Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/sbtrBI7x1NJqUM2_PI34m-6dQ1w.roa
File:                     sbtrBI7x1NJqUM2_PI34m-6dQ1w.roa (raw, json)
Hash identifier:          hd19p8OgY0lTceAvjsmGJYSYFdPWh0cVZ+1ByxLPyp8=
Subject key identifier:   B1:BB:6B:04:8E:F1:D4:D2:6A:50:CD:BF:3C:8D:F8:9B:EE:9D:43:5C
Certificate issuer:       /CN=1aca63df248b7adf3ddd07e8c2d3eedd02cef933
Certificate serial:       018CC72761DA114DC7CD89C0ED4203B40E90
Authority key identifier: 1A:CA:63:DF:24:8B:7A:DF:3D:DD:07:E8:C2:D3:EE:DD:02:CE:F9:33
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Gspj3ySLet893QfowtPu3QLO-TM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/sbtrBI7x1NJqUM2_PI34m-6dQ1w.roa
Signing time:             Mon 01 Jan 2024 22:31:36 +0000
ROA not before:           Mon 01 Jan 2024 22:31:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8938
IP address blocks:        2001:4190:8024::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/Gspj3ySLet893QfowtPu3QLO-TM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/Gspj3ySLet893QfowtPu3QLO-TM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Gspj3ySLet893QfowtPu3QLO-TM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 May 2024 23:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:61:da:11:4d:c7:cd:89:c0:ed:42:03:b4:0e:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1aca63df248b7adf3ddd07e8c2d3eedd02cef933
        Validity
            Not Before: Jan  1 22:31:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b1bb6b048ef1d4d26a50cdbf3c8df89bee9d435c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:f4:2a:9a:6e:f3:4a:13:f0:e2:95:10:f6:5c:
                    6f:d4:d1:3d:1b:73:ee:0f:6c:3d:ab:0d:1d:87:4f:
                    a9:41:2a:a4:43:5e:17:56:86:89:f7:12:64:04:9a:
                    16:49:79:d2:1a:29:4f:dd:d3:47:e1:49:de:cf:3b:
                    b9:7b:c3:51:d0:8c:72:c0:ac:d7:70:fa:25:1e:3c:
                    e0:4e:77:0a:3b:07:8f:23:64:53:44:15:8a:13:6c:
                    88:cf:98:fe:18:b2:7a:bc:57:3a:60:42:6c:f4:38:
                    9c:70:ac:5b:1f:85:27:0f:b3:af:84:f7:dc:fa:94:
                    3f:63:54:c5:5e:b8:15:ab:4c:80:7e:74:7e:73:fa:
                    dc:36:0e:47:24:1f:f8:c1:80:cb:6a:c7:a7:30:b5:
                    7a:77:a2:b6:17:bb:06:93:4f:9a:06:67:9f:cc:63:
                    5b:51:9f:53:86:8e:18:44:99:0b:e6:88:ee:fa:c4:
                    e2:a8:11:29:3e:75:3f:17:44:8d:6f:06:f9:e1:c6:
                    e4:2d:67:90:7f:76:c2:d5:8f:44:7e:29:35:44:ad:
                    f9:c8:c0:c0:06:d3:9c:df:d8:79:b3:88:d5:1c:dd:
                    62:ae:64:4f:c8:14:cf:ba:ef:37:a4:c2:5e:82:59:
                    99:ae:46:88:bc:ad:d2:0a:7d:20:2c:bc:93:59:fd:
                    b1:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:BB:6B:04:8E:F1:D4:D2:6A:50:CD:BF:3C:8D:F8:9B:EE:9D:43:5C
            X509v3 Authority Key Identifier:
                keyid:1A:CA:63:DF:24:8B:7A:DF:3D:DD:07:E8:C2:D3:EE:DD:02:CE:F9:33

