Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/WRx8zJvL4HmBP1QLy3TFtAFsV64.roa
File:                     WRx8zJvL4HmBP1QLy3TFtAFsV64.roa (raw, json)
Hash identifier:          9J3OZlf8I6DhNfjk9aVlrcR6bzedetDI1qkl2qF+X2g=
Subject key identifier:   59:1C:7C:CC:9B:CB:E0:79:81:3F:54:0B:CB:74:C5:B4:01:6C:57:AE
Certificate issuer:       /CN=1b0415bfc43b38e9cfd1a12995202e8763752fde
Certificate serial:       018CC94E2C71DA20D309D3DDDD4CC7F90592
Authority key identifier: 1B:04:15:BF:C4:3B:38:E9:CF:D1:A1:29:95:20:2E:87:63:75:2F:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/WRx8zJvL4HmBP1QLy3TFtAFsV64.roa
Signing time:             Tue 02 Jan 2024 08:33:12 +0000
ROA not before:           Tue 02 Jan 2024 08:33:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3170
IP address blocks:        152.89.253.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 16:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:2c:71:da:20:d3:09:d3:dd:dd:4c:c7:f9:05:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1b0415bfc43b38e9cfd1a12995202e8763752fde
        Validity
            Not Before: Jan  2 08:33:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=591c7ccc9bcbe079813f540bcb74c5b4016c57ae
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:87:8c:11:70:4f:61:a3:f8:46:b7:2e:5b:82:
                    79:63:00:85:ab:bc:1e:53:ba:25:da:47:cd:b7:66:
                    e3:05:3b:48:f1:52:dd:df:a3:7e:f4:e5:3c:0d:c0:
                    80:b5:ed:00:2f:89:d8:ff:88:50:3f:15:b4:0c:f5:
                    0a:5f:31:34:ca:c7:3d:ce:bc:ab:ed:4d:42:40:3d:
                    41:32:2e:95:f7:ab:9b:8f:0d:2a:08:05:a8:19:ec:
                    ba:39:2a:72:b5:4a:47:0a:d2:e3:e6:07:1e:53:77:
                    2b:28:b0:5d:ae:5e:8d:9d:8c:3f:6d:04:ef:1c:0a:
                    8c:37:d5:24:48:77:a0:f7:7b:b8:49:ef:2a:5d:ef:
                    0e:0e:b2:2f:ab:6b:99:e6:56:f6:dd:c8:55:d7:a7:
                    04:95:83:68:d0:9a:0c:2a:2a:42:7a:1f:9e:0d:78:
                    33:3a:f0:8d:00:4a:f6:cf:8e:52:5c:78:36:02:20:
                    eb:76:4b:04:33:d0:94:cd:82:82:9c:c1:58:97:aa:
                    0c:2f:25:e4:31:71:cb:a9:0b:be:3c:b6:ce:41:ed:
                    81:85:5e:8e:57:17:f4:76:13:d5:b4:6c:04:a7:77:
                    b3:61:5d:98:73:a2:7d:e6:68:48:d5:f8:ee:a5:8f:
                    c6:21:74:67:77:9b:cf:8a:18:bb:c0:0a:6d:27:24:
                    ff:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:1C:7C:CC:9B:CB:E0:79:81:3F:54:0B:CB:74:C5:B4:01:6C:57:AE
            X509v3 Authority Key Identifier:
