Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/WzHmZC5Ngk17OlBBwFjBDNJixbs.roa
File:                     WzHmZC5Ngk17OlBBwFjBDNJixbs.roa (raw, json)
Hash identifier:          JIZZJxe+maQmy7//jshruP8le4NC68rIOehCGYcU7RM=
Subject key identifier:   5B:31:E6:64:2E:4D:82:4D:7B:3A:50:41:C0:58:C1:0C:D2:62:C5:BB
Certificate issuer:       /CN=fdd6ee010b990a33735756b4fe2f3d3c2671dd9d
Certificate serial:       01903AFC09EAD9F434E976E7E825F399D0F4
Authority key identifier: FD:D6:EE:01:0B:99:0A:33:73:57:56:B4:FE:2F:3D:3C:26:71:DD:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_dbuAQuZCjNzV1a0_i89PCZx3Z0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/WzHmZC5Ngk17OlBBwFjBDNJixbs.roa
Signing time:             Fri 21 Jun 2024 13:28:34 +0000
ROA not before:           Fri 21 Jun 2024 13:28:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214655
IP address blocks:        2a13:a5c7:1900::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/_dbuAQuZCjNzV1a0_i89PCZx3Z0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/_dbuAQuZCjNzV1a0_i89PCZx3Z0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_dbuAQuZCjNzV1a0_i89PCZx3Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 17:16:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:3a:fc:09:ea:d9:f4:34:e9:76:e7:e8:25:f3:99:d0:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fdd6ee010b990a33735756b4fe2f3d3c2671dd9d
        Validity
            Not Before: Jun 21 13:28:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5b31e6642e4d824d7b3a5041c058c10cd262c5bb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e9:62:ca:a3:a1:cd:7b:94:3b:90:25:9a:69:6d:
                    f6:e8:af:85:52:e8:59:6e:1c:ea:c4:d4:58:63:ad:
                    31:e7:71:4a:cf:a4:f2:5d:95:a7:9d:fe:60:49:b2:
                    10:2c:aa:60:cd:e4:e6:43:c8:cb:6e:a3:cd:28:15:
                    7f:24:dd:39:45:18:13:2d:69:ef:84:33:1a:52:34:
                    43:43:1b:f1:46:40:35:1e:8f:0d:6c:ef:02:ee:55:
                    12:91:c3:a9:11:3d:a1:de:ae:0f:da:2a:fc:dc:76:
                    33:68:f8:c0:69:72:2b:83:57:76:53:7a:1a:6c:e5:
                    44:be:a3:48:93:7d:43:2a:dc:61:36:9c:16:83:58:
                    e0:9d:86:38:12:e9:80:25:6f:d3:01:c8:2d:71:79:
                    0b:fb:82:1f:2e:67:48:68:6f:32:f5:5e:08:01:68:
                    a7:e4:9b:1d:07:96:cb:1a:bb:9d:cc:10:93:3c:75:
                    ee:21:e1:59:a8:2f:ac:fb:7b:8a:f7:57:f8:a2:8e:
                    c4:82:ff:83:88:92:2e:88:44:26:a9:08:db:37:d2:
                    46:d5:3e:b3:86:5a:69:94:0a:56:1e:2e:a0:09:f2:
                    66:48:cf:7d:99:55:fa:52:cd:4f:ae:cf:8e:37:e2:
                    7e:17:ad:20:88:d3:98:65:cd:ed:8c:da:0f:49:a2:
                    47:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:31:E6:64:2E:4D:82:4D:7B:3A:50:41:C0:58:C1:0C:D2:62:C5:BB
            X509v3 Authority Key Identifier:
