Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/18/aea465-ba45-49ac-9c68-7b41fabc6f67/1/wcXLFbmJD_rGR_OXBE5pUrKVMbs.roa
File:                     wcXLFbmJD_rGR_OXBE5pUrKVMbs.roa (raw, json)
Hash identifier:          DoZg88EiWfcfBO/Sd5yiRNBmg7YaD8NEJkmWJpFHxd4=
Subject key identifier:   C1:C5:CB:15:B9:89:0F:FA:C6:47:F3:97:04:4E:69:52:B2:95:31:BB
Certificate issuer:       /CN=41e383c5807e9b32f576d0a5b8ee7744cacfb717
Certificate serial:       018F064000946BCB545BD4B60F04518A9AB2
Authority key identifier: 41:E3:83:C5:80:7E:9B:32:F5:76:D0:A5:B8:EE:77:44:CA:CF:B7:17
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QeODxYB-mzL1dtCluO53RMrPtxc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/18/aea465-ba45-49ac-9c68-7b41fabc6f67/1/wcXLFbmJD_rGR_OXBE5pUrKVMbs.roa
Signing time:             Mon 22 Apr 2024 14:40:08 +0000
ROA not before:           Mon 22 Apr 2024 14:40:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        2a06:9080::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/18/aea465-ba45-49ac-9c68-7b41fabc6f67/1/QeODxYB-mzL1dtCluO53RMrPtxc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/18/aea465-ba45-49ac-9c68-7b41fabc6f67/1/QeODxYB-mzL1dtCluO53RMrPtxc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QeODxYB-mzL1dtCluO53RMrPtxc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:06:40:00:94:6b:cb:54:5b:d4:b6:0f:04:51:8a:9a:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=41e383c5807e9b32f576d0a5b8ee7744cacfb717
        Validity
            Not Before: Apr 22 14:40:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c1c5cb15b9890ffac647f397044e6952b29531bb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:ac:24:49:69:c5:8b:5a:4a:ee:ca:9e:26:e0:
                    1a:11:77:23:ae:99:10:38:ac:36:f1:1d:38:90:e2:
                    c7:4b:1b:f6:a9:d8:0d:3b:c0:2f:16:a8:c5:b6:9f:
                    c6:c9:d3:c2:1c:dc:ec:98:c1:af:8c:d0:75:2e:1a:
                    d9:94:99:03:64:e7:ac:c3:08:7a:e4:e0:9e:4a:f0:
                    5b:29:15:9c:51:d1:b2:9b:1f:ca:db:52:a8:da:97:
                    ee:82:62:f1:2d:30:ff:9a:10:f5:57:07:91:1e:e6:
                    db:3a:b8:23:8d:09:5a:e1:e5:b2:34:f6:23:d9:d8:
                    c2:3a:dd:8f:75:53:59:fd:18:dc:83:39:61:1f:ce:
                    7d:29:b2:10:4a:f0:de:31:ec:42:70:d5:eb:35:57:
                    b0:dd:f9:c2:5a:76:d4:35:cd:a2:8f:d6:0f:84:00:
                    cd:a6:01:1f:97:f4:9d:54:8b:99:07:c9:55:59:12:
                    85:28:d4:de:7a:19:ee:23:54:7e:f5:e2:23:24:e2:
                    c5:2f:f4:23:f0:e2:cb:8e:d5:fe:7e:9c:6d:3c:37:
                    21:6a:60:d1:3a:28:ff:6b:5d:5b:7a:47:46:cc:ca:
                    0a:a7:f5:17:ff:f6:9f:ab:4b:0e:cb:6d:25:30:89:
                    bd:b2:c9:b1:35:c0:61:7c:d1:38:2c:7f:25:1b:c0:
                    11:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:C5:CB:15:B9:89:0F:FA:C6:47:F3:97:04:4E:69:52:B2:95:31:BB
            X509v3 Authority Key Identifier:
                keyid:41:E3:83:C5:80:7E:9B:32:F5:76:D0:A5:B8:EE:77:44:CA:CF:B7:17

