Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/WXvmMq3fiEIUn3rM-dCLfxq3_p0.roa
File:                     WXvmMq3fiEIUn3rM-dCLfxq3_p0.roa (raw, json)
Hash identifier:          bVhNriLNTc8n5lot0xkewffYnYSB0iRBG7uuVjZjkyI=
Subject key identifier:   59:7B:E6:32:AD:DF:88:42:14:9F:7A:CC:F9:D0:8B:7F:1A:B7:FE:9D
Certificate issuer:       /CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
Certificate serial:       018CC4256FF6341ACD0402FAA0B2332E9DCB
Authority key identifier: B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/WXvmMq3fiEIUn3rM-dCLfxq3_p0.roa
Signing time:             Mon 01 Jan 2024 08:30:37 +0000
ROA not before:           Mon 01 Jan 2024 08:30:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210977
IP address blocks:        2a0e:c7c1::/45 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 16 May 2024 23:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:6f:f6:34:1a:cd:04:02:fa:a0:b2:33:2e:9d:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
        Validity
            Not Before: Jan  1 08:30:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=597be632addf8842149f7accf9d08b7f1ab7fe9d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:0b:c0:c4:7e:da:65:7e:5e:cc:70:e7:b5:04:
                    ed:c2:36:16:9e:2c:ec:a4:14:3d:c3:ad:ab:eb:37:
                    68:3c:60:4a:8f:b1:5f:f2:04:70:4a:fc:f2:e9:9c:
                    6c:35:7e:50:e7:f8:47:e1:0c:86:40:d1:fd:ee:5f:
                    42:44:cd:57:75:ca:29:3f:7d:ec:8a:db:18:f2:fa:
                    57:54:b1:6b:2b:0c:c1:70:f2:ea:1a:c4:cc:7a:18:
                    06:45:f3:5b:75:4c:8e:ff:b7:ab:34:c7:38:85:b0:
                    8a:84:52:42:ec:be:e9:55:89:4f:93:fc:11:f5:ad:
                    dc:5a:b2:b9:90:18:59:92:b5:21:95:18:79:ae:49:
                    38:bd:5a:30:67:2d:5c:3f:e9:0f:7a:51:fc:88:78:
                    74:30:72:60:7c:a4:d0:1e:29:5e:58:ed:5c:23:13:
                    d7:b5:49:fa:65:2c:65:9b:2e:e9:0c:19:b2:30:80:
                    ab:70:99:93:59:e3:d8:ad:34:43:e8:26:cb:2f:7d:
                    bb:14:44:a6:c7:d3:29:bc:e6:2e:98:48:10:59:fe:
                    17:51:7b:6a:9f:78:ed:45:81:f9:3c:f8:a7:d0:23:
                    b4:7b:7f:ed:06:98:69:15:b5:8a:2b:ed:aa:d1:f8:
                    c2:01:74:03:0a:a4:b2:c6:59:74:8b:a8:e7:d9:08:
                    77:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:7B:E6:32:AD:DF:88:42:14:9F:7A:CC:F9:D0:8B:7F:1A:B7:FE:9D
            X509v3 Authority Key Identifier:
                keyid:B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/WXvmMq3fiEIUn3rM-dCLfxq3_p0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:c7c1::/45

    Signature Algorithm: sha256WithRSAEncryption
         c1:b1:7d:95:bc:82:b4:18:ea:37:76:6f:81:fc:70:b9:82:46:
         62:cf:f3:d6:fd:4d:9d:01:a3:22:71:be:7e:63:0e:42:37:65:
         ef:ea:89:20:87:06:4d:72:cd:42:fb:fc:6d:f1:a5:3b:54:65:
         52:d4:29:cd:8f:77:10:4c:9b:72:84:72:8b:93:18:43:b5:ac:
         fa:4c:2b:14:c8:7b:66:62:8a:8d:d5:7a:48:8e:c0:39:b0:43:
         8b:a9:93:d6:0a:eb:a8:0d:d9:54:20:2d:43:38:e3:ba:5c:2c:
         b1:38:5a:9e:58:7d:07:5b:0e:47:b2:29:a3:4a:9c:6f:8c:c4:
         77:7d:03:bd:e6:4d:d8:a2:43:01:c4:0b:36:01:89:dd:61:b7:
         f0:de:a6:5e:c3:22:e2:cc:2f:6d:9e:24:c0:09:74:c1:ee:bc:
         43:98:7e:94:a8:e5:cf:09:20:91:69:97:5f:01:3d:a2:c1:f6:
         6a:90:0e:d5:12:87:a1:f5:e3:96:32:32:64:7c:08:d8:e1:88:
         5d:96:fc:5d:a1:e8:ee:2b:0a:ee:bf:c9:e3:f8:03:e5:94:af:
         f2:f0:b4:99:88:a4:4c:d8:6a:c7:bf:04:a7:4a:05:ab:ef:f4:
         1a:08:b2:1f:c0:c6:28:39:68:4b:99:37:63:52:91:cf:49:4f:
         97:2c:96:a2
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzEJW/2NBrNBAL6oLIzLp3LMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxYTdiMGQ4ZGU4MjUxZDM2ZDdjODNmYWY2YmM3ZWZlYzcz
YjUwMzQwHhcNMjQwMTAxMDgzMDM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OTdiZTYzMmFkZGY4ODQyMTQ5ZjdhY2NmOWQwOGI3ZjFhYjdmZTlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiAvAxH7aZX5ezHDntQTtwjYWnizs
pBQ9w62r6zdoPGBKj7Ff8gRwSvzy6ZxsNX5Q5/hH4QyGQNH97l9CRM1XdcopP33s
itsY8vpXVLFrKwzBcPLqGsTMehgGRfNbdUyO/7erNMc4hbCKhFJC7L7pVYlPk/wR
9a3cWrK5kBhZkrUhlRh5rkk4vVowZy1cP+kPelH8iHh0MHJgfKTQHileWO1cIxPX
tUn6ZSxlmy7pDBmyMICrcJmTWePYrTRD6CbLL327FESmx9MpvOYumEgQWf4XUXtq
n3jtRYH5PPin0CO0e3/tBphpFbWKK+2q0fjCAXQDCqSyxll0i6jn2Qh3XwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFFl75jKt34hCFJ96zPnQi38at/6dMB8GA1UdIwQY
MBaAFLGnsNjeglHTbXyD+va8fv7HO1A0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2It
Mzk0YWNkMjFmMzliLzEvV1h2bU1xM2ZpRUlVbjNyTS1kQ0xmeHEzX3AwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2ItMzk0YWNkMjFmMzli
LzEvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcDKg7HwQAA
MA0GCSqGSIb3DQEBCwUAA4IBAQDBsX2VvIK0GOo3dm+B/HC5gkZiz/PW/U2dAaMi
cb5+Yw5CN2Xv6okghwZNcs1C+/xt8aU7VGVS1CnNj3cQTJtyhHKLkxhDtaz6TCsU
yHtmYoqN1XpIjsA5sEOLqZPWCuuoDdlUIC1DOOO6XCyxOFqeWH0HWw5HsimjSpxv
jMR3fQO95k3YokMBxAs2AYndYbfw3qZewyLizC9tniTACXTB7rxDmH6UqOXPCSCR
aZdfAT2iwfZqkA7VEoeh9eOWMjJkfAjY4YhdlvxdoejuKwruv8nj+APllK/y8LSZ
iKRM2GrHvwSnSgWr7/QaCLIfwMYoOWhLmTdjUpHPSU+XLJai
-----END CERTIFICATE-----