Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a5/8dda48-e84b-4ca7-aaf4-f53ef521dbe0/1/gAfZTAPVccdYo93MsWBlWtBZ8Kw.roa
File:                     gAfZTAPVccdYo93MsWBlWtBZ8Kw.roa (raw, json)
Hash identifier:          v3CerJcyJIRfmG06FmHILWD1oNPc3J6mRgPWSvTdOr0=
Subject key identifier:   80:07:D9:4C:03:D5:71:C7:58:A3:DD:CC:B1:60:65:5A:D0:59:F0:AC
Certificate issuer:       /CN=97102c693af3a090f8f94ba1fd082db0924eaf12
Certificate serial:       018FAA8AED7B5C17973AA7516A51D495FB39
Authority key identifier: 97:10:2C:69:3A:F3:A0:90:F8:F9:4B:A1:FD:08:2D:B0:92:4E:AF:12
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lxAsaTrzoJD4-Uuh_QgtsJJOrxI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a5/8dda48-e84b-4ca7-aaf4-f53ef521dbe0/1/gAfZTAPVccdYo93MsWBlWtBZ8Kw.roa
Signing time:             Fri 24 May 2024 12:19:42 +0000
ROA not before:           Fri 24 May 2024 12:19:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203696
IP address blocks:        2001:67c:196c::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a5/8dda48-e84b-4ca7-aaf4-f53ef521dbe0/1/lxAsaTrzoJD4-Uuh_QgtsJJOrxI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a5/8dda48-e84b-4ca7-aaf4-f53ef521dbe0/1/lxAsaTrzoJD4-Uuh_QgtsJJOrxI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lxAsaTrzoJD4-Uuh_QgtsJJOrxI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 03:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:aa:8a:ed:7b:5c:17:97:3a:a7:51:6a:51:d4:95:fb:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=97102c693af3a090f8f94ba1fd082db0924eaf12
        Validity
            Not Before: May 24 12:19:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8007d94c03d571c758a3ddccb160655ad059f0ac
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:0d:b0:43:b5:c6:1b:bd:21:e9:d0:b4:7f:6b:
                    66:16:23:4f:d1:89:fe:fe:26:25:47:2c:ec:37:ab:
                    fb:fd:f8:99:64:07:76:5e:9c:f1:7c:45:f1:0f:8a:
                    4e:9c:46:81:b4:11:ec:c6:57:86:d7:f5:ca:60:5b:
                    a4:4d:05:1d:7f:56:5b:1a:45:ea:fd:57:b7:75:1c:
                    80:b4:e9:dd:4a:3c:9b:dd:2d:27:66:05:82:77:0b:
                    1d:8f:ff:c2:68:82:d9:7a:91:98:d9:40:3b:dc:87:
                    82:fa:45:0a:1b:d1:10:e5:02:94:2b:f2:ac:4b:a5:
                    19:6b:de:88:e4:0e:23:b6:7a:54:1a:43:ce:5f:c4:
                    d0:71:54:91:a2:e0:32:41:3d:66:cf:2a:8d:20:51:
                    d4:4a:b2:dd:3a:75:2b:22:a7:68:d2:61:d4:18:04:
                    f6:9c:d5:ab:eb:2a:4c:5a:93:d0:0f:22:5a:6f:59:
                    f9:e4:65:d6:d9:3b:01:15:df:12:df:76:98:9e:ff:
                    7d:7e:5a:80:62:41:db:a4:c8:e3:01:08:48:72:b1:
                    11:64:8e:c6:7f:0f:85:72:9e:db:f3:9e:3c:8c:e4:
                    bd:ba:51:c8:c0:cb:f9:c1:72:22:8c:2c:98:ef:e5:
                    aa:ee:78:12:0c:2c:cc:59:36:8a:93:22:8f:38:fd:
                    5c:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                80:07:D9:4C:03:D5:71:C7:58:A3:DD:CC:B1:60:65:5A:D0:59:F0:AC
            X509v3 Authority Key Identifier:
                keyid:97:10:2C:69:3A:F3:A0:90:F8:F9:4B:A1:FD:08:2D:B0:92:4E:AF:12

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lxAsaTrzoJD4-Uuh_QgtsJJOrxI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/8dda48-e84b-4ca7-aaf4-f53ef521dbe0/1/gAfZTAPVccdYo93MsWBlWtBZ8Kw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/8dda48-e84b-4ca7-aaf4-f53ef521dbe0/1/lxAsaTrzoJD4-Uuh_QgtsJJOrxI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:196c::/48

    Signature Algorithm: sha256WithRSAEncryption
         2f:ee:b2:4b:25:0a:12:73:fc:43:6a:45:af:f1:fd:40:02:ec:
         52:06:3f:c8:30:38:25:8d:6a:a7:65:a7:c8:52:09:4f:69:db:
         0d:9a:74:11:7a:e9:80:8d:d7:0f:89:20:3a:ad:5a:c1:20:fb:
         67:da:b7:38:f5:d8:10:e3:3c:1a:a6:e0:0b:c4:05:98:1e:0f:
         22:12:1c:35:e7:a6:b9:07:cc:2d:42:6f:8e:ef:c7:02:e3:29:
         cc:1f:6b:3a:80:90:6d:9b:c4:ae:0d:5e:35:49:ac:14:68:69:
         04:93:24:bf:9f:dd:65:bd:5c:e7:20:d1:0b:df:d0:6e:ce:f8:
         d5:8d:d6:fe:a3:df:51:dd:11:ff:8a:84:0f:2d:f1:e1:cb:f6:
         dd:d7:43:4f:b0:c2:55:6a:7b:bf:35:da:77:89:13:ea:39:ee:
         7a:52:5b:3e:44:9b:5a:8d:b7:5e:c8:20:49:2c:58:b6:2d:70:
         28:21:3c:df:42:84:9d:f0:7e:d2:a8:62:b4:0f:d6:2d:bd:76:
         0a:7a:09:11:cf:7a:31:9c:ef:ae:a0:a1:57:84:9b:35:ac:93:
         ea:fd:15:47:72:ef:51:71:49:59:76:c9:69:64:40:1f:99:c6:
         cb:dc:cc:16:80:7f:2d:44:fc:43:c3:1d:83:84:29:68:6b:dc:
         d9:a7:fa:69
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY+qiu17XBeXOqdRalHUlfs5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk3MTAyYzY5M2FmM2EwOTBmOGY5NGJhMWZkMDgyZGIwOTI0
ZWFmMTIwHhcNMjQwNTI0MTIxOTQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MDA3ZDk0YzAzZDU3MWM3NThhM2RkY2NiMTYwNjU1YWQwNTlmMGFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyA2wQ7XGG70h6dC0f2tmFiNP0Yn+
/iYlRyzsN6v7/fiZZAd2XpzxfEXxD4pOnEaBtBHsxleG1/XKYFukTQUdf1ZbGkXq
/Ve3dRyAtOndSjyb3S0nZgWCdwsdj//CaILZepGY2UA73IeC+kUKG9EQ5QKUK/Ks
S6UZa96I5A4jtnpUGkPOX8TQcVSRouAyQT1mzyqNIFHUSrLdOnUrIqdo0mHUGAT2
nNWr6ypMWpPQDyJab1n55GXW2TsBFd8S33aYnv99flqAYkHbpMjjAQhIcrERZI7G
fw+Fcp7b8548jOS9ulHIwMv5wXIijCyY7+Wq7ngSDCzMWTaKkyKPOP1c8QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFIAH2UwD1XHHWKPdzLFgZVrQWfCsMB8GA1UdIwQY
MBaAFJcQLGk686CQ+PlLof0ILbCSTq8SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbHhBc2FUcnpvSkQ0LVV1aF9RZ3RzSkpPcnhJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNS84ZGRhNDgtZTg0Yi00Y2E3LWFhZjQt
ZjUzZWY1MjFkYmUwLzEvZ0FmWlRBUFZjY2RZbzkzTXNXQmxXdEJaOEt3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNS84ZGRhNDgtZTg0Yi00Y2E3LWFhZjQtZjUzZWY1MjFkYmUw
LzEvbHhBc2FUcnpvSkQ0LVV1aF9RZ3RzSkpPcnhJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfBls
MA0GCSqGSIb3DQEBCwUAA4IBAQAv7rJLJQoSc/xDakWv8f1AAuxSBj/IMDgljWqn
ZafIUglPadsNmnQReumAjdcPiSA6rVrBIPtn2rc49dgQ4zwapuALxAWYHg8iEhw1
56a5B8wtQm+O78cC4ynMH2s6gJBtm8SuDV41SawUaGkEkyS/n91lvVznINEL39Bu
zvjVjdb+o99R3RH/ioQPLfHhy/bd10NPsMJVanu/Ndp3iRPqOe56Uls+RJtajbde
yCBJLFi2LXAoITzfQoSd8H7SqGK0D9YtvXYKegkRz3oxnO+uoKFXhJs1rJPq/RVH
cu9RcUlZdslpZEAfmcbL3MwWgH8tRPxDwx2DhCloa9zZp/pp
-----END CERTIFICATE-----