Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/79/855002-d823-41fe-8f9a-718fd195c5eb/1/waDXyvUgHIG92Eis6GNxdUpev1M.roa
File:                     waDXyvUgHIG92Eis6GNxdUpev1M.roa (raw, json)
Hash identifier:          JLcv/w5FS/U2bXGp7RLb00LL0S8swBujy9+QOWYes5k=
Subject key identifier:   C1:A0:D7:CA:F5:20:1C:81:BD:D8:48:AC:E8:63:71:75:4A:5E:BF:53
Certificate issuer:       /CN=f73cdc6751d7c59073e4b706402d3691af09086f
Certificate serial:       018CC3B6ED7FCB061B5092307E724B103367
Authority key identifier: F7:3C:DC:67:51:D7:C5:90:73:E4:B7:06:40:2D:36:91:AF:09:08:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9zzcZ1HXxZBz5LcGQC02ka8JCG8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/79/855002-d823-41fe-8f9a-718fd195c5eb/1/waDXyvUgHIG92Eis6GNxdUpev1M.roa
Signing time:             Mon 01 Jan 2024 06:29:54 +0000
ROA not before:           Mon 01 Jan 2024 06:29:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     21348
IP address blocks:        80.246.144.0/20 maxlen: 20
                          80.95.128.0/20 maxlen: 20
                          2a01:51a0::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/79/855002-d823-41fe-8f9a-718fd195c5eb/1/9zzcZ1HXxZBz5LcGQC02ka8JCG8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/79/855002-d823-41fe-8f9a-718fd195c5eb/1/9zzcZ1HXxZBz5LcGQC02ka8JCG8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9zzcZ1HXxZBz5LcGQC02ka8JCG8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 04:53:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:ed:7f:cb:06:1b:50:92:30:7e:72:4b:10:33:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f73cdc6751d7c59073e4b706402d3691af09086f
        Validity
            Not Before: Jan  1 06:29:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c1a0d7caf5201c81bdd848ace86371754a5ebf53
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:fe:b4:4f:f9:03:92:9e:62:1b:c8:c4:2b:59:
                    6f:30:57:b4:37:5e:0d:22:8a:df:b3:07:a4:8e:e3:
                    c0:5e:8e:60:a7:ba:dd:50:26:41:e6:8b:36:39:8a:
                    84:9b:c4:eb:92:00:de:b9:3c:82:b2:13:ad:95:c2:
                    03:3e:7d:c8:e9:f0:35:b7:f3:b3:39:fb:c2:4b:1a:
                    06:21:12:04:d4:b0:96:08:45:62:ae:6e:98:51:a5:
                    d4:b6:88:bb:44:96:b5:6b:55:3e:c8:a8:5e:52:77:
                    7e:45:22:0c:3a:10:36:91:82:a9:75:16:1e:9e:23:
                    5a:90:4a:e7:6e:20:16:99:d2:53:b9:17:6e:ad:b9:
                    b5:3e:36:dd:7a:9d:4a:94:3b:f0:a1:42:1b:9a:ca:
                    27:2b:2f:a0:2d:89:8a:01:64:5d:2a:46:0e:c5:25:
                    63:69:70:cd:06:3c:5d:84:5b:1a:71:27:6f:0d:b1:
                    21:eb:e2:4b:4a:47:53:f3:84:e2:7c:a9:4e:77:d8:
                    85:07:36:29:59:4b:3a:73:11:92:c5:33:69:c2:72:
                    89:25:8e:15:b9:0a:49:ba:e4:43:d2:ee:84:89:0a:
                    ef:51:50:2e:40:22:7b:3a:91:ff:ea:dd:13:ba:00:
                    97:7b:ea:a0:34:de:43:67:e7:8a:86:37:a8:46:31:
                    c7:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:A0:D7:CA:F5:20:1C:81:BD:D8:48:AC:E8:63:71:75:4A:5E:BF:53
            X509v3 Authority Key Identifier:
                keyid:F7:3C:DC:67:51:D7:C5:90:73:E4:B7:06:40:2D:36:91:AF:09:08:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9zzcZ1HXxZBz5LcGQC02ka8JCG8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/79/855002-d823-41fe-8f9a-718fd195c5eb/1/waDXyvUgHIG92Eis6GNxdUpev1M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/79/855002-d823-41fe-8f9a-718fd195c5eb/1/9zzcZ1HXxZBz5LcGQC02ka8JCG8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.95.128.0/20
                  80.246.144.0/20
                IPv6:
                  2a01:51a0::/32

    Signature Algorithm: sha256WithRSAEncryption
         44:f2:95:72:73:90:d2:b3:73:8d:b9:74:27:16:a0:a7:2c:90:
         c0:46:fc:2d:f2:dc:2f:4e:80:5b:dc:f7:5a:b1:5d:71:a2:d0:
         f3:df:90:5a:6d:77:e1:1b:fb:3f:9a:2d:22:81:67:00:f4:ff:
         e9:1e:29:30:ab:b0:75:e4:59:d0:8b:b2:20:2e:44:b0:15:35:
         4d:70:ee:d5:48:0d:64:ca:bc:03:83:f8:ce:82:d7:fc:b0:72:
         32:11:c5:40:b0:0d:48:96:dc:56:a7:b4:4c:1a:c7:be:fe:c9:
         62:75:38:b3:0e:c5:c9:70:9b:6a:b9:cf:c4:dd:ba:55:fa:3a:
         a5:63:2c:5a:d8:47:f2:2c:ea:64:6f:53:7e:dc:43:8e:9b:85:
         6b:23:2d:3e:52:f2:03:42:89:c1:f7:4b:30:fb:91:d2:08:7e:
         7b:ff:2e:45:89:e5:00:70:cb:2d:12:8d:66:ab:49:a0:64:ce:
         99:1e:79:2c:ef:30:dc:ff:34:0d:b2:73:a0:69:fd:f8:12:70:
         8f:2f:58:af:60:8f:00:21:3a:99:d6:10:10:cb:0a:32:66:9c:
         5f:50:1c:32:fa:33:d6:cf:11:35:3a:42:7a:0b:61:fb:53:1f:
         b1:0d:cd:48:11:35:8a:0e:43:b0:69:ba:3b:9b:aa:0f:d6:0e:
         1e:6e:f9:93
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzDtu1/ywYbUJIwfnJLEDNnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY3M2NkYzY3NTFkN2M1OTA3M2U0YjcwNjQwMmQzNjkxYWYw
OTA4NmYwHhcNMjQwMTAxMDYyOTU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMWEwZDdjYWY1MjAxYzgxYmRkODQ4YWNlODYzNzE3NTRhNWViZjUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhf60T/kDkp5iG8jEK1lvMFe0N14N
IorfswekjuPAXo5gp7rdUCZB5os2OYqEm8TrkgDeuTyCshOtlcIDPn3I6fA1t/Oz
OfvCSxoGIRIE1LCWCEVirm6YUaXUtoi7RJa1a1U+yKheUnd+RSIMOhA2kYKpdRYe
niNakErnbiAWmdJTuRdurbm1Pjbdep1KlDvwoUIbmsonKy+gLYmKAWRdKkYOxSVj
aXDNBjxdhFsacSdvDbEh6+JLSkdT84TifKlOd9iFBzYpWUs6cxGSxTNpwnKJJY4V
uQpJuuRD0u6EiQrvUVAuQCJ7OpH/6t0TugCXe+qgNN5DZ+eKhjeoRjHHFwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFMGg18r1IByBvdhIrOhjcXVKXr9TMB8GA1UdIwQY
MBaAFPc83GdR18WQc+S3BkAtNpGvCQhvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOXp6Y1oxSFh4WkJ6NUxjR1FDMDJrYThKQ0c4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OS84NTUwMDItZDgyMy00MWZlLThmOWEt
NzE4ZmQxOTVjNWViLzEvd2FEWHl2VWdISUc5MkVpczZHTnhkVXBldjFNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OS84NTUwMDItZDgyMy00MWZlLThmOWEtNzE4ZmQxOTVjNWVi
LzEvOXp6Y1oxSFh4WkJ6NUxjR1FDMDJrYThKQ0c4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQEUF+AAwQE
UPaQMA0EAgACMAcDBQAqAVGgMA0GCSqGSIb3DQEBCwUAA4IBAQBE8pVyc5DSs3ON
uXQnFqCnLJDARvwt8twvToBb3PdasV1xotDz35BabXfhG/s/mi0igWcA9P/pHikw
q7B15FnQi7IgLkSwFTVNcO7VSA1kyrwDg/jOgtf8sHIyEcVAsA1IltxWp7RMGse+
/slidTizDsXJcJtquc/E3bpV+jqlYyxa2EfyLOpkb1N+3EOOm4VrIy0+UvIDQonB
90sw+5HSCH57/y5FieUAcMstEo1mq0mgZM6ZHnks7zDc/zQNsnOgaf34EnCPL1iv
YI8AITqZ1hAQywoyZpxfUBwy+jPWzxE1OkJ6C2H7Ux+xDc1IETWKDkOwabo7m6oP
1g4ebvmT
-----END CERTIFICATE-----