Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/2a420d-9d0e-4ea8-95bc-f53d9e36e95a/1/WTTmJX383XcbjK0G6q-4_1L17ZI.roa
File:                     WTTmJX383XcbjK0G6q-4_1L17ZI.roa (raw, json)
Hash identifier:          mB24IiZx8StAkZrf/IiTz6By8vkkglkf3zCCCWNEP/Y=
Subject key identifier:   59:34:E6:25:7D:FC:DD:77:1B:8C:AD:06:EA:AF:B8:FF:52:F5:ED:92
Certificate issuer:       /CN=b714595c50c351921b0de9a57540a15e5c1c618a
Certificate serial:       018CC94E60885380B8189860F17A78F81E59
Authority key identifier: B7:14:59:5C:50:C3:51:92:1B:0D:E9:A5:75:40:A1:5E:5C:1C:61:8A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/txRZXFDDUZIbDemldUChXlwcYYo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/2a420d-9d0e-4ea8-95bc-f53d9e36e95a/1/WTTmJX383XcbjK0G6q-4_1L17ZI.roa
Signing time:             Tue 02 Jan 2024 08:33:26 +0000
ROA not before:           Tue 02 Jan 2024 08:33:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47753
IP address blocks:        185.138.167.0/24 maxlen: 24
                          2a11:c0::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/2a420d-9d0e-4ea8-95bc-f53d9e36e95a/1/txRZXFDDUZIbDemldUChXlwcYYo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/2a420d-9d0e-4ea8-95bc-f53d9e36e95a/1/txRZXFDDUZIbDemldUChXlwcYYo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/txRZXFDDUZIbDemldUChXlwcYYo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 20:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:60:88:53:80:b8:18:98:60:f1:7a:78:f8:1e:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b714595c50c351921b0de9a57540a15e5c1c618a
        Validity
            Not Before: Jan  2 08:33:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5934e6257dfcdd771b8cad06eaafb8ff52f5ed92
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:cb:8b:05:5a:6d:e6:ca:03:bc:a5:15:97:3d:
                    65:b0:7e:d6:eb:13:b1:66:89:be:35:7f:18:8f:b4:
                    f6:9a:65:63:aa:77:89:6c:96:7c:cf:51:f4:63:3d:
                    97:29:ca:59:0d:c3:e3:31:bc:d9:8b:49:30:27:04:
                    20:63:41:ce:dd:c2:a1:39:0d:43:fa:ba:c1:d3:56:
                    70:cf:b5:e6:2f:c1:9d:67:73:7e:70:8b:12:c3:d7:
                    8d:36:2e:d2:35:90:8e:a1:96:28:39:1f:69:f6:d8:
                    6e:4d:79:c4:cc:6c:d2:f7:5f:84:53:24:de:5c:ac:
                    b2:d1:92:7c:91:7f:5f:84:00:25:82:a1:bf:f7:73:
                    7e:25:45:df:5e:27:89:b5:c2:31:40:bc:9f:3f:50:
                    7e:fe:72:4f:76:29:7d:13:27:0b:c2:aa:2e:02:dd:
                    6c:0b:18:80:ed:41:d0:2a:2b:2f:70:28:c3:f1:62:
                    a4:29:d8:e1:43:61:d7:7d:e8:02:8a:7a:88:8a:2b:
                    eb:bf:ad:72:94:7c:a8:7b:75:9d:80:ff:33:70:02:
                    fa:e5:3f:13:2c:3b:d0:a9:e6:48:87:25:6f:f7:bc:
                    66:40:26:73:6a:2d:71:2e:4b:0a:53:ce:2a:44:e4:
                    7b:42:26:ca:31:b6:71:ed:ef:55:42:f1:1a:c3:f3:
                    a0:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:34:E6:25:7D:FC:DD:77:1B:8C:AD:06:EA:AF:B8:FF:52:F5:ED:92
            X509v3 Authority Key Identifier:
