Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e7/d2548c-bd6a-4395-95fb-12e20c875c53/1/0F03rBgmZ8gSrLVLOf26EFnA3qc.roa
File:                     0F03rBgmZ8gSrLVLOf26EFnA3qc.roa (raw, json)
Hash identifier:          huqthXtQ3EFeIxp+1O6rv4sLkm1l1qrivmbbyznSgT0=
Subject key identifier:   D0:5D:37:AC:18:26:67:C8:12:AC:B5:4B:39:FD:BA:10:59:C0:DE:A7
Certificate issuer:       /CN=1e3ba4dbba523d5b0dc989203bfd69648d1d4e66
Certificate serial:       018CC49239FCC91D90237F5A3E385775734E
Authority key identifier: 1E:3B:A4:DB:BA:52:3D:5B:0D:C9:89:20:3B:FD:69:64:8D:1D:4E:66
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Hjuk27pSPVsNyYkgO_1pZI0dTmY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e7/d2548c-bd6a-4395-95fb-12e20c875c53/1/0F03rBgmZ8gSrLVLOf26EFnA3qc.roa
Signing time:             Mon 01 Jan 2024 10:29:26 +0000
ROA not before:           Mon 01 Jan 2024 10:29:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     13101
IP address blocks:        2001:678:a14::/48 maxlen: 64

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e7/d2548c-bd6a-4395-95fb-12e20c875c53/1/Hjuk27pSPVsNyYkgO_1pZI0dTmY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e7/d2548c-bd6a-4395-95fb-12e20c875c53/1/Hjuk27pSPVsNyYkgO_1pZI0dTmY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Hjuk27pSPVsNyYkgO_1pZI0dTmY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 22 May 2024 02:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:92:39:fc:c9:1d:90:23:7f:5a:3e:38:57:75:73:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1e3ba4dbba523d5b0dc989203bfd69648d1d4e66
        Validity
            Not Before: Jan  1 10:29:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d05d37ac182667c812acb54b39fdba1059c0dea7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:ba:fc:ad:c8:28:9f:f9:4b:13:10:04:47:fb:
                    36:15:62:26:ba:fb:6a:da:5c:0c:87:dc:f9:77:44:
                    8a:0d:d7:c0:f6:2c:51:99:77:7b:1f:57:5f:fc:12:
                    5f:3a:f3:02:99:76:2e:48:e8:b5:42:7b:83:ea:f4:
                    b8:20:e5:b0:f6:86:5e:10:d0:76:13:6a:2e:44:00:
                    13:d0:dc:84:0d:a5:6f:aa:db:32:e6:c2:21:d6:99:
                    7d:b4:14:07:a4:10:b1:94:12:46:65:e4:85:27:bf:
                    1a:c1:52:fc:54:75:f4:a8:fe:c3:4c:ed:e7:67:ed:
                    cd:87:1f:3d:a4:98:8e:80:7c:6c:7f:26:38:9b:24:
                    99:cd:5e:7a:b7:f1:79:c6:e5:ed:e7:5d:3d:25:6f:
                    93:47:07:28:06:ef:37:08:7c:ff:a0:06:2f:f4:a1:
                    a4:18:20:d9:75:17:b4:2f:73:1c:ec:ec:35:77:a1:
                    f6:0b:f1:1e:92:b6:fe:72:26:3f:9b:5a:4c:29:01:
                    2f:fb:37:37:22:df:a0:d5:a3:ed:0a:51:e4:dc:2b:
                    8a:a8:57:b1:42:a3:34:e9:4b:81:d2:e2:c8:72:99:
                    fa:40:5e:f5:47:89:0c:1c:ba:08:52:aa:06:ae:58:
                    fb:95:56:72:87:6e:3a:4b:9f:04:0a:d0:89:e9:0c:
                    bc:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:5D:37:AC:18:26:67:C8:12:AC:B5:4B:39:FD:BA:10:59:C0:DE:A7
            X509v3 Authority Key Identifier:
                keyid:1E:3B:A4:DB:BA:52:3D:5B:0D:C9:89:20:3B:FD:69:64:8D:1D:4E:66

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Hjuk27pSPVsNyYkgO_1pZI0dTmY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/d2548c-bd6a-4395-95fb-12e20c875c53/1/0F03rBgmZ8gSrLVLOf26EFnA3qc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/d2548c-bd6a-4395-95fb-12e20c875c53/1/Hjuk27pSPVsNyYkgO_1pZI0dTmY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:a14::/48

