Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6f/e47510-294f-4f05-abe1-ad59557e28c2/1/W1PyWWcOfiA1DfJKUpq96o1H6yU.roa
File:                     W1PyWWcOfiA1DfJKUpq96o1H6yU.roa (raw, json)
Hash identifier:          ldIyTzLSbHABe+MZKW3Z46fv1qjwmz8xIW/Ek2P7cl8=
Subject key identifier:   5B:53:F2:59:67:0E:7E:20:35:0D:F2:4A:52:9A:BD:EA:8D:47:EB:25
Certificate issuer:       /CN=67d16781bca64c2b236434edeffe6e452e7162d4
Certificate serial:       018CC424E3AA501427272C53135D8561A9F5
Authority key identifier: 67:D1:67:81:BC:A6:4C:2B:23:64:34:ED:EF:FE:6E:45:2E:71:62:D4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Z9FngbymTCsjZDTt7_5uRS5xYtQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6f/e47510-294f-4f05-abe1-ad59557e28c2/1/W1PyWWcOfiA1DfJKUpq96o1H6yU.roa
Signing time:             Mon 01 Jan 2024 08:30:01 +0000
ROA not before:           Mon 01 Jan 2024 08:30:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15600
IP address blocks:        185.74.156.0/22 maxlen: 24
                          5.145.0.0/19 maxlen: 24
                          2a00:d520::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6f/e47510-294f-4f05-abe1-ad59557e28c2/1/Z9FngbymTCsjZDTt7_5uRS5xYtQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6f/e47510-294f-4f05-abe1-ad59557e28c2/1/Z9FngbymTCsjZDTt7_5uRS5xYtQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Z9FngbymTCsjZDTt7_5uRS5xYtQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 24 Jun 2024 10:03:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:e3:aa:50:14:27:27:2c:53:13:5d:85:61:a9:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=67d16781bca64c2b236434edeffe6e452e7162d4
        Validity
            Not Before: Jan  1 08:30:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5b53f259670e7e20350df24a529abdea8d47eb25
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:ff:a2:5a:d2:34:ba:1a:e8:b8:52:1b:d8:eb:
                    41:20:82:fe:d4:d4:11:22:ce:d9:6f:4e:26:6f:e2:
                    e6:3c:fe:cf:bf:38:38:0f:92:db:10:62:e1:e4:77:
                    e5:88:96:b7:1f:30:46:a2:f3:07:78:e4:bd:51:a7:
                    53:d5:78:28:ce:49:28:70:3e:c8:40:60:7a:0d:71:
                    41:6e:65:41:df:1f:9e:51:49:de:15:fd:98:8a:e2:
                    35:f3:ec:01:32:2b:57:86:cd:48:81:e6:f0:a6:7c:
                    e2:cf:87:97:f0:20:6d:e3:ba:7d:10:72:8e:bc:32:
                    de:3e:c7:b2:b2:23:7c:bf:12:68:fa:17:a8:66:be:
                    ec:7e:03:6b:c8:89:82:2a:c4:2a:d4:84:da:c5:58:
                    9f:b7:aa:9a:84:17:1e:90:f6:5e:7d:ad:75:5c:e9:
                    21:43:55:38:ee:43:88:17:63:81:c4:a9:df:13:5c:
                    24:d1:91:a4:e2:4f:d0:74:4f:95:8e:b6:bf:1a:15:
                    59:80:b1:f6:7b:01:96:e9:67:ad:eb:b0:7f:de:bf:
                    d3:d5:6b:24:23:01:14:64:bf:d5:12:e0:88:1c:47:
                    82:4d:db:c9:b6:ee:2f:8c:1f:2f:02:0f:f4:40:6e:
                    dd:ad:a0:ba:b3:e5:ef:60:4b:40:8d:78:9c:fc:c4:
                    a6:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:53:F2:59:67:0E:7E:20:35:0D:F2:4A:52:9A:BD:EA:8D:47:EB:25
            X509v3 Authority Key Identifier:
