Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a3/dd1ea6-ccbf-4df1-92ef-d61df33c431b/1/8pAu86zQ1-fsMzJJVV-yxM3jk4s.roa
File:                     8pAu86zQ1-fsMzJJVV-yxM3jk4s.roa (raw, json)
Hash identifier:          5OkbLirEl4xGif5BLZq0NGhB5veki1oa0zJCiyTyNPY=
Subject key identifier:   F2:90:2E:F3:AC:D0:D7:E7:EC:33:32:49:55:5F:B2:C4:CD:E3:93:8B
Certificate issuer:       /CN=544194f8249773d3cd6fb654b239de769c42e864
Certificate serial:       018EE766EC695B32970FC9473F6DD9FDF820
Authority key identifier: 54:41:94:F8:24:97:73:D3:CD:6F:B6:54:B2:39:DE:76:9C:42:E8:64
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VEGU-CSXc9PNb7ZUsjnedpxC6GQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a3/dd1ea6-ccbf-4df1-92ef-d61df33c431b/1/8pAu86zQ1-fsMzJJVV-yxM3jk4s.roa
Signing time:             Tue 16 Apr 2024 14:54:25 +0000
ROA not before:           Tue 16 Apr 2024 14:54:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     6206
IP address blocks:        2001:678:730::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a3/dd1ea6-ccbf-4df1-92ef-d61df33c431b/1/VEGU-CSXc9PNb7ZUsjnedpxC6GQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a3/dd1ea6-ccbf-4df1-92ef-d61df33c431b/1/VEGU-CSXc9PNb7ZUsjnedpxC6GQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VEGU-CSXc9PNb7ZUsjnedpxC6GQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 05:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:e7:66:ec:69:5b:32:97:0f:c9:47:3f:6d:d9:fd:f8:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=544194f8249773d3cd6fb654b239de769c42e864
        Validity
            Not Before: Apr 16 14:54:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f2902ef3acd0d7e7ec333249555fb2c4cde3938b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:9b:2e:f9:68:b3:43:cb:d8:2b:c8:22:6d:3c:
                    fc:ca:3e:cb:04:f1:3d:6d:f8:f9:62:d5:97:d1:8a:
                    5b:89:97:15:96:71:2f:dc:96:af:e8:6e:2c:c4:77:
                    d8:be:c6:d3:e9:75:63:0c:c8:41:ac:cd:e1:75:24:
                    a4:a3:f4:a5:eb:09:8d:60:82:92:02:2b:cc:2a:7b:
                    f3:8b:6d:c8:24:91:ea:b4:d6:22:15:07:6e:0d:cb:
                    be:96:52:47:0a:6e:48:52:48:6b:e4:c5:68:f7:ed:
                    9b:b1:bc:23:23:c9:df:1b:82:6f:37:1e:80:6c:e7:
                    ad:8e:90:09:38:90:49:ac:73:88:56:97:a2:65:61:
                    8f:fd:3f:12:a0:d6:34:83:a7:04:f3:44:5b:b4:e6:
                    85:19:fe:d3:50:e9:d0:19:d7:af:3d:dc:73:5c:63:
                    ef:82:68:0a:79:04:c0:53:2f:13:15:2a:ba:e2:de:
                    9f:40:dc:83:40:da:7e:de:64:8d:e3:84:f6:51:a9:
                    d5:4a:a4:dd:71:35:03:84:c6:00:f8:91:d8:46:30:
                    05:5f:35:60:45:b7:5a:5b:5e:2d:89:3a:6e:87:21:
                    43:6d:9e:91:00:7e:0d:80:01:69:fa:fb:bd:06:bd:
                    34:b2:42:dc:58:09:db:36:df:4f:75:7d:44:66:a9:
                    ea:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:90:2E:F3:AC:D0:D7:E7:EC:33:32:49:55:5F:B2:C4:CD:E3:93:8B
            X509v3 Authority Key Identifier:
                keyid:54:41:94:F8:24:97:73:D3:CD:6F:B6:54:B2:39:DE:76:9C:42:E8:64

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VEGU-CSXc9PNb7ZUsjnedpxC6GQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/dd1ea6-ccbf-4df1-92ef-d61df33c431b/1/8pAu86zQ1-fsMzJJVV-yxM3jk4s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/dd1ea6-ccbf-4df1-92ef-d61df33c431b/1/VEGU-CSXc9PNb7ZUsjnedpxC6GQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:730::/48

    Signature Algorithm: sha256WithRSAEncryption
         0a:45:35:db:70:4f:2a:46:30:b5:0f:50:de:c8:24:bf:3f:29:
         1b:06:a4:19:e3:ad:f9:a8:75:b5:bb:df:fc:db:74:d9:08:9e:
         14:b4:5a:f2:1a:e2:8b:1f:2f:58:ee:c3:a6:5b:30:27:be:0b:
         18:36:64:cb:d9:3f:68:ef:e0:d0:d5:4b:50:35:0b:c1:82:5a:
         fb:a8:eb:73:75:a8:eb:69:d6:55:b4:de:29:09:48:37:48:9f:
         b9:8c:d5:5b:13:f8:b5:87:b6:88:47:d3:89:74:df:e8:2f:da:
         0e:6d:13:4a:9f:e7:3b:4d:a4:ab:c5:c4:aa:eb:38:8e:60:a9:
         89:8b:4f:af:d3:f1:93:cb:bb:3a:35:5b:f6:2c:a9:c5:db:42:
         98:c7:ac:d1:bd:30:fe:45:e5:b8:9d:e7:cd:29:59:b3:53:40:
         40:8f:3f:e7:28:fd:c5:b0:bc:ff:5a:0f:0f:3d:27:8c:e7:a8:
         72:e5:3f:83:a8:c3:d1:c2:00:69:7f:03:13:eb:f4:c0:7c:db:
         91:14:3c:d4:e9:90:a3:d2:42:e3:5d:af:eb:06:7f:c8:72:60:
         96:a3:b7:3f:16:6f:c8:6d:e7:66:d0:ec:cb:b4:4c:a6:83:38:
         c3:34:6f:87:c9:53:26:75:e6:e9:5f:b4:59:93:ba:20:32:6c:
         21:99:f7:d1
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY7nZuxpWzKXD8lHP23Z/fggMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0NDE5NGY4MjQ5NzczZDNjZDZmYjY1NGIyMzlkZTc2OWM0
MmU4NjQwHhcNMjQwNDE2MTQ1NDI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMjkwMmVmM2FjZDBkN2U3ZWMzMzMyNDk1NTVmYjJjNGNkZTM5MzhiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjpsu+WizQ8vYK8gibTz8yj7LBPE9
bfj5YtWX0YpbiZcVlnEv3Jav6G4sxHfYvsbT6XVjDMhBrM3hdSSko/Sl6wmNYIKS
AivMKnvzi23IJJHqtNYiFQduDcu+llJHCm5IUkhr5MVo9+2bsbwjI8nfG4JvNx6A
bOetjpAJOJBJrHOIVpeiZWGP/T8SoNY0g6cE80RbtOaFGf7TUOnQGdevPdxzXGPv
gmgKeQTAUy8TFSq64t6fQNyDQNp+3mSN44T2UanVSqTdcTUDhMYA+JHYRjAFXzVg
RbdaW14tiTpuhyFDbZ6RAH4NgAFp+vu9Br00skLcWAnbNt9PdX1EZqnquQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFPKQLvOs0Nfn7DMySVVfssTN45OLMB8GA1UdIwQY
MBaAFFRBlPgkl3PTzW+2VLI53nacQuhkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVkVHVS1DU1hjOVBOYjdaVXNqbmVkcHhDNkdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMy9kZDFlYTYtY2NiZi00ZGYxLTkyZWYt
ZDYxZGYzM2M0MzFiLzEvOHBBdTg2elExLWZzTXpKSlZWLXl4TTNqazRzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMy9kZDFlYTYtY2NiZi00ZGYxLTkyZWYtZDYxZGYzM2M0MzFi
LzEvVkVHVS1DU1hjOVBOYjdaVXNqbmVkcHhDNkdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeAcw
MA0GCSqGSIb3DQEBCwUAA4IBAQAKRTXbcE8qRjC1D1DeyCS/PykbBqQZ4635qHW1
u9/823TZCJ4UtFryGuKLHy9Y7sOmWzAnvgsYNmTL2T9o7+DQ1UtQNQvBglr7qOtz
dajradZVtN4pCUg3SJ+5jNVbE/i1h7aIR9OJdN/oL9oObRNKn+c7TaSrxcSq6ziO
YKmJi0+v0/GTy7s6NVv2LKnF20KYx6zRvTD+ReW4nefNKVmzU0BAjz/nKP3FsLz/
Wg8PPSeM56hy5T+DqMPRwgBpfwMT6/TAfNuRFDzU6ZCj0kLjXa/rBn/IcmCWo7c/
Fm/Ibedm0OzLtEymgzjDNG+HyVMmdebpX7RZk7ogMmwhmffR
-----END CERTIFICATE-----