Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/95f051-5e1d-4d36-a593-1a5eb50885ae/1/fvBFp2WcxZBbLWev2ZNyxpxWcC8.roa
File:                     fvBFp2WcxZBbLWev2ZNyxpxWcC8.roa (raw, json)
Hash identifier:          zI3697ODRGslB43WZZLXPM+IrmHvwZ7rfKwYeo6o0Fg=
Subject key identifier:   7E:F0:45:A7:65:9C:C5:90:5B:2D:67:AF:D9:93:72:C6:9C:56:70:2F
Certificate issuer:       /CN=59c3cc99899373c85974f01c9cd7aa057ab97fab
Certificate serial:       018CCA2B42A695EDC87358FB2CEDF198B15E
Authority key identifier: 59:C3:CC:99:89:93:73:C8:59:74:F0:1C:9C:D7:AA:05:7A:B9:7F:AB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WcPMmYmTc8hZdPAcnNeqBXq5f6s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/95f051-5e1d-4d36-a593-1a5eb50885ae/1/fvBFp2WcxZBbLWev2ZNyxpxWcC8.roa
Signing time:             Tue 02 Jan 2024 12:34:41 +0000
ROA not before:           Tue 02 Jan 2024 12:34:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     29503
IP address blocks:        217.146.32.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/95f051-5e1d-4d36-a593-1a5eb50885ae/1/WcPMmYmTc8hZdPAcnNeqBXq5f6s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/95f051-5e1d-4d36-a593-1a5eb50885ae/1/WcPMmYmTc8hZdPAcnNeqBXq5f6s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WcPMmYmTc8hZdPAcnNeqBXq5f6s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 03 Jul 2024 14:20:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:42:a6:95:ed:c8:73:58:fb:2c:ed:f1:98:b1:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=59c3cc99899373c85974f01c9cd7aa057ab97fab
        Validity
            Not Before: Jan  2 12:34:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7ef045a7659cc5905b2d67afd99372c69c56702f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:8c:8d:e5:0e:46:a8:52:c8:9e:37:ce:21:a1:
                    5d:27:6c:24:11:41:ab:11:e3:e5:67:09:7f:19:b8:
                    83:d4:2f:eb:f7:92:ff:72:9d:2f:f7:64:62:19:d7:
                    df:cc:a0:a7:db:27:f4:30:1d:cc:7f:b4:d5:b0:fe:
                    83:b7:38:4c:23:a3:8c:49:bb:90:89:03:ad:56:56:
                    0e:67:4b:9e:99:52:56:07:ab:4d:89:5d:3d:06:84:
                    da:cf:5d:0b:7f:e9:2b:02:c1:9d:19:18:f5:97:84:
                    02:81:10:22:66:b6:d5:8d:2e:b5:0e:20:61:40:7d:
                    d5:29:8d:83:fb:1f:5a:34:6f:1d:f7:2d:90:4b:be:
                    7a:f6:05:96:b7:b8:55:16:0e:8e:64:aa:ae:63:e8:
                    81:62:60:fa:5e:5f:27:eb:29:b2:37:0f:0c:fb:74:
                    ec:7a:d4:25:eb:fe:83:bf:79:29:d5:8d:dd:98:08:
                    0b:e1:f5:d1:6b:7d:44:4b:17:c0:a5:34:38:7e:6b:
                    11:03:12:5e:78:c2:80:f0:d8:03:5e:3d:91:f4:64:
                    38:9c:8d:15:de:1f:83:f2:c8:39:65:dd:3c:a4:8d:
                    1c:20:f4:3f:a7:fb:ad:17:fb:c7:90:a3:d8:7a:57:
                    39:98:c4:c8:ab:06:98:01:59:66:05:0f:d1:11:12:
                    b3:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:F0:45:A7:65:9C:C5:90:5B:2D:67:AF:D9:93:72:C6:9C:56:70:2F
            X509v3 Authority Key Identifier:
                keyid:59:C3:CC:99:89:93:73:C8:59:74:F0:1C:9C:D7:AA:05:7A:B9:7F:AB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WcPMmYmTc8hZdPAcnNeqBXq5f6s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/95f051-5e1d-4d36-a593-1a5eb50885ae/1/fvBFp2WcxZBbLWev2ZNyxpxWcC8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/95f051-5e1d-4d36-a593-1a5eb50885ae/1/WcPMmYmTc8hZdPAcnNeqBXq5f6s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.146.32.0/22

    Signature Algorithm: sha256WithRSAEncryption
         05:7c:6b:60:8c:85:c7:9b:c5:18:0a:09:b3:2c:d9:b5:23:3c:
         1f:84:d4:79:a4:05:95:24:81:79:73:4b:aa:e0:fe:c4:f7:f6:
         af:0a:c0:d5:07:bb:e0:d6:d2:6e:13:58:d4:12:13:f3:b2:b3:
         93:f7:8d:ea:8b:98:f3:9e:14:64:22:8a:1b:54:e1:dc:ee:b8:
         e1:21:69:55:d4:6c:be:64:2d:85:24:ed:f9:91:21:06:75:54:
         85:58:e9:94:4f:89:24:46:24:45:5a:43:12:5a:51:f5:de:24:
         82:12:f2:cf:e2:a8:59:eb:d5:f4:d8:47:6e:6d:99:26:72:55:
         09:31:c6:16:64:cc:87:2a:c9:27:ad:cb:3d:b0:6d:56:94:aa:
         de:c2:12:79:6b:d1:b4:d3:a3:f1:68:c2:09:85:82:54:73:7f:
         ad:86:5c:38:db:77:cf:1e:5a:41:36:4d:de:70:da:75:d4:03:
         69:9b:2d:25:21:8f:16:d8:67:43:e1:8c:bf:d3:7d:1c:31:41:
         08:49:a9:3e:bd:51:bd:1b:ce:ce:40:73:49:14:2e:34:43:e2:
         09:e9:71:1c:66:8d:0c:95:4a:ae:99:08:da:ef:2d:60:a2:18:
         31:2a:6e:15:70:5c:29:0f:62:7c:c9:eb:36:15:cf:a3:59:29:
         08:95:80:15
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKK0Kmle3Ic1j7LO3xmLFeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU5YzNjYzk5ODk5MzczYzg1OTc0ZjAxYzljZDdhYTA1N2Fi
OTdmYWIwHhcNMjQwMTAyMTIzNDQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZWYwNDVhNzY1OWNjNTkwNWIyZDY3YWZkOTkzNzJjNjljNTY3MDJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhYyN5Q5GqFLInjfOIaFdJ2wkEUGr
EePlZwl/GbiD1C/r95L/cp0v92RiGdffzKCn2yf0MB3Mf7TVsP6DtzhMI6OMSbuQ
iQOtVlYOZ0uemVJWB6tNiV09BoTaz10Lf+krAsGdGRj1l4QCgRAiZrbVjS61DiBh
QH3VKY2D+x9aNG8d9y2QS7569gWWt7hVFg6OZKquY+iBYmD6Xl8n6ymyNw8M+3Ts
etQl6/6Dv3kp1Y3dmAgL4fXRa31ESxfApTQ4fmsRAxJeeMKA8NgDXj2R9GQ4nI0V
3h+D8sg5Zd08pI0cIPQ/p/utF/vHkKPYelc5mMTIqwaYAVlmBQ/RERKzNwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH7wRadlnMWQWy1nr9mTcsacVnAvMB8GA1UdIwQY
MBaAFFnDzJmJk3PIWXTwHJzXqgV6uX+rMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV2NQTW1ZbVRjOGhaZFBBY25OZXFCWHE1ZjZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny85NWYwNTEtNWUxZC00ZDM2LWE1OTMt
MWE1ZWI1MDg4NWFlLzEvZnZCRnAyV2N4WkJiTFdldjJaTnl4cHhXY0M4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny85NWYwNTEtNWUxZC00ZDM2LWE1OTMtMWE1ZWI1MDg4NWFl
LzEvV2NQTW1ZbVRjOGhaZFBBY25OZXFCWHE1ZjZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQC2ZIgMA0G
CSqGSIb3DQEBCwUAA4IBAQAFfGtgjIXHm8UYCgmzLNm1IzwfhNR5pAWVJIF5c0uq
4P7E9/avCsDVB7vg1tJuE1jUEhPzsrOT943qi5jznhRkIoobVOHc7rjhIWlV1Gy+
ZC2FJO35kSEGdVSFWOmUT4kkRiRFWkMSWlH13iSCEvLP4qhZ69X02EdubZkmclUJ
McYWZMyHKsknrcs9sG1WlKrewhJ5a9G006PxaMIJhYJUc3+thlw423fPHlpBNk3e
cNp11ANpmy0lIY8W2GdD4Yy/030cMUEISak+vVG9G87OQHNJFC40Q+IJ6XEcZo0M
lUqumQja7y1gohgxKm4VcFwpD2J8yes2Fc+jWSkIlYAV
-----END CERTIFICATE-----