Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f4/b59715-b05a-4b4a-a922-0144a3282a2e/1/ayc756KgghUiNlotpbFmoIQejuQ.roa
File:                     ayc756KgghUiNlotpbFmoIQejuQ.roa (raw, json)
Hash identifier:          +zz9mOklTVSBTdD9gSEBa2pA0Hc4h+uARyFbKx2f7gM=
Subject key identifier:   6B:27:3B:E7:A2:A0:82:15:22:36:5A:2D:A5:B1:66:A0:84:1E:8E:E4
Certificate issuer:       /CN=8050504f4b1776e80b8ad9f8b356e613b585b35a
Certificate serial:       0191FEC32A4981A0AB73FCFF91941AFE539C
Authority key identifier: 80:50:50:4F:4B:17:76:E8:0B:8A:D9:F8:B3:56:E6:13:B5:85:B3:5A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gFBQT0sXdugLitn4s1bmE7WFs1o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f4/b59715-b05a-4b4a-a922-0144a3282a2e/1/ayc756KgghUiNlotpbFmoIQejuQ.roa
Signing time:             Tue 17 Sep 2024 06:54:48 +0000
ROA not before:           Tue 17 Sep 2024 06:54:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61232
IP address blocks:        2001:678:e44::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f4/b59715-b05a-4b4a-a922-0144a3282a2e/1/gFBQT0sXdugLitn4s1bmE7WFs1o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f4/b59715-b05a-4b4a-a922-0144a3282a2e/1/gFBQT0sXdugLitn4s1bmE7WFs1o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gFBQT0sXdugLitn4s1bmE7WFs1o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:fe:c3:2a:49:81:a0:ab:73:fc:ff:91:94:1a:fe:53:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8050504f4b1776e80b8ad9f8b356e613b585b35a
        Validity
            Not Before: Sep 17 06:54:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6b273be7a2a0821522365a2da5b166a0841e8ee4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f1:9e:86:68:3c:0f:fc:9f:11:95:3e:27:17:cf:
                    bd:9f:a3:43:fa:3d:fe:19:ae:64:72:4a:32:0e:83:
                    0e:fc:57:cf:18:00:d9:bc:b2:50:88:93:25:5a:b5:
                    9e:34:5a:9c:83:e7:e2:f6:7a:f8:4c:cf:55:d2:db:
                    48:20:d8:3a:c6:e2:bd:2a:74:df:26:05:fc:14:5b:
                    74:ae:c0:3f:93:c4:c8:33:0a:95:f7:9e:b7:14:04:
                    33:c0:4a:2a:27:ec:07:c4:8a:1e:f2:df:59:08:d5:
                    37:f1:dc:9d:f6:2a:f7:28:f7:33:76:4f:f8:9a:46:
                    3e:c1:af:2b:5f:6f:16:46:5a:e9:5e:cd:a9:b0:aa:
                    a7:e7:de:60:f3:17:9e:d7:be:2e:e9:44:43:a0:1b:
                    5a:eb:df:a8:8e:6b:1f:fe:3c:88:26:13:39:77:6b:
                    42:a4:c6:a9:3c:26:b0:67:6b:7f:7f:b3:d8:b4:85:
                    01:11:23:f1:3d:02:d1:e1:e3:4c:df:b0:cf:53:00:
                    4f:f6:38:0e:d3:e6:1a:77:7f:06:fc:61:df:38:42:
                    63:cd:06:80:d6:b7:91:56:c8:ef:26:f4:60:73:04:
                    82:98:81:8c:47:38:22:58:d1:eb:9e:9f:4a:27:db:
                    04:2f:a7:d8:29:ed:67:01:06:da:8e:15:23:10:f5:
                    33:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:27:3B:E7:A2:A0:82:15:22:36:5A:2D:A5:B1:66:A0:84:1E:8E:E4
            X509v3 Authority Key Identifier:
