Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fb/851d66-b956-4bce-8bd6-5451441ea633/1/8e4Eyom1DEiwtMxO7Nlo_unBXk8.roa
File:                     8e4Eyom1DEiwtMxO7Nlo_unBXk8.roa (raw, json)
Hash identifier:          /qGKh2MXI1F1nEzbOiPb21ax/0kL39BCO/H45a0wYOE=
Subject key identifier:   F1:EE:04:CA:89:B5:0C:48:B0:B4:CC:4E:EC:D9:68:FE:E9:C1:5E:4F
Certificate issuer:       /CN=940e2a716e5d89895dfea2ef2903081dede99c68
Certificate serial:       018CC5DBEF999FA6BD020E57D201B08FF67E
Authority key identifier: 94:0E:2A:71:6E:5D:89:89:5D:FE:A2:EF:29:03:08:1D:ED:E9:9C:68
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lA4qcW5diYld_qLvKQMIHe3pnGg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fb/851d66-b956-4bce-8bd6-5451441ea633/1/8e4Eyom1DEiwtMxO7Nlo_unBXk8.roa
Signing time:             Mon 01 Jan 2024 16:29:34 +0000
ROA not before:           Mon 01 Jan 2024 16:29:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     31317
IP address blocks:        2001:678:970::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fb/851d66-b956-4bce-8bd6-5451441ea633/1/lA4qcW5diYld_qLvKQMIHe3pnGg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fb/851d66-b956-4bce-8bd6-5451441ea633/1/lA4qcW5diYld_qLvKQMIHe3pnGg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lA4qcW5diYld_qLvKQMIHe3pnGg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:db:ef:99:9f:a6:bd:02:0e:57:d2:01:b0:8f:f6:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=940e2a716e5d89895dfea2ef2903081dede99c68
        Validity
            Not Before: Jan  1 16:29:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f1ee04ca89b50c48b0b4cc4eecd968fee9c15e4f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:94:a3:b1:ec:b9:d2:74:f6:1b:48:71:09:20:
                    3b:91:b4:c5:a0:87:22:bd:0d:58:22:8e:eb:0d:db:
                    cb:12:6c:6e:3c:79:b2:9e:e3:94:1f:62:1c:81:4d:
                    47:6b:24:46:5b:e3:c8:5c:e8:71:4b:c7:83:15:fe:
                    65:b9:20:93:22:70:d2:af:20:be:da:5a:c9:01:6b:
                    20:98:9b:ce:ff:11:bb:86:13:cb:3e:99:57:1c:f6:
                    1f:64:ba:5f:ec:78:7e:99:74:a2:ef:c6:c8:5e:12:
                    e9:8a:63:a2:25:fe:21:a0:92:a0:7f:89:ef:4f:d8:
                    e2:f3:38:8a:2a:37:1a:f9:eb:89:25:fb:83:26:b9:
                    c5:cb:23:29:a3:92:85:8e:10:4c:a9:fc:5c:4b:80:
                    fd:58:1f:21:b1:71:24:9d:41:b0:b9:b7:9c:0b:c7:
                    6c:6d:56:33:ec:a7:18:41:ee:ee:bb:88:0a:a4:f9:
                    52:bf:68:98:e5:1e:25:5d:1e:3c:b3:88:31:f5:7f:
                    ae:40:1b:0f:19:4b:b2:91:6c:f7:3d:f0:9e:34:86:
                    f8:04:81:02:be:ab:5f:f2:a1:ed:6f:8f:bc:c8:5f:
                    8d:8e:1a:65:e0:86:4a:d0:63:30:f9:63:a0:52:6a:
                    85:f7:6f:3e:b1:3c:87:b2:62:85:68:e7:3c:7a:b0:
                    f1:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:EE:04:CA:89:B5:0C:48:B0:B4:CC:4E:EC:D9:68:FE:E9:C1:5E:4F
            X509v3 Authority Key Identifier:
                keyid:94:0E:2A:71:6E:5D:89:89:5D:FE:A2:EF:29:03:08:1D:ED:E9:9C:68

