Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9e/1b9185-40b5-490b-9af8-55c140c9f54f/1/VI_iyVvJC4DcanGJ0-me5Hx6sws.roa
File:                     VI_iyVvJC4DcanGJ0-me5Hx6sws.roa (raw, json)
Hash identifier:          9+UPrHO7mA+aeP+nVfyaGBXB2WN96yyTsKgVo+e+Xfw=
Subject key identifier:   54:8F:E2:C9:5B:C9:0B:80:DC:6A:71:89:D3:E9:9E:E4:7C:7A:B3:0B
Certificate issuer:       /CN=a82c9bc2d2dacfd6f130d85a84fedeabf179a567
Certificate serial:       018CC6B78A79ECC6F6BC669EECE3F5B556C8
Authority key identifier: A8:2C:9B:C2:D2:DA:CF:D6:F1:30:D8:5A:84:FE:DE:AB:F1:79:A5:67
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qCybwtLaz9bxMNhahP7eq_F5pWc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9e/1b9185-40b5-490b-9af8-55c140c9f54f/1/VI_iyVvJC4DcanGJ0-me5Hx6sws.roa
Signing time:             Mon 01 Jan 2024 20:29:26 +0000
ROA not before:           Mon 01 Jan 2024 20:29:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     2119
IP address blocks:        2001:1400:ffef::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9e/1b9185-40b5-490b-9af8-55c140c9f54f/1/qCybwtLaz9bxMNhahP7eq_F5pWc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9e/1b9185-40b5-490b-9af8-55c140c9f54f/1/qCybwtLaz9bxMNhahP7eq_F5pWc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qCybwtLaz9bxMNhahP7eq_F5pWc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:8a:79:ec:c6:f6:bc:66:9e:ec:e3:f5:b5:56:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a82c9bc2d2dacfd6f130d85a84fedeabf179a567
        Validity
            Not Before: Jan  1 20:29:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=548fe2c95bc90b80dc6a7189d3e99ee47c7ab30b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:da:ee:48:30:78:f5:f1:09:20:0b:58:52:10:
                    9a:2f:da:84:01:8c:fa:c4:3a:8a:3d:b3:54:80:70:
                    35:de:fd:f4:8d:d2:8c:4a:c5:29:d7:2a:d2:a2:37:
                    54:5d:99:57:83:e0:a8:66:4b:66:32:d9:61:96:fb:
                    13:b8:0d:6c:e1:10:04:11:88:d5:90:c3:15:79:e3:
                    e2:e2:85:51:00:22:ad:01:59:99:dc:3f:48:45:32:
                    4e:a4:09:68:de:54:99:8e:fd:17:0a:d6:09:50:eb:
                    38:45:fa:ff:fd:9b:94:07:80:e1:5f:d9:07:f6:b9:
                    ba:61:33:c1:85:e7:74:79:32:28:2e:b7:44:a0:c1:
                    7e:ca:f1:34:08:80:99:24:bf:82:e7:6b:59:cb:32:
                    da:6a:1a:5e:05:f9:a4:e4:ef:37:30:13:b5:dc:35:
                    dc:d9:d4:5f:d9:54:68:b8:9d:26:71:53:33:4c:a2:
                    82:61:57:10:ca:32:10:d1:df:63:a7:66:db:ce:8d:
                    6e:2a:c9:3a:90:74:2f:0c:75:35:c0:63:26:69:a1:
                    8e:09:d4:d4:6f:87:34:9b:22:56:6c:25:1d:4b:df:
                    ff:0d:2d:29:34:f2:f7:4e:df:64:3c:ea:0f:aa:73:
                    fd:01:16:2c:9c:cb:6f:9e:84:2d:35:c0:61:27:70:
                    52:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                54:8F:E2:C9:5B:C9:0B:80:DC:6A:71:89:D3:E9:9E:E4:7C:7A:B3:0B
            X509v3 Authority Key Identifier:
                keyid:A8:2C:9B:C2:D2:DA:CF:D6:F1:30:D8:5A:84:FE:DE:AB:F1:79:A5:67

