Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ed/c1f90a-2bad-41b4-b1a6-46b3028a03b0/1/gnvWkxxKouA1oEQVjDRniaeTgog.roa
File:                     gnvWkxxKouA1oEQVjDRniaeTgog.roa (raw, json)
Hash identifier:          lrzB8cTk56VSQHgIS3JbdQlfe98riIMcWdpb6YE48Ww=
Subject key identifier:   82:7B:D6:93:1C:4A:A2:E0:35:A0:44:15:8C:34:67:89:A7:93:82:88
Certificate issuer:       /CN=bbd351b274fc23a42728303638a0d62b606401b4
Certificate serial:       018CC49380AAAAEA41209F6A6C6557C7537E
Authority key identifier: BB:D3:51:B2:74:FC:23:A4:27:28:30:36:38:A0:D6:2B:60:64:01:B4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/u9NRsnT8I6QnKDA2OKDWK2BkAbQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ed/c1f90a-2bad-41b4-b1a6-46b3028a03b0/1/gnvWkxxKouA1oEQVjDRniaeTgog.roa
Signing time:             Mon 01 Jan 2024 10:30:50 +0000
ROA not before:           Mon 01 Jan 2024 10:30:50 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12817
IP address blocks:        2001:1578:200::/40 maxlen: 40

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ed/c1f90a-2bad-41b4-b1a6-46b3028a03b0/1/u9NRsnT8I6QnKDA2OKDWK2BkAbQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ed/c1f90a-2bad-41b4-b1a6-46b3028a03b0/1/u9NRsnT8I6QnKDA2OKDWK2BkAbQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/u9NRsnT8I6QnKDA2OKDWK2BkAbQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:80:aa:aa:ea:41:20:9f:6a:6c:65:57:c7:53:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bbd351b274fc23a42728303638a0d62b606401b4
        Validity
            Not Before: Jan  1 10:30:50 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=827bd6931c4aa2e035a044158c346789a7938288
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:0a:91:a0:28:48:d5:ff:c9:4a:38:3e:94:7a:
                    82:3a:28:3f:1e:be:c6:81:57:9f:ca:95:95:a1:5c:
                    8f:8b:3a:7d:9d:4a:d7:70:58:99:e8:62:43:e8:66:
                    54:4c:70:55:14:0e:21:c0:0b:8e:4f:d3:63:07:95:
                    72:b5:c5:32:b8:bc:22:d4:62:11:7b:6d:7a:b1:d6:
                    87:87:87:2f:ca:74:3d:78:c9:f9:fd:e1:10:d1:89:
                    29:66:fd:74:1b:df:4f:16:92:18:2d:a2:c4:c5:5b:
                    1b:29:66:e6:03:9d:53:b2:38:48:2d:1d:42:6e:33:
                    0f:d8:1a:74:62:8b:8d:6e:a0:f7:17:47:7c:dd:49:
                    0d:3e:a7:02:c1:0a:88:7e:41:77:3a:09:29:04:84:
                    8f:80:04:eb:ad:13:5a:05:ef:f0:3e:00:69:45:23:
                    f5:8f:65:2a:6d:80:4c:66:44:ff:99:90:2e:ab:c5:
                    95:f6:b5:fb:3b:ce:f3:68:d9:da:c5:5c:fd:20:ec:
                    24:12:7c:28:4f:31:38:fd:9d:66:09:ef:25:ca:12:
                    36:c0:d2:fc:31:df:3e:23:61:62:57:15:86:c2:84:
                    fb:3d:fe:cc:93:53:2e:92:f2:0d:78:0c:8b:32:0b:
                    af:7e:09:0a:2f:5b:b1:90:f7:bb:47:73:b6:72:b9:
                    a7:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:7B:D6:93:1C:4A:A2:E0:35:A0:44:15:8C:34:67:89:A7:93:82:88
            X509v3 Authority Key Identifier:
                keyid:BB:D3:51:B2:74:FC:23:A4:27:28:30:36:38:A0:D6:2B:60:64:01:B4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/u9NRsnT8I6QnKDA2OKDWK2BkAbQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/c1f90a-2bad-41b4-b1a6-46b3028a03b0/1/gnvWkxxKouA1oEQVjDRniaeTgog.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/c1f90a-2bad-41b4-b1a6-46b3028a03b0/1/u9NRsnT8I6QnKDA2OKDWK2BkAbQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:1578:200::/40

    Signature Algorithm: sha256WithRSAEncryption
         75:ec:94:e1:6e:9b:9c:52:88:90:a8:80:23:c6:37:87:be:be:
         fb:7e:06:68:57:d0:eb:0e:d6:34:32:af:5f:f3:27:a2:c1:7d:
         9e:d0:64:2b:6c:93:22:5e:09:e9:79:1a:eb:fd:ab:64:b9:db:
         77:6d:36:e5:a0:fc:b8:9f:df:49:87:39:9e:a0:b3:b9:74:62:
         89:54:bf:dc:97:97:a4:63:8e:84:ac:5d:52:5f:27:18:d6:2a:
         9c:a2:ed:15:e9:8c:df:1b:7f:97:4a:53:af:66:67:22:2e:4d:
         cb:45:df:8a:d6:65:b9:43:5c:af:b9:98:af:ab:27:8d:fc:ab:
         94:cd:1c:9e:b0:7d:e0:0b:a6:a8:d1:bd:d8:66:0b:b7:a9:80:
         17:0b:2f:79:bd:01:2c:d2:d9:97:6c:79:0e:4a:69:49:ed:2e:
         f2:23:a3:37:22:91:22:2c:5b:79:36:a7:76:75:37:76:13:9c:
         3d:cb:45:c0:4d:af:16:a7:a3:ac:71:90:9f:4e:fe:2d:85:90:
         f2:fe:e1:90:26:3b:f4:3b:e6:9b:9d:f7:90:e8:b1:94:6b:86:
         cb:a0:6c:11:55:27:c0:71:f0:e0:7e:c1:65:92:5d:3b:43:1b:
         f5:23:46:7c:2f:71:bb:af:97:af:4f:ed:77:a3:1f:f4:49:b6:
         50:ba:d2:19
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzEk4CqqupBIJ9qbGVXx1N+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJiZDM1MWIyNzRmYzIzYTQyNzI4MzAzNjM4YTBkNjJiNjA2
NDAxYjQwHhcNMjQwMTAxMTAzMDUwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MjdiZDY5MzFjNGFhMmUwMzVhMDQ0MTU4YzM0Njc4OWE3OTM4Mjg4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmAqRoChI1f/JSjg+lHqCOig/Hr7G
gVefypWVoVyPizp9nUrXcFiZ6GJD6GZUTHBVFA4hwAuOT9NjB5VytcUyuLwi1GIR
e216sdaHh4cvynQ9eMn5/eEQ0YkpZv10G99PFpIYLaLExVsbKWbmA51TsjhILR1C
bjMP2Bp0YouNbqD3F0d83UkNPqcCwQqIfkF3OgkpBISPgATrrRNaBe/wPgBpRSP1
j2UqbYBMZkT/mZAuq8WV9rX7O87zaNnaxVz9IOwkEnwoTzE4/Z1mCe8lyhI2wNL8
Md8+I2FiVxWGwoT7Pf7Mk1MukvINeAyLMguvfgkKL1uxkPe7R3O2crmnzQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFIJ71pMcSqLgNaBEFYw0Z4mnk4KIMB8GA1UdIwQY
MBaAFLvTUbJ0/COkJygwNjig1itgZAG0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdTlOUnNuVDhJNlFuS0RBMk9LRFdLMkJrQWJRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZC9jMWY5MGEtMmJhZC00MWI0LWIxYTYt
NDZiMzAyOGEwM2IwLzEvZ252V2t4eEtvdUExb0VRVmpEUm5pYWVUZ29nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZC9jMWY5MGEtMmJhZC00MWI0LWIxYTYtNDZiMzAyOGEwM2Iw
LzEvdTlOUnNuVDhJNlFuS0RBMk9LRFdLMkJrQWJRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAIAEVeAIw
DQYJKoZIhvcNAQELBQADggEBAHXslOFum5xSiJCogCPGN4e+vvt+BmhX0OsO1jQy
r1/zJ6LBfZ7QZCtskyJeCel5Guv9q2S523dtNuWg/Lif30mHOZ6gs7l0YolUv9yX
l6RjjoSsXVJfJxjWKpyi7RXpjN8bf5dKU69mZyIuTctF34rWZblDXK+5mK+rJ438
q5TNHJ6wfeALpqjRvdhmC7epgBcLL3m9ASzS2ZdseQ5KaUntLvIjozcikSIsW3k2
p3Z1N3YTnD3LRcBNrxano6xxkJ9O/i2FkPL+4ZAmO/Q75pud95DosZRrhsugbBFV
J8Bx8OB+wWWSXTtDG/UjRnwvcbuvl69P7XejH/RJtlC60hk=
-----END CERTIFICATE-----