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lA4qcW5diYld_qLvKQMIHe3pnGg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/851d66-b956-4bce-8bd6-5451441ea633/1/8e4Eyom1DEiwtMxO7Nlo_unBXk8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/851d66-b956-4bce-8bd6-5451441ea633/1/lA4qcW5diYld_qLvKQMIHe3pnGg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:970::/48

    Signature Algorithm: sha256WithRSAEncryption
         74:24:5b:41:d1:1e:04:42:fc:cc:41:42:23:1a:ae:cb:e2:fc:
         cf:ec:b3:86:e4:21:be:3e:39:13:16:50:c3:ca:c6:b1:74:18:
         62:ad:f7:b0:fc:98:4e:ce:85:5a:02:33:51:28:a1:84:8c:a1:
         a9:e7:16:5f:5e:16:d7:4e:b7:7a:23:b6:40:08:dd:36:ec:c9:
         55:d9:72:bb:cc:54:2b:ca:4c:30:18:f7:0f:db:d2:02:43:a2:
         a9:bd:b2:4c:df:4b:2a:bb:ba:cc:82:70:75:ca:73:1e:1a:bb:
         48:d5:69:35:12:09:28:85:6a:cb:9e:2d:fb:0c:50:dc:3d:59:
         d0:33:e1:84:37:6e:3e:f9:ea:d5:93:97:c7:17:b6:4e:ff:66:
         4d:58:d5:e7:c0:9a:98:d5:b0:91:37:48:f0:81:75:47:68:ed:
         6a:8c:3e:44:31:bd:81:29:8f:e2:f7:42:9a:b7:13:eb:41:be:
         e8:1f:52:6d:94:49:fb:bb:50:fb:ee:db:e3:0c:ac:f9:c2:46:
         aa:5b:36:f6:e8:44:cd:d9:87:15:30:31:23:68:de:30:be:95:
         a8:90:95:48:bf:82:10:7c:0d:74:98:48:a4:32:4b:dc:2c:31:
         87:6a:41:e3:03:66:b8:c8:f0:02:b8:5c:94:71:d1:8b:53:12:
         b8:5c:55:d1
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzF2++Zn6a9Ag5X0gGwj/Z+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk0MGUyYTcxNmU1ZDg5ODk1ZGZlYTJlZjI5MDMwODFkZWRl
OTljNjgwHhcNMjQwMTAxMTYyOTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMWVlMDRjYTg5YjUwYzQ4YjBiNGNjNGVlY2Q5NjhmZWU5YzE1ZTRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiZSjsey50nT2G0hxCSA7kbTFoIci
vQ1YIo7rDdvLEmxuPHmynuOUH2IcgU1HayRGW+PIXOhxS8eDFf5luSCTInDSryC+
2lrJAWsgmJvO/xG7hhPLPplXHPYfZLpf7Hh+mXSi78bIXhLpimOiJf4hoJKgf4nv
T9ji8ziKKjca+euJJfuDJrnFyyMpo5KFjhBMqfxcS4D9WB8hsXEknUGwubecC8ds
bVYz7KcYQe7uu4gKpPlSv2iY5R4lXR48s4gx9X+uQBsPGUuykWz3PfCeNIb4BIEC
vqtf8qHtb4+8yF+Njhpl4IZK0GMw+WOgUmqF928+sTyHsmKFaOc8erDxMQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFPHuBMqJtQxIsLTMTuzZaP7pwV5PMB8GA1UdIwQY
MBaAFJQOKnFuXYmJXf6i7ykDCB3t6ZxoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbEE0cWNXNWRpWWxkX3FMdktRTUlIZTNwbkdnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYi84NTFkNjYtYjk1Ni00YmNlLThiZDYt
NTQ1MTQ0MWVhNjMzLzEvOGU0RXlvbTFERWl3dE14TzdObG9fdW5CWGs4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYi84NTFkNjYtYjk1Ni00YmNlLThiZDYtNTQ1MTQ0MWVhNjMz
LzEvbEE0cWNXNWRpWWxkX3FMdktRTUlIZTNwbkdnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeAlw
MA0GCSqGSIb3DQEBCwUAA4IBAQB0JFtB0R4EQvzMQUIjGq7L4vzP7LOG5CG+PjkT
FlDDysaxdBhirfew/JhOzoVaAjNRKKGEjKGp5xZfXhbXTrd6I7ZACN027MlV2XK7
zFQrykwwGPcP29ICQ6KpvbJM30squ7rMgnB1ynMeGrtI1Wk1EgkohWrLni37DFDc
PVnQM+GEN24++erVk5fHF7ZO/2ZNWNXnwJqY1bCRN0jwgXVHaO1qjD5EMb2BKY/i
90KatxPrQb7oH1JtlEn7u1D77tvjDKz5wkaqWzb26ETN2YcVMDEjaN4wvpWokJVI
v4IQfA10mEikMkvcLDGHakHjA2a4yPACuFyUcdGLUxK4XFXR
-----END CERTIFICATE-----