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qCybwtLaz9bxMNhahP7eq_F5pWc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/1b9185-40b5-490b-9af8-55c140c9f54f/1/VI_iyVvJC4DcanGJ0-me5Hx6sws.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/1b9185-40b5-490b-9af8-55c140c9f54f/1/qCybwtLaz9bxMNhahP7eq_F5pWc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:1400:ffef::/48

    Signature Algorithm: sha256WithRSAEncryption
         6c:07:e3:97:29:c6:fe:ec:94:35:0a:2d:9d:57:a2:09:d1:55:
         3e:f0:fb:49:77:ed:68:b9:df:3e:d3:43:1c:bc:2d:33:ee:e4:
         00:2a:da:b9:7e:da:de:5f:4e:f0:e0:be:c1:e5:8d:28:3a:d4:
         11:5f:ab:16:40:60:88:74:b9:10:06:be:07:28:70:3e:7e:49:
         2c:34:0e:42:aa:45:c9:46:d2:05:fe:ce:0f:d3:7b:e2:1c:cb:
         56:f2:b0:37:20:c6:f4:a2:43:59:68:31:c2:73:df:d3:ed:49:
         d6:8f:06:b1:bd:2c:f8:b8:42:6d:f1:5b:60:3f:5d:72:ad:9f:
         96:52:d6:79:f9:f2:b0:53:fa:dd:0c:4c:94:e5:5f:04:c7:93:
         cf:e4:32:2b:ba:98:ad:f1:2e:a9:4a:66:85:73:30:49:a6:f3:
         d9:4b:30:92:66:86:c5:9a:50:1e:12:17:6a:ea:8a:e3:5a:57:
         0a:16:2b:11:b8:80:2d:07:85:b6:a7:08:19:0a:2c:18:ea:ce:
         84:52:ce:8d:b3:28:93:64:63:25:62:06:4f:ac:6f:5b:00:06:
         c1:40:34:b7:54:6e:43:3c:f3:65:6d:96:e6:db:b5:93:50:98:
         d0:68:bd:bd:9a:43:d8:46:86:78:49:56:ab:df:21:3b:fa:fd:
         c8:15:26:28
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzGt4p57Mb2vGae7OP1tVbIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE4MmM5YmMyZDJkYWNmZDZmMTMwZDg1YTg0ZmVkZWFiZjE3
OWE1NjcwHhcNMjQwMTAxMjAyOTI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NDhmZTJjOTViYzkwYjgwZGM2YTcxODlkM2U5OWVlNDdjN2FiMzBiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr9ruSDB49fEJIAtYUhCaL9qEAYz6
xDqKPbNUgHA13v30jdKMSsUp1yrSojdUXZlXg+CoZktmMtlhlvsTuA1s4RAEEYjV
kMMVeePi4oVRACKtAVmZ3D9IRTJOpAlo3lSZjv0XCtYJUOs4Rfr//ZuUB4DhX9kH
9rm6YTPBhed0eTIoLrdEoMF+yvE0CICZJL+C52tZyzLaahpeBfmk5O83MBO13DXc
2dRf2VRouJ0mcVMzTKKCYVcQyjIQ0d9jp2bbzo1uKsk6kHQvDHU1wGMmaaGOCdTU
b4c0myJWbCUdS9//DS0pNPL3Tt9kPOoPqnP9ARYsnMtvnoQtNcBhJ3BSRQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFFSP4slbyQuA3GpxidPpnuR8erMLMB8GA1UdIwQY
MBaAFKgsm8LS2s/W8TDYWoT+3qvxeaVnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcUN5Ynd0TGF6OWJ4TU5oYWhQN2VxX0Y1cFdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85ZS8xYjkxODUtNDBiNS00OTBiLTlhZjgt
NTVjMTQwYzlmNTRmLzEvVklfaXlWdkpDNERjYW5HSjAtbWU1SHg2c3dzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85ZS8xYjkxODUtNDBiNS00OTBiLTlhZjgtNTVjMTQwYzlmNTRm
LzEvcUN5Ynd0TGF6OWJ4TU5oYWhQN2VxX0Y1cFdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEUAP/v
MA0GCSqGSIb3DQEBCwUAA4IBAQBsB+OXKcb+7JQ1Ci2dV6IJ0VU+8PtJd+1oud8+
00McvC0z7uQAKtq5ftreX07w4L7B5Y0oOtQRX6sWQGCIdLkQBr4HKHA+fkksNA5C
qkXJRtIF/s4P03viHMtW8rA3IMb0okNZaDHCc9/T7UnWjwaxvSz4uEJt8VtgP11y
rZ+WUtZ5+fKwU/rdDEyU5V8Ex5PP5DIrupit8S6pSmaFczBJpvPZSzCSZobFmlAe
Ehdq6orjWlcKFisRuIAtB4W2pwgZCiwY6s6EUs6NsyiTZGMlYgZPrG9bAAbBQDS3
VG5DPPNlbZbm27WTUJjQaL29mkPYRoZ4SVar3yE7+v3IFSYo
-----END CERTIFICATE-----