Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/d140fb-03ae-45d9-8ddc-e1ed9dd2a02a/1/vKQuv-nXnqudrHQjBePtBEdooN4.roa
File:                     vKQuv-nXnqudrHQjBePtBEdooN4.roa (raw, json)
Hash identifier:          U4SzS8gj9ZBFKJ2WdtgYDn8cryP7fY5+ap88XxuLbWE=
Subject key identifier:   BC:A4:2E:BF:E9:D7:9E:AB:9D:AC:74:23:05:E3:ED:04:47:68:A0:DE
Certificate issuer:       /CN=a79bba2805a988954e4fec42570530f16f9e7093
Certificate serial:       018CC3B6DF8DAF07B03C5635CB4CF33C6B93
Authority key identifier: A7:9B:BA:28:05:A9:88:95:4E:4F:EC:42:57:05:30:F1:6F:9E:70:93
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/p5u6KAWpiJVOT-xCVwUw8W-ecJM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/d140fb-03ae-45d9-8ddc-e1ed9dd2a02a/1/vKQuv-nXnqudrHQjBePtBEdooN4.roa
Signing time:             Mon 01 Jan 2024 06:29:51 +0000
ROA not before:           Mon 01 Jan 2024 06:29:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     11588
IP address blocks:        2001:4de0:4202::/47 maxlen: 47
                          2001:4de0:2400::/40 maxlen: 40

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/d140fb-03ae-45d9-8ddc-e1ed9dd2a02a/1/p5u6KAWpiJVOT-xCVwUw8W-ecJM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/d140fb-03ae-45d9-8ddc-e1ed9dd2a02a/1/p5u6KAWpiJVOT-xCVwUw8W-ecJM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/p5u6KAWpiJVOT-xCVwUw8W-ecJM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 18:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:df:8d:af:07:b0:3c:56:35:cb:4c:f3:3c:6b:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a79bba2805a988954e4fec42570530f16f9e7093
        Validity
            Not Before: Jan  1 06:29:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bca42ebfe9d79eab9dac742305e3ed044768a0de
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:79:91:f5:5b:e5:a6:23:ce:96:c8:3a:17:06:
                    90:ef:61:68:6e:9f:6f:38:93:13:8b:9c:9b:24:ff:
                    c8:78:00:b2:2e:42:ed:a4:f5:98:20:5c:ce:ef:26:
                    db:af:22:c5:5a:b9:c9:5e:70:ad:e3:ec:6b:85:c6:
                    13:af:f6:06:13:10:07:a6:df:f6:22:91:d2:11:97:
                    e2:89:13:b8:c3:66:bd:4d:a3:57:a7:23:f4:62:d7:
                    44:82:6c:99:8d:38:f6:4e:25:56:49:8e:33:0d:21:
                    91:f1:0b:46:b2:c6:0d:23:98:32:7a:1b:b6:94:76:
                    29:53:d8:b5:6f:35:64:b2:fc:53:4f:82:98:cc:88:
                    97:b6:29:a7:1f:55:82:1c:72:fe:34:1d:0c:77:eb:
                    4b:73:e3:2a:aa:74:d2:b9:6e:14:86:2d:cb:7d:87:
                    d7:c6:e1:ae:91:bc:0e:bc:83:69:85:68:a7:34:fd:
                    c6:b7:75:32:a3:97:cf:84:24:b4:5d:5b:92:03:9a:
                    e2:28:2e:8f:11:8d:ec:87:1f:20:9e:30:9e:6f:13:
                    29:f9:80:7c:1b:91:41:9a:90:28:b0:9f:08:6f:b7:
                    ca:94:2d:d4:d2:ef:55:18:87:83:94:3e:2b:03:8d:
                    22:cf:2c:7a:35:93:3d:c7:7d:d1:27:23:e6:7b:15:
                    3f:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:A4:2E:BF:E9:D7:9E:AB:9D:AC:74:23:05:E3:ED:04:47:68:A0:DE
            X509v3 Authority Key Identifier:
                keyid:A7:9B:BA:28:05:A9:88:95:4E:4F:EC:42:57:05:30:F1:6F:9E:70:93

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/p5u6KAWpiJVOT-xCVwUw8W-ecJM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/d140fb-03ae-45d9-8ddc-e1ed9dd2a02a/1/vKQuv-nXnqudrHQjBePtBEdooN4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/d140fb-03ae-45d9-8ddc-e1ed9dd2a02a/1/p5u6KAWpiJVOT-xCVwUw8W-ecJM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:4de0:2400::/40
                  2001:4de0:4202::/47

