Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fe/db2316-429d-4425-b39e-1264f20180e9/1/fRADibRNqWN0AtGTn2-utszPj7w.roa
File:                     fRADibRNqWN0AtGTn2-utszPj7w.roa (raw, json)
Hash identifier:          hCmrqKrqlmVQfyvKs2Uss/nWOgWITRqpXaMpzWoZvOo=
Subject key identifier:   7D:10:03:89:B4:4D:A9:63:74:02:D1:93:9F:6F:AE:B6:CC:CF:8F:BC
Certificate issuer:       /CN=a84b25ab25770a358da5f5fb427072b0a2e24582
Certificate serial:       018CCA2B98F3A620687DDF8CDCF00FAB8CAA
Authority key identifier: A8:4B:25:AB:25:77:0A:35:8D:A5:F5:FB:42:70:72:B0:A2:E2:45:82
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qEslqyV3CjWNpfX7QnBysKLiRYI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fe/db2316-429d-4425-b39e-1264f20180e9/1/fRADibRNqWN0AtGTn2-utszPj7w.roa
Signing time:             Tue 02 Jan 2024 12:35:03 +0000
ROA not before:           Tue 02 Jan 2024 12:35:03 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202033
IP address blocks:        2001:67c:12c0::/47 maxlen: 47

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fe/db2316-429d-4425-b39e-1264f20180e9/1/qEslqyV3CjWNpfX7QnBysKLiRYI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fe/db2316-429d-4425-b39e-1264f20180e9/1/qEslqyV3CjWNpfX7QnBysKLiRYI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qEslqyV3CjWNpfX7QnBysKLiRYI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:98:f3:a6:20:68:7d:df:8c:dc:f0:0f:ab:8c:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a84b25ab25770a358da5f5fb427072b0a2e24582
        Validity
            Not Before: Jan  2 12:35:03 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7d100389b44da9637402d1939f6faeb6cccf8fbc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:44:ea:1a:b8:80:e1:35:c1:c1:b6:5b:2c:f9:
                    79:9e:e9:a3:36:21:db:02:b2:ec:98:04:d0:57:1c:
                    fe:cb:e5:e9:97:ac:a7:10:d0:03:ac:5f:66:e9:47:
                    08:5b:a9:a2:d8:25:32:e4:f3:9b:e1:b8:53:42:7e:
                    d7:3b:6b:4f:d4:c8:d1:8f:a8:0e:7b:34:ea:35:4f:
                    42:71:50:a2:f6:5e:a0:34:f2:61:a3:07:9f:f0:d3:
                    ed:70:54:93:01:bb:e8:18:02:8b:f7:17:14:13:62:
                    f4:82:27:ec:18:da:04:35:ee:8b:55:7a:3e:c2:f0:
                    ab:ac:60:f4:0e:be:21:27:07:67:5c:aa:19:34:f8:
                    ad:5d:b6:fd:04:ae:d5:58:45:91:46:9e:00:dc:e4:
                    3d:30:2c:36:0c:6b:b1:44:8d:3e:ab:0a:3f:eb:05:
                    ef:14:1f:6e:df:81:f5:ad:c7:6d:99:1e:d1:58:c9:
                    d8:0b:b7:8e:b0:c7:98:2d:6c:a7:9d:b7:46:45:ce:
                    38:33:54:6e:43:4a:0b:0f:a0:39:b3:f5:0e:bf:c2:
                    4e:db:ff:6a:bd:70:3a:58:69:c7:87:4e:77:aa:6c:
                    4a:99:d7:fa:36:16:59:18:89:94:5c:94:45:69:57:
                    4b:41:d6:67:82:23:44:bd:e0:5f:1d:b9:47:67:c5:
                    61:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:10:03:89:B4:4D:A9:63:74:02:D1:93:9F:6F:AE:B6:CC:CF:8F:BC
            X509v3 Authority Key Identifier:
                keyid:A8:4B:25:AB:25:77:0A:35:8D:A5:F5:FB:42:70:72:B0:A2:E2:45:82

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qEslqyV3CjWNpfX7QnBysKLiRYI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/db2316-429d-4425-b39e-1264f20180e9/1/fRADibRNqWN0AtGTn2-utszPj7w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/db2316-429d-4425-b39e-1264f20180e9/1/qEslqyV3CjWNpfX7QnBysKLiRYI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:12c0::/47