                keyid:FD:D6:EE:01:0B:99:0A:33:73:57:56:B4:FE:2F:3D:3C:26:71:DD:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_dbuAQuZCjNzV1a0_i89PCZx3Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/WzHmZC5Ngk17OlBBwFjBDNJixbs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/_dbuAQuZCjNzV1a0_i89PCZx3Z0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:a5c7:1900::/40

    Signature Algorithm: sha256WithRSAEncryption
         10:bd:b2:1a:4b:e1:d1:97:4a:9f:e4:20:e1:0a:7f:4e:9b:a8:
         ce:d4:fb:3b:7d:18:66:aa:7f:54:0d:66:63:9e:1b:47:6a:58:
         69:95:97:50:3a:35:87:fd:4f:23:b4:a5:90:ce:3c:e4:79:2c:
         7a:cb:10:4f:1f:16:61:62:a1:f0:5a:35:de:7e:5c:79:5b:77:
         47:78:ed:2e:db:e4:cd:45:5b:d6:6c:6e:8a:de:66:9c:cf:0d:
         93:06:6c:66:2f:14:2a:30:a0:79:9b:fb:a8:c0:3a:be:a5:ea:
         10:4a:40:5c:e3:a0:16:82:1c:6d:4e:f2:af:c7:97:3d:73:44:
         8a:bf:02:98:e7:a6:99:d4:84:cb:ba:5f:57:d2:87:18:0c:76:
         7c:f7:bf:9c:e8:78:42:38:35:05:d2:7f:d9:06:ca:cc:cb:aa:
         f4:13:db:02:f6:50:a4:81:4c:cc:5c:40:f7:f3:56:83:61:3c:
         22:a1:81:41:26:66:50:85:22:0d:91:ac:cd:2f:f9:8a:86:e2:
         44:bc:4c:8c:e3:25:ae:0c:8c:d1:77:ad:19:37:ab:bc:b4:c6:
         07:f3:cb:0b:1c:ea:ff:6f:c6:d7:d4:c6:90:1f:61:60:49:52:
         6d:a6:b5:81:02:19:48:89:db:58:d9:5e:e6:f7:a7:4e:07:32:
         4c:a8:f1:31
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZA6/Anq2fQ06Xbn6CXzmdD0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZkZDZlZTAxMGI5OTBhMzM3MzU3NTZiNGZlMmYzZDNjMjY3
MWRkOWQwHhcNMjQwNjIxMTMyODM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YjMxZTY2NDJlNGQ4MjRkN2IzYTUwNDFjMDU4YzEwY2QyNjJjNWJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6WLKo6HNe5Q7kCWaaW326K+FUuhZ
bhzqxNRYY60x53FKz6TyXZWnnf5gSbIQLKpgzeTmQ8jLbqPNKBV/JN05RRgTLWnv
hDMaUjRDQxvxRkA1Ho8NbO8C7lUSkcOpET2h3q4P2ir83HYzaPjAaXIrg1d2U3oa
bOVEvqNIk31DKtxhNpwWg1jgnYY4EumAJW/TAcgtcXkL+4IfLmdIaG8y9V4IAWin
5JsdB5bLGrudzBCTPHXuIeFZqC+s+3uK91f4oo7Egv+DiJIuiEQmqQjbN9JG1T6z
hlpplApWHi6gCfJmSM99mVX6Us1Prs+ON+J+F60giNOYZc3tjNoPSaJH3wIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFFsx5mQuTYJNezpQQcBYwQzSYsW7MB8GA1UdIwQY
MBaAFP3W7gELmQozc1dWtP4vPTwmcd2dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX2RidUFRdVpDak56VjFhMF9pODlQQ1p4M1owLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS8yZDFhMzUtZmY4YS00NmI0LThjNDct
NjNjNzIxY2YxZjU2LzEvV3pIbVpDNU5nazE3T2xCQndGakJETkppeGJzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS8yZDFhMzUtZmY4YS00NmI0LThjNDctNjNjNzIxY2YxZjU2
LzEvX2RidUFRdVpDak56VjFhMF9pODlQQ1p4M1owLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKhOlxxkw
DQYJKoZIhvcNAQELBQADggEBABC9shpL4dGXSp/kIOEKf06bqM7U+zt9GGaqf1QN
ZmOeG0dqWGmVl1A6NYf9TyO0pZDOPOR5LHrLEE8fFmFiofBaNd5+XHlbd0d47S7b
5M1FW9ZsboreZpzPDZMGbGYvFCowoHmb+6jAOr6l6hBKQFzjoBaCHG1O8q/Hlz1z
RIq/ApjnppnUhMu6X1fShxgMdnz3v5zoeEI4NQXSf9kGyszLqvQT2wL2UKSBTMxc
QPfzVoNhPCKhgUEmZlCFIg2RrM0v+YqG4kS8TIzjJa4MjNF3rRk3q7y0xgfzywsc
6v9vxtfUxpAfYWBJUm2mtYECGUiJ21jZXub3p04HMkyo8TE=
-----END CERTIFICATE-----