Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/wubz_F-jRAOjUrqVLFtHESjwpuc.roa
File:                     wubz_F-jRAOjUrqVLFtHESjwpuc.roa (raw, json)
Hash identifier:          WLbV9jeDMhWK5RCMGa8PORbgRMnuj5HyktxRq7GBPlM=
Subject key identifier:   C2:E6:F3:FC:5F:A3:44:03:A3:52:BA:95:2C:5B:47:11:28:F0:A6:E7
Certificate issuer:       /CN=546834e68890f3986a1b0457ce0f54ae03c2d76b
Certificate serial:       018CC2DADD7F1ECB6581F8AD0F2FB011EA36
Authority key identifier: 54:68:34:E6:88:90:F3:98:6A:1B:04:57:CE:0F:54:AE:03:C2:D7:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/wubz_F-jRAOjUrqVLFtHESjwpuc.roa
Signing time:             Mon 01 Jan 2024 02:29:32 +0000
ROA not before:           Mon 01 Jan 2024 02:29:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201044
IP address blocks:        82.177.162.0/24 maxlen: 24
                          2a00:4120:8000:6::/64 maxlen: 64

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 09:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:dd:7f:1e:cb:65:81:f8:ad:0f:2f:b0:11:ea:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=546834e68890f3986a1b0457ce0f54ae03c2d76b
        Validity
            Not Before: Jan  1 02:29:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c2e6f3fc5fa34403a352ba952c5b471128f0a6e7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:f8:a0:4f:ed:a8:84:3f:0c:bc:66:db:0f:3c:
                    6b:8b:e3:92:e3:e2:6b:4c:a9:bf:88:1f:47:b7:34:
                    5e:9f:45:30:b7:51:17:2c:ae:b1:83:af:37:88:ef:
                    aa:a1:9b:f7:a9:0e:e6:95:61:d8:50:e3:4b:77:59:
                    b6:39:9a:09:1f:9e:88:1d:3c:58:45:27:2a:90:0b:
                    59:41:e8:3f:aa:f6:c7:cd:ec:c9:bf:0d:c2:62:c3:
                    ed:ea:86:57:64:c5:43:a5:01:2a:35:17:7f:74:35:
                    d9:12:2a:d8:fa:17:52:d6:cc:9f:6a:7b:ad:02:04:
                    be:b4:cd:94:ec:72:0c:70:da:19:0b:11:9c:7d:df:
                    7c:4e:82:a2:4f:32:2c:3b:d0:73:49:43:ba:05:e2:
                    43:be:a8:ec:3f:b3:07:81:1f:78:c0:89:f9:38:0d:
                    e4:2c:e5:23:77:61:66:8d:35:03:5a:19:21:79:d2:
                    b3:fe:56:65:e3:53:30:de:bb:42:ed:34:13:5a:12:
                    4d:25:a7:2d:ab:1f:82:6c:01:c5:b3:6c:b8:c1:96:
                    10:02:73:e0:34:3d:57:a0:ca:82:95:fa:f9:8e:cc:
                    eb:03:40:97:c6:0d:68:49:41:bd:f0:05:be:ce:df:
                    f6:f8:fe:04:96:ff:97:81:98:07:21:86:2a:f9:ab:
                    16:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C2:E6:F3:FC:5F:A3:44:03:A3:52:BA:95:2C:5B:47:11:28:F0:A6:E7
            X509v3 Authority Key Identifier:
                keyid:54:68:34:E6:88:90:F3:98:6A:1B:04:57:CE:0F:54:AE:03:C2:D7:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/wubz_F-jRAOjUrqVLFtHESjwpuc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.177.162.0/24