    Signature Algorithm: sha256WithRSAEncryption
         58:f7:e4:a7:a5:33:78:ee:3b:24:bc:7b:03:ba:5e:41:8f:47:
         ab:c9:f1:3c:1a:51:68:89:5b:59:6d:c2:f7:24:fc:8f:20:b0:
         7b:03:39:95:88:f8:42:0b:28:40:16:ed:b8:98:44:1b:f5:41:
         fd:73:4f:f0:56:33:fc:72:2a:60:ab:23:de:96:3e:95:98:89:
         83:11:84:77:da:7d:47:c0:c1:b3:c6:b0:fa:3b:62:39:ec:81:
         a3:06:7e:93:bb:9a:5d:18:21:84:c4:1c:a0:b9:33:2f:cb:19:
         6a:ce:b8:97:74:7c:00:6e:d0:c2:84:f0:5b:e7:b0:c2:7e:2f:
         30:20:44:90:96:1b:90:f2:52:3a:f9:7b:ed:42:91:63:26:58:
         d4:eb:0c:20:62:62:63:56:b0:ec:f4:ed:60:7c:cd:be:92:7d:
         d4:24:d5:11:d5:95:b7:4c:1b:25:18:3f:99:a9:76:96:7f:6e:
         47:a7:91:c7:45:eb:2d:bd:e4:2e:af:69:2e:f6:3b:d5:b0:7a:
         69:76:5f:8a:6c:6c:ef:92:7e:54:51:68:1b:43:45:90:15:56:
         f8:6b:c2:22:4e:47:a5:0f:89:d1:d9:15:be:a0:00:48:e5:a9:
         95:60:cb:35:e3:c3:fa:fb:e3:2e:76:71:71:12:75:7b:d0:30:
         ad:6f:63:7f
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzKK5jzpiBofd+M3PAPq4yqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE4NGIyNWFiMjU3NzBhMzU4ZGE1ZjVmYjQyNzA3MmIwYTJl
MjQ1ODIwHhcNMjQwMTAyMTIzNTAzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZDEwMDM4OWI0NGRhOTYzNzQwMmQxOTM5ZjZmYWViNmNjY2Y4ZmJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoETqGriA4TXBwbZbLPl5numjNiHb
ArLsmATQVxz+y+Xpl6ynENADrF9m6UcIW6mi2CUy5POb4bhTQn7XO2tP1MjRj6gO
ezTqNU9CcVCi9l6gNPJhowef8NPtcFSTAbvoGAKL9xcUE2L0gifsGNoENe6LVXo+
wvCrrGD0Dr4hJwdnXKoZNPitXbb9BK7VWEWRRp4A3OQ9MCw2DGuxRI0+qwo/6wXv
FB9u34H1rcdtmR7RWMnYC7eOsMeYLWynnbdGRc44M1RuQ0oLD6A5s/UOv8JO2/9q
vXA6WGnHh053qmxKmdf6NhZZGImUXJRFaVdLQdZngiNEveBfHblHZ8VhhwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFH0QA4m0TaljdALRk59vrrbMz4+8MB8GA1UdIwQY
MBaAFKhLJasldwo1jaX1+0JwcrCi4kWCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcUVzbHF5VjNDaldOcGZYN1FuQnlzS0xpUllJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZS9kYjIzMTYtNDI5ZC00NDI1LWIzOWUt
MTI2NGYyMDE4MGU5LzEvZlJBRGliUk5xV04wQXRHVG4yLXV0c3pQajd3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZS9kYjIzMTYtNDI5ZC00NDI1LWIzOWUtMTI2NGYyMDE4MGU5
LzEvcUVzbHF5VjNDaldOcGZYN1FuQnlzS0xpUllJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcBIAEGfBLA
MA0GCSqGSIb3DQEBCwUAA4IBAQBY9+SnpTN47jskvHsDul5Bj0eryfE8GlFoiVtZ
bcL3JPyPILB7AzmViPhCCyhAFu24mEQb9UH9c0/wVjP8cipgqyPelj6VmImDEYR3
2n1HwMGzxrD6O2I57IGjBn6Tu5pdGCGExByguTMvyxlqzriXdHwAbtDChPBb57DC
fi8wIESQlhuQ8lI6+XvtQpFjJljU6wwgYmJjVrDs9O1gfM2+kn3UJNUR1ZW3TBsl
GD+ZqXaWf25Hp5HHRestveQur2ku9jvVsHppdl+KbGzvkn5UUWgbQ0WQFVb4a8Ii
TkelD4nR2RW+oABI5amVYMs148P6++MudnFxEnV70DCtb2N/
-----END CERTIFICATE-----