Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/48/b79420-8901-4169-b7f6-76b7eed51e4a/1/W-VAIpFqQAn7Es2g0jHSTX56sQo.roa
File:                     W-VAIpFqQAn7Es2g0jHSTX56sQo.roa (raw, json)
Hash identifier:          H0Mxv5/t+bAmR2oYuctBL0fRTBYrPdh8xvRJWJc42fI=
Subject key identifier:   5B:E5:40:22:91:6A:40:09:FB:12:CD:A0:D2:31:D2:4D:7E:7A:B1:0A
Certificate issuer:       /CN=eed154f96adceb9bcee0bdc0b835afbe0509751a
Certificate serial:       01923037FE844BE2DF4592562774D62D4A1F
Authority key identifier: EE:D1:54:F9:6A:DC:EB:9B:CE:E0:BD:C0:B8:35:AF:BE:05:09:75:1A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7tFU-Wrc65vO4L3AuDWvvgUJdRo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/48/b79420-8901-4169-b7f6-76b7eed51e4a/1/W-VAIpFqQAn7Es2g0jHSTX56sQo.roa
Signing time:             Thu 26 Sep 2024 21:23:48 +0000
ROA not before:           Thu 26 Sep 2024 21:23:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214285
IP address blocks:        2a01:f480::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/48/b79420-8901-4169-b7f6-76b7eed51e4a/1/7tFU-Wrc65vO4L3AuDWvvgUJdRo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/48/b79420-8901-4169-b7f6-76b7eed51e4a/1/7tFU-Wrc65vO4L3AuDWvvgUJdRo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7tFU-Wrc65vO4L3AuDWvvgUJdRo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:30:37:fe:84:4b:e2:df:45:92:56:27:74:d6:2d:4a:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eed154f96adceb9bcee0bdc0b835afbe0509751a
        Validity
            Not Before: Sep 26 21:23:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5be54022916a4009fb12cda0d231d24d7e7ab10a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:fd:c5:99:02:f7:2c:3c:c8:f1:32:ea:4f:84:
                    9f:cb:71:26:70:84:4b:6c:b9:9b:fa:ce:bf:f2:0a:
                    8f:e2:bd:d8:48:d8:e3:bf:04:61:44:db:09:69:bf:
                    74:2d:63:b7:f3:f4:16:23:c5:6a:68:d1:d3:a4:8b:
                    23:a9:ea:f1:12:f8:0e:32:15:88:04:75:fc:f3:44:
                    e1:7a:72:1e:35:5a:3c:be:3f:5e:cd:f0:b3:35:e6:
                    fd:79:38:75:c8:d3:9b:35:fe:22:02:ea:3a:20:20:
                    34:99:25:d2:9d:a8:fe:18:45:98:b4:b9:87:23:5d:
                    cb:99:c3:d8:42:f6:1e:79:43:16:ce:ba:9d:1c:21:
                    d5:a9:f1:94:82:a6:df:0c:e1:05:b2:5f:63:5f:57:
                    87:0c:06:ea:6c:b8:df:aa:86:38:fb:17:25:cc:2e:
                    23:1d:f5:80:a8:14:f0:bb:cb:80:a9:b1:5b:f9:03:
                    88:67:fa:5b:31:69:27:7a:a0:a8:3b:26:b1:5e:81:
                    ee:ee:b4:08:08:be:e1:13:0a:9d:8d:7b:1d:25:c0:
                    59:79:b4:a8:6b:4a:09:fa:dc:df:3f:2e:b9:a8:54:
                    fb:a3:b4:71:38:d3:6a:ff:59:1f:7a:03:8b:a4:50:
                    b1:1a:a6:56:69:58:39:b6:2e:7b:4d:1d:2f:97:ab:
                    69:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:E5:40:22:91:6A:40:09:FB:12:CD:A0:D2:31:D2:4D:7E:7A:B1:0A
            X509v3 Authority Key Identifier:
