05zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfA9w
MA0GCSqGSIb3DQEBCwUAA4IBAQBlJNGJfwk26F+dJZnpZchRkQcG9X0gdWwI5F1J
LVBuXdC3cyUSgnxd7e5k718yjMcK4ihLFwLGQUQR/48R65p6YX3msexH0Bzgh3VZ
8O/YYunt1W01HjyLWW0bjvbQeQV+sqw0BAOlgp56MO1+8zd1RYaGyUM69r61iSLH
dq0IYrApSus65Wpb47eqgDVmnEn7SD9QxrVDQcoTcAj1XxqQg8glaaFFazdVnxFj
Chn3EM4F86z9HVSt4iQxFSX0ae83RlpOq5qfGDwizUvLPHfeTfP/fD5JzqzO6A+0
7JEgbRqEVqMySwBmV+nDqqUcbQdS3tQQ2Sb+gCrCA19ZFJrc
-----END CERTIFICATE-----