Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/52/621941-f53c-448f-bd30-42b3d68b5676/1/wl2DfVzzQ5xRy-5N1yM5kvgypco.roa
File:                     wl2DfVzzQ5xRy-5N1yM5kvgypco.roa (raw, json)
Hash identifier:          UoTSTqR/Xa7RbVUV7HsDrRCogTWRdt/FiES9SJocXWU=
Subject key identifier:   C2:5D:83:7D:5C:F3:43:9C:51:CB:EE:4D:D7:23:39:92:F8:32:A5:CA
Certificate issuer:       /CN=b8d251c4bfd526da062d4ce2af56b6e46e925117
Certificate serial:       018CC794753258BF1CACF8806FEA0AAE0A9E
Authority key identifier: B8:D2:51:C4:BF:D5:26:DA:06:2D:4C:E2:AF:56:B6:E4:6E:92:51:17
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uNJRxL_VJtoGLUzir1a25G6SURc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/52/621941-f53c-448f-bd30-42b3d68b5676/1/wl2DfVzzQ5xRy-5N1yM5kvgypco.roa
Signing time:             Tue 02 Jan 2024 00:30:44 +0000
ROA not before:           Tue 02 Jan 2024 00:30:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198949
IP address blocks:        132.74.0.0/16 maxlen: 16
                          132.75.0.0/16 maxlen: 16

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/52/621941-f53c-448f-bd30-42b3d68b5676/1/uNJRxL_VJtoGLUzir1a25G6SURc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/52/621941-f53c-448f-bd30-42b3d68b5676/1/uNJRxL_VJtoGLUzir1a25G6SURc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uNJRxL_VJtoGLUzir1a25G6SURc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:75:32:58:bf:1c:ac:f8:80:6f:ea:0a:ae:0a:9e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b8d251c4bfd526da062d4ce2af56b6e46e925117
        Validity
            Not Before: Jan  2 00:30:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c25d837d5cf3439c51cbee4dd7233992f832a5ca
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:6a:55:99:3e:66:c9:44:b5:46:ad:30:4a:bb:
                    f0:35:df:3c:c4:29:a8:c7:61:b0:17:c5:e7:6c:95:
                    6e:97:9a:ce:19:e3:ac:46:8a:a6:a8:8c:80:5f:de:
                    cd:c6:1a:0b:a8:7c:85:db:8e:53:41:f2:9f:e2:57:
                    0e:ce:85:a2:45:9b:86:9d:3f:5e:c2:d8:c1:6a:08:
                    54:2b:b0:65:4c:07:fd:d2:3e:0f:5d:31:1b:d7:4e:
                    2c:61:25:64:10:00:08:90:40:69:8a:14:1c:24:ad:
                    99:55:57:a4:88:40:25:59:75:f7:5a:c1:21:91:e2:
                    68:65:b4:d8:19:f9:c8:05:3d:3d:b4:be:3a:f6:c6:
                    7f:bd:f6:c6:85:41:3c:ef:7c:f1:d0:53:65:a8:94:
                    7a:fa:87:91:b8:7f:dd:ea:14:f5:2f:ab:b3:f8:03:
                    7e:27:d8:dc:99:1b:6c:6b:97:8f:5c:59:e0:54:a3:
                    30:c8:e6:86:c7:27:44:3f:d7:87:6b:42:8c:3a:6e:
                    e1:92:51:da:c8:7b:47:78:8d:f4:51:30:c8:cf:9f:
                    7d:72:26:c2:65:00:2a:23:c7:d4:cd:19:57:6c:5b:
                    da:cf:30:76:d5:44:c8:b0:f7:de:ec:55:1c:51:a8:
                    64:12:fa:f2:a2:10:1c:61:b6:df:e0:45:56:f9:b3:
                    88:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C2:5D:83:7D:5C:F3:43:9C:51:CB:EE:4D:D7:23:39:92:F8:32:A5:CA
            X509v3 Authority Key Identifier:
                keyid:B8:D2:51:C4:BF:D5:26:DA:06:2D:4C:E2:AF:56:B6:E4:6E:92:51:17

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uNJRxL_VJtoGLUzir1a25G6SURc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/52/621941-f53c-448f-bd30-42b3d68b5676/1/wl2DfVzzQ5xRy-5N1yM5kvgypco.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/52/621941-f53c-448f-bd30-42b3d68b5676/1/uNJRxL_VJtoGLUzir1a25G6SURc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  132.74.0.0/15