    Signature Algorithm: sha256WithRSAEncryption
         ac:9b:ef:2a:5c:ef:ba:57:eb:49:7e:3d:ec:00:fb:b1:f3:70:
         f8:27:31:71:27:bf:83:5a:25:60:b0:f6:d3:6f:c5:7c:b2:df:
         3e:b2:80:ae:6d:8a:3b:e7:5a:16:e8:b7:03:c0:98:33:31:3e:
         25:8c:7b:20:b1:96:d9:00:32:b5:ea:30:97:85:37:d8:ca:b5:
         ea:f8:c3:94:be:f6:9c:a9:e9:36:95:f6:b9:3c:ca:db:ab:96:
         19:8f:28:75:d5:0d:9c:58:1b:38:97:14:59:b3:d6:12:e6:be:
         3d:84:6c:ea:52:64:ce:2e:6a:dc:63:e9:a0:a3:b4:0d:3c:8a:
         b3:66:d1:67:50:c0:44:93:98:e8:67:9a:fa:9d:f9:31:03:70:
         50:75:87:7b:c4:39:3e:c9:4d:a0:63:5a:6d:56:7a:2d:70:f6:
         2d:43:36:27:ca:d7:94:48:58:50:a9:b3:73:93:a4:dc:58:e5:
         18:84:6c:18:df:39:02:4b:54:05:d5:c3:9b:c4:96:33:c2:1c:
         b3:a7:24:a2:dd:5b:7b:57:8e:c3:57:a2:bc:54:9d:53:a0:8e:
         2e:d7:a5:c0:b7:11:32:c7:e9:e6:f5:92:bc:88:78:a2:21:8b:
         fa:b9:1b:aa:a6:4a:e1:db:d1:84:c9:a9:48:fd:23:c2:70:8c:
         66:ef:3f:00
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzEkjn8yR2QI39aPjhXdXNOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFlM2JhNGRiYmE1MjNkNWIwZGM5ODkyMDNiZmQ2OTY0OGQx
ZDRlNjYwHhcNMjQwMTAxMTAyOTI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMDVkMzdhYzE4MjY2N2M4MTJhY2I1NGIzOWZkYmExMDU5YzBkZWE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAprr8rcgon/lLExAER/s2FWImuvtq
2lwMh9z5d0SKDdfA9ixRmXd7H1df/BJfOvMCmXYuSOi1QnuD6vS4IOWw9oZeENB2
E2ouRAAT0NyEDaVvqtsy5sIh1pl9tBQHpBCxlBJGZeSFJ78awVL8VHX0qP7DTO3n
Z+3Nhx89pJiOgHxsfyY4mySZzV56t/F5xuXt5109JW+TRwcoBu83CHz/oAYv9KGk
GCDZdRe0L3Mc7Ow1d6H2C/Eekrb+ciY/m1pMKQEv+zc3It+g1aPtClHk3CuKqFex
QqM06UuB0uLIcpn6QF71R4kMHLoIUqoGrlj7lVZyh246S58ECtCJ6Qy8NQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFNBdN6wYJmfIEqy1Szn9uhBZwN6nMB8GA1UdIwQY
MBaAFB47pNu6Uj1bDcmJIDv9aWSNHU5mMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSGp1azI3cFNQVnNOeVlrZ09fMXBaSTBkVG1ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNy9kMjU0OGMtYmQ2YS00Mzk1LTk1ZmIt
MTJlMjBjODc1YzUzLzEvMEYwM3JCZ21aOGdTckxWTE9mMjZFRm5BM3FjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNy9kMjU0OGMtYmQ2YS00Mzk1LTk1ZmItMTJlMjBjODc1YzUz
LzEvSGp1azI3cFNQVnNOeVlrZ09fMXBaSTBkVG1ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeAoU
MA0GCSqGSIb3DQEBCwUAA4IBAQCsm+8qXO+6V+tJfj3sAPux83D4JzFxJ7+DWiVg
sPbTb8V8st8+soCubYo751oW6LcDwJgzMT4ljHsgsZbZADK16jCXhTfYyrXq+MOU
vvacqek2lfa5PMrbq5YZjyh11Q2cWBs4lxRZs9YS5r49hGzqUmTOLmrcY+mgo7QN
PIqzZtFnUMBEk5joZ5r6nfkxA3BQdYd7xDk+yU2gY1ptVnotcPYtQzYnyteUSFhQ
qbNzk6TcWOUYhGwY3zkCS1QF1cObxJYzwhyzpySi3Vt7V47DV6K8VJ1ToI4u16XA
txEyx+nm9ZK8iHiiIYv6uRuqpkrh29GEyalI/SPCcIxm7z8A
-----END CERTIFICATE-----