Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a/e26d9c-d851-4a69-95f9-1504ea53e255/1/WENmDQt50o44o-X81ShD6U0cSiY.roa
File:                     WENmDQt50o44o-X81ShD6U0cSiY.roa (raw, json)
Hash identifier:          2t+ZM/g7DAg28KUr0aKeZ2EFhSpP8TLGnpPD+xoburg=
Subject key identifier:   58:43:66:0D:0B:79:D2:8E:38:A3:E5:FC:D5:28:43:E9:4D:1C:4A:26
Certificate issuer:       /CN=70ad353cc1a0d16d5e8e14a37575a6f3d60563f8
Certificate serial:       018CC94DBC8A75A611CA17A80E19C3CB3A22
Authority key identifier: 70:AD:35:3C:C1:A0:D1:6D:5E:8E:14:A3:75:75:A6:F3:D6:05:63:F8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cK01PMGg0W1ejhSjdXWm89YFY_g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2a/e26d9c-d851-4a69-95f9-1504ea53e255/1/WENmDQt50o44o-X81ShD6U0cSiY.roa
Signing time:             Tue 02 Jan 2024 08:32:44 +0000
ROA not before:           Tue 02 Jan 2024 08:32:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51134
IP address blocks:        2a01:430:11::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2a/e26d9c-d851-4a69-95f9-1504ea53e255/1/cK01PMGg0W1ejhSjdXWm89YFY_g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2a/e26d9c-d851-4a69-95f9-1504ea53e255/1/cK01PMGg0W1ejhSjdXWm89YFY_g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cK01PMGg0W1ejhSjdXWm89YFY_g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:bc:8a:75:a6:11:ca:17:a8:0e:19:c3:cb:3a:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=70ad353cc1a0d16d5e8e14a37575a6f3d60563f8
        Validity
            Not Before: Jan  2 08:32:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5843660d0b79d28e38a3e5fcd52843e94d1c4a26
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:0d:af:9a:9f:0a:71:0f:ae:82:65:33:12:4f:
                    25:c8:78:82:92:0b:ba:77:ca:38:1f:31:b0:8f:13:
                    f8:4e:91:d4:7f:54:73:84:00:2b:67:fc:1f:10:53:
                    a7:2f:4f:e2:15:71:a8:a8:3a:04:66:12:8c:72:d9:
                    05:5c:99:b2:81:72:e6:3e:f3:b1:7d:8f:0f:4b:c1:
                    1c:d9:06:63:86:42:40:0a:6b:ee:b7:5d:8b:3d:74:
                    d3:7f:5d:55:e1:42:b8:be:be:e1:54:21:b7:6d:04:
                    7b:15:b3:af:94:dd:57:ce:c1:37:91:de:f1:75:e6:
                    ef:ce:36:fc:69:91:6d:ee:8c:10:8e:5b:e8:eb:0e:
                    33:d0:55:c7:85:db:a5:76:82:12:a8:da:ab:20:14:
                    02:29:16:6c:9e:43:c2:ed:31:da:42:0b:54:84:9e:
                    2a:54:69:b0:05:2d:dd:11:36:96:76:21:f6:fb:ee:
                    53:58:8b:5c:d8:d3:d0:6b:2c:40:57:93:ea:4f:32:
                    5f:06:4f:27:55:c4:e4:a7:37:fc:39:3f:2e:0a:5b:
                    b5:97:d0:79:51:51:d2:8e:73:31:3d:3c:72:e8:13:
                    3f:17:bb:4a:46:d7:51:47:dc:3d:bc:ab:79:d9:ce:
                    09:4a:f5:19:04:6f:75:0d:c0:eb:43:39:09:ba:45:
                    1f:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:43:66:0D:0B:79:D2:8E:38:A3:E5:FC:D5:28:43:E9:4D:1C:4A:26
            X509v3 Authority Key Identifier:
                keyid:70:AD:35:3C:C1:A0:D1:6D:5E:8E:14:A3:75:75:A6:F3:D6:05:63:F8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cK01PMGg0W1ejhSjdXWm89YFY_g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/e26d9c-d851-4a69-95f9-1504ea53e255/1/WENmDQt50o44o-X81ShD6U0cSiY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/e26d9c-d851-4a69-95f9-1504ea53e255/1/cK01PMGg0W1ejhSjdXWm89YFY_g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:430:11::/48

    Signature Algorithm: sha256WithRSAEncryption
         2b:a7:f5:fe:dd:a2:2a:b3:3e:8c:c1:e3:03:5b:59:cb:e3:c3:
         e8:3b:ce:46:b2:e0:b8:0c:1b:57:6c:36:c8:ed:c3:00:50:20:
         fc:a9:5a:50:37:9f:59:1a:68:2a:b6:58:f8:a9:b1:3c:9d:bc:
         dd:2b:4d:1c:e1:33:f7:14:74:38:6d:3f:47:03:9d:e3:7a:96:
         b9:d6:74:05:d9:06:f6:a3:c9:ff:71:46:4e:0b:40:51:59:9d:
         dd:de:fc:9d:62:1d:fe:9f:f0:48:54:57:68:9c:71:78:45:15:
         81:0a:ec:ca:f2:e8:28:85:6b:8e:1b:27:0b:72:37:b4:5b:ed:
         fc:cd:99:2c:54:76:2c:83:80:c3:e3:b7:84:77:90:c6:c0:bc:
         52:b7:ed:b5:67:7a:b9:e2:1f:cb:db:c9:43:73:0d:a0:5c:c7:
         54:b5:1f:a5:8d:8c:da:47:56:79:41:1b:c4:c1:4c:bc:fb:c8:
         a2:09:69:cf:9d:58:3e:67:8b:60:c9:2d:19:44:17:06:19:40:
         35:fe:71:86:11:4d:2c:50:98:32:2a:7e:ea:8c:37:ca:c0:65:
         cf:96:b8:65:79:e8:fe:f5:91:0b:27:bc:89:f0:da:b4:ab:76:
         34:5c:05:89:3a:7c:1c:96:36:01:10:78:35:8b:51:07:88:8a:
         83:1c:db:f1
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzJTbyKdaYRyheoDhnDyzoiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcwYWQzNTNjYzFhMGQxNmQ1ZThlMTRhMzc1NzVhNmYzZDYw
NTYzZjgwHhcNMjQwMTAyMDgzMjQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ODQzNjYwZDBiNzlkMjhlMzhhM2U1ZmNkNTI4NDNlOTRkMWM0YTI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvg2vmp8KcQ+ugmUzEk8lyHiCkgu6
d8o4HzGwjxP4TpHUf1RzhAArZ/wfEFOnL0/iFXGoqDoEZhKMctkFXJmygXLmPvOx
fY8PS8Ec2QZjhkJACmvut12LPXTTf11V4UK4vr7hVCG3bQR7FbOvlN1XzsE3kd7x
debvzjb8aZFt7owQjlvo6w4z0FXHhduldoISqNqrIBQCKRZsnkPC7THaQgtUhJ4q
VGmwBS3dETaWdiH2++5TWItc2NPQayxAV5PqTzJfBk8nVcTkpzf8OT8uClu1l9B5
UVHSjnMxPTxy6BM/F7tKRtdRR9w9vKt52c4JSvUZBG91DcDrQzkJukUf2QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFFhDZg0LedKOOKPl/NUoQ+lNHEomMB8GA1UdIwQY
MBaAFHCtNTzBoNFtXo4Uo3V1pvPWBWP4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY0swMVBNR2cwVzFlamhTamRYV204OVlGWV9nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYS9lMjZkOWMtZDg1MS00YTY5LTk1Zjkt
MTUwNGVhNTNlMjU1LzEvV0VObURRdDUwbzQ0by1YODFTaEQ2VTBjU2lZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYS9lMjZkOWMtZDg1MS00YTY5LTk1ZjktMTUwNGVhNTNlMjU1
LzEvY0swMVBNR2cwVzFlamhTamRYV204OVlGWV9nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgEEMAAR
MA0GCSqGSIb3DQEBCwUAA4IBAQArp/X+3aIqsz6MweMDW1nL48PoO85GsuC4DBtX
bDbI7cMAUCD8qVpQN59ZGmgqtlj4qbE8nbzdK00c4TP3FHQ4bT9HA53jepa51nQF
2Qb2o8n/cUZOC0BRWZ3d3vydYh3+n/BIVFdonHF4RRWBCuzK8ugohWuOGycLcje0
W+38zZksVHYsg4DD47eEd5DGwLxSt+21Z3q54h/L28lDcw2gXMdUtR+ljYzaR1Z5
QRvEwUy8+8iiCWnPnVg+Z4tgyS0ZRBcGGUA1/nGGEU0sUJgyKn7qjDfKwGXPlrhl
eej+9ZELJ7yJ8Nq0q3Y0XAWJOnwcljYBEHg1i1EHiIqDHNvx
-----END CERTIFICATE-----