Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d4/d003ae-35a6-44f2-aad8-f8b12f982fe2/1/3DkqizmY2zz2AjPUucAPJzjdy9M.roa
File:                     3DkqizmY2zz2AjPUucAPJzjdy9M.roa (raw, json)
Hash identifier:          0OhrbYN117datgTgR8Z/07MHHT2IhmEBIcOQzzsbbrw=
Subject key identifier:   DC:39:2A:8B:39:98:DB:3C:F6:02:33:D4:B9:C0:0F:27:38:DD:CB:D3
Certificate issuer:       /CN=fec35d4f2f2d247ea08c4a0117d328e4e8edf152
Certificate serial:       018CCA2A861CB554FEA52F07E968897AB995
Authority key identifier: FE:C3:5D:4F:2F:2D:24:7E:A0:8C:4A:01:17:D3:28:E4:E8:ED:F1:52
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_sNdTy8tJH6gjEoBF9Mo5Ojt8VI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d4/d003ae-35a6-44f2-aad8-f8b12f982fe2/1/3DkqizmY2zz2AjPUucAPJzjdy9M.roa
Signing time:             Tue 02 Jan 2024 12:33:53 +0000
ROA not before:           Tue 02 Jan 2024 12:33:53 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201281
IP address blocks:        2001:678:794::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d4/d003ae-35a6-44f2-aad8-f8b12f982fe2/1/_sNdTy8tJH6gjEoBF9Mo5Ojt8VI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d4/d003ae-35a6-44f2-aad8-f8b12f982fe2/1/_sNdTy8tJH6gjEoBF9Mo5Ojt8VI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_sNdTy8tJH6gjEoBF9Mo5Ojt8VI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 29 Jun 2024 16:02:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:86:1c:b5:54:fe:a5:2f:07:e9:68:89:7a:b9:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fec35d4f2f2d247ea08c4a0117d328e4e8edf152
        Validity
            Not Before: Jan  2 12:33:53 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dc392a8b3998db3cf60233d4b9c00f2738ddcbd3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f6:62:0b:0d:9e:e3:92:f3:7e:e1:01:c1:13:82:
                    ae:75:dc:0a:a0:20:2d:2d:fb:60:e1:ac:ee:55:af:
                    ac:ba:ff:3e:f6:d3:19:c4:75:a5:e1:5b:95:e2:e7:
                    42:39:5b:01:3a:87:a0:3d:5f:ce:97:ab:00:ed:da:
                    51:25:a6:fb:0f:62:63:02:6f:2c:f3:83:ef:6c:01:
                    05:2f:d5:3b:5d:b8:e1:c4:45:d7:d4:e6:61:91:a6:
                    0e:44:ce:46:2b:94:12:c6:e1:9e:e2:58:8f:dc:26:
                    08:44:65:60:cf:8a:ec:65:02:7a:23:29:37:f3:85:
                    7a:e6:02:11:43:46:4b:12:79:e2:0c:96:bf:4f:f6:
                    b1:6d:3d:18:9f:7a:d6:8c:21:be:92:e3:d4:f3:7a:
                    3b:fc:3d:f0:f5:d8:62:35:34:90:2b:9f:86:01:c0:
                    6c:6b:51:a2:5f:6f:9b:56:0d:e6:46:c2:38:63:9c:
                    e4:4c:67:36:4f:0e:9e:81:3c:90:8d:32:e1:fa:71:
                    83:7d:6c:b3:06:11:3d:55:6b:b1:d7:c3:8d:d3:bc:
                    73:5b:1d:17:0e:ca:93:77:1d:29:ee:ef:76:ad:e4:
                    1a:2f:8b:06:1c:10:b1:39:e2:c1:90:3a:c7:21:9c:
                    5b:31:32:0d:38:29:9b:66:8a:43:12:d9:bf:70:95:
                    8b:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:39:2A:8B:39:98:DB:3C:F6:02:33:D4:B9:C0:0F:27:38:DD:CB:D3
            X509v3 Authority Key Identifier:
                keyid:FE:C3:5D:4F:2F:2D:24:7E:A0:8C:4A:01:17:D3:28:E4:E8:ED:F1:52

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_sNdTy8tJH6gjEoBF9Mo5Ojt8VI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/d003ae-35a6-44f2-aad8-f8b12f982fe2/1/3DkqizmY2zz2AjPUucAPJzjdy9M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/d003ae-35a6-44f2-aad8-f8b12f982fe2/1/_sNdTy8tJH6gjEoBF9Mo5Ojt8VI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:794::/48

    Signature Algorithm: sha256WithRSAEncryption
         01:b7:91:4f:df:df:0d:1f:12:a7:51:07:b8:04:96:17:b7:57:
         f2:63:94:07:57:28:0c:60:63:e8:65:fe:83:fa:c4:b2:93:2a:
         b5:51:61:c7:7f:8c:37:b3:35:a8:24:ad:1b:df:ef:1a:ba:07:
         4c:cd:26:fd:71:80:0c:fa:a0:d6:06:da:9e:a0:1a:2e:86:d5:
         da:48:f0:1a:ba:5a:c6:fd:eb:5e:fb:93:a4:e0:b5:f8:52:23:
         68:a8:96:64:b7:ed:65:73:b5:76:c2:b3:93:ce:e7:da:ed:38:
         ac:eb:16:03:78:96:9a:83:83:c8:0f:42:34:42:64:08:a6:12:
         c1:f5:51:13:46:3f:24:5e:ef:2f:52:31:99:fb:aa:73:7d:c3:
         70:32:fd:7c:67:76:f2:0b:2e:a7:91:12:7d:2d:b6:59:99:a2:
         92:b4:2e:3e:bf:69:cb:39:29:e9:be:29:5d:c4:64:83:d7:e9:
         aa:38:0b:de:a6:f7:19:2a:04:73:93:26:71:42:64:67:ff:fb:
         d0:7b:77:73:46:27:d0:01:e5:2a:15:40:da:5d:25:69:6e:ce:
         fe:24:42:24:05:c5:4a:25:89:df:66:ac:af:f9:cd:e4:64:5a:
         63:6f:ba:79:68:2f:25:dd:22:59:c6:f4:b6:74:f6:48:94:93:
         5b:c7:ae:fb
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzKKoYctVT+pS8H6WiJermVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZlYzM1ZDRmMmYyZDI0N2VhMDhjNGEwMTE3ZDMyOGU0ZThl
ZGYxNTIwHhcNMjQwMTAyMTIzMzUzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYzM5MmE4YjM5OThkYjNjZjYwMjMzZDRiOWMwMGYyNzM4ZGRjYmQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9mILDZ7jkvN+4QHBE4KuddwKoCAt
Lftg4azuVa+suv8+9tMZxHWl4VuV4udCOVsBOoegPV/Ol6sA7dpRJab7D2JjAm8s
84PvbAEFL9U7XbjhxEXX1OZhkaYORM5GK5QSxuGe4liP3CYIRGVgz4rsZQJ6Iyk3
84V65gIRQ0ZLEnniDJa/T/axbT0Yn3rWjCG+kuPU83o7/D3w9dhiNTSQK5+GAcBs
a1GiX2+bVg3mRsI4Y5zkTGc2Tw6egTyQjTLh+nGDfWyzBhE9VWux18ON07xzWx0X
DsqTdx0p7u92reQaL4sGHBCxOeLBkDrHIZxbMTINOCmbZopDEtm/cJWLiwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFNw5Kos5mNs89gIz1LnADyc43cvTMB8GA1UdIwQY
MBaAFP7DXU8vLSR+oIxKARfTKOTo7fFSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX3NOZFR5OHRKSDZnakVvQkY5TW81T2p0OFZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNC9kMDAzYWUtMzVhNi00NGYyLWFhZDgt
ZjhiMTJmOTgyZmUyLzEvM0RrcWl6bVkyenoyQWpQVXVjQVBKempkeTlNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNC9kMDAzYWUtMzVhNi00NGYyLWFhZDgtZjhiMTJmOTgyZmUy
LzEvX3NOZFR5OHRKSDZnakVvQkY5TW81T2p0OFZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeAeU
MA0GCSqGSIb3DQEBCwUAA4IBAQABt5FP398NHxKnUQe4BJYXt1fyY5QHVygMYGPo
Zf6D+sSykyq1UWHHf4w3szWoJK0b3+8augdMzSb9cYAM+qDWBtqeoBouhtXaSPAa
ulrG/ete+5Ok4LX4UiNoqJZkt+1lc7V2wrOTzufa7Tis6xYDeJaag4PID0I0QmQI
phLB9VETRj8kXu8vUjGZ+6pzfcNwMv18Z3byCy6nkRJ9LbZZmaKStC4+v2nLOSnp
vildxGSD1+mqOAvepvcZKgRzkyZxQmRn//vQe3dzRifQAeUqFUDaXSVpbs7+JEIk
BcVKJYnfZqyv+c3kZFpjb7p5aC8l3SJZxvS2dPZIlJNbx677
-----END CERTIFICATE-----