                keyid:80:50:50:4F:4B:17:76:E8:0B:8A:D9:F8:B3:56:E6:13:B5:85:B3:5A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gFBQT0sXdugLitn4s1bmE7WFs1o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f4/b59715-b05a-4b4a-a922-0144a3282a2e/1/ayc756KgghUiNlotpbFmoIQejuQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f4/b59715-b05a-4b4a-a922-0144a3282a2e/1/gFBQT0sXdugLitn4s1bmE7WFs1o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:e44::/48

    Signature Algorithm: sha256WithRSAEncryption
         69:0e:91:76:1b:71:b8:0c:87:a5:99:75:47:8f:15:77:ed:cb:
         55:1c:fb:13:8e:94:e9:90:54:b8:3f:a2:fb:f6:6c:ae:0d:08:
         b6:f4:19:a6:2d:cf:39:a9:d4:87:4d:65:e0:1a:17:6c:51:6b:
         c6:e4:4d:b0:b3:29:7f:cc:6c:c6:dd:d4:b5:2a:bd:14:f5:9b:
         55:7e:c2:df:6c:c0:25:2c:dc:2e:d1:17:90:35:88:7d:b9:74:
         10:2d:ea:ce:9f:7f:c1:d9:6f:84:d1:66:96:5f:1c:c5:aa:da:
         52:be:e5:a9:f4:aa:f8:77:93:c9:28:1a:25:0f:e4:40:c7:52:
         98:ab:62:3c:bb:45:e9:e7:90:7b:c2:d0:c7:98:7c:51:2e:8f:
         e3:72:65:0e:6d:e8:19:1d:f0:ca:f4:bf:7a:f2:75:ef:e6:f0:
         d8:a4:2d:74:6b:d6:b1:91:8e:31:66:83:7f:ed:f2:45:3f:42:
         c2:45:a4:03:70:aa:db:f2:13:e8:fe:2b:3d:4f:84:ba:ba:e9:
         be:9f:d9:5d:1c:e8:30:ea:8c:fd:d0:19:a0:1a:aa:8f:68:54:
         30:01:39:4e:72:df:f4:a3:05:21:0e:b0:1e:9e:1d:9f:d6:5a:
         90:7d:71:93:ce:14:fb:5c:20:d6:8f:08:22:c4:a7:c4:58:7d:
         f5:c5:8c:56
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZH+wypJgaCrc/z/kZQa/lOcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgwNTA1MDRmNGIxNzc2ZTgwYjhhZDlmOGIzNTZlNjEzYjU4
NWIzNWEwHhcNMjQwOTE3MDY1NDQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YjI3M2JlN2EyYTA4MjE1MjIzNjVhMmRhNWIxNjZhMDg0MWU4ZWU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8Z6GaDwP/J8RlT4nF8+9n6ND+j3+
Ga5kckoyDoMO/FfPGADZvLJQiJMlWrWeNFqcg+fi9nr4TM9V0ttIINg6xuK9KnTf
JgX8FFt0rsA/k8TIMwqV9563FAQzwEoqJ+wHxIoe8t9ZCNU38dyd9ir3KPczdk/4
mkY+wa8rX28WRlrpXs2psKqn595g8xee174u6URDoBta69+ojmsf/jyIJhM5d2tC
pMapPCawZ2t/f7PYtIUBESPxPQLR4eNM37DPUwBP9jgO0+Yad38G/GHfOEJjzQaA
1reRVsjvJvRgcwSCmIGMRzgiWNHrnp9KJ9sEL6fYKe1nAQbajhUjEPUzdQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFGsnO+eioIIVIjZaLaWxZqCEHo7kMB8GA1UdIwQY
MBaAFIBQUE9LF3boC4rZ+LNW5hO1hbNaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ0ZCUVQwc1hkdWdMaXRuNHMxYm1FN1dGczFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNC9iNTk3MTUtYjA1YS00YjRhLWE5MjIt
MDE0NGEzMjgyYTJlLzEvYXljNzU2S2dnaFVpTmxvdHBiRm1vSVFlanVRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNC9iNTk3MTUtYjA1YS00YjRhLWE5MjItMDE0NGEzMjgyYTJl
LzEvZ0ZCUVQwc1hkdWdMaXRuNHMxYm1FN1dGczFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeA5E
MA0GCSqGSIb3DQEBCwUAA4IBAQBpDpF2G3G4DIelmXVHjxV37ctVHPsTjpTpkFS4
P6L79myuDQi29BmmLc85qdSHTWXgGhdsUWvG5E2wsyl/zGzG3dS1Kr0U9ZtVfsLf
bMAlLNwu0ReQNYh9uXQQLerOn3/B2W+E0WaWXxzFqtpSvuWp9Kr4d5PJKBolD+RA
x1KYq2I8u0Xp55B7wtDHmHxRLo/jcmUObegZHfDK9L968nXv5vDYpC10a9axkY4x
ZoN/7fJFP0LCRaQDcKrb8hPo/is9T4S6uum+n9ldHOgw6oz90BmgGqqPaFQwATlO
ct/0owUhDrAenh2f1lqQfXGTzhT7XCDWjwgixKfEWH31xYxW
-----END CERTIFICATE-----