                keyid:EE:D1:54:F9:6A:DC:EB:9B:CE:E0:BD:C0:B8:35:AF:BE:05:09:75:1A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7tFU-Wrc65vO4L3AuDWvvgUJdRo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/48/b79420-8901-4169-b7f6-76b7eed51e4a/1/W-VAIpFqQAn7Es2g0jHSTX56sQo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/48/b79420-8901-4169-b7f6-76b7eed51e4a/1/7tFU-Wrc65vO4L3AuDWvvgUJdRo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:f480::/32

    Signature Algorithm: sha256WithRSAEncryption
         9e:03:cb:6d:e6:07:ac:31:0e:2e:b9:0b:df:ab:c8:8f:4e:5e:
         36:24:d4:15:9e:89:4e:6c:6f:90:2d:b9:7f:80:e9:a7:d2:59:
         af:dd:b9:b2:0e:77:09:3f:ae:da:55:77:63:16:82:08:7c:a5:
         5c:17:3b:f4:c9:04:96:06:03:9e:40:62:d6:03:4b:cf:5f:07:
         bb:fc:8f:65:bf:10:2c:f7:53:3c:5a:49:c4:be:0a:95:80:5f:
         1a:3f:b3:19:21:cb:6b:b3:11:a7:22:db:89:31:c6:a2:6f:1c:
         47:14:76:27:c9:3e:2c:26:7b:c3:5b:1c:18:06:5e:21:a5:63:
         0b:f5:cb:d1:d5:47:be:93:24:4f:ad:a5:97:e5:73:a1:97:9d:
         b3:e7:4d:14:01:1b:73:3d:5e:1b:02:70:3a:66:95:f2:0d:3e:
         76:b1:86:8c:e5:3d:0e:10:ae:60:6f:a5:2c:5c:7c:58:d9:6f:
         cb:5a:1a:87:d6:0e:32:03:48:1d:06:b8:ba:02:00:ad:bc:f4:
         31:5a:c4:11:9d:3c:7f:7f:da:e9:1b:92:69:c3:02:5f:79:2d:
         6a:b0:da:00:40:7e:fc:9c:bb:15:54:91:d9:3b:cd:cb:12:e2:
         08:87:c1:9e:15:09:ab:53:16:49:19:92:c5:f2:6c:d0:7e:ca:
         fa:77:ae:78
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZIwN/6ES+LfRZJWJ3TWLUofMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlZDE1NGY5NmFkY2ViOWJjZWUwYmRjMGI4MzVhZmJlMDUw
OTc1MWEwHhcNMjQwOTI2MjEyMzQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YmU1NDAyMjkxNmE0MDA5ZmIxMmNkYTBkMjMxZDI0ZDdlN2FiMTBhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwf3FmQL3LDzI8TLqT4Sfy3EmcIRL
bLmb+s6/8gqP4r3YSNjjvwRhRNsJab90LWO38/QWI8VqaNHTpIsjqerxEvgOMhWI
BHX880ThenIeNVo8vj9ezfCzNeb9eTh1yNObNf4iAuo6ICA0mSXSnaj+GEWYtLmH
I13LmcPYQvYeeUMWzrqdHCHVqfGUgqbfDOEFsl9jX1eHDAbqbLjfqoY4+xclzC4j
HfWAqBTwu8uAqbFb+QOIZ/pbMWkneqCoOyaxXoHu7rQICL7hEwqdjXsdJcBZebSo
a0oJ+tzfPy65qFT7o7RxONNq/1kfegOLpFCxGqZWaVg5ti57TR0vl6tpzQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFFvlQCKRakAJ+xLNoNIx0k1+erEKMB8GA1UdIwQY
MBaAFO7RVPlq3OubzuC9wLg1r74FCXUaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN3RGVS1XcmM2NXZPNEwzQXVEV3Z2Z1VKZFJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OC9iNzk0MjAtODkwMS00MTY5LWI3ZjYt
NzZiN2VlZDUxZTRhLzEvVy1WQUlwRnFRQW43RXMyZzBqSFNUWDU2c1FvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OC9iNzk0MjAtODkwMS00MTY5LWI3ZjYtNzZiN2VlZDUxZTRh
LzEvN3RGVS1XcmM2NXZPNEwzQXVEV3Z2Z1VKZFJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgH0gDAN
BgkqhkiG9w0BAQsFAAOCAQEAngPLbeYHrDEOLrkL36vIj05eNiTUFZ6JTmxvkC25
f4Dpp9JZr925sg53CT+u2lV3YxaCCHylXBc79MkElgYDnkBi1gNLz18Hu/yPZb8Q
LPdTPFpJxL4KlYBfGj+zGSHLa7MRpyLbiTHGom8cRxR2J8k+LCZ7w1scGAZeIaVj
C/XL0dVHvpMkT62ll+VzoZeds+dNFAEbcz1eGwJwOmaV8g0+drGGjOU9DhCuYG+l
LFx8WNlvy1oah9YOMgNIHQa4ugIArbz0MVrEEZ08f3/a6RuSacMCX3ktarDaAEB+
/Jy7FVSR2TvNyxLiCIfBnhUJq1MWSRmSxfJs0H7K+neueA==
-----END CERTIFICATE-----