                IPv6:
                  2a00:4120:8000:6::/64

    Signature Algorithm: sha256WithRSAEncryption
         1b:a4:76:7d:eb:ee:a5:ff:67:e0:7f:db:29:2f:ca:62:66:d6:
         7e:1c:c7:3f:8e:9e:7e:2f:f9:6a:68:a5:db:0b:a9:4f:d8:87:
         1a:41:32:f0:61:2e:2f:b0:6b:18:6d:03:e7:d5:95:a7:10:11:
         2b:8e:d4:f9:70:6f:5c:2f:c5:ba:bd:cf:40:ed:8c:21:7a:36:
         29:b8:f3:1e:11:7d:d8:86:b2:b2:ee:07:50:7a:1c:52:23:20:
         72:db:c8:4d:2d:38:c3:20:51:61:59:20:4a:ab:d8:aa:5a:dd:
         a0:2f:77:90:6c:4a:f5:b0:59:cb:1d:07:7f:91:9e:04:32:e5:
         da:70:3a:dd:bb:03:72:36:c0:e5:cc:62:4a:23:cb:85:7c:05:
         b1:09:48:d8:08:6d:10:ee:49:be:63:b9:e2:f2:20:27:2d:f6:
         e6:e5:cc:0e:45:38:eb:d8:2f:f7:40:8b:40:75:64:80:90:0c:
         4f:28:73:ad:0b:10:c4:f9:2a:15:49:71:e7:9b:5d:93:d6:67:
         9f:5b:13:87:3b:2e:8e:c0:1c:c0:96:b8:fb:dc:95:58:d2:e0:
         06:c6:22:ef:50:51:75:14:46:14:64:44:19:7e:29:72:15:f2:
         78:6e:a6:59:b4:8b:3a:50:1a:93:73:e1:d5:41:8e:ba:27:17:
         bf:56:2a:31
-----BEGIN CERTIFICATE-----
MIIFEDCCA/igAwIBAgISAYzC2t1/HstlgfitDy+wEeo2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0NjgzNGU2ODg5MGYzOTg2YTFiMDQ1N2NlMGY1NGFlMDNj
MmQ3NmIwHhcNMjQwMTAxMDIyOTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMmU2ZjNmYzVmYTM0NDAzYTM1MmJhOTUyYzViNDcxMTI4ZjBhNmU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArPigT+2ohD8MvGbbDzxri+OS4+Jr
TKm/iB9HtzRen0Uwt1EXLK6xg683iO+qoZv3qQ7mlWHYUONLd1m2OZoJH56IHTxY
RScqkAtZQeg/qvbHzezJvw3CYsPt6oZXZMVDpQEqNRd/dDXZEirY+hdS1syfanut
AgS+tM2U7HIMcNoZCxGcfd98ToKiTzIsO9BzSUO6BeJDvqjsP7MHgR94wIn5OA3k
LOUjd2FmjTUDWhkhedKz/lZl41Mw3rtC7TQTWhJNJactqx+CbAHFs2y4wZYQAnPg
ND1XoMqClfr5jszrA0CXxg1oSUG98AW+zt/2+P4Elv+XgZgHIYYq+asWRwIDAQAB
o4ICHDCCAhgwHQYDVR0OBBYEFMLm8/xfo0QDo1K6lSxbRxEo8KbnMB8GA1UdIwQY
MBaAFFRoNOaIkPOYahsEV84PVK4DwtdrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVkdnMDVvaVE4NWhxR3dSWHpnOVVyZ1BDMTJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OS81ZjJmMGItZmQ4Mi00NGZhLWI2MzQt
NTI3NjZiMjRiYWE0LzEvd3Viel9GLWpSQU9qVXJxVkxGdEhFU2p3cHVjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OS81ZjJmMGItZmQ4Mi00NGZhLWI2MzQtNTI3NjZiMjRiYWE0
LzEvVkdnMDVvaVE4NWhxR3dSWHpnOVVyZ1BDMTJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDIGCCsGAQUFBwEHAQH/BCMwITAMBAIAATAGAwQAUrGiMBEE
AgACMAsDCQAqAEEggAAABjANBgkqhkiG9w0BAQsFAAOCAQEAG6R2fevupf9n4H/b
KS/KYmbWfhzHP46efi/5amil2wupT9iHGkEy8GEuL7BrGG0D59WVpxARK47U+XBv
XC/Fur3PQO2MIXo2KbjzHhF92Iaysu4HUHocUiMgctvITS04wyBRYVkgSqvYqlrd
oC93kGxK9bBZyx0Hf5GeBDLl2nA63bsDcjbA5cxiSiPLhXwFsQlI2AhtEO5JvmO5
4vIgJy325uXMDkU469gv90CLQHVkgJAMTyhzrQsQxPkqFUlx55tdk9Znn1sThzsu
jsAcwJa4+9yVWNLgBsYi71BRdRRGFGREGX4pchXyeG6mWbSLOlAak3Ph1UGOuicX
v1YqMQ==
-----END CERTIFICATE-----