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QeODxYB-mzL1dtCluO53RMrPtxc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/18/aea465-ba45-49ac-9c68-7b41fabc6f67/1/wcXLFbmJD_rGR_OXBE5pUrKVMbs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/18/aea465-ba45-49ac-9c68-7b41fabc6f67/1/QeODxYB-mzL1dtCluO53RMrPtxc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:9080::/29

    Signature Algorithm: sha256WithRSAEncryption
         8e:a8:cb:80:c7:3b:3f:2a:db:be:3f:28:28:0c:3a:1a:62:f4:
         9f:d6:98:77:75:91:27:67:45:cb:56:33:13:f3:0b:bc:cc:4a:
         44:e1:89:4b:be:1e:ea:b9:b2:e8:cf:d2:4f:d6:98:38:5b:b9:
         9a:c5:6e:8f:28:bd:3e:6f:64:7b:b2:62:32:21:32:52:50:64:
         55:95:0b:d6:63:5f:39:e8:90:94:06:53:b3:4d:19:fc:1d:8f:
         02:ba:a5:b3:b2:92:ff:43:ee:cc:e7:a5:47:1a:db:70:bc:2d:
         7f:b5:cf:a9:5d:1a:95:d4:c4:af:cb:b5:a4:9a:f9:6e:12:62:
         59:28:a8:2e:39:10:2b:c5:9b:e9:94:ee:d9:f6:83:a5:5c:6f:
         64:33:bd:b4:8c:b7:00:e2:83:cc:79:24:31:58:07:c0:0f:e5:
         a7:51:83:a5:b3:8c:3b:e0:08:64:0b:f1:08:87:a3:29:2c:7d:
         63:0b:83:b7:10:d4:a6:b2:47:61:e7:94:50:0f:ea:19:58:1f:
         4d:9b:81:c3:4e:3d:1e:2b:45:3a:c3:89:13:ed:99:8e:16:84:
         16:56:5f:d5:3c:c3:d6:d2:d5:fe:56:96:ac:a4:17:a1:4a:e0:
         49:5d:b2:64:1e:12:85:68:ec:c5:e3:e0:67:27:4b:d2:e6:a7:
         71:68:cc:f1
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAY8GQACUa8tUW9S2DwRRipqyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQxZTM4M2M1ODA3ZTliMzJmNTc2ZDBhNWI4ZWU3NzQ0Y2Fj
ZmI3MTcwHhcNMjQwNDIyMTQ0MDA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMWM1Y2IxNWI5ODkwZmZhYzY0N2YzOTcwNDRlNjk1MmIyOTUzMWJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3KwkSWnFi1pK7sqeJuAaEXcjrpkQ
OKw28R04kOLHSxv2qdgNO8AvFqjFtp/GydPCHNzsmMGvjNB1LhrZlJkDZOeswwh6
5OCeSvBbKRWcUdGymx/K21Ko2pfugmLxLTD/mhD1VweRHubbOrgjjQla4eWyNPYj
2djCOt2PdVNZ/RjcgzlhH859KbIQSvDeMexCcNXrNVew3fnCWnbUNc2ij9YPhADN
pgEfl/SdVIuZB8lVWRKFKNTeehnuI1R+9eIjJOLFL/Qj8OLLjtX+fpxtPDchamDR
Oij/a11bekdGzMoKp/UX//afq0sOy20lMIm9ssmxNcBhfNE4LH8lG8ARqQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFMHFyxW5iQ/6xkfzlwROaVKylTG7MB8GA1UdIwQY
MBaAFEHjg8WAfpsy9XbQpbjud0TKz7cXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUWVPRHhZQi1tekwxZHRDbHVPNTNSTXJQdHhjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOC9hZWE0NjUtYmE0NS00OWFjLTljNjgt
N2I0MWZhYmM2ZjY3LzEvd2NYTEZibUpEX3JHUl9PWEJFNXBVcktWTWJzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOC9hZWE0NjUtYmE0NS00OWFjLTljNjgtN2I0MWZhYmM2ZjY3
LzEvUWVPRHhZQi1tekwxZHRDbHVPNTNSTXJQdHhjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKgaQgDAN
BgkqhkiG9w0BAQsFAAOCAQEAjqjLgMc7Pyrbvj8oKAw6GmL0n9aYd3WRJ2dFy1Yz
E/MLvMxKROGJS74e6rmy6M/ST9aYOFu5msVujyi9Pm9ke7JiMiEyUlBkVZUL1mNf
OeiQlAZTs00Z/B2PArqls7KS/0PuzOelRxrbcLwtf7XPqV0aldTEr8u1pJr5bhJi
WSioLjkQK8Wb6ZTu2faDpVxvZDO9tIy3AOKDzHkkMVgHwA/lp1GDpbOMO+AIZAvx
CIejKSx9YwuDtxDUprJHYeeUUA/qGVgfTZuBw049HitFOsOJE+2ZjhaEFlZf1TzD
1tLV/laWrKQXoUrgSV2yZB4ShWjsxePgZydL0uancWjM8Q==
-----END CERTIFICATE-----