    Signature Algorithm: sha256WithRSAEncryption
         5f:85:05:ab:4a:91:d2:05:1a:8a:c8:74:23:d8:a8:29:0f:dc:
         87:f6:35:51:e4:98:d5:bc:6c:76:de:a6:b3:7d:b6:d6:6d:d8:
         1a:21:e6:86:ed:6c:fb:d8:35:8a:78:1a:12:8b:0f:0a:c6:cf:
         44:ba:fd:b5:a8:3b:27:89:64:b8:76:5e:16:e4:95:a2:53:ce:
         20:24:cf:45:96:dc:08:64:e5:3f:89:ad:14:af:3a:93:31:bb:
         d6:33:a4:38:a0:20:72:19:26:3e:72:c5:1a:3d:47:a3:95:16:
         2b:c6:e9:f7:93:87:25:b3:20:ac:ff:9d:fa:c5:1d:f1:76:41:
         4a:3d:65:33:83:cb:48:bd:7d:4b:16:56:94:d8:f3:d4:ad:2a:
         7c:61:cb:3d:72:07:96:79:78:06:8d:61:cc:95:22:89:39:93:
         5c:8e:b7:77:02:5f:9f:18:7f:2a:33:ba:97:26:9e:8b:3b:c4:
         8c:97:9c:1b:83:26:91:94:8a:f9:36:19:8d:29:4f:03:16:2f:
         b1:90:fe:53:2d:6e:47:63:35:92:6a:23:08:2f:4e:31:f5:0f:
         21:e6:f5:86:13:5b:93:fe:d8:39:3f:fe:ca:eb:9b:16:ba:7d:
         08:08:73:38:93:96:97:6e:0a:63:fc:4c:91:5d:6c:77:bc:fd:
         52:98:eb:ef
-----BEGIN CERTIFICATE-----
MIIFCDCCA/CgAwIBAgISAYzDtt+NrwewPFY1y0zzPGuTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE3OWJiYTI4MDVhOTg4OTU0ZTRmZWM0MjU3MDUzMGYxNmY5
ZTcwOTMwHhcNMjQwMTAxMDYyOTUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiY2E0MmViZmU5ZDc5ZWFiOWRhYzc0MjMwNWUzZWQwNDQ3NjhhMGRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj3mR9VvlpiPOlsg6FwaQ72Fobp9v
OJMTi5ybJP/IeACyLkLtpPWYIFzO7ybbryLFWrnJXnCt4+xrhcYTr/YGExAHpt/2
IpHSEZfiiRO4w2a9TaNXpyP0YtdEgmyZjTj2TiVWSY4zDSGR8QtGssYNI5gyehu2
lHYpU9i1bzVksvxTT4KYzIiXtimnH1WCHHL+NB0Md+tLc+MqqnTSuW4Uhi3LfYfX
xuGukbwOvINphWinNP3Gt3Uyo5fPhCS0XVuSA5riKC6PEY3shx8gnjCebxMp+YB8
G5FBmpAosJ8Ib7fKlC3U0u9VGIeDlD4rA40izyx6NZM9x33RJyPmexU/mQIDAQAB
o4ICFDCCAhAwHQYDVR0OBBYEFLykLr/p156rnax0IwXj7QRHaKDeMB8GA1UdIwQY
MBaAFKebuigFqYiVTk/sQlcFMPFvnnCTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcDV1NktBV3BpSlZPVC14Q1Z3VXc4Vy1lY0pNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy9kMTQwZmItMDNhZS00NWQ5LThkZGMt
ZTFlZDlkZDJhMDJhLzEvdktRdXYtblhucXVkckhRakJlUHRCRWRvb040LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy9kMTQwZmItMDNhZS00NWQ5LThkZGMtZTFlZDlkZDJhMDJh
LzEvcDV1NktBV3BpSlZPVC14Q1Z3VXc4Vy1lY0pNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCoGCCsGAQUFBwEHAQH/BBswGTAXBAIAAjARAwYAIAFN4CQD
BwEgAU3gQgIwDQYJKoZIhvcNAQELBQADggEBAF+FBatKkdIFGorIdCPYqCkP3If2
NVHkmNW8bHbeprN9ttZt2Boh5obtbPvYNYp4GhKLDwrGz0S6/bWoOyeJZLh2Xhbk
laJTziAkz0WW3Ahk5T+JrRSvOpMxu9YzpDigIHIZJj5yxRo9R6OVFivG6feThyWz
IKz/nfrFHfF2QUo9ZTODy0i9fUsWVpTY89StKnxhyz1yB5Z5eAaNYcyVIok5k1yO
t3cCX58Yfyozupcmnos7xIyXnBuDJpGUivk2GY0pTwMWL7GQ/lMtbkdjNZJqIwgv
TjH1DyHm9YYTW5P+2Dk//srrmxa6fQgIcziTlpduCmP8TJFdbHe8/VKY6+8=
-----END CERTIFICATE-----