Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ad/180954-8a43-4acc-8a7b-0aeac670c71e/1/c4aA_bj6CzLF63YiADueMvFEAv0.roa
File:                     c4aA_bj6CzLF63YiADueMvFEAv0.roa (raw, json)
Hash identifier:          VRbGz8ClnPlLevbRzlVSbiJGON4NA2s+QaK9DsNCxsg=
Subject key identifier:   73:86:80:FD:B8:FA:0B:32:C5:EB:76:22:00:3B:9E:32:F1:44:02:FD
Certificate issuer:       /CN=5e66815a4631d0e797c1f366e47bf15115c9a4fb
Certificate serial:       018DF6E6F81FDD5B92F00AFB3C0E01AF9FB2
Authority key identifier: 5E:66:81:5A:46:31:D0:E7:97:C1:F3:66:E4:7B:F1:51:15:C9:A4:FB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XmaBWkYx0OeXwfNm5HvxURXJpPs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ad/180954-8a43-4acc-8a7b-0aeac670c71e/1/c4aA_bj6CzLF63YiADueMvFEAv0.roa
Signing time:             Thu 29 Feb 2024 22:05:48 +0000
ROA not before:           Thu 29 Feb 2024 22:05:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212469
IP address blocks:        2001:67c:1354::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ad/180954-8a43-4acc-8a7b-0aeac670c71e/1/XmaBWkYx0OeXwfNm5HvxURXJpPs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ad/180954-8a43-4acc-8a7b-0aeac670c71e/1/XmaBWkYx0OeXwfNm5HvxURXJpPs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XmaBWkYx0OeXwfNm5HvxURXJpPs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 13:01:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:f6:e6:f8:1f:dd:5b:92:f0:0a:fb:3c:0e:01:af:9f:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5e66815a4631d0e797c1f366e47bf15115c9a4fb
        Validity
            Not Before: Feb 29 22:05:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=738680fdb8fa0b32c5eb7622003b9e32f14402fd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:b6:d4:cc:08:f5:e4:fa:ff:5e:e1:b6:fc:b8:
                    e4:61:9f:74:0b:82:a2:e2:4d:f2:66:2d:74:3b:2d:
                    99:f5:8f:8d:bb:5d:e3:49:87:24:38:12:fd:de:ca:
                    6a:64:0d:9c:31:db:a5:46:75:2c:32:ef:06:46:d8:
                    4c:35:0e:b4:93:0e:5f:c3:fc:ac:17:e6:38:8b:64:
                    c4:e7:f5:fe:5b:11:8e:1e:79:b8:a2:2a:66:92:2a:
                    34:f9:1b:51:bf:79:3d:74:b7:82:36:6c:12:a6:6e:
                    94:73:aa:96:43:cd:1a:38:ab:b2:fe:fb:49:d7:13:
                    b9:bb:43:b2:c5:09:82:76:67:8c:10:da:f5:0b:00:
                    7c:4f:8d:a7:2c:75:40:76:af:a1:f4:41:25:2d:0f:
                    61:f5:54:3a:e3:62:cb:e6:6d:8e:b9:bd:aa:d8:ce:
                    ab:97:71:b0:18:45:21:4d:ac:c5:e2:4a:36:1a:28:
                    1c:fc:7d:9e:e8:72:df:0f:1d:b3:bf:7a:7e:a3:38:
                    5c:38:ed:6f:59:98:e6:cb:f6:22:77:c6:34:c6:37:
                    e2:84:c9:17:5c:16:c4:e4:1c:ca:47:e0:f0:fd:a0:
                    3d:b4:df:98:68:f5:4d:71:14:eb:29:79:58:ff:3b:
                    18:df:ff:26:e9:d2:74:8d:c3:00:39:eb:b7:59:90:
                    42:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                73:86:80:FD:B8:FA:0B:32:C5:EB:76:22:00:3B:9E:32:F1:44:02:FD
            X509v3 Authority Key Identifier:
                keyid:5E:66:81:5A:46:31:D0:E7:97:C1:F3:66:E4:7B:F1:51:15:C9:A4:FB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XmaBWkYx0OeXwfNm5HvxURXJpPs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/180954-8a43-4acc-8a7b-0aeac670c71e/1/c4aA_bj6CzLF63YiADueMvFEAv0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/180954-8a43-4acc-8a7b-0aeac670c71e/1/XmaBWkYx0OeXwfNm5HvxURXJpPs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:1354::/48

    Signature Algorithm: sha256WithRSAEncryption
         a0:ba:5f:35:0a:66:c4:70:aa:f4:1a:86:f7:77:71:1e:07:9c:
         36:f1:e4:62:02:45:7f:9d:bd:a2:29:12:c1:70:e7:e2:ec:66:
         02:ab:49:5d:f0:37:3d:3a:f4:af:68:92:0e:f7:90:b1:62:8c:
         da:28:31:93:7a:fa:e8:93:88:aa:f1:aa:ec:96:2d:28:32:03:
         1c:99:1e:28:98:ce:bf:3e:aa:3c:0a:61:8a:fe:70:c8:fd:e3:
         86:75:ce:6f:88:9f:c2:c8:c5:12:a1:1c:7a:9c:04:18:6a:f5:
         a6:7f:a7:ce:50:65:04:2f:f1:8e:46:17:5e:3d:36:a9:bd:e3:
         64:30:5d:ac:0b:93:1e:b5:51:fa:49:fb:5f:17:1c:de:53:45:
         50:e2:06:a7:c3:19:5f:50:30:d8:0c:1d:e2:b5:21:bf:7d:f8:
         fe:9a:de:5d:19:5e:de:c6:ca:50:58:17:df:a7:a0:e6:06:35:
         1e:4f:b2:03:4b:11:ff:88:64:ce:e8:dc:a2:2a:35:01:1a:0c:
         90:30:33:40:d8:72:e1:35:3e:a5:87:70:af:93:03:0f:c0:60:
         7b:b3:a3:15:4d:b1:4c:2b:49:e1:2f:0c:e5:e8:02:99:0b:0d:
         2b:c2:e6:50:e2:92:17:7e:80:44:e9:64:32:52:7c:9c:2c:89:
         14:6e:0d:fb
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY325vgf3VuS8Ar7PA4Br5+yMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVlNjY4MTVhNDYzMWQwZTc5N2MxZjM2NmU0N2JmMTUxMTVj
OWE0ZmIwHhcNMjQwMjI5MjIwNTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3Mzg2ODBmZGI4ZmEwYjMyYzVlYjc2MjIwMDNiOWUzMmYxNDQwMmZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmbbUzAj15Pr/XuG2/LjkYZ90C4Ki
4k3yZi10Oy2Z9Y+Nu13jSYckOBL93spqZA2cMdulRnUsMu8GRthMNQ60kw5fw/ys
F+Y4i2TE5/X+WxGOHnm4oipmkio0+RtRv3k9dLeCNmwSpm6Uc6qWQ80aOKuy/vtJ
1xO5u0OyxQmCdmeMENr1CwB8T42nLHVAdq+h9EElLQ9h9VQ642LL5m2Oub2q2M6r
l3GwGEUhTazF4ko2Gigc/H2e6HLfDx2zv3p+ozhcOO1vWZjmy/Yid8Y0xjfihMkX
XBbE5BzKR+Dw/aA9tN+YaPVNcRTrKXlY/zsY3/8m6dJ0jcMAOeu3WZBC6wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFHOGgP24+gsyxet2IgA7njLxRAL9MB8GA1UdIwQY
MBaAFF5mgVpGMdDnl8HzZuR78VEVyaT7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWG1hQldrWXgwT2VYd2ZObTVIdnhVUlhKcFBzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZC8xODA5NTQtOGE0My00YWNjLThhN2It
MGFlYWM2NzBjNzFlLzEvYzRhQV9iajZDekxGNjNZaUFEdWVNdkZFQXYwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZC8xODA5NTQtOGE0My00YWNjLThhN2ItMGFlYWM2NzBjNzFl
LzEvWG1hQldrWXgwT2VYd2ZObTVIdnhVUlhKcFBzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfBNU
MA0GCSqGSIb3DQEBCwUAA4IBAQCgul81CmbEcKr0Gob3d3EeB5w28eRiAkV/nb2i
KRLBcOfi7GYCq0ld8Dc9OvSvaJIO95CxYozaKDGTevrok4iq8arsli0oMgMcmR4o
mM6/Pqo8CmGK/nDI/eOGdc5viJ/CyMUSoRx6nAQYavWmf6fOUGUEL/GORhdePTap
veNkMF2sC5MetVH6SftfFxzeU0VQ4ganwxlfUDDYDB3itSG/ffj+mt5dGV7exspQ
WBffp6DmBjUeT7IDSxH/iGTO6NyiKjUBGgyQMDNA2HLhNT6lh3CvkwMPwGB7s6MV
TbFMK0nhLwzl6AKZCw0rwuZQ4pIXfoBE6WQyUnycLIkUbg37
-----END CERTIFICATE-----