Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/WfRMqwEzwStURAh01roSLkYv1U0.roa
File:                     WfRMqwEzwStURAh01roSLkYv1U0.roa (raw, json)
Hash identifier:          HNa0AY81x/+AccOuLe0azU0S7PEQCkT6eu3lt3/eu7c=
Subject key identifier:   59:F4:4C:AB:01:33:C1:2B:54:44:08:74:D6:BA:12:2E:46:2F:D5:4D
Certificate issuer:       /CN=088465b37b2d4e9f413a31dc7b7e6cba2a33db96
Certificate serial:       018CC500C504A4975C66E8EBB26D25071864
Authority key identifier: 08:84:65:B3:7B:2D:4E:9F:41:3A:31:DC:7B:7E:6C:BA:2A:33:DB:96
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CIRls3stTp9BOjHce35suioz25Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/WfRMqwEzwStURAh01roSLkYv1U0.roa
Signing time:             Mon 01 Jan 2024 12:30:11 +0000
ROA not before:           Mon 01 Jan 2024 12:30:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15596
IP address blocks:        109.122.56.0/21 maxlen: 21

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/CIRls3stTp9BOjHce35suioz25Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/CIRls3stTp9BOjHce35suioz25Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CIRls3stTp9BOjHce35suioz25Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 14 May 2024 14:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:c5:04:a4:97:5c:66:e8:eb:b2:6d:25:07:18:64
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=088465b37b2d4e9f413a31dc7b7e6cba2a33db96
        Validity
            Not Before: Jan  1 12:30:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=59f44cab0133c12b54440874d6ba122e462fd54d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:18:7c:67:25:aa:2d:42:33:65:08:19:60:df:
                    1c:27:3b:69:fa:8f:9b:d1:f9:46:84:f4:34:b7:c2:
                    e2:7a:f3:90:cb:91:f2:a9:66:da:10:44:14:84:00:
                    d8:95:92:31:90:51:67:4b:eb:1a:79:75:9a:a8:07:
                    b6:1e:4c:02:22:66:35:15:b7:6a:3b:09:86:02:c8:
                    fd:b0:dc:2d:31:92:09:22:76:9c:8c:21:90:34:a6:
                    7f:32:34:70:13:7a:e1:df:3b:30:50:63:20:c3:e2:
                    e4:64:d9:62:af:59:eb:97:2c:b8:d7:3a:60:25:47:
                    3d:51:bb:ac:8e:43:94:9e:03:79:22:27:3b:48:b6:
                    9c:2c:6e:8a:9f:49:a4:4c:73:fa:20:35:24:68:4e:
                    91:a0:a9:6f:ad:0c:dc:64:5c:4c:68:0a:68:f2:b2:
                    c1:aa:49:5c:27:b5:52:b0:f7:65:d7:bc:ad:8d:f8:
                    a5:30:43:03:74:d5:b2:de:ee:bc:1a:d0:60:f3:87:
                    27:5f:b0:aa:74:12:84:4e:56:1f:a3:77:e7:10:2b:
                    9f:62:28:ca:7e:d2:3a:1b:7c:b6:cf:d6:90:8f:f2:
                    53:d2:9f:ab:41:d6:2e:9b:64:72:d1:07:65:ec:1e:
                    bb:79:c0:ca:9a:7d:bd:ac:9e:46:93:68:8a:a6:db:
                    0b:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:F4:4C:AB:01:33:C1:2B:54:44:08:74:D6:BA:12:2E:46:2F:D5:4D
            X509v3 Authority Key Identifier:
                keyid:08:84:65:B3:7B:2D:4E:9F:41:3A:31:DC:7B:7E:6C:BA:2A:33:DB:96

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CIRls3stTp9BOjHce35suioz25Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/WfRMqwEzwStURAh01roSLkYv1U0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/CIRls3stTp9BOjHce35suioz25Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.122.56.0/21

