Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/WRUsVkfnXHn7piBYQWbHh9qLgYU.roa
File:                     WRUsVkfnXHn7piBYQWbHh9qLgYU.roa (raw, json)
Hash identifier:          25KB/FTgSZrYuOeJGOuK/G+p9I9gzXWI5/rnb6Tobdk=
Subject key identifier:   59:15:2C:56:47:E7:5C:79:FB:A6:20:58:41:66:C7:87:DA:8B:81:85
Certificate issuer:       /CN=4f14112d05e9d876149d2778d48edaaa324db0a5
Certificate serial:       018CC7275C0F40DBA6B2C65C01C6662A29B6
Authority key identifier: 4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/WRUsVkfnXHn7piBYQWbHh9qLgYU.roa
Signing time:             Mon 01 Jan 2024 22:31:34 +0000
ROA not before:           Mon 01 Jan 2024 22:31:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216349
IP address blocks:        2a0f:9ac0::/29 maxlen: 30

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 10:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:5c:0f:40:db:a6:b2:c6:5c:01:c6:66:2a:29:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f14112d05e9d876149d2778d48edaaa324db0a5
        Validity
            Not Before: Jan  1 22:31:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=59152c5647e75c79fba620584166c787da8b8185
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:47:1e:22:d9:32:91:6b:62:41:40:1f:60:65:
                    ad:8f:d1:0b:da:fd:1a:17:6b:47:a4:24:b0:7c:9c:
                    1d:62:90:13:03:58:ed:e4:89:3a:d6:52:3c:08:97:
                    d5:94:b4:12:05:0c:39:71:57:76:52:c1:eb:95:95:
                    74:ae:41:68:fc:04:52:d9:44:4b:70:84:9d:35:d0:
                    cb:dd:ab:66:c1:c3:07:39:13:e1:87:c1:e3:33:95:
                    1e:2e:d2:4c:7b:39:2e:ff:30:47:a2:9b:04:e9:14:
                    60:59:cc:76:09:4c:9c:01:e2:86:48:37:16:c5:1a:
                    04:bb:be:11:d2:75:6b:72:3b:29:f7:d6:72:c0:76:
                    2c:c9:dd:57:a1:f9:81:28:6b:23:37:bf:35:10:29:
                    dd:81:dc:a2:11:3b:27:4e:57:13:13:4f:67:76:ea:
                    e3:13:92:fe:2b:9e:58:05:d8:60:2c:b7:b9:cb:8d:
                    35:0a:de:4e:06:9b:a3:9e:16:8e:d7:6b:f4:5e:c3:
                    58:2a:f5:84:27:66:92:8a:d3:29:86:0b:72:0b:4a:
                    e6:e4:0a:6a:1d:ee:5b:78:8d:78:1b:3b:27:2b:ec:
                    2b:b0:52:4c:35:39:6a:d9:ac:63:e7:dc:56:a1:26:
                    5e:70:a6:17:68:ed:5f:8b:92:a1:42:0b:2e:ee:84:
                    33:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:15:2C:56:47:E7:5C:79:FB:A6:20:58:41:66:C7:87:DA:8B:81:85
            X509v3 Authority Key Identifier:
                keyid:4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/WRUsVkfnXHn7piBYQWbHh9qLgYU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:9ac0::/29

    Signature Algorithm: sha256WithRSAEncryption
         4a:ea:83:9c:03:57:d7:e0:18:e5:fb:4c:2c:61:ce:8b:ec:fb:
         32:bb:b5:94:3a:e5:16:ba:d5:f5:5f:13:69:4d:55:c0:f2:d0:
         95:a5:e1:ad:b9:e1:43:75:92:ca:c8:4d:51:ff:b0:a7:b5:0f:
         3a:be:b3:34:2c:e3:1d:32:04:3f:bf:44:3b:87:83:2b:fa:0b:
         f2:fa:94:df:7e:8e:7e:b4:da:cc:5e:7a:ab:af:f5:bf:35:ca:
         05:89:17:ad:56:17:66:42:d1:09:60:45:91:ff:46:6d:a2:8a:
         71:82:7c:dc:de:90:be:0e:00:09:24:01:5b:2c:5f:34:49:97:
         9d:83:5c:90:cf:43:f2:46:7a:0e:d3:c9:6b:a9:89:db:66:a3:
         47:09:ec:16:84:6f:f0:34:bc:0a:b0:6e:90:15:d1:6e:0a:af:
         5a:44:57:dc:66:6a:27:70:c4:74:08:ee:90:fd:93:32:c8:71:
         31:6b:93:94:f5:d9:e4:67:c1:61:da:24:f5:94:8e:d7:00:3b:
         75:11:f5:cc:f5:85:61:28:c7:79:2d:c0:c6:11:9b:af:28:ed:
         72:6b:1e:cd:f1:f8:99:b1:ec:66:a3:be:9e:70:19:5c:b8:31:
         73:9c:bd:53:da:a5:67:e3:58:36:db:9f:1e:c5:d2:02:94:a4:
         fc:74:91:d7
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzHJ1wPQNumssZcAcZmKim2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMTQxMTJkMDVlOWQ4NzYxNDlkMjc3OGQ0OGVkYWFhMzI0
ZGIwYTUwHhcNMjQwMTAxMjIzMTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OTE1MmM1NjQ3ZTc1Yzc5ZmJhNjIwNTg0MTY2Yzc4N2RhOGI4MTg1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh0ceItkykWtiQUAfYGWtj9EL2v0a
F2tHpCSwfJwdYpATA1jt5Ik61lI8CJfVlLQSBQw5cVd2UsHrlZV0rkFo/ARS2URL
cISdNdDL3atmwcMHORPhh8HjM5UeLtJMezku/zBHopsE6RRgWcx2CUycAeKGSDcW
xRoEu74R0nVrcjsp99ZywHYsyd1XofmBKGsjN781ECndgdyiETsnTlcTE09ndurj
E5L+K55YBdhgLLe5y401Ct5OBpujnhaO12v0XsNYKvWEJ2aSitMphgtyC0rm5Apq
He5beI14GzsnK+wrsFJMNTlq2axj59xWoSZecKYXaO1fi5KhQgsu7oQzZQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFFkVLFZH51x5+6YgWEFmx4fai4GFMB8GA1UdIwQY
MBaAFE8UES0F6dh2FJ0neNSO2qoyTbClMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUt
YmFmYmRmYzgxMzJhLzEvV1JVc1ZrZm5YSG43cGlCWVFXYkhoOXFMZ1lVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUtYmFmYmRmYzgxMzJh
LzEvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKg+awDAN
BgkqhkiG9w0BAQsFAAOCAQEASuqDnANX1+AY5ftMLGHOi+z7Mru1lDrlFrrV9V8T
aU1VwPLQlaXhrbnhQ3WSyshNUf+wp7UPOr6zNCzjHTIEP79EO4eDK/oL8vqU336O
frTazF56q6/1vzXKBYkXrVYXZkLRCWBFkf9GbaKKcYJ83N6Qvg4ACSQBWyxfNEmX
nYNckM9D8kZ6DtPJa6mJ22ajRwnsFoRv8DS8CrBukBXRbgqvWkRX3GZqJ3DEdAju
kP2TMshxMWuTlPXZ5GfBYdok9ZSO1wA7dRH1zPWFYSjHeS3AxhGbryjtcmsezfH4
mbHsZqO+nnAZXLgxc5y9U9qlZ+NYNtufHsXSApSk/HSR1w==
-----END CERTIFICATE-----