Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5d/7e8ed6-ae72-4d3f-999d-67c3affbd1aa/1/woJDbbYcj4fnFhlSTnDSqtmKjsg.roa
File:                     woJDbbYcj4fnFhlSTnDSqtmKjsg.roa (raw, json)
Hash identifier:          NTOlUsc1Gq77I81p5dEoOd40SiESy4XisRpr0fmfbh4=
Subject key identifier:   C2:82:43:6D:B6:1C:8F:87:E7:16:19:52:4E:70:D2:AA:D9:8A:8E:C8
Certificate issuer:       /CN=f2023e76a68ea6c9f70d3ea72df84e53dc21724f
Certificate serial:       018CC3B68AB77832C7BACAFAE9BCCE4ABC8F
Authority key identifier: F2:02:3E:76:A6:8E:A6:C9:F7:0D:3E:A7:2D:F8:4E:53:DC:21:72:4F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8gI-dqaOpsn3DT6nLfhOU9whck8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5d/7e8ed6-ae72-4d3f-999d-67c3affbd1aa/1/woJDbbYcj4fnFhlSTnDSqtmKjsg.roa
Signing time:             Mon 01 Jan 2024 06:29:29 +0000
ROA not before:           Mon 01 Jan 2024 06:29:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204711
IP address blocks:        2001:67c:24a4::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5d/7e8ed6-ae72-4d3f-999d-67c3affbd1aa/1/8gI-dqaOpsn3DT6nLfhOU9whck8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5d/7e8ed6-ae72-4d3f-999d-67c3affbd1aa/1/8gI-dqaOpsn3DT6nLfhOU9whck8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8gI-dqaOpsn3DT6nLfhOU9whck8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:8a:b7:78:32:c7:ba:ca:fa:e9:bc:ce:4a:bc:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f2023e76a68ea6c9f70d3ea72df84e53dc21724f
        Validity
            Not Before: Jan  1 06:29:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c282436db61c8f87e71619524e70d2aad98a8ec8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:92:c5:f7:cb:d7:b8:a2:31:26:b2:22:8b:9d:
                    43:02:c5:14:25:56:22:c3:67:be:7f:33:42:b8:4c:
                    51:82:9c:8a:6b:ae:b8:50:49:bc:5f:fe:0d:fc:39:
                    a4:10:4d:4b:90:98:fd:51:8f:81:29:0a:63:c6:27:
                    8a:82:f1:53:69:5b:8a:a9:4a:bf:04:cc:2f:8a:a0:
                    b9:c9:bc:03:ef:bb:66:70:0f:51:37:93:de:4f:ed:
                    a9:e6:45:5b:14:32:89:aa:b4:45:28:bb:26:16:ad:
                    a7:2a:09:54:f0:38:4c:4d:6a:87:cc:d2:a8:29:ee:
                    f5:96:ec:cf:06:e2:ec:b0:a6:c4:ce:4f:f3:3f:3b:
                    51:d3:75:58:50:bc:37:aa:ca:c5:36:83:bc:9d:1e:
                    36:ff:6c:f1:a3:fe:f0:5a:d9:65:19:70:e1:76:2c:
                    78:b1:d3:6e:12:6c:04:08:1d:8e:f0:b1:d8:c2:54:
                    11:f2:4d:58:ba:19:37:98:8b:2b:5f:c0:c9:b5:71:
                    f0:d1:7a:53:94:75:45:92:a8:b6:d2:8b:b9:af:23:
                    64:ca:1d:b5:08:5e:1a:ca:92:fa:4b:f8:e3:6c:b1:
                    26:ef:d7:bc:a7:25:f8:b9:17:f4:83:e5:ba:70:ac:
                    3d:02:f2:a8:bc:fc:43:cd:b4:17:2d:eb:34:3e:26:
                    89:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C2:82:43:6D:B6:1C:8F:87:E7:16:19:52:4E:70:D2:AA:D9:8A:8E:C8
            X509v3 Authority Key Identifier:
                keyid:F2:02:3E:76:A6:8E:A6:C9:F7:0D:3E:A7:2D:F8:4E:53:DC:21:72:4F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8gI-dqaOpsn3DT6nLfhOU9whck8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/7e8ed6-ae72-4d3f-999d-67c3affbd1aa/1/woJDbbYcj4fnFhlSTnDSqtmKjsg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/7e8ed6-ae72-4d3f-999d-67c3affbd1aa/1/8gI-dqaOpsn3DT6nLfhOU9whck8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:24a4::/48

    Signature Algorithm: sha256WithRSAEncryption
         0c:55:c5:0e:1d:cc:2e:a7:24:b6:f5:5f:7c:dd:e0:53:75:60:
         c3:17:0b:57:8f:61:5a:3f:70:47:a1:d7:e8:26:07:3c:a0:e7:
         c2:7e:c7:93:09:7f:4c:db:a7:af:5f:23:73:ce:59:94:2a:5b:
         b6:62:5d:bd:f3:c8:05:8a:6d:13:6c:15:7c:e3:b1:93:7a:7b:
         55:16:f8:7e:c9:c2:ab:de:02:7d:a6:21:0c:5c:ae:e2:8b:0b:
         81:04:36:ae:21:52:3e:05:b7:b3:2e:7f:f4:d6:85:e2:54:00:
         76:ff:30:9e:e8:6d:f5:ed:9b:ba:34:d4:85:0f:9a:8a:21:ab:
         b4:df:55:a4:c1:c5:6e:1d:9d:d1:06:c4:a0:85:fb:6b:22:6c:
         26:d7:a9:eb:ed:97:bc:33:d6:ea:96:d4:71:c5:e1:ae:68:46:
         3b:c4:a8:1f:cb:1a:e6:34:5a:54:9a:a7:b5:7f:25:8c:4f:9b:
         21:96:88:0c:a9:f7:08:55:b2:44:7a:73:96:b3:cd:d5:d9:88:
         c5:07:47:1e:dc:b8:4c:7f:9b:15:e2:05:93:97:45:cc:44:87:
         fa:70:24:76:b6:54:6e:1e:5a:04:3c:2e:93:4f:71:1f:67:db:
         2a:52:7e:aa:f2:0d:70:87:56:98:1d:52:0c:6d:6f:63:f5:09:
         30:9a:33:79
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzDtoq3eDLHusr66bzOSryPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYyMDIzZTc2YTY4ZWE2YzlmNzBkM2VhNzJkZjg0ZTUzZGMy
MTcyNGYwHhcNMjQwMTAxMDYyOTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMjgyNDM2ZGI2MWM4Zjg3ZTcxNjE5NTI0ZTcwZDJhYWQ5OGE4ZWM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr5LF98vXuKIxJrIii51DAsUUJVYi
w2e+fzNCuExRgpyKa664UEm8X/4N/DmkEE1LkJj9UY+BKQpjxieKgvFTaVuKqUq/
BMwviqC5ybwD77tmcA9RN5PeT+2p5kVbFDKJqrRFKLsmFq2nKglU8DhMTWqHzNKo
Ke71luzPBuLssKbEzk/zPztR03VYULw3qsrFNoO8nR42/2zxo/7wWtllGXDhdix4
sdNuEmwECB2O8LHYwlQR8k1Yuhk3mIsrX8DJtXHw0XpTlHVFkqi20ou5ryNkyh21
CF4aypL6S/jjbLEm79e8pyX4uRf0g+W6cKw9AvKovPxDzbQXLes0PiaJDwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFMKCQ222HI+H5xYZUk5w0qrZio7IMB8GA1UdIwQY
MBaAFPICPnamjqbJ9w0+py34TlPcIXJPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOGdJLWRxYU9wc24zRFQ2bkxmaE9VOXdoY2s4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZC83ZThlZDYtYWU3Mi00ZDNmLTk5OWQt
NjdjM2FmZmJkMWFhLzEvd29KRGJiWWNqNGZuRmhsU1RuRFNxdG1LanNnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZC83ZThlZDYtYWU3Mi00ZDNmLTk5OWQtNjdjM2FmZmJkMWFh
LzEvOGdJLWRxYU9wc24zRFQ2bkxmaE9VOXdoY2s4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfCSk
MA0GCSqGSIb3DQEBCwUAA4IBAQAMVcUOHcwupyS29V983eBTdWDDFwtXj2FaP3BH
odfoJgc8oOfCfseTCX9M26evXyNzzlmUKlu2Yl2988gFim0TbBV847GTentVFvh+
ycKr3gJ9piEMXK7iiwuBBDauIVI+BbezLn/01oXiVAB2/zCe6G317Zu6NNSFD5qK
Iau031WkwcVuHZ3RBsSghftrImwm16nr7Ze8M9bqltRxxeGuaEY7xKgfyxrmNFpU
mqe1fyWMT5shlogMqfcIVbJEenOWs83V2YjFB0ce3LhMf5sV4gWTl0XMRIf6cCR2
tlRuHloEPC6TT3EfZ9sqUn6q8g1wh1aYHVIMbW9j9QkwmjN5
-----END CERTIFICATE-----