Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/161c3f-b83d-45b1-aa8e-d1bb6b4dd701/1/WssWNJUk1v54EQuLzE6D-3WGcm8.roa
File:                     WssWNJUk1v54EQuLzE6D-3WGcm8.roa (raw, json)
Hash identifier:          qPqiAzeowN08c61EumYxAZpKoWVApqP0lyeqz1drEJU=
Subject key identifier:   5A:CB:16:34:95:24:D6:FE:78:11:0B:8B:CC:4E:83:FB:75:86:72:6F
Certificate issuer:       /CN=14bee0ebd06b4b812f9e13716e25f1c3c3d14cc6
Certificate serial:       018E51CFA012659877880786F90CDC8DAC88
Authority key identifier: 14:BE:E0:EB:D0:6B:4B:81:2F:9E:13:71:6E:25:F1:C3:C3:D1:4C:C6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FL7g69BrS4EvnhNxbiXxw8PRTMY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/161c3f-b83d-45b1-aa8e-d1bb6b4dd701/1/WssWNJUk1v54EQuLzE6D-3WGcm8.roa
Signing time:             Mon 18 Mar 2024 13:45:45 +0000
ROA not before:           Mon 18 Mar 2024 13:45:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48628
IP address blocks:        37.0.8.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/161c3f-b83d-45b1-aa8e-d1bb6b4dd701/1/FL7g69BrS4EvnhNxbiXxw8PRTMY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/161c3f-b83d-45b1-aa8e-d1bb6b4dd701/1/FL7g69BrS4EvnhNxbiXxw8PRTMY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FL7g69BrS4EvnhNxbiXxw8PRTMY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:51:cf:a0:12:65:98:77:88:07:86:f9:0c:dc:8d:ac:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=14bee0ebd06b4b812f9e13716e25f1c3c3d14cc6
        Validity
            Not Before: Mar 18 13:45:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5acb16349524d6fe78110b8bcc4e83fb7586726f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:11:9f:ec:4b:8e:5e:d5:61:d4:87:17:f6:d3:
                    e9:c1:b5:68:05:4a:87:da:22:91:81:ca:f3:72:ae:
                    77:86:e3:71:82:df:30:37:dc:51:d7:d4:47:ba:af:
                    27:35:fc:d7:b7:0b:e7:5e:bc:8a:74:7c:16:dc:68:
                    85:0b:ac:c1:d9:5f:70:27:d4:ab:fd:16:23:a9:cd:
                    7b:78:25:81:f6:b5:69:f8:93:e9:07:36:07:e4:a8:
                    e1:07:ae:ba:5e:e4:76:65:e9:db:ed:2b:ec:04:13:
                    05:d4:dd:86:85:a3:19:f6:21:ae:3c:b8:ce:63:6e:
                    5e:42:40:b1:ce:50:2c:93:27:6b:8c:08:74:d3:63:
                    ad:d2:fd:c4:e7:2c:b6:d8:a7:e3:19:29:4e:80:e4:
                    f6:92:f1:fb:9a:e6:d4:13:1b:4e:94:05:46:aa:ff:
                    96:7a:28:0e:72:58:f1:d7:93:e8:38:33:e3:0c:e7:
                    52:08:5e:27:aa:0d:0c:b1:3a:8c:d2:8a:39:2c:8e:
                    eb:9f:52:ac:fe:6c:43:a2:6b:c9:ae:cc:af:ab:ec:
                    2b:c9:d9:8d:69:2b:b3:e1:3f:07:5a:fb:aa:f6:20:
                    fa:0f:3c:bd:3e:f3:52:ae:49:b5:f1:f2:34:69:a8:
                    df:21:04:6d:72:5f:c4:79:a2:c7:34:36:f6:ca:e6:
                    c0:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5A:CB:16:34:95:24:D6:FE:78:11:0B:8B:CC:4E:83:FB:75:86:72:6F
            X509v3 Authority Key Identifier:
                keyid:14:BE:E0:EB:D0:6B:4B:81:2F:9E:13:71:6E:25:F1:C3:C3:D1:4C:C6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FL7g69BrS4EvnhNxbiXxw8PRTMY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/161c3f-b83d-45b1-aa8e-d1bb6b4dd701/1/WssWNJUk1v54EQuLzE6D-3WGcm8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/161c3f-b83d-45b1-aa8e-d1bb6b4dd701/1/FL7g69BrS4EvnhNxbiXxw8PRTMY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.0.8.0/24

    Signature Algorithm: sha256WithRSAEncryption
         70:46:17:29:79:d3:59:c8:f4:6a:bc:07:79:85:20:f2:82:ca:
         97:d6:78:74:8b:fc:30:7c:94:d7:9f:14:1a:df:24:9c:42:ec:
         ce:b0:39:97:7e:74:2f:cd:6c:64:31:b4:cc:28:7c:43:ee:17:
         92:cd:bc:73:e9:e7:c8:5b:df:91:ae:97:73:5e:e6:5b:aa:a8:
         7a:5c:1d:58:d7:40:27:8b:99:4e:10:3d:ef:c9:8e:80:3c:ea:
         64:8e:b4:b3:5c:51:31:df:fa:ea:be:94:60:77:fa:d2:3c:a9:
         03:f2:6b:22:fe:9a:64:f8:9e:2b:03:42:a0:53:a2:9f:71:c4:
         e9:51:31:8e:18:00:3b:51:f7:64:dd:bb:e5:fe:a4:14:05:a1:
         42:4a:e9:07:cb:f5:42:0a:aa:4d:c6:b4:2b:b2:0a:cd:af:a9:
         e6:d2:a1:1f:c9:37:23:3c:d5:83:11:a8:c0:e8:06:2f:f5:db:
         a4:b2:86:c0:5a:68:ba:46:e0:b2:0f:2d:1b:60:99:33:20:07:
         00:e2:0a:fa:58:bc:a0:a3:8a:18:9c:fd:28:0b:18:36:24:b6:
         aa:11:a7:a8:0e:3c:6a:da:7a:9c:81:c9:cc:cc:f0:f1:43:d2:
         a4:d5:8c:35:c1:ee:6f:63:7e:47:22:7b:0d:f8:58:d0:99:fa:
         5a:f0:a0:c5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY5Rz6ASZZh3iAeG+QzcjayIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE0YmVlMGViZDA2YjRiODEyZjllMTM3MTZlMjVmMWMzYzNk
MTRjYzYwHhcNMjQwMzE4MTM0NTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YWNiMTYzNDk1MjRkNmZlNzgxMTBiOGJjYzRlODNmYjc1ODY3MjZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApRGf7EuOXtVh1IcX9tPpwbVoBUqH
2iKRgcrzcq53huNxgt8wN9xR19RHuq8nNfzXtwvnXryKdHwW3GiFC6zB2V9wJ9Sr
/RYjqc17eCWB9rVp+JPpBzYH5KjhB666XuR2Zenb7SvsBBMF1N2GhaMZ9iGuPLjO
Y25eQkCxzlAskydrjAh002Ot0v3E5yy22KfjGSlOgOT2kvH7mubUExtOlAVGqv+W
eigOcljx15PoODPjDOdSCF4nqg0MsTqM0oo5LI7rn1Ks/mxDomvJrsyvq+wrydmN
aSuz4T8HWvuq9iD6Dzy9PvNSrkm18fI0aajfIQRtcl/EeaLHNDb2yubArwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFrLFjSVJNb+eBELi8xOg/t1hnJvMB8GA1UdIwQY
MBaAFBS+4OvQa0uBL54TcW4l8cPD0UzGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRkw3ZzY5QnJTNEV2bmhOeGJpWHh3OFBSVE1ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8xNjFjM2YtYjgzZC00NWIxLWFhOGUt
ZDFiYjZiNGRkNzAxLzEvV3NzV05KVWsxdjU0RVF1THpFNkQtM1dHY204LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8xNjFjM2YtYjgzZC00NWIxLWFhOGUtZDFiYjZiNGRkNzAx
LzEvRkw3ZzY5QnJTNEV2bmhOeGJpWHh3OFBSVE1ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAJQAIMA0G
CSqGSIb3DQEBCwUAA4IBAQBwRhcpedNZyPRqvAd5hSDygsqX1nh0i/wwfJTXnxQa
3yScQuzOsDmXfnQvzWxkMbTMKHxD7heSzbxz6efIW9+RrpdzXuZbqqh6XB1Y10An
i5lOED3vyY6APOpkjrSzXFEx3/rqvpRgd/rSPKkD8msi/ppk+J4rA0KgU6KfccTp
UTGOGAA7Ufdk3bvl/qQUBaFCSukHy/VCCqpNxrQrsgrNr6nm0qEfyTcjPNWDEajA
6AYv9duksobAWmi6RuCyDy0bYJkzIAcA4gr6WLygo4oYnP0oCxg2JLaqEaeoDjxq
2nqcgcnMzPDxQ9Kk1Yw1we5vY35HInsN+FjQmfpa8KDF
-----END CERTIFICATE-----