    Signature Algorithm: sha256WithRSAEncryption
         58:16:2a:1f:4e:a8:45:df:70:8c:c3:d2:7a:10:c4:05:9c:c6:
         13:4e:5d:91:b6:cd:d8:1d:eb:62:e3:13:c0:32:ba:84:f6:f7:
         ef:71:7b:c7:15:4b:1f:70:83:33:e1:b1:0e:38:99:98:7f:29:
         ec:fb:69:7f:fe:a4:36:e3:13:df:41:31:87:5f:20:21:51:ea:
         c3:38:f2:13:41:68:22:6e:56:3c:58:64:b0:e5:6e:81:53:55:
         7d:95:e2:d1:ab:39:a4:be:fa:d8:1e:c7:73:38:60:88:90:d1:
         b6:d0:42:b7:15:e4:da:5d:2c:59:cf:31:93:3c:79:97:59:a9:
         8e:6a:4d:ed:29:81:71:d9:57:04:52:c2:96:60:eb:48:4c:b9:
         57:39:d5:72:25:b5:f7:13:5d:b8:b8:5a:3b:90:d1:c7:58:fe:
         2a:dc:13:28:c7:83:0d:b5:11:06:1c:a8:f4:c7:15:e8:03:f6:
         f4:0e:41:a5:d5:e0:f4:36:80:bf:89:b3:1c:5c:d9:2f:f4:a3:
         36:e8:56:d1:3f:b2:aa:9d:0e:5e:46:52:64:02:2d:64:03:04:
         cc:d7:47:49:09:46:60:76:00:93:c8:f8:49:6c:65:ee:f3:7d:
         b2:6e:9d:24:4e:96:21:ba:89:fb:ab:15:c1:3a:b1:a1:1e:ef:
         ba:78:45:eb
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAYzHlHUyWL8crPiAb+oKrgqeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI4ZDI1MWM0YmZkNTI2ZGEwNjJkNGNlMmFmNTZiNmU0NmU5
MjUxMTcwHhcNMjQwMTAyMDAzMDQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMjVkODM3ZDVjZjM0MzljNTFjYmVlNGRkNzIzMzk5MmY4MzJhNWNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsGpVmT5myUS1Rq0wSrvwNd88xCmo
x2GwF8XnbJVul5rOGeOsRoqmqIyAX97NxhoLqHyF245TQfKf4lcOzoWiRZuGnT9e
wtjBaghUK7BlTAf90j4PXTEb104sYSVkEAAIkEBpihQcJK2ZVVekiEAlWXX3WsEh
keJoZbTYGfnIBT09tL469sZ/vfbGhUE873zx0FNlqJR6+oeRuH/d6hT1L6uz+AN+
J9jcmRtsa5ePXFngVKMwyOaGxydEP9eHa0KMOm7hklHayHtHeI30UTDIz599cibC
ZQAqI8fUzRlXbFvazzB21UTIsPfe7FUcUahkEvryohAcYbbf4EVW+bOIcQIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFMJdg31c80OcUcvuTdcjOZL4MqXKMB8GA1UdIwQY
MBaAFLjSUcS/1SbaBi1M4q9WtuRuklEXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdU5KUnhMX1ZKdG9HTFV6aXIxYTI1RzZTVVJjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Mi82MjE5NDEtZjUzYy00NDhmLWJkMzAt
NDJiM2Q2OGI1Njc2LzEvd2wyRGZWenpRNXhSeS01TjF5TTVrdmd5cGNvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Mi82MjE5NDEtZjUzYy00NDhmLWJkMzAtNDJiM2Q2OGI1Njc2
LzEvdU5KUnhMX1ZKdG9HTFV6aXIxYTI1RzZTVVJjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMBhEowDQYJ
KoZIhvcNAQELBQADggEBAFgWKh9OqEXfcIzD0noQxAWcxhNOXZG2zdgd62LjE8Ay
uoT29+9xe8cVSx9wgzPhsQ44mZh/Kez7aX/+pDbjE99BMYdfICFR6sM48hNBaCJu
VjxYZLDlboFTVX2V4tGrOaS++tgex3M4YIiQ0bbQQrcV5NpdLFnPMZM8eZdZqY5q
Te0pgXHZVwRSwpZg60hMuVc51XIltfcTXbi4WjuQ0cdY/ircEyjHgw21EQYcqPTH
FegD9vQOQaXV4PQ2gL+Jsxxc2S/0ozboVtE/sqqdDl5GUmQCLWQDBMzXR0kJRmB2
AJPI+ElsZe7zfbJunSROliG6ifurFcE6saEe77p4Res=
-----END CERTIFICATE-----