                keyid:67:D1:67:81:BC:A6:4C:2B:23:64:34:ED:EF:FE:6E:45:2E:71:62:D4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z9FngbymTCsjZDTt7_5uRS5xYtQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/e47510-294f-4f05-abe1-ad59557e28c2/1/W1PyWWcOfiA1DfJKUpq96o1H6yU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/e47510-294f-4f05-abe1-ad59557e28c2/1/Z9FngbymTCsjZDTt7_5uRS5xYtQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.145.0.0/19
                  185.74.156.0/22
                IPv6:
                  2a00:d520::/29

    Signature Algorithm: sha256WithRSAEncryption
         2a:37:4e:b3:89:c2:34:f6:c9:8f:da:44:a3:2f:67:3b:31:dc:
         4f:85:6e:b9:9c:fd:35:4a:ea:b1:48:58:e6:25:28:67:01:bc:
         01:48:99:f5:a8:ac:0a:35:6d:05:84:00:97:5d:0e:9d:fb:bd:
         7c:0d:ee:73:a0:ab:cb:06:4c:a5:e5:cb:4a:a9:5f:d2:29:9d:
         21:68:a4:16:91:e6:5d:99:de:49:a4:6a:ca:e0:61:d6:9f:22:
         26:05:e6:b1:de:ca:10:9a:45:a7:2e:00:55:7e:26:73:e0:b1:
         d4:92:77:9b:4b:b6:fb:da:a3:35:b6:d0:8e:5a:cc:38:ae:51:
         94:26:7b:67:b5:c0:e1:16:11:2e:ef:ed:7f:78:cc:bd:0b:34:
         18:d1:3c:cd:84:5d:99:1f:f6:e6:9e:b6:cf:75:79:e9:84:e3:
         c2:e7:74:2e:da:05:be:9e:30:73:32:d8:0e:74:6a:5e:94:51:
         cd:54:10:a6:fa:31:47:70:36:aa:e5:5e:d3:b4:10:90:57:81:
         71:49:80:f3:ee:e3:d2:65:b0:14:f3:bb:15:d3:14:4d:ff:d0:
         78:f9:24:34:c8:c4:06:0e:0d:5b:b7:08:59:04:21:78:3f:7b:
         84:85:83:50:d2:35:49:75:d6:a4:bb:5e:2c:3a:f7:51:c9:e3:
         5b:ca:ac:da
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzEJOOqUBQnJyxTE12FYan1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3ZDE2NzgxYmNhNjRjMmIyMzY0MzRlZGVmZmU2ZTQ1MmU3
MTYyZDQwHhcNMjQwMTAxMDgzMDAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YjUzZjI1OTY3MGU3ZTIwMzUwZGYyNGE1MjlhYmRlYThkNDdlYjI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlf+iWtI0uhrouFIb2OtBIIL+1NQR
Is7Zb04mb+LmPP7Pvzg4D5LbEGLh5HfliJa3HzBGovMHeOS9UadT1XgozkkocD7I
QGB6DXFBbmVB3x+eUUneFf2YiuI18+wBMitXhs1Igebwpnziz4eX8CBt47p9EHKO
vDLePseysiN8vxJo+heoZr7sfgNryImCKsQq1ITaxVift6qahBcekPZefa11XOkh
Q1U47kOIF2OBxKnfE1wk0ZGk4k/QdE+Vjra/GhVZgLH2ewGW6Wet67B/3r/T1Wsk
IwEUZL/VEuCIHEeCTdvJtu4vjB8vAg/0QG7draC6s+XvYEtAjXic/MSmwQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFFtT8llnDn4gNQ3ySlKaveqNR+slMB8GA1UdIwQY
MBaAFGfRZ4G8pkwrI2Q07e/+bkUucWLUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWjlGbmdieW1UQ3NqWkRUdDdfNXVSUzV4WXRRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Zi9lNDc1MTAtMjk0Zi00ZjA1LWFiZTEt
YWQ1OTU1N2UyOGMyLzEvVzFQeVdXY09maUExRGZKS1VwcTk2bzFINnlVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Zi9lNDc1MTAtMjk0Zi00ZjA1LWFiZTEtYWQ1OTU1N2UyOGMy
LzEvWjlGbmdieW1UQ3NqWkRUdDdfNXVSUzV4WXRRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQFBZEAAwQC
uUqcMA0EAgACMAcDBQMqANUgMA0GCSqGSIb3DQEBCwUAA4IBAQAqN06zicI09smP
2kSjL2c7MdxPhW65nP01SuqxSFjmJShnAbwBSJn1qKwKNW0FhACXXQ6d+718De5z
oKvLBkyl5ctKqV/SKZ0haKQWkeZdmd5JpGrK4GHWnyImBeax3soQmkWnLgBVfiZz
4LHUknebS7b72qM1ttCOWsw4rlGUJntntcDhFhEu7+1/eMy9CzQY0TzNhF2ZH/bm
nrbPdXnphOPC53Qu2gW+njBzMtgOdGpelFHNVBCm+jFHcDaq5V7TtBCQV4FxSYDz
7uPSZbAU87sV0xRN/9B4+SQ0yMQGDg1btwhZBCF4P3uEhYNQ0jVJddaku14sOvdR
yeNbyqza
-----END CERTIFICATE-----