Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/14/29de46-c2e9-48fb-92d4-b7a564afb04b/1/wTq9h-B6CKL7HwSzqSqZfgyapn4.roa
File:                     wTq9h-B6CKL7HwSzqSqZfgyapn4.roa (raw, json)
Hash identifier:          tkunY69xvfGAFQLit5PtlXW3MMfwryx2Qpenxl86QoY=
Subject key identifier:   C1:3A:BD:87:E0:7A:08:A2:FB:1F:04:B3:A9:2A:99:7E:0C:9A:A6:7E
Certificate issuer:       /CN=e56cd578f42f8de067236767c6cfc2bacbc16e05
Certificate serial:       018CCA2A80DF8C31C51E510A8A456541D37C
Authority key identifier: E5:6C:D5:78:F4:2F:8D:E0:67:23:67:67:C6:CF:C2:BA:CB:C1:6E:05
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5WzVePQvjeBnI2dnxs_CusvBbgU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/14/29de46-c2e9-48fb-92d4-b7a564afb04b/1/wTq9h-B6CKL7HwSzqSqZfgyapn4.roa
Signing time:             Tue 02 Jan 2024 12:33:52 +0000
ROA not before:           Tue 02 Jan 2024 12:33:52 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61418
IP address blocks:        195.206.236.0/24 maxlen: 24
                          2a10:2cc0::/29 maxlen: 64

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/14/29de46-c2e9-48fb-92d4-b7a564afb04b/1/5WzVePQvjeBnI2dnxs_CusvBbgU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/14/29de46-c2e9-48fb-92d4-b7a564afb04b/1/5WzVePQvjeBnI2dnxs_CusvBbgU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5WzVePQvjeBnI2dnxs_CusvBbgU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 04:02:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:80:df:8c:31:c5:1e:51:0a:8a:45:65:41:d3:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e56cd578f42f8de067236767c6cfc2bacbc16e05
        Validity
            Not Before: Jan  2 12:33:52 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c13abd87e07a08a2fb1f04b3a92a997e0c9aa67e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:9b:7c:3f:b3:c5:92:0a:c1:f4:1f:b5:77:ee:
                    17:a8:6a:92:05:46:8f:47:3a:1b:e4:fa:bc:3e:5b:
                    ae:99:37:05:1c:70:47:ab:09:96:59:98:80:51:a5:
                    0a:37:30:6c:16:4b:36:8e:00:6d:ff:d4:ff:a3:7b:
                    3e:89:91:4e:88:f9:15:5b:a5:16:9c:06:72:12:fc:
                    4c:a0:f2:ba:98:ec:de:00:76:0c:44:8d:c2:02:e6:
                    53:33:cb:25:60:33:cb:b5:84:78:52:2d:9d:96:89:
                    73:3a:a3:0c:0d:2b:3f:6e:9e:67:74:f2:63:99:49:
                    d7:36:96:20:84:95:68:64:17:09:13:81:46:fa:3e:
                    98:80:01:75:a7:00:c1:eb:81:36:ab:bd:91:d3:c3:
                    34:55:ce:5a:85:ab:1c:64:47:63:3a:17:37:5c:36:
                    10:3d:20:8d:ca:d3:d5:0e:75:1e:2d:9b:f3:b0:06:
                    b0:a7:75:e3:42:86:7f:5a:88:32:03:cb:c9:f7:bb:
                    2d:53:b7:a5:96:9e:1c:ba:ac:27:09:53:ad:ab:c9:
                    4d:15:a1:04:83:ef:f2:b4:aa:9c:a2:ba:6e:27:4e:
                    0a:4a:69:ef:d4:0c:74:34:73:6e:17:0d:58:b4:ca:
                    41:bc:27:e8:92:8b:78:60:b0:35:f5:34:7c:27:d8:
                    de:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:3A:BD:87:E0:7A:08:A2:FB:1F:04:B3:A9:2A:99:7E:0C:9A:A6:7E
            X509v3 Authority Key Identifier:
                keyid:E5:6C:D5:78:F4:2F:8D:E0:67:23:67:67:C6:CF:C2:BA:CB:C1:6E:05

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5WzVePQvjeBnI2dnxs_CusvBbgU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/14/29de46-c2e9-48fb-92d4-b7a564afb04b/1/wTq9h-B6CKL7HwSzqSqZfgyapn4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/14/29de46-c2e9-48fb-92d4-b7a564afb04b/1/5WzVePQvjeBnI2dnxs_CusvBbgU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.206.236.0/24
                IPv6:
                  2a10:2cc0::/29

