Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fc/051b82-06c9-48b7-b548-98d5e5d90473/1/TYIwgrarP7E6S83_5_mppHpWbYo.roa
File:                     TYIwgrarP7E6S83_5_mppHpWbYo.roa (raw, json)
Hash identifier:          IvVn+AwOt2D+4d1YECTmDm6iMU5s2JQinUoHiWF92fc=
Subject key identifier:   4D:82:30:82:B6:AB:3F:B1:3A:4B:CD:FF:E7:F9:A9:A4:7A:56:6D:8A
Certificate issuer:       /CN=3f36ffd1621521e92cf2e7814190d3a253e00637
Certificate serial:       018E5958A3CCDD76C993DBB3C73CF93F1515
Authority key identifier: 3F:36:FF:D1:62:15:21:E9:2C:F2:E7:81:41:90:D3:A2:53:E0:06:37
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Pzb_0WIVIeks8ueBQZDTolPgBjc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fc/051b82-06c9-48b7-b548-98d5e5d90473/1/TYIwgrarP7E6S83_5_mppHpWbYo.roa
Signing time:             Wed 20 Mar 2024 00:52:45 +0000
ROA not before:           Wed 20 Mar 2024 00:52:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215286
IP address blocks:        2001:678:110::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fc/051b82-06c9-48b7-b548-98d5e5d90473/1/Pzb_0WIVIeks8ueBQZDTolPgBjc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fc/051b82-06c9-48b7-b548-98d5e5d90473/1/Pzb_0WIVIeks8ueBQZDTolPgBjc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Pzb_0WIVIeks8ueBQZDTolPgBjc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 02 Jul 2024 08:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:59:58:a3:cc:dd:76:c9:93:db:b3:c7:3c:f9:3f:15:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3f36ffd1621521e92cf2e7814190d3a253e00637
        Validity
            Not Before: Mar 20 00:52:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4d823082b6ab3fb13a4bcdffe7f9a9a47a566d8a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:76:a1:df:bb:cd:3d:a1:42:6c:7c:91:92:58:
                    21:b9:e6:c8:2a:57:2b:a7:70:61:b7:a1:41:12:49:
                    5a:cb:30:83:12:f2:5b:c8:40:57:0a:c3:c0:85:c9:
                    98:97:81:a1:b5:15:24:ad:3c:d8:0a:d3:a6:1e:3e:
                    3f:f0:03:47:60:b8:b0:43:42:42:0d:96:74:e9:c2:
                    a1:33:b7:61:4b:54:c6:3a:6c:b0:f2:4a:15:04:cb:
                    1d:6b:93:5c:96:a4:b8:d1:0f:cd:b1:db:ea:2a:68:
                    3b:d5:6c:8d:c9:42:84:95:e3:34:84:f0:f8:7a:c1:
                    21:10:9b:34:c1:24:e3:73:36:fb:85:b8:12:a6:ba:
                    0b:57:f0:82:8b:b8:77:de:db:24:b9:17:a1:88:35:
                    70:65:5a:23:ae:5a:fc:92:aa:75:84:58:d9:82:e5:
                    d9:ce:d2:62:7f:af:ba:39:d1:86:6c:57:51:07:df:
                    19:81:35:05:48:df:c8:22:df:0f:e0:5e:16:ba:c1:
                    b6:b9:35:f1:7e:a2:7e:ad:34:6f:10:27:19:d4:73:
                    af:2c:b1:12:23:c7:02:92:d1:bd:ed:76:0c:3d:89:
                    cf:2c:3e:38:d5:9c:b8:e4:2a:2d:f8:97:21:df:bc:
                    d4:ba:6d:f0:08:38:d5:58:bc:7d:33:96:cd:89:29:
                    e5:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:82:30:82:B6:AB:3F:B1:3A:4B:CD:FF:E7:F9:A9:A4:7A:56:6D:8A
            X509v3 Authority Key Identifier:
                keyid:3F:36:FF:D1:62:15:21:E9:2C:F2:E7:81:41:90:D3:A2:53:E0:06:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Pzb_0WIVIeks8ueBQZDTolPgBjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/051b82-06c9-48b7-b548-98d5e5d90473/1/TYIwgrarP7E6S83_5_mppHpWbYo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/051b82-06c9-48b7-b548-98d5e5d90473/1/Pzb_0WIVIeks8ueBQZDTolPgBjc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:110::/48

    Signature Algorithm: sha256WithRSAEncryption
         72:77:a6:0c:02:6a:7f:0b:b0:2a:b9:6a:58:e7:d0:b4:95:ac:
         2f:aa:4f:74:d7:69:2f:c5:05:87:12:d7:e0:85:73:5e:40:8d:
         05:9a:0d:1d:a9:4b:2e:73:e3:68:d0:de:f9:2f:5f:1d:0c:f3:
         45:24:59:02:eb:c8:0f:7f:a2:4f:43:15:c6:c7:ef:94:31:3f:
         07:3b:79:0f:67:cf:40:fa:f0:94:44:fd:72:e1:6a:f4:f9:67:
         94:6e:1f:3b:d5:49:15:22:4f:66:22:73:29:dd:51:29:c6:08:
         8d:93:e4:4b:86:b2:56:39:81:2c:1d:a8:7b:7c:7b:81:bc:6f:
         d7:e9:41:e9:ff:f4:60:4a:0e:3b:fb:08:52:7b:bb:2e:e9:11:
         12:48:c6:ec:ca:19:77:39:b4:0d:d7:dd:8b:d9:76:1e:ba:7d:
         ef:5c:e8:49:88:33:51:8f:fa:9a:f8:57:d8:b2:b6:e2:76:e7:
         80:10:30:e0:23:ec:7f:ab:09:fb:bc:cb:7a:4a:8b:3e:24:77:
         9d:61:de:4d:e1:f2:63:19:21:b4:86:0f:1d:3b:91:c9:13:d3:
         ab:3f:98:aa:8b:cd:97:be:c3:98:01:e7:ea:90:0d:00:be:e3:
         19:1b:44:b3:9f:40:82:d5:c9:73:23:e2:14:ec:30:92:02:26:
         4e:7b:76:88
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY5ZWKPM3XbJk9uzxzz5PxUVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmMzZmZmQxNjIxNTIxZTkyY2YyZTc4MTQxOTBkM2EyNTNl
MDA2MzcwHhcNMjQwMzIwMDA1MjQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZDgyMzA4MmI2YWIzZmIxM2E0YmNkZmZlN2Y5YTlhNDdhNTY2ZDhhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAknah37vNPaFCbHyRklghuebIKlcr
p3Bht6FBEklayzCDEvJbyEBXCsPAhcmYl4GhtRUkrTzYCtOmHj4/8ANHYLiwQ0JC
DZZ06cKhM7dhS1TGOmyw8koVBMsda5NclqS40Q/NsdvqKmg71WyNyUKEleM0hPD4
esEhEJs0wSTjczb7hbgSproLV/CCi7h33tskuRehiDVwZVojrlr8kqp1hFjZguXZ
ztJif6+6OdGGbFdRB98ZgTUFSN/IIt8P4F4WusG2uTXxfqJ+rTRvECcZ1HOvLLES
I8cCktG97XYMPYnPLD441Zy45Cot+Jch37zUum3wCDjVWLx9M5bNiSnl/QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFE2CMIK2qz+xOkvN/+f5qaR6Vm2KMB8GA1UdIwQY
MBaAFD82/9FiFSHpLPLngUGQ06JT4AY3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUHpiXzBXSVZJZWtzOHVlQlFaRFRvbFBnQmpjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYy8wNTFiODItMDZjOS00OGI3LWI1NDgt
OThkNWU1ZDkwNDczLzEvVFlJd2dyYXJQN0U2UzgzXzVfbXBwSHBXYllvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYy8wNTFiODItMDZjOS00OGI3LWI1NDgtOThkNWU1ZDkwNDcz
LzEvUHpiXzBXSVZJZWtzOHVlQlFaRFRvbFBnQmpjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeAEQ
MA0GCSqGSIb3DQEBCwUAA4IBAQByd6YMAmp/C7AquWpY59C0lawvqk9012kvxQWH
EtfghXNeQI0Fmg0dqUsuc+No0N75L18dDPNFJFkC68gPf6JPQxXGx++UMT8HO3kP
Z89A+vCURP1y4Wr0+WeUbh871UkVIk9mInMp3VEpxgiNk+RLhrJWOYEsHah7fHuB
vG/X6UHp//RgSg47+whSe7su6RESSMbsyhl3ObQN192L2XYeun3vXOhJiDNRj/qa
+FfYsrbidueAEDDgI+x/qwn7vMt6Sos+JHedYd5N4fJjGSG0hg8dO5HJE9OrP5iq
i82XvsOYAefqkA0AvuMZG0Szn0CC1clzI+IU7DCSAiZOe3aI
-----END CERTIFICATE-----