Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/b592dd-c711-4301-9be5-aef3fcbb7884/1/oWlfLP9NHDbkXnO5xUNOqo6y6v8.roa
File:                     oWlfLP9NHDbkXnO5xUNOqo6y6v8.roa (raw, json)
Hash identifier:          0Wi1aGI2WgWAOW/eOMkgkg5bYGXMlfw8cbZjd45cePk=
Subject key identifier:   A1:69:5F:2C:FF:4D:1C:36:E4:5E:73:B9:C5:43:4E:AA:8E:B2:EA:FF
Certificate issuer:       /CN=7dc896cb3899c5b6488d1c4653faee4b23151f1f
Certificate serial:       018CC64B2FA00E6BBEEF396DD523DC7CD0EF
Authority key identifier: 7D:C8:96:CB:38:99:C5:B6:48:8D:1C:46:53:FA:EE:4B:23:15:1F:1F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fciWyziZxbZIjRxGU_ruSyMVHx8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/b592dd-c711-4301-9be5-aef3fcbb7884/1/oWlfLP9NHDbkXnO5xUNOqo6y6v8.roa
Signing time:             Mon 01 Jan 2024 18:31:05 +0000
ROA not before:           Mon 01 Jan 2024 18:31:05 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     6067
IP address blocks:        2001:4dc0::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/b592dd-c711-4301-9be5-aef3fcbb7884/1/fciWyziZxbZIjRxGU_ruSyMVHx8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/b592dd-c711-4301-9be5-aef3fcbb7884/1/fciWyziZxbZIjRxGU_ruSyMVHx8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fciWyziZxbZIjRxGU_ruSyMVHx8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:2f:a0:0e:6b:be:ef:39:6d:d5:23:dc:7c:d0:ef
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7dc896cb3899c5b6488d1c4653faee4b23151f1f
        Validity
            Not Before: Jan  1 18:31:05 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a1695f2cff4d1c36e45e73b9c5434eaa8eb2eaff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:80:59:54:bb:5f:5c:86:ef:73:00:ed:14:7c:
                    2c:85:c9:80:95:89:a4:dd:50:e4:4c:a7:bd:6b:6f:
                    1e:6e:9e:f9:bf:32:54:f8:39:43:14:97:28:fc:8e:
                    91:1b:5f:2f:30:e2:7f:46:f4:04:a3:cd:60:03:9a:
                    f3:94:1d:b6:8b:62:34:d1:2e:b6:e7:d9:90:b6:12:
                    03:a1:78:f7:09:68:aa:93:5c:31:f1:c3:ee:66:53:
                    ab:06:21:fa:fd:13:9f:fd:33:33:58:ed:bf:c8:54:
                    8e:ce:e5:bc:df:df:64:e6:1d:85:1b:dd:27:db:16:
                    7e:81:fe:a1:f3:fa:a3:1e:7e:39:d9:29:01:1f:ed:
                    ab:2f:06:26:45:2b:e9:c2:75:74:a2:84:a5:1e:55:
                    70:a5:14:fe:c0:2a:b7:9f:ff:91:d1:93:23:ae:a6:
                    41:09:ab:86:81:b0:5e:4c:18:b5:a3:33:c4:d9:f5:
                    32:e1:f3:87:33:81:e7:42:e9:0d:95:9c:7b:28:da:
                    e5:e6:fb:ca:41:1f:c1:a1:ea:a3:df:cf:49:83:3a:
                    86:5e:84:84:49:0f:29:63:6e:ad:dc:fa:2f:e8:17:
                    b7:04:47:5b:ba:0a:06:27:2c:bd:e3:a0:15:5b:09:
                    5e:69:90:56:33:ed:cf:97:a6:ea:c7:19:0b:1f:03:
                    db:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:69:5F:2C:FF:4D:1C:36:E4:5E:73:B9:C5:43:4E:AA:8E:B2:EA:FF
            X509v3 Authority Key Identifier:
                keyid:7D:C8:96:CB:38:99:C5:B6:48:8D:1C:46:53:FA:EE:4B:23:15:1F:1F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fciWyziZxbZIjRxGU_ruSyMVHx8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/b592dd-c711-4301-9be5-aef3fcbb7884/1/oWlfLP9NHDbkXnO5xUNOqo6y6v8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/b592dd-c711-4301-9be5-aef3fcbb7884/1/fciWyziZxbZIjRxGU_ruSyMVHx8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:4dc0::/32

    Signature Algorithm: sha256WithRSAEncryption
         b8:54:d6:46:02:39:fa:57:fd:e3:bb:12:cf:61:50:ec:7b:ad:
         4e:3a:19:b2:06:32:85:b4:22:cc:61:ac:9d:c7:aa:ec:1f:34:
         e5:cb:6a:7e:31:41:ed:b4:17:cc:9c:e5:68:14:b7:e9:d7:51:
         6c:dc:17:11:c3:6b:05:ee:97:8a:7b:5b:77:7d:81:1a:72:59:
         34:d3:09:2d:e0:d9:84:9b:a4:46:99:58:74:5c:ee:77:3c:e4:
         83:2a:0f:b3:c5:c6:f0:77:c2:53:d7:d6:2f:e6:7b:45:d2:be:
         70:09:9d:8c:ab:86:ac:88:c5:9d:39:5b:1a:2b:6a:84:a6:a9:
         42:16:38:3a:a3:83:a6:4d:51:db:c3:88:ac:1c:e7:92:94:e3:
         47:53:4b:8d:b6:ef:5b:2a:f8:17:b1:68:84:74:7c:7c:c0:b0:
         22:d4:e5:5b:98:ef:c4:6b:fc:48:f0:bf:a8:cf:4f:48:b8:8e:
         6d:e3:43:66:e3:ee:0f:39:fd:55:4d:f6:40:12:64:43:4c:db:
         2c:8c:30:0e:6a:d8:19:e2:1f:f1:7b:e5:be:b1:03:f1:15:b5:
         b3:6b:c5:ab:58:51:e7:fd:7c:be:30:b3:61:27:d5:b8:9f:fd:
         0b:86:cd:e2:95:7d:62:28:62:83:8b:94:34:0c:81:94:88:82:
         a4:30:ca:5e
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzGSy+gDmu+7zlt1SPcfNDvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkYzg5NmNiMzg5OWM1YjY0ODhkMWM0NjUzZmFlZTRiMjMx
NTFmMWYwHhcNMjQwMTAxMTgzMTA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMTY5NWYyY2ZmNGQxYzM2ZTQ1ZTczYjljNTQzNGVhYThlYjJlYWZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAroBZVLtfXIbvcwDtFHwshcmAlYmk
3VDkTKe9a28ebp75vzJU+DlDFJco/I6RG18vMOJ/RvQEo81gA5rzlB22i2I00S62
59mQthIDoXj3CWiqk1wx8cPuZlOrBiH6/ROf/TMzWO2/yFSOzuW8399k5h2FG90n
2xZ+gf6h8/qjHn452SkBH+2rLwYmRSvpwnV0ooSlHlVwpRT+wCq3n/+R0ZMjrqZB
CauGgbBeTBi1ozPE2fUy4fOHM4HnQukNlZx7KNrl5vvKQR/Boeqj389JgzqGXoSE
SQ8pY26t3Pov6Be3BEdbugoGJyy946AVWwleaZBWM+3Pl6bqxxkLHwPb7wIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFKFpXyz/TRw25F5zucVDTqqOsur/MB8GA1UdIwQY
MBaAFH3Ilss4mcW2SI0cRlP67ksjFR8fMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmNpV3l6aVp4YlpJalJ4R1VfcnVTeU1WSHg4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9iNTkyZGQtYzcxMS00MzAxLTliZTUt
YWVmM2ZjYmI3ODg0LzEvb1dsZkxQOU5IRGJrWG5PNXhVTk9xbzZ5NnY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9iNTkyZGQtYzcxMS00MzAxLTliZTUtYWVmM2ZjYmI3ODg0
LzEvZmNpV3l6aVp4YlpJalJ4R1VfcnVTeU1WSHg4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAIAFNwDAN
BgkqhkiG9w0BAQsFAAOCAQEAuFTWRgI5+lf947sSz2FQ7HutTjoZsgYyhbQizGGs
nceq7B805ctqfjFB7bQXzJzlaBS36ddRbNwXEcNrBe6Xintbd32BGnJZNNMJLeDZ
hJukRplYdFzudzzkgyoPs8XG8HfCU9fWL+Z7RdK+cAmdjKuGrIjFnTlbGitqhKap
QhY4OqODpk1R28OIrBznkpTjR1NLjbbvWyr4F7FohHR8fMCwItTlW5jvxGv8SPC/
qM9PSLiObeNDZuPuDzn9VU32QBJkQ0zbLIwwDmrYGeIf8XvlvrED8RW1s2vFq1hR
5/18vjCzYSfVuJ/9C4bN4pV9Yihig4uUNAyBlIiCpDDKXg==
-----END CERTIFICATE-----