Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/f5baa4-f670-4385-bc38-a4152558d18c/1/_WANcfhhjiAzfVgqQS3FMltiyvg.roa
File:                     _WANcfhhjiAzfVgqQS3FMltiyvg.roa (raw, json)
Hash identifier:          ZTZA1MUExGKXmI/mDjIKmQq3hU1y74GsCqFPybYwCjY=
Subject key identifier:   FD:60:0D:71:F8:61:8E:20:33:7D:58:2A:41:2D:C5:32:5B:62:CA:F8
Certificate issuer:       /CN=6506096695f7e6610b19b08e1d7fd9c4d914a4f0
Certificate serial:       018D17816B3DF62E836C62ECBF3FFE55B1B1
Authority key identifier: 65:06:09:66:95:F7:E6:61:0B:19:B0:8E:1D:7F:D9:C4:D9:14:A4:F0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZQYJZpX35mELGbCOHX_ZxNkUpPA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/f5baa4-f670-4385-bc38-a4152558d18c/1/_WANcfhhjiAzfVgqQS3FMltiyvg.roa
Signing time:             Wed 17 Jan 2024 12:59:34 +0000
ROA not before:           Wed 17 Jan 2024 12:59:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     0
IP address blocks:        45.89.163.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/f5baa4-f670-4385-bc38-a4152558d18c/1/ZQYJZpX35mELGbCOHX_ZxNkUpPA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/f5baa4-f670-4385-bc38-a4152558d18c/1/ZQYJZpX35mELGbCOHX_ZxNkUpPA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZQYJZpX35mELGbCOHX_ZxNkUpPA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 28 Apr 2024 01:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:17:81:6b:3d:f6:2e:83:6c:62:ec:bf:3f:fe:55:b1:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6506096695f7e6610b19b08e1d7fd9c4d914a4f0
        Validity
            Not Before: Jan 17 12:59:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fd600d71f8618e20337d582a412dc5325b62caf8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:aa:8f:74:e4:45:cf:8e:31:89:04:07:9d:09:
                    15:94:c2:43:1c:60:bb:1b:d9:20:69:46:e3:a7:45:
                    62:62:db:31:ec:fc:d0:2c:34:89:4d:cb:7d:98:2c:
                    0f:05:9d:a5:09:6f:0d:83:cd:73:a3:99:9f:41:cc:
                    2e:87:12:1c:7e:95:49:13:ad:32:24:10:75:e2:c1:
                    17:db:f2:f6:b7:3a:5b:82:66:6b:02:a2:ec:2a:40:
                    df:d4:a6:52:f9:bd:c1:f8:f5:77:71:bf:f9:59:97:
                    7b:8f:6e:d3:65:6a:04:e6:e4:6d:54:57:43:b1:22:
                    eb:54:b5:d7:e3:5f:81:67:f0:f9:a8:a8:64:48:ce:
                    5d:7b:b9:0e:84:24:c0:cb:fd:73:04:c1:81:e2:98:
                    f9:a9:d2:a7:22:f8:a7:f8:3a:1a:67:18:22:21:4e:
                    15:a4:9a:78:24:dc:5d:4b:21:49:5b:09:28:e0:35:
                    67:50:0d:50:7c:6a:42:13:6e:3b:3f:c9:2a:ac:19:
                    e6:b0:20:ab:26:d7:45:19:d3:87:89:e9:3d:e9:cc:
                    a1:76:a0:50:36:2d:f0:a1:e7:07:75:7b:36:23:8a:
                    b4:0b:41:fb:31:82:d2:cd:41:42:a6:b9:fe:33:79:
                    80:e0:a9:b5:46:86:59:21:75:ba:19:70:eb:81:94:
                    ac:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:60:0D:71:F8:61:8E:20:33:7D:58:2A:41:2D:C5:32:5B:62:CA:F8
            X509v3 Authority Key Identifier:
                keyid:65:06:09:66:95:F7:E6:61:0B:19:B0:8E:1D:7F:D9:C4:D9:14:A4:F0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZQYJZpX35mELGbCOHX_ZxNkUpPA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/f5baa4-f670-4385-bc38-a4152558d18c/1/_WANcfhhjiAzfVgqQS3FMltiyvg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/f5baa4-f670-4385-bc38-a4152558d18c/1/ZQYJZpX35mELGbCOHX_ZxNkUpPA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.89.163.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2c:e7:74:2e:9a:da:08:41:5b:10:b7:dc:0c:49:81:4f:60:86:
         f6:f3:f1:c9:41:87:23:ef:8b:e4:23:dc:3b:9b:79:a2:2d:d6:
         5b:fa:7c:49:a6:8f:73:80:bd:0e:56:2a:f0:f3:6b:ce:f1:67:
         ab:bb:f5:50:d1:b3:2c:1f:a5:a9:0b:f7:30:7d:1d:c4:44:65:
         22:d1:ce:49:e6:81:05:ca:66:ad:a8:b4:32:cc:db:86:5c:28:
         03:aa:24:ce:47:51:ce:38:ee:b4:8a:2f:35:79:9f:9c:a9:3e:
         29:63:75:eb:c7:c4:dc:30:48:1e:70:28:27:3b:42:fb:d4:76:
         9c:cf:74:bb:82:c2:9c:72:ed:4f:07:3b:93:2f:6e:b6:2a:02:
         1a:3e:46:7f:a3:b2:e5:db:33:29:37:0f:e4:62:77:aa:8f:02:
         1b:23:89:1c:e0:bf:06:7e:c8:b9:6d:15:db:9c:c9:21:73:f8:
         14:ad:18:02:53:68:95:23:9f:13:e2:b4:04:2f:b8:28:46:ba:
         fe:ab:48:d3:78:61:34:34:21:d3:74:bc:83:4b:db:03:64:4d:
         9d:75:6c:96:4b:bb:68:cb:5b:e3:4c:86:9f:53:c6:e5:9e:2f:
         20:ab:2f:fe:8a:29:ec:ac:fb:a1:12:0f:75:39:e5:db:93:8f:
         c4:4f:70:f4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY0XgWs99i6DbGLsvz/+VbGxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY1MDYwOTY2OTVmN2U2NjEwYjE5YjA4ZTFkN2ZkOWM0ZDkx
NGE0ZjAwHhcNMjQwMTE3MTI1OTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZDYwMGQ3MWY4NjE4ZTIwMzM3ZDU4MmE0MTJkYzUzMjViNjJjYWY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk6qPdORFz44xiQQHnQkVlMJDHGC7
G9kgaUbjp0ViYtsx7PzQLDSJTct9mCwPBZ2lCW8Ng81zo5mfQcwuhxIcfpVJE60y
JBB14sEX2/L2tzpbgmZrAqLsKkDf1KZS+b3B+PV3cb/5WZd7j27TZWoE5uRtVFdD
sSLrVLXX41+BZ/D5qKhkSM5de7kOhCTAy/1zBMGB4pj5qdKnIvin+DoaZxgiIU4V
pJp4JNxdSyFJWwko4DVnUA1QfGpCE247P8kqrBnmsCCrJtdFGdOHiek96cyhdqBQ
Ni3woecHdXs2I4q0C0H7MYLSzUFCprn+M3mA4Km1RoZZIXW6GXDrgZSs3wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP1gDXH4YY4gM31YKkEtxTJbYsr4MB8GA1UdIwQY
MBaAFGUGCWaV9+ZhCxmwjh1/2cTZFKTwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWlFZSlpwWDM1bUVMR2JDT0hYX1p4TmtVcFBBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi9mNWJhYTQtZjY3MC00Mzg1LWJjMzgt
YTQxNTI1NThkMThjLzEvX1dBTmNmaGhqaUF6ZlZncVFTM0ZNbHRpeXZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi9mNWJhYTQtZjY3MC00Mzg1LWJjMzgtYTQxNTI1NThkMThj
LzEvWlFZSlpwWDM1bUVMR2JDT0hYX1p4TmtVcFBBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALVmjMA0G
CSqGSIb3DQEBCwUAA4IBAQAs53QumtoIQVsQt9wMSYFPYIb28/HJQYcj74vkI9w7
m3miLdZb+nxJpo9zgL0OVirw82vO8Weru/VQ0bMsH6WpC/cwfR3ERGUi0c5J5oEF
ymatqLQyzNuGXCgDqiTOR1HOOO60ii81eZ+cqT4pY3Xrx8TcMEgecCgnO0L71Hac
z3S7gsKccu1PBzuTL262KgIaPkZ/o7Ll2zMpNw/kYneqjwIbI4kc4L8Gfsi5bRXb
nMkhc/gUrRgCU2iVI58T4rQEL7goRrr+q0jTeGE0NCHTdLyDS9sDZE2ddWyWS7to
y1vjTIafU8blni8gqy/+iinsrPuhEg91OeXbk4/ET3D0
-----END CERTIFICATE-----