                keyid:1B:04:15:BF:C4:3B:38:E9:CF:D1:A1:29:95:20:2E:87:63:75:2F:DE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/WRx8zJvL4HmBP1QLy3TFtAFsV64.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  152.89.253.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2d:c5:f7:be:10:ff:d3:11:67:0e:2c:4a:41:94:1e:3a:09:af:
         95:0e:6b:07:3b:e1:bc:c7:84:b5:60:1b:c4:08:b1:3e:e5:a3:
         8c:89:f1:87:8f:d7:e7:e0:b9:47:4d:13:2c:cc:0c:fb:00:75:
         2f:f4:f5:0e:0e:09:31:be:78:62:d2:12:b2:43:33:7f:48:2b:
         d5:b1:63:92:4b:47:a6:3d:68:63:58:c2:1f:a6:72:3c:ba:13:
         07:1f:f8:66:7d:be:23:89:01:ca:64:3a:05:ce:8f:16:1d:ad:
         45:ac:1c:28:ef:3a:cc:8c:2f:c5:b3:55:ad:5e:f2:30:db:33:
         a2:79:4e:7b:ef:04:34:fb:01:ac:0c:24:5d:c0:df:c0:ef:7f:
         da:d6:a1:00:96:97:d6:c7:9e:3d:3b:4e:e1:51:0c:19:4b:5a:
         2d:6b:80:c5:d6:0e:9c:b2:f0:41:26:6f:09:f0:b3:92:44:85:
         0c:fd:6f:94:76:c6:79:73:c3:b5:9a:2d:01:b2:0a:24:54:04:
         c4:c2:02:af:49:2c:08:b6:7b:bc:32:72:01:b0:d7:94:c8:f1:
         b7:ea:d0:81:76:17:7f:35:47:4d:f5:75:80:2f:94:6a:e3:f4:
         72:55:ab:7a:61:d0:b0:0a:a5:4e:f9:3a:49:08:dd:83:89:04:
         c5:90:d1:f9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTixx2iDTCdPd3UzH+QWSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiMDQxNWJmYzQzYjM4ZTljZmQxYTEyOTk1MjAyZTg3NjM3
NTJmZGUwHhcNMjQwMTAyMDgzMzEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OTFjN2NjYzliY2JlMDc5ODEzZjU0MGJjYjc0YzViNDAxNmM1N2FlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArIeMEXBPYaP4RrcuW4J5YwCFq7we
U7ol2kfNt2bjBTtI8VLd36N+9OU8DcCAte0AL4nY/4hQPxW0DPUKXzE0ysc9zryr
7U1CQD1BMi6V96ubjw0qCAWoGey6OSpytUpHCtLj5gceU3crKLBdrl6NnYw/bQTv
HAqMN9UkSHeg93u4Se8qXe8ODrIvq2uZ5lb23chV16cElYNo0JoMKipCeh+eDXgz
OvCNAEr2z45SXHg2AiDrdksEM9CUzYKCnMFYl6oMLyXkMXHLqQu+PLbOQe2BhV6O
Vxf0dhPVtGwEp3ezYV2Yc6J95mhI1fjupY/GIXRnd5vPihi7wAptJyT/VwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFkcfMyby+B5gT9UC8t0xbQBbFeuMB8GA1UdIwQY
MBaAFBsEFb/EOzjpz9GhKZUgLodjdS/eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3dRVnY4UTdPT25QMGFFcGxTQXVoMk4xTDk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi8wOTQwODEtOGFlYi00MmJmLWE1Nzgt
YTNjYTBkYjgzMjU0LzEvV1J4OHpKdkw0SG1CUDFRTHkzVEZ0QUZzVjY0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi8wOTQwODEtOGFlYi00MmJmLWE1NzgtYTNjYTBkYjgzMjU0
LzEvR3dRVnY4UTdPT25QMGFFcGxTQXVoMk4xTDk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAmFn9MA0G
CSqGSIb3DQEBCwUAA4IBAQAtxfe+EP/TEWcOLEpBlB46Ca+VDmsHO+G8x4S1YBvE
CLE+5aOMifGHj9fn4LlHTRMszAz7AHUv9PUODgkxvnhi0hKyQzN/SCvVsWOSS0em
PWhjWMIfpnI8uhMHH/hmfb4jiQHKZDoFzo8WHa1FrBwo7zrMjC/Fs1WtXvIw2zOi
eU577wQ0+wGsDCRdwN/A73/a1qEAlpfWx549O07hUQwZS1ota4DF1g6csvBBJm8J
8LOSRIUM/W+UdsZ5c8O1mi0BsgokVATEwgKvSSwItnu8MnIBsNeUyPG36tCBdhd/
NUdN9XWAL5Rq4/RyVat6YdCwCqVO+TpJCN2DiQTFkNH5
-----END CERTIFICATE-----