    Signature Algorithm: sha256WithRSAEncryption
         8c:bf:53:8f:9c:c9:bc:71:c9:18:b3:38:78:75:f9:9d:aa:a9:
         c9:4c:df:10:0c:46:ee:06:aa:11:39:65:0f:22:4f:74:2c:57:
         ba:2d:d9:87:a1:2c:6e:41:e7:e9:db:21:55:61:79:f7:32:88:
         86:1c:8c:35:12:ec:f0:bb:4d:7e:d6:8b:8b:28:aa:50:d4:6e:
         79:c1:48:72:72:5e:78:79:85:d4:db:e6:b1:fb:82:28:c8:a8:
         ec:94:28:64:98:ae:c1:8c:b1:38:8d:9e:db:f2:fe:c0:74:a3:
         f2:b5:f7:a2:eb:74:65:b3:69:91:b1:28:92:03:01:c2:26:65:
         88:b3:e8:99:35:d0:69:a8:ce:2a:ee:bc:c6:6d:dd:07:84:b9:
         e5:bc:5a:c6:33:c1:1d:80:a9:57:97:c2:a7:d9:6f:38:5a:2e:
         92:b7:fd:00:0a:03:a0:27:3c:94:92:44:29:92:5f:b9:5a:1d:
         f8:9c:35:b6:ad:ab:82:cf:37:0e:9b:6e:bb:c4:f1:66:9b:19:
         02:7b:3f:08:08:9c:7a:30:7a:28:13:bd:a2:8c:1e:e4:2d:9d:
         06:0b:99:d9:d4:28:07:02:0d:18:e4:5f:a8:45:2d:c9:92:27:
         8d:09:be:2d:cd:e4:40:c0:dc:a6:3b:56:eb:d1:27:a9:ed:a5:
         bd:55:db:e6
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzKKoDfjDHFHlEKikVlQdN8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU1NmNkNTc4ZjQyZjhkZTA2NzIzNjc2N2M2Y2ZjMmJhY2Jj
MTZlMDUwHhcNMjQwMTAyMTIzMzUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMTNhYmQ4N2UwN2EwOGEyZmIxZjA0YjNhOTJhOTk3ZTBjOWFhNjdlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo5t8P7PFkgrB9B+1d+4XqGqSBUaP
Rzob5Pq8PluumTcFHHBHqwmWWZiAUaUKNzBsFks2jgBt/9T/o3s+iZFOiPkVW6UW
nAZyEvxMoPK6mOzeAHYMRI3CAuZTM8slYDPLtYR4Ui2dlolzOqMMDSs/bp5ndPJj
mUnXNpYghJVoZBcJE4FG+j6YgAF1pwDB64E2q72R08M0Vc5ahascZEdjOhc3XDYQ
PSCNytPVDnUeLZvzsAawp3XjQoZ/WogyA8vJ97stU7ellp4cuqwnCVOtq8lNFaEE
g+/ytKqcorpuJ04KSmnv1Ax0NHNuFw1YtMpBvCfokot4YLA19TR8J9jeZQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFME6vYfgegii+x8Es6kqmX4MmqZ+MB8GA1UdIwQY
MBaAFOVs1Xj0L43gZyNnZ8bPwrrLwW4FMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNVd6VmVQUXZqZUJuSTJkbnhzX0N1c3ZCYmdVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNC8yOWRlNDYtYzJlOS00OGZiLTkyZDQt
YjdhNTY0YWZiMDRiLzEvd1RxOWgtQjZDS0w3SHdTenFTcVpmZ3lhcG40LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNC8yOWRlNDYtYzJlOS00OGZiLTkyZDQtYjdhNTY0YWZiMDRi
LzEvNVd6VmVQUXZqZUJuSTJkbnhzX0N1c3ZCYmdVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAw87sMA0E
AgACMAcDBQMqECzAMA0GCSqGSIb3DQEBCwUAA4IBAQCMv1OPnMm8cckYszh4dfmd
qqnJTN8QDEbuBqoROWUPIk90LFe6LdmHoSxuQefp2yFVYXn3MoiGHIw1Euzwu01+
1ouLKKpQ1G55wUhycl54eYXU2+ax+4IoyKjslChkmK7BjLE4jZ7b8v7AdKPytfei
63Rls2mRsSiSAwHCJmWIs+iZNdBpqM4q7rzGbd0HhLnlvFrGM8EdgKlXl8Kn2W84
Wi6St/0ACgOgJzyUkkQpkl+5Wh34nDW2rauCzzcOm267xPFmmxkCez8ICJx6MHoo
E72ijB7kLZ0GC5nZ1CgHAg0Y5F+oRS3JkieNCb4tzeRAwNymO1br0Sep7aW9Vdvm
-----END CERTIFICATE-----