Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bb/f80ef3-9f0b-4bd1-8018-59671920fb60/1/yGMExjKS3Jj5jNaAdT5ilLd5KLQ.roa
File:                     yGMExjKS3Jj5jNaAdT5ilLd5KLQ.roa (raw, json)
Hash identifier:          BmRKxuZkhF7hOXaDuWWUO59E/etM/vSZi1LLFNCG5TA=
Subject key identifier:   C8:63:04:C6:32:92:DC:98:F9:8C:D6:80:75:3E:62:94:B7:79:28:B4
Certificate issuer:       /CN=37518d180923a7f3c00653ec12bc702b95aab907
Certificate serial:       018CC348A3FF6AEF0C17558E034EB3F69A5F
Authority key identifier: 37:51:8D:18:09:23:A7:F3:C0:06:53:EC:12:BC:70:2B:95:AA:B9:07
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/N1GNGAkjp_PABlPsErxwK5WquQc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bb/f80ef3-9f0b-4bd1-8018-59671920fb60/1/yGMExjKS3Jj5jNaAdT5ilLd5KLQ.roa
Signing time:             Mon 01 Jan 2024 04:29:26 +0000
ROA not before:           Mon 01 Jan 2024 04:29:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     1967
IP address blocks:        2001:a98:30::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bb/f80ef3-9f0b-4bd1-8018-59671920fb60/1/N1GNGAkjp_PABlPsErxwK5WquQc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bb/f80ef3-9f0b-4bd1-8018-59671920fb60/1/N1GNGAkjp_PABlPsErxwK5WquQc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/N1GNGAkjp_PABlPsErxwK5WquQc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 21:03:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:a3:ff:6a:ef:0c:17:55:8e:03:4e:b3:f6:9a:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=37518d180923a7f3c00653ec12bc702b95aab907
        Validity
            Not Before: Jan  1 04:29:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c86304c63292dc98f98cd680753e6294b77928b4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:bd:ad:01:0b:92:75:15:44:71:46:79:f2:ec:
                    49:90:94:b2:e2:d2:77:0c:fd:46:08:9f:92:b9:2e:
                    e9:8f:a0:27:27:9d:82:b4:c4:d6:bb:ac:1a:a4:44:
                    d6:e3:f3:b0:71:be:dc:bf:ef:81:c4:3c:7f:d7:a3:
                    97:55:1f:ce:ab:52:69:02:48:7e:e9:d6:b4:b2:e7:
                    17:29:0a:e7:a7:ed:51:82:fb:03:b9:e5:ab:40:87:
                    0c:bf:98:6e:7b:c8:88:c0:4e:5b:e9:30:63:0d:94:
                    bf:6a:3c:d3:0d:c7:24:46:5c:2b:e7:4c:50:4c:58:
                    ec:ec:9c:16:1e:f4:c7:83:a9:df:ba:88:4c:4b:54:
                    db:f6:c7:b6:5d:a5:9d:11:42:e7:21:30:1f:8c:c8:
                    ad:e2:fb:83:96:9b:b4:ac:81:1d:eb:7d:ea:ea:97:
                    0c:f6:e9:dc:c2:14:62:a2:ed:41:57:64:be:47:13:
                    c0:d4:5c:db:ea:72:0d:93:09:c8:e6:97:b1:66:ff:
                    e3:e9:05:f3:6d:a6:9d:8d:02:55:b2:59:6c:79:8a:
                    59:3c:bb:4d:d1:e7:b7:f0:29:24:ad:4f:c0:df:ef:
                    fd:fe:31:7a:98:9e:ce:af:61:14:cb:61:6c:21:ac:
                    99:55:99:7b:82:bf:5a:59:e8:ee:ea:b3:a2:fc:e4:
                    78:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:63:04:C6:32:92:DC:98:F9:8C:D6:80:75:3E:62:94:B7:79:28:B4
            X509v3 Authority Key Identifier:
                keyid:37:51:8D:18:09:23:A7:F3:C0:06:53:EC:12:BC:70:2B:95:AA:B9:07

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/N1GNGAkjp_PABlPsErxwK5WquQc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/f80ef3-9f0b-4bd1-8018-59671920fb60/1/yGMExjKS3Jj5jNaAdT5ilLd5KLQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/f80ef3-9f0b-4bd1-8018-59671920fb60/1/N1GNGAkjp_PABlPsErxwK5WquQc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:a98:30::/48

    Signature Algorithm: sha256WithRSAEncryption
         50:59:54:0f:9f:58:03:e4:46:28:33:f5:ef:82:fb:4b:27:4e:
         c9:8d:cd:e8:0f:86:fb:58:dd:37:24:37:f9:2e:23:07:80:fb:
         85:e8:49:24:b3:09:9f:07:3b:95:d2:dc:15:36:50:5d:0b:5f:
         db:39:24:e6:79:18:a3:2b:f7:5d:14:7b:9b:ca:60:a4:52:4c:
         13:97:0c:31:15:f4:f1:4b:e9:81:be:13:98:fe:b0:27:74:21:
         97:42:68:6d:de:fe:cc:bc:30:dd:d8:e9:d4:fd:84:84:a1:42:
         7e:4a:e4:f0:e1:86:d4:95:c7:f1:74:24:27:d3:4e:e5:c0:55:
         54:fc:a3:1b:61:d1:0f:ae:e6:51:93:f0:ca:df:72:45:e3:9c:
         94:88:a6:84:48:57:1b:a6:4f:b5:a0:75:09:1d:39:45:fc:98:
         69:08:78:96:11:de:53:eb:8c:6f:1d:a4:99:f3:85:ca:f4:28:
         bd:83:c1:05:ea:9e:da:81:f8:1f:4f:73:26:73:af:79:5e:12:
         b2:ba:23:65:5b:6c:08:e2:6c:79:be:e5:e9:44:e9:03:44:ed:
         96:65:94:2b:61:f3:a3:13:8e:c2:60:2e:91:f3:e7:1b:3f:66:
         f1:8e:ad:e8:f7:4e:83:09:d9:c3:37:ed:54:b1:3e:73:af:24:
         3b:d1:3c:7d
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzDSKP/au8MF1WOA06z9ppfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM3NTE4ZDE4MDkyM2E3ZjNjMDA2NTNlYzEyYmM3MDJiOTVh
YWI5MDcwHhcNMjQwMTAxMDQyOTI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjODYzMDRjNjMyOTJkYzk4Zjk4Y2Q2ODA3NTNlNjI5NGI3NzkyOGI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl72tAQuSdRVEcUZ58uxJkJSy4tJ3
DP1GCJ+SuS7pj6AnJ52CtMTWu6wapETW4/Owcb7cv++BxDx/16OXVR/Oq1JpAkh+
6da0sucXKQrnp+1RgvsDueWrQIcMv5hue8iIwE5b6TBjDZS/ajzTDcckRlwr50xQ
TFjs7JwWHvTHg6nfuohMS1Tb9se2XaWdEULnITAfjMit4vuDlpu0rIEd633q6pcM
9uncwhRiou1BV2S+RxPA1Fzb6nINkwnI5pexZv/j6QXzbaadjQJVsllseYpZPLtN
0ee38CkkrU/A3+/9/jF6mJ7Or2EUy2FsIayZVZl7gr9aWeju6rOi/OR4VwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFMhjBMYyktyY+YzWgHU+YpS3eSi0MB8GA1UdIwQY
MBaAFDdRjRgJI6fzwAZT7BK8cCuVqrkHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTjFHTkdBa2pwX1BBQmxQc0VyeHdLNVdxdVFjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYi9mODBlZjMtOWYwYi00YmQxLTgwMTgt
NTk2NzE5MjBmYjYwLzEveUdNRXhqS1MzSmo1ak5hQWRUNWlsTGQ1S0xRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYi9mODBlZjMtOWYwYi00YmQxLTgwMTgtNTk2NzE5MjBmYjYw
LzEvTjFHTkdBa2pwX1BBQmxQc0VyeHdLNVdxdVFjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEKmAAw
MA0GCSqGSIb3DQEBCwUAA4IBAQBQWVQPn1gD5EYoM/XvgvtLJ07Jjc3oD4b7WN03
JDf5LiMHgPuF6EkkswmfBzuV0twVNlBdC1/bOSTmeRijK/ddFHubymCkUkwTlwwx
FfTxS+mBvhOY/rAndCGXQmht3v7MvDDd2OnU/YSEoUJ+SuTw4YbUlcfxdCQn007l
wFVU/KMbYdEPruZRk/DK33JF45yUiKaESFcbpk+1oHUJHTlF/JhpCHiWEd5T64xv
HaSZ84XK9Ci9g8EF6p7agfgfT3Mmc695XhKyuiNlW2wI4mx5vuXpROkDRO2WZZQr
YfOjE47CYC6R8+cbP2bxjq3o906DCdnDN+1UsT5zryQ70Tx9
-----END CERTIFICATE-----