Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c9/3d7e20-9022-492a-b882-3188e9d1f5a0/1/3LVkRgnmtjQFPyURFc50BD-brkA.roa
File:                     3LVkRgnmtjQFPyURFc50BD-brkA.roa (raw, json)
Hash identifier:          RF0nPqZJeIZFs5eUJR14e2OkUtsdOHV4iIyla3XGgHg=
Subject key identifier:   DC:B5:64:46:09:E6:B6:34:05:3F:25:11:15:CE:74:04:3F:9B:AE:40
Certificate issuer:       /CN=d588db17666fa9515af31dba095d0f250f84bdf7
Certificate serial:       018CCA28EF31834ABCD71AF25AA07C1D2AEB
Authority key identifier: D5:88:DB:17:66:6F:A9:51:5A:F3:1D:BA:09:5D:0F:25:0F:84:BD:F7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1YjbF2ZvqVFa8x26CV0PJQ-Evfc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c9/3d7e20-9022-492a-b882-3188e9d1f5a0/1/3LVkRgnmtjQFPyURFc50BD-brkA.roa
Signing time:             Tue 02 Jan 2024 12:32:09 +0000
ROA not before:           Tue 02 Jan 2024 12:32:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207880
IP address blocks:        2001:678:b6c::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c9/3d7e20-9022-492a-b882-3188e9d1f5a0/1/1YjbF2ZvqVFa8x26CV0PJQ-Evfc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c9/3d7e20-9022-492a-b882-3188e9d1f5a0/1/1YjbF2ZvqVFa8x26CV0PJQ-Evfc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1YjbF2ZvqVFa8x26CV0PJQ-Evfc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 29 May 2024 04:03:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:28:ef:31:83:4a:bc:d7:1a:f2:5a:a0:7c:1d:2a:eb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d588db17666fa9515af31dba095d0f250f84bdf7
        Validity
            Not Before: Jan  2 12:32:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dcb5644609e6b634053f251115ce74043f9bae40
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:55:4d:b3:7d:78:c1:3a:09:3f:09:09:90:e9:
                    4e:cc:5a:69:33:9d:8f:00:87:86:db:6c:30:05:55:
                    3d:d6:16:25:57:f3:ae:4a:eb:ee:09:b9:ee:08:d5:
                    3f:1f:74:0b:d2:b3:17:5a:9e:b0:19:19:51:99:c8:
                    99:6d:73:31:92:02:f9:2e:d5:3f:1c:65:34:57:bb:
                    f5:4f:36:7e:6c:64:03:0e:5a:8c:ba:13:94:bb:4d:
                    d1:2b:87:a5:ef:fa:3a:1d:b7:db:72:f1:54:60:0a:
                    00:c0:e4:44:17:76:9c:ab:fb:87:ed:8c:7f:88:62:
                    46:74:74:00:79:e6:0a:c6:93:7b:ff:3d:e1:38:dd:
                    ac:a2:a2:60:7f:b9:67:49:e3:3a:b4:02:31:77:44:
                    4f:d5:b5:fe:71:ef:b6:b4:b0:47:5a:c2:fe:e5:a7:
                    97:3a:3a:4e:69:be:ac:ee:64:3a:51:26:52:f2:1c:
                    3e:ba:f1:04:f6:04:fe:57:7e:7e:65:19:c7:a3:3a:
                    36:ac:f5:3a:ce:23:0f:9a:ab:2b:47:73:66:91:e0:
                    bd:56:9c:51:f6:fe:64:26:17:91:8d:a2:fe:9d:37:
                    cd:b4:e2:be:d8:ed:be:04:02:6d:87:1d:b7:e9:b6:
                    c8:3d:35:2d:69:3f:70:44:8e:2a:5f:7f:38:c6:fa:
                    87:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:B5:64:46:09:E6:B6:34:05:3F:25:11:15:CE:74:04:3F:9B:AE:40
            X509v3 Authority Key Identifier:
                keyid:D5:88:DB:17:66:6F:A9:51:5A:F3:1D:BA:09:5D:0F:25:0F:84:BD:F7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1YjbF2ZvqVFa8x26CV0PJQ-Evfc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c9/3d7e20-9022-492a-b882-3188e9d1f5a0/1/3LVkRgnmtjQFPyURFc50BD-brkA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c9/3d7e20-9022-492a-b882-3188e9d1f5a0/1/1YjbF2ZvqVFa8x26CV0PJQ-Evfc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:b6c::/48

    Signature Algorithm: sha256WithRSAEncryption
         b0:e5:c7:8a:2a:1a:59:2a:4a:6d:2b:70:e8:c9:2a:71:e4:36:
         ef:0f:96:a5:eb:0e:32:53:1f:6e:ca:fa:bb:e3:53:06:24:3a:
         85:ed:21:40:69:4d:5b:3d:95:28:3c:0c:81:ec:1a:41:9d:58:
         2c:4a:8a:e1:a8:d8:17:04:e4:a2:1a:b8:71:dd:35:67:4d:f9:
         40:b7:de:22:2c:d9:12:6c:c0:7e:32:eb:89:62:73:db:bb:02:
         c8:3d:75:af:1c:33:c7:10:e7:7c:4b:da:d3:b7:fd:e0:00:1e:
         c8:82:14:4f:52:c8:54:b6:08:14:d2:0e:66:39:ab:c2:e4:70:
         ee:11:ce:98:b0:b8:40:c1:79:67:54:a2:6d:25:a0:5b:89:55:
         2a:cf:22:dd:81:81:b9:f5:d0:8f:9b:8d:38:76:27:4a:c5:30:
         9b:07:c3:22:2c:4e:5b:9b:e7:f8:4c:5e:1f:e3:47:e8:e3:43:
         44:db:62:83:8b:49:93:08:c1:28:62:6a:9c:03:d4:4d:96:27:
         f4:20:28:0e:77:56:2f:b9:37:f2:d3:7f:93:92:48:74:7b:f6:
         f3:00:84:77:8f:69:14:19:a9:10:d1:27:0c:46:0b:da:bb:eb:
         42:a4:4c:22:e7:64:0e:77:bc:8d:03:29:df:6b:71:7b:23:81:
         9f:d0:6d:18
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzKKO8xg0q81xryWqB8HSrrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ1ODhkYjE3NjY2ZmE5NTE1YWYzMWRiYTA5NWQwZjI1MGY4
NGJkZjcwHhcNMjQwMTAyMTIzMjA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkY2I1NjQ0NjA5ZTZiNjM0MDUzZjI1MTExNWNlNzQwNDNmOWJhZTQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt1VNs314wToJPwkJkOlOzFppM52P
AIeG22wwBVU91hYlV/OuSuvuCbnuCNU/H3QL0rMXWp6wGRlRmciZbXMxkgL5LtU/
HGU0V7v1TzZ+bGQDDlqMuhOUu03RK4el7/o6HbfbcvFUYAoAwOREF3acq/uH7Yx/
iGJGdHQAeeYKxpN7/z3hON2soqJgf7lnSeM6tAIxd0RP1bX+ce+2tLBHWsL+5aeX
OjpOab6s7mQ6USZS8hw+uvEE9gT+V35+ZRnHozo2rPU6ziMPmqsrR3NmkeC9VpxR
9v5kJheRjaL+nTfNtOK+2O2+BAJthx236bbIPTUtaT9wRI4qX384xvqHuQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFNy1ZEYJ5rY0BT8lERXOdAQ/m65AMB8GA1UdIwQY
MBaAFNWI2xdmb6lRWvMdugldDyUPhL33MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMVlqYkYyWnZxVkZhOHgyNkNWMFBKUS1FdmZjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOS8zZDdlMjAtOTAyMi00OTJhLWI4ODIt
MzE4OGU5ZDFmNWEwLzEvM0xWa1Jnbm10alFGUHlVUkZjNTBCRC1icmtBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOS8zZDdlMjAtOTAyMi00OTJhLWI4ODItMzE4OGU5ZDFmNWEw
LzEvMVlqYkYyWnZxVkZhOHgyNkNWMFBKUS1FdmZjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeAts
MA0GCSqGSIb3DQEBCwUAA4IBAQCw5ceKKhpZKkptK3DoySpx5DbvD5al6w4yUx9u
yvq741MGJDqF7SFAaU1bPZUoPAyB7BpBnVgsSorhqNgXBOSiGrhx3TVnTflAt94i
LNkSbMB+MuuJYnPbuwLIPXWvHDPHEOd8S9rTt/3gAB7IghRPUshUtggU0g5mOavC
5HDuEc6YsLhAwXlnVKJtJaBbiVUqzyLdgYG59dCPm404didKxTCbB8MiLE5bm+f4
TF4f40fo40NE22KDi0mTCMEoYmqcA9RNlif0ICgOd1YvuTfy03+Tkkh0e/bzAIR3
j2kUGakQ0ScMRgvau+tCpEwi52QOd7yNAynfa3F7I4Gf0G0Y
-----END CERTIFICATE-----