Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/23/2f870e-2ba5-4b88-91a0-1d2348dbd036/1/WSDdcq-b3Opo4SUBpvtUwQwt9Gc.roa
File:                     WSDdcq-b3Opo4SUBpvtUwQwt9Gc.roa (raw, json)
Hash identifier:          mzGzuYgcDRFrln0q89jtFyAWQfpoOALi3y1yy9hBrco=
Subject key identifier:   59:20:DD:72:AF:9B:DC:EA:68:E1:25:01:A6:FB:54:C1:0C:2D:F4:67
Certificate issuer:       /CN=e3ac635fd45f5471c6c2c3fe45ef1bb4338bc279
Certificate serial:       018CC7941A34848C8FDB8BFC9EB1DBE3BA5F
Authority key identifier: E3:AC:63:5F:D4:5F:54:71:C6:C2:C3:FE:45:EF:1B:B4:33:8B:C2:79
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/46xjX9RfVHHGwsP-Re8btDOLwnk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/23/2f870e-2ba5-4b88-91a0-1d2348dbd036/1/WSDdcq-b3Opo4SUBpvtUwQwt9Gc.roa
Signing time:             Tue 02 Jan 2024 00:30:21 +0000
ROA not before:           Tue 02 Jan 2024 00:30:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     553
IP address blocks:        141.69.0.0/16 maxlen: 16

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/23/2f870e-2ba5-4b88-91a0-1d2348dbd036/1/46xjX9RfVHHGwsP-Re8btDOLwnk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/23/2f870e-2ba5-4b88-91a0-1d2348dbd036/1/46xjX9RfVHHGwsP-Re8btDOLwnk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/46xjX9RfVHHGwsP-Re8btDOLwnk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 00:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:1a:34:84:8c:8f:db:8b:fc:9e:b1:db:e3:ba:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e3ac635fd45f5471c6c2c3fe45ef1bb4338bc279
        Validity
            Not Before: Jan  2 00:30:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5920dd72af9bdcea68e12501a6fb54c10c2df467
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:bb:aa:3a:f5:1f:2e:cf:23:a7:ac:80:57:af:
                    84:57:dd:11:b6:2c:6b:9d:a7:5e:2e:34:d0:3c:b9:
                    bb:31:d8:6c:3d:de:64:74:75:62:ae:89:d0:d2:6d:
                    06:1d:db:91:5e:59:66:55:1c:75:2e:d9:56:b6:35:
                    8c:52:a0:f1:42:d5:72:5c:18:ef:de:e3:7f:ef:61:
                    60:f5:b9:04:69:1b:dc:f5:1c:af:dd:5f:e5:3a:43:
                    7d:fa:54:30:54:27:c3:81:3f:9e:8d:56:e1:d8:d7:
                    73:74:96:5e:67:bf:47:3c:d0:b6:63:da:e5:1c:6c:
                    51:80:21:55:48:31:5c:df:af:60:fe:2d:5e:c1:6a:
                    16:f9:ca:c3:fe:ed:29:78:1d:63:c5:5c:92:04:6a:
                    2f:38:c0:8b:53:32:be:29:4e:c2:42:ac:71:57:85:
                    bf:c4:0c:ad:80:db:44:ac:3d:30:24:44:83:74:da:
                    0e:b1:11:46:0e:77:37:d7:8c:d4:65:35:c2:62:f2:
                    d1:ad:42:83:b2:1d:7f:ae:36:08:a0:e8:b0:47:20:
                    1b:00:90:44:fd:c4:38:e3:e5:fe:3b:2b:57:24:14:
                    3c:ed:84:34:68:c3:ef:b4:1e:5a:35:7d:c7:a2:fc:
                    d6:b9:f2:11:4e:12:ae:78:00:de:c6:76:e3:21:29:
                    29:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:20:DD:72:AF:9B:DC:EA:68:E1:25:01:A6:FB:54:C1:0C:2D:F4:67
            X509v3 Authority Key Identifier:
                keyid:E3:AC:63:5F:D4:5F:54:71:C6:C2:C3:FE:45:EF:1B:B4:33:8B:C2:79

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/46xjX9RfVHHGwsP-Re8btDOLwnk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/23/2f870e-2ba5-4b88-91a0-1d2348dbd036/1/WSDdcq-b3Opo4SUBpvtUwQwt9Gc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/23/2f870e-2ba5-4b88-91a0-1d2348dbd036/1/46xjX9RfVHHGwsP-Re8btDOLwnk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.69.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         52:21:cf:d8:2d:51:fd:63:e0:89:48:02:f8:41:9f:b0:09:35:
         3b:81:c6:ac:2a:7f:5c:eb:ff:1b:98:03:c5:87:22:40:93:1a:
         05:42:40:af:bb:0a:2a:2a:94:30:0a:b6:0a:5d:11:e0:9c:35:
         b3:5b:b4:5b:c4:c0:02:42:2c:aa:03:10:54:36:94:e0:b9:6c:
         45:60:a4:68:97:21:84:ab:8a:6f:67:f2:15:eb:cd:d1:97:9a:
         59:00:88:39:54:a7:e0:49:f9:a4:95:c1:9a:5d:9d:7b:96:e9:
         e0:6d:c6:fe:ef:90:c1:7c:dc:e9:c3:db:0a:f4:2d:14:53:e7:
         ce:60:4a:3a:ee:ad:81:6a:70:6e:d5:8a:ee:62:67:5c:14:cf:
         46:ae:68:18:ea:9d:61:6b:88:80:27:81:a6:b6:57:c9:99:4d:
         13:3e:0f:d8:52:d9:86:ff:8b:45:09:ab:47:20:69:88:d3:8e:
         ea:4c:e4:2e:e6:ab:d5:e3:8d:75:56:2b:e7:8e:0e:45:c7:da:
         40:d0:bf:41:b1:b9:28:9a:62:86:38:d6:24:a1:fb:51:5c:b2:
         d5:24:e8:89:40:88:57:4b:c9:aa:6b:27:23:b6:66:3c:b8:36:
         d7:e8:85:1a:cd:bf:02:71:3d:34:38:17:f7:6b:ed:2e:a1:65:
         50:69:1c:07
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAYzHlBo0hIyP24v8nrHb47pfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUzYWM2MzVmZDQ1ZjU0NzFjNmMyYzNmZTQ1ZWYxYmI0MzM4
YmMyNzkwHhcNMjQwMTAyMDAzMDIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OTIwZGQ3MmFmOWJkY2VhNjhlMTI1MDFhNmZiNTRjMTBjMmRmNDY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsLuqOvUfLs8jp6yAV6+EV90Rtixr
nadeLjTQPLm7MdhsPd5kdHVironQ0m0GHduRXllmVRx1LtlWtjWMUqDxQtVyXBjv
3uN/72Fg9bkEaRvc9Ryv3V/lOkN9+lQwVCfDgT+ejVbh2NdzdJZeZ79HPNC2Y9rl
HGxRgCFVSDFc369g/i1ewWoW+crD/u0peB1jxVySBGovOMCLUzK+KU7CQqxxV4W/
xAytgNtErD0wJESDdNoOsRFGDnc314zUZTXCYvLRrUKDsh1/rjYIoOiwRyAbAJBE
/cQ44+X+OytXJBQ87YQ0aMPvtB5aNX3HovzWufIRThKueADexnbjISkpVwIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFFkg3XKvm9zqaOElAab7VMEMLfRnMB8GA1UdIwQY
MBaAFOOsY1/UX1RxxsLD/kXvG7Qzi8J5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNDZ4alg5UmZWSEhHd3NQLVJlOGJ0RE9Md25rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMy8yZjg3MGUtMmJhNS00Yjg4LTkxYTAt
MWQyMzQ4ZGJkMDM2LzEvV1NEZGNxLWIzT3BvNFNVQnB2dFV3UXd0OUdjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMy8yZjg3MGUtMmJhNS00Yjg4LTkxYTAtMWQyMzQ4ZGJkMDM2
LzEvNDZ4alg5UmZWSEhHd3NQLVJlOGJ0RE9Md25rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAjUUwDQYJ
KoZIhvcNAQELBQADggEBAFIhz9gtUf1j4IlIAvhBn7AJNTuBxqwqf1zr/xuYA8WH
IkCTGgVCQK+7CioqlDAKtgpdEeCcNbNbtFvEwAJCLKoDEFQ2lOC5bEVgpGiXIYSr
im9n8hXrzdGXmlkAiDlUp+BJ+aSVwZpdnXuW6eBtxv7vkMF83OnD2wr0LRRT585g
SjrurYFqcG7Viu5iZ1wUz0auaBjqnWFriIAngaa2V8mZTRM+D9hS2Yb/i0UJq0cg
aYjTjupM5C7mq9XjjXVWK+eODkXH2kDQv0GxuSiaYoY41iSh+1FcstUk6IlAiFdL
yaprJyO2Zjy4NtfohRrNvwJxPTQ4F/dr7S6hZVBpHAc=
-----END CERTIFICATE-----