    Signature Algorithm: sha256WithRSAEncryption
         a6:1e:c2:4a:b1:90:91:13:56:ec:81:3f:eb:ef:7e:76:7b:c6:
         6c:8a:33:a9:82:ef:9b:18:a8:ab:61:b3:93:f8:6b:5b:18:c6:
         9e:ed:5b:ef:7a:04:3e:36:e3:38:bd:5f:1e:9e:7d:c7:6e:ef:
         06:ba:b0:10:73:42:de:5d:43:8f:40:66:f6:01:4a:72:09:f1:
         4b:44:24:27:56:00:7d:c9:f6:f1:92:d4:b1:be:eb:dc:1c:ed:
         12:75:e3:ed:7b:05:83:18:24:e0:48:b2:e4:6f:67:ed:56:e3:
         50:9e:44:6a:a9:6b:8c:70:da:10:1b:12:70:67:25:b6:6b:7d:
         57:57:91:d3:7a:80:28:64:ea:79:3e:d7:67:32:9c:4d:63:a0:
         13:f0:47:45:9a:8b:37:fc:60:25:db:07:91:cd:20:74:5e:13:
         93:f1:7d:f1:ab:65:b5:e9:71:e3:f2:87:3f:19:e8:97:c8:78:
         bf:75:c0:a8:1e:36:96:8b:8b:72:53:be:65:85:13:2c:f1:cd:
         34:57:49:3f:a4:fd:b9:9a:48:71:ef:9b:ac:c2:0c:43:71:b3:
         ff:6a:18:20:c5:8e:36:b7:6f:37:4f:5d:c6:4b:7d:66:4f:3a:
         bc:b9:f8:03:b4:bd:74:26:b1:78:0d:b7:ed:da:ab:16:9b:60:
         41:45:5f:90
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAMUEpJdcZujrsm0lBxhkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4ODQ2NWIzN2IyZDRlOWY0MTNhMzFkYzdiN2U2Y2JhMmEz
M2RiOTYwHhcNMjQwMTAxMTIzMDExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OWY0NGNhYjAxMzNjMTJiNTQ0NDA4NzRkNmJhMTIyZTQ2MmZkNTRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhhh8ZyWqLUIzZQgZYN8cJztp+o+b
0flGhPQ0t8LievOQy5HyqWbaEEQUhADYlZIxkFFnS+saeXWaqAe2HkwCImY1Fbdq
OwmGAsj9sNwtMZIJInacjCGQNKZ/MjRwE3rh3zswUGMgw+LkZNlir1nrlyy41zpg
JUc9UbusjkOUngN5Iic7SLacLG6Kn0mkTHP6IDUkaE6RoKlvrQzcZFxMaApo8rLB
qklcJ7VSsPdl17ytjfilMEMDdNWy3u68GtBg84cnX7CqdBKETlYfo3fnECufYijK
ftI6G3y2z9aQj/JT0p+rQdYum2Ry0Qdl7B67ecDKmn29rJ5Gk2iKptsL5QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFn0TKsBM8ErVEQIdNa6Ei5GL9VNMB8GA1UdIwQY
MBaAFAiEZbN7LU6fQTox3Ht+bLoqM9uWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0lSbHMzc3RUcDlCT2pIY2UzNXN1aW96MjVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZC8zZTJiMTgtNTVjOS00MTgwLThjNmUt
MmM3MDg2ZmRlZDkzLzEvV2ZSTXF3RXp3U3RVUkFoMDFyb1NMa1l2MVUwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZC8zZTJiMTgtNTVjOS00MTgwLThjNmUtMmM3MDg2ZmRlZDkz
LzEvQ0lSbHMzc3RUcDlCT2pIY2UzNXN1aW96MjVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDbXo4MA0G
CSqGSIb3DQEBCwUAA4IBAQCmHsJKsZCRE1bsgT/r7352e8ZsijOpgu+bGKirYbOT
+GtbGMae7VvvegQ+NuM4vV8enn3Hbu8GurAQc0LeXUOPQGb2AUpyCfFLRCQnVgB9
yfbxktSxvuvcHO0SdePtewWDGCTgSLLkb2ftVuNQnkRqqWuMcNoQGxJwZyW2a31X
V5HTeoAoZOp5PtdnMpxNY6AT8EdFmos3/GAl2weRzSB0XhOT8X3xq2W16XHj8oc/
GeiXyHi/dcCoHjaWi4tyU75lhRMs8c00V0k/pP25mkhx75uswgxDcbP/ahggxY42
t283T13GS31mTzq8ufgDtL10JrF4Dbft2qsWm2BBRV+Q
-----END CERTIFICATE-----