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Gspj3ySLet893QfowtPu3QLO-TM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/sbtrBI7x1NJqUM2_PI34m-6dQ1w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/Gspj3ySLet893QfowtPu3QLO-TM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:4190:8024::/48

    Signature Algorithm: sha256WithRSAEncryption
         0c:80:8d:15:42:be:58:60:63:a0:c1:32:69:45:17:ba:27:c6:
         79:36:8f:7c:5d:86:52:b6:2a:18:fe:32:cf:95:15:59:c2:f1:
         75:02:e1:23:a3:85:7b:ad:1e:31:06:3e:ed:65:60:1d:84:1c:
         16:11:7d:fd:83:3b:a5:31:76:18:46:f3:e5:1e:64:5b:16:7c:
         df:4f:02:2d:86:d5:ca:82:19:b8:bd:6e:28:1d:03:eb:fd:d0:
         a7:eb:19:34:2e:a4:00:73:3a:6c:19:53:26:82:dc:f6:fa:90:
         3a:f3:9d:34:dd:b8:fa:56:fa:38:b9:f1:9b:2b:47:3a:ea:17:
         87:61:a1:20:79:9f:d1:2d:fb:c6:e7:80:c9:d5:b3:c3:1d:87:
         39:f2:ed:42:55:4a:8b:65:e0:d5:8e:e5:0a:50:1c:11:3e:c3:
         fb:b1:6c:41:ee:4d:9a:a7:78:65:e1:a0:c1:4f:5b:83:6e:87:
         12:1a:8b:9e:ee:42:23:cd:39:65:3a:1d:5d:e1:e3:a6:f1:01:
         7d:9a:ae:a2:48:e8:7f:d1:0b:15:58:e6:80:6d:f4:16:77:70:
         2b:97:8c:8c:96:cd:df:be:5c:96:ae:e9:10:b0:3a:7c:62:ac:
         f6:f6:1f:05:38:eb:18:c4:74:ac:35:aa:55:fc:9c:27:0e:eb:
         c8:75:59:2e
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzHJ2HaEU3HzYnA7UIDtA6QMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFhY2E2M2RmMjQ4YjdhZGYzZGRkMDdlOGMyZDNlZWRkMDJj
ZWY5MzMwHhcNMjQwMTAxMjIzMTM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMWJiNmIwNDhlZjFkNGQyNmE1MGNkYmYzYzhkZjg5YmVlOWQ0MzVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsfQqmm7zShPw4pUQ9lxv1NE9G3Pu
D2w9qw0dh0+pQSqkQ14XVoaJ9xJkBJoWSXnSGilP3dNH4Unezzu5e8NR0IxywKzX
cPolHjzgTncKOwePI2RTRBWKE2yIz5j+GLJ6vFc6YEJs9DiccKxbH4UnD7OvhPfc
+pQ/Y1TFXrgVq0yAfnR+c/rcNg5HJB/4wYDLasenMLV6d6K2F7sGk0+aBmefzGNb
UZ9Tho4YRJkL5oju+sTiqBEpPnU/F0SNbwb54cbkLWeQf3bC1Y9Efik1RK35yMDA
BtOc39h5s4jVHN1irmRPyBTPuu83pMJeglmZrkaIvK3SCn0gLLyTWf2xFwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFLG7awSO8dTSalDNvzyN+JvunUNcMB8GA1UdIwQY
MBaAFBrKY98ki3rfPd0H6MLT7t0CzvkzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3NwajN5U0xldDg5M1Fmb3d0UHUzUUxPLVRNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS8xZjY0NTgtZGM3NS00YWRkLWFlNzIt
OTFlMzE4NGJiMGFiLzEvc2J0ckJJN3gxTkpxVU0yX1BJMzRtLTZkUTF3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS8xZjY0NTgtZGM3NS00YWRkLWFlNzItOTFlMzE4NGJiMGFi
LzEvR3NwajN5U0xldDg5M1Fmb3d0UHUzUUxPLVRNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAFBkIAk
MA0GCSqGSIb3DQEBCwUAA4IBAQAMgI0VQr5YYGOgwTJpRRe6J8Z5No98XYZStioY
/jLPlRVZwvF1AuEjo4V7rR4xBj7tZWAdhBwWEX39gzulMXYYRvPlHmRbFnzfTwIt
htXKghm4vW4oHQPr/dCn6xk0LqQAczpsGVMmgtz2+pA685003bj6Vvo4ufGbK0c6
6heHYaEgeZ/RLfvG54DJ1bPDHYc58u1CVUqLZeDVjuUKUBwRPsP7sWxB7k2ap3hl
4aDBT1uDbocSGoue7kIjzTllOh1d4eOm8QF9mq6iSOh/0QsVWOaAbfQWd3Arl4yM
ls3fvlyWrukQsDp8Yqz29h8FOOsYxHSsNapV/JwnDuvIdVku
-----END CERTIFICATE-----