Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/544bea-f1ec-4666-81c0-78a4d65693fe/1/vDJkmnQWeh0rQLv8tpU5wEmh3GM.roa
File:                     vDJkmnQWeh0rQLv8tpU5wEmh3GM.roa (raw, json)
Hash identifier:          ZBFH3NMHr+6wdOu/wad/9xyUrdMZk4Ie7CHAPyqufVk=
Subject key identifier:   BC:32:64:9A:74:16:7A:1D:2B:40:BB:FC:B6:95:39:C0:49:A1:DC:63
Certificate issuer:       /CN=0fdee7944ac4da3111295d81e29deba00c163a96
Certificate serial:       018CC795486C6469EB647759362BD922DFB6
Authority key identifier: 0F:DE:E7:94:4A:C4:DA:31:11:29:5D:81:E2:9D:EB:A0:0C:16:3A:96
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/D97nlErE2jERKV2B4p3roAwWOpY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/544bea-f1ec-4666-81c0-78a4d65693fe/1/vDJkmnQWeh0rQLv8tpU5wEmh3GM.roa
Signing time:             Tue 02 Jan 2024 00:31:38 +0000
ROA not before:           Tue 02 Jan 2024 00:31:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199249
IP address blocks:        2001:67c:12bc::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c5/544bea-f1ec-4666-81c0-78a4d65693fe/1/D97nlErE2jERKV2B4p3roAwWOpY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c5/544bea-f1ec-4666-81c0-78a4d65693fe/1/D97nlErE2jERKV2B4p3roAwWOpY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/D97nlErE2jERKV2B4p3roAwWOpY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:48:6c:64:69:eb:64:77:59:36:2b:d9:22:df:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0fdee7944ac4da3111295d81e29deba00c163a96
        Validity
            Not Before: Jan  2 00:31:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bc32649a74167a1d2b40bbfcb69539c049a1dc63
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:0d:ef:d3:13:0e:cf:b8:65:a5:56:16:04:34:
                    0a:19:97:b1:21:84:d4:90:c7:14:08:fb:d1:58:f8:
                    0d:86:47:69:6a:bc:53:3a:41:40:d7:96:a3:df:87:
                    a8:c3:cd:f2:e7:08:20:0f:50:e8:01:3c:00:b0:ae:
                    42:3f:8d:8a:55:fc:e1:3b:a2:f7:27:49:ba:5f:88:
                    c5:56:be:72:3f:8b:79:6d:fc:37:32:14:5e:9f:f5:
                    48:91:06:8d:6a:19:c3:dc:7a:c2:17:7c:69:ff:09:
                    cc:66:d5:b7:b7:42:b3:0f:fa:46:a5:e1:ee:12:3a:
                    a3:a1:48:e3:dd:78:1f:86:26:d3:aa:c1:21:b7:3c:
                    45:d8:b3:7d:80:70:49:3c:f0:f6:fd:d6:c0:72:58:
                    42:82:a0:01:ba:db:72:c2:54:ee:13:dc:a2:71:1d:
                    95:87:ee:af:0f:2d:79:73:be:34:0f:e3:c3:7e:bb:
                    76:1b:50:1b:89:85:ce:e5:c5:cd:26:d3:00:07:8a:
                    d9:9b:b2:e8:c9:82:56:bb:0b:57:6f:33:2c:0a:8d:
                    c6:b5:8d:f7:57:3e:cb:b8:68:73:0c:36:fb:a5:91:
                    03:aa:16:e2:6a:02:d2:95:4f:c4:ea:11:4e:b7:1b:
                    a7:e9:f6:cc:df:84:b2:a7:35:11:a1:85:e0:1c:2c:
                    e1:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:32:64:9A:74:16:7A:1D:2B:40:BB:FC:B6:95:39:C0:49:A1:DC:63
            X509v3 Authority Key Identifier:
                keyid:0F:DE:E7:94:4A:C4:DA:31:11:29:5D:81:E2:9D:EB:A0:0C:16:3A:96