                keyid:B7:14:59:5C:50:C3:51:92:1B:0D:E9:A5:75:40:A1:5E:5C:1C:61:8A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/txRZXFDDUZIbDemldUChXlwcYYo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/2a420d-9d0e-4ea8-95bc-f53d9e36e95a/1/WTTmJX383XcbjK0G6q-4_1L17ZI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/2a420d-9d0e-4ea8-95bc-f53d9e36e95a/1/txRZXFDDUZIbDemldUChXlwcYYo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.138.167.0/24
                IPv6:
                  2a11:c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         7f:06:66:b1:dd:c3:96:f7:bd:ca:87:a4:3e:7c:d4:c9:47:c1:
         b9:e5:0e:ae:ce:11:91:98:8c:33:48:56:7c:47:70:39:d7:c2:
         26:d1:27:e5:be:d0:76:09:d6:00:b4:ce:3c:f2:12:3a:18:cf:
         e7:24:23:e2:33:5d:fe:7e:51:ab:3c:1d:76:fd:a2:bf:1e:72:
         77:fa:7f:87:61:2c:38:4b:06:43:59:c4:7d:ff:41:09:dc:5a:
         65:34:c4:f0:50:72:49:04:13:51:21:95:aa:99:ff:c8:69:df:
         11:74:04:2f:39:82:08:36:ea:a9:86:60:04:9e:3b:ce:89:7f:
         84:30:c2:c1:62:e9:48:3f:51:14:9a:8b:a7:e0:5a:d5:d6:54:
         b9:d2:09:3b:a6:81:83:8a:b4:c4:6c:66:75:66:ab:2b:fa:74:
         22:8a:95:5a:ba:50:2c:09:6f:51:af:3f:7e:c9:73:fd:37:68:
         24:89:cb:38:12:06:9a:b4:3a:4b:db:14:19:52:46:29:dc:b0:
         82:02:58:99:82:1c:93:c4:e7:76:0b:9d:9a:40:a5:41:cf:6b:
         eb:45:47:50:b6:56:be:cf:94:99:d2:d8:21:db:65:50:6c:d9:
         45:58:43:a1:d3:b5:74:54:1e:8c:e5:fd:cf:68:6b:71:90:dd:
         81:af:3d:e1
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzJTmCIU4C4GJhg8Xp4+B5ZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI3MTQ1OTVjNTBjMzUxOTIxYjBkZTlhNTc1NDBhMTVlNWMx
YzYxOGEwHhcNMjQwMTAyMDgzMzI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OTM0ZTYyNTdkZmNkZDc3MWI4Y2FkMDZlYWFmYjhmZjUyZjVlZDkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm8uLBVpt5soDvKUVlz1lsH7W6xOx
Zom+NX8Yj7T2mmVjqneJbJZ8z1H0Yz2XKcpZDcPjMbzZi0kwJwQgY0HO3cKhOQ1D
+rrB01Zwz7XmL8GdZ3N+cIsSw9eNNi7SNZCOoZYoOR9p9thuTXnEzGzS91+EUyTe
XKyy0ZJ8kX9fhAAlgqG/93N+JUXfXieJtcIxQLyfP1B+/nJPdil9EycLwqouAt1s
CxiA7UHQKisvcCjD8WKkKdjhQ2HXfegCinqIiivrv61ylHyoe3WdgP8zcAL65T8T
LDvQqeZIhyVv97xmQCZzai1xLksKU84qROR7QibKMbZx7e9VQvEaw/OgEwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFFk05iV9/N13G4ytBuqvuP9S9e2SMB8GA1UdIwQY
MBaAFLcUWVxQw1GSGw3ppXVAoV5cHGGKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdHhSWlhGRERVWkliRGVtbGRVQ2hYbHdjWVlvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi8yYTQyMGQtOWQwZS00ZWE4LTk1YmMt
ZjUzZDllMzZlOTVhLzEvV1RUbUpYMzgzWGNiakswRzZxLTRfMUwxN1pJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi8yYTQyMGQtOWQwZS00ZWE4LTk1YmMtZjUzZDllMzZlOTVh
LzEvdHhSWlhGRERVWkliRGVtbGRVQ2hYbHdjWVlvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAuYqnMA0E
AgACMAcDBQMqEQDAMA0GCSqGSIb3DQEBCwUAA4IBAQB/Bmax3cOW973Kh6Q+fNTJ
R8G55Q6uzhGRmIwzSFZ8R3A518Im0SflvtB2CdYAtM488hI6GM/nJCPiM13+flGr
PB12/aK/HnJ3+n+HYSw4SwZDWcR9/0EJ3FplNMTwUHJJBBNRIZWqmf/Iad8RdAQv
OYIINuqphmAEnjvOiX+EMMLBYulIP1EUmoun4FrV1lS50gk7poGDirTEbGZ1Zqsr
+nQiipVaulAsCW9Rrz9+yXP9N2gkics4EgaatDpL2xQZUkYp3LCCAliZghyTxOd2
C52aQKVBz2vrRUdQtla+z5SZ0tgh22VQbNlFWEOh07V0VB6M5f3PaGtxkN2Brz3h
-----END CERTIFICATE-----