Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/Wz8q7l2Qs19dS_lNiEsacDJvM5E.roa
File:                     Wz8q7l2Qs19dS_lNiEsacDJvM5E.roa (raw, json)
Hash identifier:          LzAkCILSJ90zIz3PXKNn5/tVwOoRVdNDdhhFHiGjg6k=
Subject key identifier:   5B:3F:2A:EE:5D:90:B3:5F:5D:4B:F9:4D:88:4B:1A:70:32:6F:33:91
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       018D7F670A22F9356201B406F59376334B4A
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/Wz8q7l2Qs19dS_lNiEsacDJvM5E.roa
Signing time:             Tue 06 Feb 2024 17:11:15 +0000
ROA not before:           Tue 06 Feb 2024 17:11:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207083
IP address blocks:        2.59.254.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 28 Apr 2024 02:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:7f:67:0a:22:f9:35:62:01:b4:06:f5:93:76:33:4b:4a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Feb  6 17:11:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5b3f2aee5d90b35f5d4bf94d884b1a70326f3391
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:9d:2f:dd:5b:8b:01:bc:cb:fa:f4:eb:d5:96:
                    ac:2a:5d:35:06:b2:94:56:14:13:d9:c0:85:1d:f1:
                    e2:e8:6d:41:b7:ca:5b:00:e4:93:2a:4e:89:15:1e:
                    bc:4d:a2:d7:c2:45:a4:73:84:36:79:2e:89:bc:77:
                    5c:6a:5a:82:e0:12:2f:ed:4a:0f:4d:87:be:1c:fb:
                    f4:57:c4:98:d2:ba:77:b8:dd:ed:a9:ec:81:06:98:
                    6d:46:27:83:81:ef:aa:78:ea:c2:76:61:4c:fa:da:
                    ef:d6:24:5f:d2:fa:e1:43:61:4b:cb:27:f0:b5:40:
                    b9:fe:d6:93:c9:16:fc:c4:da:47:25:56:dd:9b:b9:
                    3d:50:99:dc:a1:ff:b4:f6:07:f9:9b:87:d1:8a:11:
                    7f:48:b8:6e:48:83:06:36:f3:50:52:0b:83:fa:91:
                    31:96:ba:f6:8b:3a:3e:05:8e:f2:22:0a:82:8f:af:
                    18:a9:e9:96:69:76:1c:ef:c4:7d:d8:d0:3a:99:89:
                    75:b3:b5:0b:a9:03:62:e1:a1:e5:97:99:6d:9f:d9:
                    4a:34:bf:4d:66:17:7f:78:57:93:cd:b6:83:22:00:
                    82:2e:e5:27:e3:4d:09:2f:9f:b2:6d:1a:cb:38:d8:
                    29:20:79:12:13:95:23:6e:c3:72:79:e3:16:00:07:
                    9b:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:3F:2A:EE:5D:90:B3:5F:5D:4B:F9:4D:88:4B:1A:70:32:6F:33:91
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/Wz8q7l2Qs19dS_lNiEsacDJvM5E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.59.254.0/24

    Signature Algorithm: sha256WithRSAEncryption
         43:a0:4c:82:63:6d:49:a3:d8:6b:92:be:f2:25:3e:f0:23:f3:
         fb:42:36:74:76:aa:f4:c8:30:2e:2d:0b:48:c7:f9:26:97:1f:
         76:8d:3d:34:36:0b:b1:76:f9:ed:b7:ee:ef:93:21:4d:6c:11:
         26:82:38:3a:09:6e:b9:af:e4:49:c8:15:25:49:cc:d5:79:28:
         dc:b5:36:66:e3:cf:9b:6e:c6:4b:3c:8b:88:5b:99:e3:3d:42:
         d4:f9:14:42:4b:40:68:30:2d:96:3b:fa:af:26:c6:80:bd:fb:
         8f:a6:76:20:ae:98:fc:cf:c0:a2:d1:15:19:36:d6:32:59:91:
         8b:db:1e:eb:34:3e:a2:c5:fc:6d:0d:2e:0c:cf:0d:42:6c:d8:
         a0:15:89:a8:0f:0f:56:e3:05:d4:49:2a:76:3e:8f:60:cb:b5:
         ab:7b:ac:e7:cb:69:cd:42:3f:37:a8:c0:f6:c5:9c:a9:d9:88:
         6b:95:c9:52:07:e7:9d:fe:19:83:78:0b:98:38:a8:ee:ed:d6:
         fd:83:57:01:da:00:f9:59:0f:ef:90:66:31:de:d2:c7:3e:7f:
         1a:77:40:ba:cf:41:f5:6b:c8:0a:5f:1a:69:70:ca:b3:42:87:
         9b:c9:d1:7d:55:39:09:d3:3a:8f:0c:e9:7c:b3:86:4b:5d:ac:
         cc:c8:14:62
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY1/Zwoi+TViAbQG9ZN2M0tKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjQwMjA2MTcxMTE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YjNmMmFlZTVkOTBiMzVmNWQ0YmY5NGQ4ODRiMWE3MDMyNmYzMzkxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2J0v3VuLAbzL+vTr1ZasKl01BrKU
VhQT2cCFHfHi6G1Bt8pbAOSTKk6JFR68TaLXwkWkc4Q2eS6JvHdcalqC4BIv7UoP
TYe+HPv0V8SY0rp3uN3tqeyBBphtRieDge+qeOrCdmFM+trv1iRf0vrhQ2FLyyfw
tUC5/taTyRb8xNpHJVbdm7k9UJncof+09gf5m4fRihF/SLhuSIMGNvNQUguD+pEx
lrr2izo+BY7yIgqCj68YqemWaXYc78R92NA6mYl1s7ULqQNi4aHll5ltn9lKNL9N
Zhd/eFeTzbaDIgCCLuUn400JL5+ybRrLONgpIHkSE5UjbsNyeeMWAAeb/wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFs/Ku5dkLNfXUv5TYhLGnAybzORMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvV3o4cTdsMlFzMTlkU19sTmlFc2FjREp2TTVFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAAjv+MA0G
CSqGSIb3DQEBCwUAA4IBAQBDoEyCY21Jo9hrkr7yJT7wI/P7QjZ0dqr0yDAuLQtI
x/kmlx92jT00Nguxdvntt+7vkyFNbBEmgjg6CW65r+RJyBUlSczVeSjctTZm48+b
bsZLPIuIW5njPULU+RRCS0BoMC2WO/qvJsaAvfuPpnYgrpj8z8Ci0RUZNtYyWZGL
2x7rND6ixfxtDS4Mzw1CbNigFYmoDw9W4wXUSSp2Po9gy7Wre6zny2nNQj83qMD2
xZyp2YhrlclSB+ed/hmDeAuYOKju7db9g1cB2gD5WQ/vkGYx3tLHPn8ad0C6z0H1
a8gKXxppcMqzQoebydF9VTkJ0zqPDOl8s4ZLXazMyBRi
-----END CERTIFICATE-----