Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9c/4de9ba-0a6b-47f8-9770-f92019375bc8/1/06ze7SCNFcsIndHXgrTfZ8YuM04.roa
File:                     06ze7SCNFcsIndHXgrTfZ8YuM04.roa (raw, json)
Hash identifier:          OZNsdraaGjyRepeJ+8kmnI7qc2bXqL8vlHtQY2+DnAg=
Subject key identifier:   D3:AC:DE:ED:20:8D:15:CB:08:9D:D1:D7:82:B4:DF:67:C6:2E:33:4E
Certificate issuer:       /CN=7587902ce7a6a334a4e0db73e721989015d6489b
Certificate serial:       018CCA29C0D1676A7316AC9A5680F82D0E15
Authority key identifier: 75:87:90:2C:E7:A6:A3:34:A4:E0:DB:73:E7:21:98:90:15:D6:48:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dYeQLOemozSk4Ntz5yGYkBXWSJs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9c/4de9ba-0a6b-47f8-9770-f92019375bc8/1/06ze7SCNFcsIndHXgrTfZ8YuM04.roa
Signing time:             Tue 02 Jan 2024 12:33:03 +0000
ROA not before:           Tue 02 Jan 2024 12:33:03 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207111
IP address blocks:        2001:67c:770::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9c/4de9ba-0a6b-47f8-9770-f92019375bc8/1/dYeQLOemozSk4Ntz5yGYkBXWSJs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9c/4de9ba-0a6b-47f8-9770-f92019375bc8/1/dYeQLOemozSk4Ntz5yGYkBXWSJs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dYeQLOemozSk4Ntz5yGYkBXWSJs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:29:c0:d1:67:6a:73:16:ac:9a:56:80:f8:2d:0e:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7587902ce7a6a334a4e0db73e721989015d6489b
        Validity
            Not Before: Jan  2 12:33:03 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d3acdeed208d15cb089dd1d782b4df67c62e334e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:55:01:ef:54:aa:79:14:7f:5d:4b:0d:b4:5c:
                    34:67:4f:aa:9e:2e:97:3e:13:de:d4:26:3f:6d:87:
                    0f:2e:f4:05:6a:2f:00:a8:c9:a4:b5:48:47:3a:59:
                    d0:8e:8a:62:0a:af:d7:f0:22:c2:62:c3:21:59:ec:
                    18:7e:ef:81:a7:0b:31:84:85:d8:72:a5:38:19:87:
                    bd:82:33:ae:32:d9:5c:68:b2:88:07:94:b0:f2:2b:
                    25:b5:01:28:a0:25:bf:be:e4:f8:13:99:6f:89:9d:
                    06:b9:7e:83:1a:a4:1e:be:ed:f2:dc:e7:0b:17:09:
                    a7:74:d3:11:64:86:2e:ee:09:6e:23:5d:59:18:ca:
                    27:4d:83:ff:31:61:45:85:73:89:cf:4f:2e:70:6b:
                    4f:37:6c:99:e7:7f:18:c2:84:cb:60:5c:f9:ef:e6:
                    37:d4:66:9b:23:5c:dc:77:ea:cd:fa:b8:b3:fc:1b:
                    97:ec:42:76:bd:78:f8:4b:65:10:62:62:40:29:b1:
                    3a:ea:99:c4:97:8a:04:8b:a4:c6:bf:9d:51:19:28:
                    f3:44:5d:66:0b:b5:92:0f:4c:29:9d:5c:3c:ca:cf:
                    21:3b:a9:7e:b6:eb:29:32:1b:eb:c0:88:49:76:37:
                    de:59:2c:0c:77:f0:d3:10:8c:a1:fd:5b:07:85:50:
                    29:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:AC:DE:ED:20:8D:15:CB:08:9D:D1:D7:82:B4:DF:67:C6:2E:33:4E
            X509v3 Authority Key Identifier:
                keyid:75:87:90:2C:E7:A6:A3:34:A4:E0:DB:73:E7:21:98:90:15:D6:48:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dYeQLOemozSk4Ntz5yGYkBXWSJs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/4de9ba-0a6b-47f8-9770-f92019375bc8/1/06ze7SCNFcsIndHXgrTfZ8YuM04.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/4de9ba-0a6b-47f8-9770-f92019375bc8/1/dYeQLOemozSk4Ntz5yGYkBXWSJs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:770::/48

    Signature Algorithm: sha256WithRSAEncryption
         c4:58:41:bb:d6:fe:54:84:d0:d0:17:7b:3a:34:a0:b3:00:12:
         47:60:1b:e0:ef:36:42:4f:e1:05:30:6e:6d:92:79:d9:71:46:
         15:f3:5a:f6:5f:08:c0:d3:09:19:2a:76:1a:d1:a0:ce:7f:77:
         e0:dd:1d:55:df:ba:8b:00:e0:31:0c:03:78:f5:09:af:eb:b9:
         51:29:b0:19:31:6b:05:c7:4a:06:9e:c3:4d:9b:31:97:1b:3f:
         10:d7:4f:d9:17:94:86:0d:b6:c6:ac:e6:66:4d:93:49:ea:77:
         57:76:e0:9b:30:80:ef:28:a9:f9:b6:ab:d8:a7:4a:f1:4f:f4:
         8e:97:00:27:60:02:59:85:87:fe:df:81:21:d0:ea:82:c0:60:
         96:89:7a:cd:3b:aa:28:58:39:93:3d:64:bb:b3:95:37:51:35:
         c9:28:70:27:a0:5c:a6:36:e3:98:78:14:0b:c2:75:5d:33:d9:
         77:42:8f:b4:d5:12:50:f8:44:84:a1:da:c3:7e:b9:cd:2f:b4:
         68:c9:f3:df:b1:40:6d:3b:73:11:c3:ac:a2:a8:e2:20:ea:ad:
         d7:cb:43:8b:d7:1a:d9:a7:bd:f7:a9:88:7a:fc:a9:1c:35:83:
         24:41:0d:dc:3a:f0:81:a8:3d:33:7f:0d:ef:78:01:74:77:1d:
         e8:44:6f:74
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzKKcDRZ2pzFqyaVoD4LQ4VMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc1ODc5MDJjZTdhNmEzMzRhNGUwZGI3M2U3MjE5ODkwMTVk
NjQ4OWIwHhcNMjQwMTAyMTIzMzAzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkM2FjZGVlZDIwOGQxNWNiMDg5ZGQxZDc4MmI0ZGY2N2M2MmUzMzRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkVUB71SqeRR/XUsNtFw0Z0+qni6X
PhPe1CY/bYcPLvQFai8AqMmktUhHOlnQjopiCq/X8CLCYsMhWewYfu+BpwsxhIXY
cqU4GYe9gjOuMtlcaLKIB5Sw8isltQEooCW/vuT4E5lviZ0GuX6DGqQevu3y3OcL
FwmndNMRZIYu7gluI11ZGMonTYP/MWFFhXOJz08ucGtPN2yZ538YwoTLYFz57+Y3
1GabI1zcd+rN+riz/BuX7EJ2vXj4S2UQYmJAKbE66pnEl4oEi6TGv51RGSjzRF1m
C7WSD0wpnVw8ys8hO6l+tuspMhvrwIhJdjfeWSwMd/DTEIyh/VsHhVApWQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFNOs3u0gjRXLCJ3R14K032fGLjNOMB8GA1UdIwQY
MBaAFHWHkCznpqM0pODbc+chmJAV1kibMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZFllUUxPZW1velNrNE50ejV5R1lrQlhXU0pzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yy80ZGU5YmEtMGE2Yi00N2Y4LTk3NzAt
ZjkyMDE5Mzc1YmM4LzEvMDZ6ZTdTQ05GY3NJbmRIWGdyVGZaOFl1TTA0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yy80ZGU5YmEtMGE2Yi00N2Y4LTk3NzAtZjkyMDE5Mzc1YmM4
LzEvZFllUUxPZW1velNrNE50ejV5R1lrQlhXU0pzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfAdw
MA0GCSqGSIb3DQEBCwUAA4IBAQDEWEG71v5UhNDQF3s6NKCzABJHYBvg7zZCT+EF
MG5tknnZcUYV81r2XwjA0wkZKnYa0aDOf3fg3R1V37qLAOAxDAN49Qmv67lRKbAZ
MWsFx0oGnsNNmzGXGz8Q10/ZF5SGDbbGrOZmTZNJ6ndXduCbMIDvKKn5tqvYp0rx
T/SOlwAnYAJZhYf+34Eh0OqCwGCWiXrNO6ooWDmTPWS7s5U3UTXJKHAnoFymNuOY
eBQLwnVdM9l3Qo+01RJQ+ESEodrDfrnNL7RoyfPfsUBtO3MRw6yiqOIg6q3Xy0OL
1xrZp733qYh6/KkcNYMkQQ3cOvCBqD0zfw3veAF0dx3oRG90
-----END CERTIFICATE-----