Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fc/fe82d1-1575-47c1-9f22-c7e2520c4cea/1/06P1r_jGWhaQL8ugbh047UmYmJE.roa
File:                     06P1r_jGWhaQL8ugbh047UmYmJE.roa (raw, json)
Hash identifier:          f9n41m0xoJq+usEtvxhQu6RQ4SpzXe3BB2vf5wznVmk=
Subject key identifier:   D3:A3:F5:AF:F8:C6:5A:16:90:2F:CB:A0:6E:1D:38:ED:49:98:98:91
Certificate issuer:       /CN=ca886d5587ec85f71242cd57ced409544528168d
Certificate serial:       019127E944FDF28822610D94B8084CA85F88
Authority key identifier: CA:88:6D:55:87:EC:85:F7:12:42:CD:57:CE:D4:09:54:45:28:16:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yohtVYfshfcSQs1XztQJVEUoFo0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fc/fe82d1-1575-47c1-9f22-c7e2520c4cea/1/06P1r_jGWhaQL8ugbh047UmYmJE.roa
Signing time:             Tue 06 Aug 2024 13:38:04 +0000
ROA not before:           Tue 06 Aug 2024 13:38:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206858
IP address blocks:        2001:678:d88::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fc/fe82d1-1575-47c1-9f22-c7e2520c4cea/1/yohtVYfshfcSQs1XztQJVEUoFo0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fc/fe82d1-1575-47c1-9f22-c7e2520c4cea/1/yohtVYfshfcSQs1XztQJVEUoFo0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yohtVYfshfcSQs1XztQJVEUoFo0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:27:e9:44:fd:f2:88:22:61:0d:94:b8:08:4c:a8:5f:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ca886d5587ec85f71242cd57ced409544528168d
        Validity
            Not Before: Aug  6 13:38:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d3a3f5aff8c65a16902fcba06e1d38ed49989891
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:45:04:ab:5b:25:2c:86:6b:24:e7:0e:1c:9e:
                    c1:68:e3:00:ab:4b:d8:20:76:a8:a2:f4:5b:ea:e0:
                    9f:b0:95:e4:0f:19:c9:6d:84:39:fb:74:bb:8b:80:
                    fd:51:30:db:a1:ed:1a:26:c7:68:04:15:ae:e1:f2:
                    b4:30:3b:4a:2c:1a:42:9b:67:70:2a:d1:e3:1c:09:
                    07:07:0e:24:f7:96:e7:40:9d:26:3d:bc:b6:0b:c5:
                    18:76:0c:91:62:b9:d4:b1:e6:21:c3:90:01:66:8c:
                    3a:b3:5b:42:d5:65:36:e7:e1:c7:6b:33:f9:69:de:
                    99:ed:3f:06:e5:43:55:54:f8:61:d6:fa:31:a8:39:
                    20:91:64:49:04:4c:8d:fb:bb:8f:97:e3:47:1e:fd:
                    54:34:b0:0d:41:c8:fe:7d:4a:cb:02:24:8a:80:16:
                    33:37:f8:24:4b:7a:c8:48:2e:f6:96:49:dc:78:c6:
                    45:ec:97:81:52:2e:97:39:96:96:c2:97:fb:0e:64:
                    e4:31:3d:ae:1c:ac:37:3e:9c:9b:a2:62:22:7a:3b:
                    32:81:4f:5e:df:a4:19:e1:e5:78:07:44:a0:ee:a2:
                    0c:e9:a9:21:db:9a:86:48:73:8e:f6:33:1f:7f:e6:
                    ee:6f:6e:f3:6b:c7:da:d9:92:b4:30:e3:89:f1:82:
                    b4:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:A3:F5:AF:F8:C6:5A:16:90:2F:CB:A0:6E:1D:38:ED:49:98:98:91
            X509v3 Authority Key Identifier:
                keyid:CA:88:6D:55:87:EC:85:F7:12:42:CD:57:CE:D4:09:54:45:28:16:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yohtVYfshfcSQs1XztQJVEUoFo0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/fe82d1-1575-47c1-9f22-c7e2520c4cea/1/06P1r_jGWhaQL8ugbh047UmYmJE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/fe82d1-1575-47c1-9f22-c7e2520c4cea/1/yohtVYfshfcSQs1XztQJVEUoFo0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:d88::/48

    Signature Algorithm: sha256WithRSAEncryption
         24:e4:52:c6:bb:73:df:4d:e3:ea:41:74:57:c1:42:93:bb:d2:
         c5:ce:29:a5:ab:01:7e:1d:be:de:42:1c:be:aa:81:16:3a:b3:
         7b:3b:6d:81:d1:0c:40:cd:08:ae:99:6b:69:60:98:9d:8f:72:
         52:9d:aa:95:56:eb:8c:7d:73:47:5b:3d:73:ec:9f:46:0d:20:
         c9:fe:48:53:f4:55:0f:63:b2:76:6c:8d:e9:b3:b4:2d:b2:0c:
         e6:46:47:57:6b:b7:11:5a:9f:f3:c9:57:00:8e:b8:cb:6e:9c:
         0d:eb:7d:9e:01:19:8b:13:46:17:19:f1:a2:77:18:aa:1a:0d:
         83:d4:a6:52:71:ef:ae:f6:ca:28:73:33:8b:37:02:42:d0:6d:
         aa:0a:9b:db:a7:c9:ff:c0:63:cd:23:01:f8:00:c2:ff:00:09:
         fc:9e:86:a9:f6:53:7b:d6:8f:44:ce:bc:1a:f5:72:e2:31:b8:
         a6:83:95:78:32:ea:00:09:45:a9:94:1b:91:83:4f:c3:5c:45:
         b2:c1:2d:74:d5:cb:ef:1d:d0:ea:11:2a:67:f9:49:76:6c:1b:
         ea:28:63:f2:00:39:3b:53:91:59:b0:8e:41:19:8e:8b:75:73:
         cb:0c:73:c1:23:f6:55:f9:d3:c9:fc:e3:8a:7d:59:24:ca:97:
         1c:45:e1:ef
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZEn6UT98ogiYQ2UuAhMqF+IMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNhODg2ZDU1ODdlYzg1ZjcxMjQyY2Q1N2NlZDQwOTU0NDUy
ODE2OGQwHhcNMjQwODA2MTMzODA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkM2EzZjVhZmY4YzY1YTE2OTAyZmNiYTA2ZTFkMzhlZDQ5OTg5ODkxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyUUEq1slLIZrJOcOHJ7BaOMAq0vY
IHaoovRb6uCfsJXkDxnJbYQ5+3S7i4D9UTDboe0aJsdoBBWu4fK0MDtKLBpCm2dw
KtHjHAkHBw4k95bnQJ0mPby2C8UYdgyRYrnUseYhw5ABZow6s1tC1WU25+HHazP5
ad6Z7T8G5UNVVPhh1voxqDkgkWRJBEyN+7uPl+NHHv1UNLANQcj+fUrLAiSKgBYz
N/gkS3rISC72lknceMZF7JeBUi6XOZaWwpf7DmTkMT2uHKw3PpybomIiejsygU9e
36QZ4eV4B0Sg7qIM6akh25qGSHOO9jMff+bub27za8fa2ZK0MOOJ8YK06wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFNOj9a/4xloWkC/LoG4dOO1JmJiRMB8GA1UdIwQY
MBaAFMqIbVWH7IX3EkLNV87UCVRFKBaNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveW9odFZZZnNoZmNTUXMxWHp0UUpWRVVvRm8wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYy9mZTgyZDEtMTU3NS00N2MxLTlmMjIt
YzdlMjUyMGM0Y2VhLzEvMDZQMXJfakdXaGFRTDh1Z2JoMDQ3VW1ZbUpFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYy9mZTgyZDEtMTU3NS00N2MxLTlmMjItYzdlMjUyMGM0Y2Vh
LzEveW9odFZZZnNoZmNTUXMxWHp0UUpWRVVvRm8wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeA2I
MA0GCSqGSIb3DQEBCwUAA4IBAQAk5FLGu3PfTePqQXRXwUKTu9LFzimlqwF+Hb7e
Qhy+qoEWOrN7O22B0QxAzQiumWtpYJidj3JSnaqVVuuMfXNHWz1z7J9GDSDJ/khT
9FUPY7J2bI3ps7QtsgzmRkdXa7cRWp/zyVcAjrjLbpwN632eARmLE0YXGfGidxiq
Gg2D1KZSce+u9sooczOLNwJC0G2qCpvbp8n/wGPNIwH4AML/AAn8noap9lN71o9E
zrwa9XLiMbimg5V4MuoACUWplBuRg0/DXEWywS101cvvHdDqESpn+Ul2bBvqKGPy
ADk7U5FZsI5BGY6LdXPLDHPBI/ZV+dPJ/OOKfVkkypccReHv
-----END CERTIFICATE-----