Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/6bdd74-8cd0-4cc4-8b67-f83e3c71efcb/1/y4PVQ7mQ1tWHvmAVaYVNQgGAy44.roa
File:                     y4PVQ7mQ1tWHvmAVaYVNQgGAy44.roa (raw, json)
Hash identifier:          66NBHI7xO5fLeubtBEQGkyGU75JNfUKPW9KlR6GSLm8=
Subject key identifier:   CB:83:D5:43:B9:90:D6:D5:87:BE:60:15:69:85:4D:42:01:80:CB:8E
Certificate issuer:       /CN=a41c96e931eee41b899d62c7db83633446a3c42b
Certificate serial:       018CC9BBF7B6F0DA329BA76F4E3E893F7953
Authority key identifier: A4:1C:96:E9:31:EE:E4:1B:89:9D:62:C7:DB:83:63:34:46:A3:C4:2B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pByW6THu5BuJnWLH24NjNEajxCs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/6bdd74-8cd0-4cc4-8b67-f83e3c71efcb/1/y4PVQ7mQ1tWHvmAVaYVNQgGAy44.roa
Signing time:             Tue 02 Jan 2024 10:33:08 +0000
ROA not before:           Tue 02 Jan 2024 10:33:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200273
IP address blocks:        2001:678:7f8::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/6bdd74-8cd0-4cc4-8b67-f83e3c71efcb/1/pByW6THu5BuJnWLH24NjNEajxCs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/6bdd74-8cd0-4cc4-8b67-f83e3c71efcb/1/pByW6THu5BuJnWLH24NjNEajxCs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pByW6THu5BuJnWLH24NjNEajxCs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 22:00:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bb:f7:b6:f0:da:32:9b:a7:6f:4e:3e:89:3f:79:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a41c96e931eee41b899d62c7db83633446a3c42b
        Validity
            Not Before: Jan  2 10:33:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cb83d543b990d6d587be601569854d420180cb8e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:0b:31:08:15:e5:77:6b:10:ef:fb:a1:ed:ed:
                    21:d9:4e:32:28:15:41:2a:46:78:98:14:05:15:87:
                    c3:0f:97:60:5f:6d:ea:45:51:05:7a:f2:61:db:96:
                    50:9c:d4:3f:8e:10:be:56:ef:40:fe:6b:7e:eb:25:
                    fe:28:b4:6b:91:92:69:f3:92:3f:bf:55:84:62:f0:
                    da:fa:48:41:d7:d2:66:fe:3f:e8:f0:ba:ff:66:5a:
                    98:d6:8f:81:7d:81:91:39:a0:2d:96:ed:eb:b4:de:
                    e4:93:09:03:1f:4f:b4:06:8e:8c:eb:00:0e:29:6d:
                    d7:07:c9:8d:81:65:2e:58:47:18:7d:62:03:46:6c:
                    8c:26:1c:43:b1:a9:a5:5b:0f:6b:4c:2b:ab:56:6f:
                    f6:35:f1:01:7d:de:a9:f8:62:4d:0f:47:0b:b2:19:
                    b1:ec:31:40:8a:b6:9b:38:8f:0c:00:83:76:ce:35:
                    97:3e:f9:0a:33:14:ea:dd:04:fc:7f:65:51:8f:45:
                    0d:64:4b:94:a0:73:80:77:02:b1:76:5e:1b:47:48:
                    c4:e5:13:72:f3:ad:0b:04:02:04:e9:2f:02:0d:45:
                    f5:45:42:14:10:6c:9e:dd:58:5e:21:b8:94:1b:cc:
                    c8:d1:fb:ba:41:65:d3:27:fa:a7:d2:ac:db:fa:c8:
                    cc:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:83:D5:43:B9:90:D6:D5:87:BE:60:15:69:85:4D:42:01:80:CB:8E
            X509v3 Authority Key Identifier:
                keyid:A4:1C:96:E9:31:EE:E4:1B:89:9D:62:C7:DB:83:63:34:46:A3:C4:2B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pByW6THu5BuJnWLH24NjNEajxCs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/6bdd74-8cd0-4cc4-8b67-f83e3c71efcb/1/y4PVQ7mQ1tWHvmAVaYVNQgGAy44.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/6bdd74-8cd0-4cc4-8b67-f83e3c71efcb/1/pByW6THu5BuJnWLH24NjNEajxCs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:7f8::/48

    Signature Algorithm: sha256WithRSAEncryption
         a5:05:e2:6c:af:2f:b9:9d:f8:3f:fd:f0:3c:55:6e:da:db:dd:
         c6:43:d4:8f:37:47:bf:ee:80:6b:9c:c6:95:99:26:99:af:42:
         20:56:1d:03:63:89:4d:f5:8f:34:67:7d:99:4b:4d:52:9c:4e:
         ea:15:62:a9:fe:45:72:e1:49:45:38:30:e6:b5:26:7a:b1:6c:
         2f:bd:71:6c:c6:c1:bd:48:f7:fa:dc:77:81:8f:f2:d5:aa:43:
         bf:3b:03:21:7b:fd:aa:95:59:70:32:22:ea:63:83:9a:c3:c9:
         cc:8f:9d:8a:01:ad:5f:a3:57:0c:80:a1:bb:58:2c:81:f8:b6:
         2c:9a:54:01:55:6c:e1:26:59:9d:5e:cf:cd:2b:e5:1b:d0:4f:
         d0:5a:f8:a6:1f:80:01:23:64:29:c2:a5:fe:ff:3b:6d:85:ba:
         2d:d8:79:0d:30:d8:98:9a:1b:2c:af:6d:6b:da:78:3a:15:3b:
         7f:94:96:81:5e:a7:1d:4f:6c:ca:3f:91:94:38:0b:88:f6:56:
         c2:de:b9:32:fe:be:a4:ae:57:c3:6a:cc:28:77:f3:d4:4e:ba:
         06:fa:96:8b:5f:e1:cf:7f:5f:da:85:e6:04:52:53:a2:27:45:
         0b:c5:0e:40:16:0e:ca:9c:27:d7:3d:e7:33:1b:4f:2e:17:fb:
         3d:04:85:18
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzJu/e28Noym6dvTj6JP3lTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE0MWM5NmU5MzFlZWU0MWI4OTlkNjJjN2RiODM2MzM0NDZh
M2M0MmIwHhcNMjQwMTAyMTAzMzA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYjgzZDU0M2I5OTBkNmQ1ODdiZTYwMTU2OTg1NGQ0MjAxODBjYjhlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhQsxCBXld2sQ7/uh7e0h2U4yKBVB
KkZ4mBQFFYfDD5dgX23qRVEFevJh25ZQnNQ/jhC+Vu9A/mt+6yX+KLRrkZJp85I/
v1WEYvDa+khB19Jm/j/o8Lr/ZlqY1o+BfYGROaAtlu3rtN7kkwkDH0+0Bo6M6wAO
KW3XB8mNgWUuWEcYfWIDRmyMJhxDsamlWw9rTCurVm/2NfEBfd6p+GJND0cLshmx
7DFAirabOI8MAIN2zjWXPvkKMxTq3QT8f2VRj0UNZEuUoHOAdwKxdl4bR0jE5RNy
860LBAIE6S8CDUX1RUIUEGye3VheIbiUG8zI0fu6QWXTJ/qn0qzb+sjMowIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFMuD1UO5kNbVh75gFWmFTUIBgMuOMB8GA1UdIwQY
MBaAFKQclukx7uQbiZ1ix9uDYzRGo8QrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcEJ5VzZUSHU1QnVKbldMSDI0TmpORWFqeENzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy82YmRkNzQtOGNkMC00Y2M0LThiNjct
ZjgzZTNjNzFlZmNiLzEveTRQVlE3bVExdFdIdm1BVmFZVk5RZ0dBeTQ0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy82YmRkNzQtOGNkMC00Y2M0LThiNjctZjgzZTNjNzFlZmNi
LzEvcEJ5VzZUSHU1QnVKbldMSDI0TmpORWFqeENzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeAf4
MA0GCSqGSIb3DQEBCwUAA4IBAQClBeJsry+5nfg//fA8VW7a293GQ9SPN0e/7oBr
nMaVmSaZr0IgVh0DY4lN9Y80Z32ZS01SnE7qFWKp/kVy4UlFODDmtSZ6sWwvvXFs
xsG9SPf63HeBj/LVqkO/OwMhe/2qlVlwMiLqY4Oaw8nMj52KAa1fo1cMgKG7WCyB
+LYsmlQBVWzhJlmdXs/NK+Ub0E/QWvimH4ABI2QpwqX+/ztthbot2HkNMNiYmhss
r21r2ng6FTt/lJaBXqcdT2zKP5GUOAuI9lbC3rky/r6krlfDaswod/PUTroG+paL
X+HPf1/aheYEUlOiJ0ULxQ5AFg7KnCfXPeczG08uF/s9BIUY
-----END CERTIFICATE-----