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/D97nlErE2jERKV2B4p3roAwWOpY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/544bea-f1ec-4666-81c0-78a4d65693fe/1/vDJkmnQWeh0rQLv8tpU5wEmh3GM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/544bea-f1ec-4666-81c0-78a4d65693fe/1/D97nlErE2jERKV2B4p3roAwWOpY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:12bc::/48

    Signature Algorithm: sha256WithRSAEncryption
         0f:bd:8e:02:91:5b:88:b8:29:ee:e1:79:23:40:ab:9a:fa:88:
         17:f9:8f:4f:3d:5d:67:b4:70:69:55:42:31:74:5a:8b:15:36:
         97:3a:6a:d2:c6:37:67:f1:cf:da:37:f8:86:7f:0a:13:25:14:
         34:49:c2:d7:77:6e:ae:06:ba:03:60:1d:b0:39:a0:08:49:fc:
         68:d4:bd:47:1f:12:41:2e:fb:78:b8:fe:4e:fe:71:73:aa:a0:
         dd:4c:58:e8:19:ee:e3:2b:8e:db:a5:58:e1:78:43:66:f2:e8:
         29:ae:2c:50:8f:ec:62:91:91:1e:91:cc:10:99:e2:62:54:f9:
         18:5f:30:7d:11:af:a2:83:b8:21:f2:22:1d:c7:16:7b:a5:3f:
         55:75:a3:fc:48:87:e4:aa:c6:63:f9:cb:00:89:91:b2:e5:9a:
         1d:46:1e:89:9b:b7:3f:56:b0:32:fd:76:51:14:00:4c:fb:0d:
         86:44:9f:5e:62:a2:3d:f3:54:ba:4e:10:fd:e7:c5:a1:8b:4d:
         8f:f6:3d:59:85:39:d4:10:2d:46:e6:4d:3a:20:38:a6:da:84:
         46:48:b3:61:eb:9e:05:49:57:43:d8:60:46:ec:81:4a:23:3e:
         d5:a0:92:48:fd:d2:2f:95:cc:a9:8d:d7:e5:3d:43:ad:d0:47:
         2c:bd:8b:52
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzHlUhsZGnrZHdZNivZIt+2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBmZGVlNzk0NGFjNGRhMzExMTI5NWQ4MWUyOWRlYmEwMGMx
NjNhOTYwHhcNMjQwMTAyMDAzMTM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYzMyNjQ5YTc0MTY3YTFkMmI0MGJiZmNiNjk1MzljMDQ5YTFkYzYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmA3v0xMOz7hlpVYWBDQKGZexIYTU
kMcUCPvRWPgNhkdparxTOkFA15aj34eow83y5wggD1DoATwAsK5CP42KVfzhO6L3
J0m6X4jFVr5yP4t5bfw3MhRen/VIkQaNahnD3HrCF3xp/wnMZtW3t0KzD/pGpeHu
EjqjoUjj3XgfhibTqsEhtzxF2LN9gHBJPPD2/dbAclhCgqAButtywlTuE9yicR2V
h+6vDy15c740D+PDfrt2G1AbiYXO5cXNJtMAB4rZm7LoyYJWuwtXbzMsCo3GtY33
Vz7LuGhzDDb7pZEDqhbiagLSlU/E6hFOtxun6fbM34SypzURoYXgHCzhZwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFLwyZJp0FnodK0C7/LaVOcBJodxjMB8GA1UdIwQY
MBaAFA/e55RKxNoxESldgeKd66AMFjqWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRDk3bmxFckUyakVSS1YyQjRwM3JvQXdXT3BZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS81NDRiZWEtZjFlYy00NjY2LTgxYzAt
NzhhNGQ2NTY5M2ZlLzEvdkRKa21uUVdlaDByUUx2OHRwVTV3RW1oM0dNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS81NDRiZWEtZjFlYy00NjY2LTgxYzAtNzhhNGQ2NTY5M2Zl
LzEvRDk3bmxFckUyakVSS1YyQjRwM3JvQXdXT3BZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfBK8
MA0GCSqGSIb3DQEBCwUAA4IBAQAPvY4CkVuIuCnu4XkjQKua+ogX+Y9PPV1ntHBp
VUIxdFqLFTaXOmrSxjdn8c/aN/iGfwoTJRQ0ScLXd26uBroDYB2wOaAISfxo1L1H
HxJBLvt4uP5O/nFzqqDdTFjoGe7jK47bpVjheENm8ugprixQj+xikZEekcwQmeJi
VPkYXzB9Ea+ig7gh8iIdxxZ7pT9VdaP8SIfkqsZj+csAiZGy5ZodRh6Jm7c/VrAy
/XZRFABM+w2GRJ9eYqI981S6ThD958Whi02P9j1ZhTnUEC1G5k06IDim2oRGSLNh
654FSVdD2GBG7IFKIz7VoJJI/dIvlcypjdflPUOt0EcsvYtS
-----END CERTIFICATE-----