Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/WwzGCJOe3hbTfhcSkQhUYKtZpeE.roa
File:                     WwzGCJOe3hbTfhcSkQhUYKtZpeE.roa (raw, json)
Hash identifier:          N5+NjpSgFrSWD7tKqV1MkWrWHc7PnpCzbGHVT1s/vl8=
Subject key identifier:   5B:0C:C6:08:93:9E:DE:16:D3:7E:17:12:91:08:54:60:AB:59:A5:E1
Certificate issuer:       /CN=6a5836dde9b9daef35a8a7f74d6326f6b42da74d
Certificate serial:       019424B2A3B7085069034FF8EC2136D14709
Authority key identifier: 6A:58:36:DD:E9:B9:DA:EF:35:A8:A7:F7:4D:63:26:F6:B4:2D:A7:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/alg23em52u81qKf3TWMm9rQtp00.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/WwzGCJOe3hbTfhcSkQhUYKtZpeE.roa
Signing time:             Thu 02 Jan 2025 01:47:54 +0000
ROA not before:           Thu 02 Jan 2025 01:47:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215523
IP address blocks:        213.18.200.0/21 maxlen: 21
                          213.18.240.0/23 maxlen: 23
                          217.180.36.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/alg23em52u81qKf3TWMm9rQtp00.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/alg23em52u81qKf3TWMm9rQtp00.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/alg23em52u81qKf3TWMm9rQtp00.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 09:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b2:a3:b7:08:50:69:03:4f:f8:ec:21:36:d1:47:09
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6a5836dde9b9daef35a8a7f74d6326f6b42da74d
        Validity
            Not Before: Jan  2 01:47:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5b0cc608939ede16d37e171291085460ab59a5e1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:c4:98:b3:e7:12:a4:bb:4a:4b:4f:e3:b3:31:
                    23:85:ba:42:f4:a5:0f:89:f9:28:a2:1c:05:ae:5c:
                    2e:de:df:5f:29:c6:2a:e2:59:9c:16:f5:53:98:e2:
                    ee:ed:d7:72:d6:75:7e:0f:4b:d4:f9:e7:0e:f2:69:
                    c8:5f:25:4e:60:f4:08:ce:4d:c7:88:b2:8b:eb:79:
                    84:c6:a8:f1:da:9f:f2:21:1b:ec:9c:ce:92:1f:c9:
                    f9:c5:b0:44:f6:68:38:9b:20:f9:d9:1a:fa:ec:1d:
                    c6:09:3d:01:85:76:10:12:33:36:bd:a6:3e:58:be:
                    e9:4e:52:e5:e0:e8:32:3f:f2:94:99:a1:88:8a:67:
                    42:17:32:b0:a1:45:52:f5:d1:61:1f:2e:09:de:22:
                    fc:e0:b7:99:a3:a7:65:83:b0:da:f4:fb:f6:42:7b:
                    2d:41:23:6c:56:0d:66:a1:b6:25:34:a3:1c:28:99:
                    f0:c7:cc:17:f7:3e:9a:a7:5f:fe:aa:87:e0:a9:24:
                    d8:2d:84:6e:63:a9:dc:12:43:73:b7:30:b8:21:4a:
                    38:24:32:fa:52:f4:65:3e:fb:3d:f3:59:0a:14:c6:
                    fa:45:f5:01:40:52:23:96:0f:27:dd:bc:2b:02:18:
                    97:59:69:7a:fb:6e:6d:9a:6e:16:f0:51:a9:fc:88:
                    0b:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:0C:C6:08:93:9E:DE:16:D3:7E:17:12:91:08:54:60:AB:59:A5:E1
            X509v3 Authority Key Identifier:
                keyid:6A:58:36:DD:E9:B9:DA:EF:35:A8:A7:F7:4D:63:26:F6:B4:2D:A7:4D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/alg23em52u81qKf3TWMm9rQtp00.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/WwzGCJOe3hbTfhcSkQhUYKtZpeE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/alg23em52u81qKf3TWMm9rQtp00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.18.200.0/21
                  213.18.240.0/23
                  217.180.36.0/23

    Signature Algorithm: sha256WithRSAEncryption
         29:b1:03:d7:ac:47:1d:42:c6:be:91:16:0b:fb:46:59:94:b1:
         9c:0d:64:22:e2:04:92:d7:86:ad:9a:89:b9:1f:1d:c2:bc:04:
         fa:be:d2:58:9a:2e:f3:b0:0d:f9:2b:19:4d:5c:34:a2:e3:7f:
         2b:09:f5:bb:6c:6d:c1:9f:96:eb:4e:88:8f:f0:d9:e8:79:ab:
         c4:44:47:cd:9c:7e:89:71:bc:e4:ef:5f:0b:10:bd:63:8c:a4:
         5a:a6:ce:14:85:3d:2e:4c:97:6d:b0:12:92:72:6d:1d:12:6b:
         d2:44:b5:34:a8:f7:54:36:56:2f:8f:31:5f:4f:05:f5:90:6a:
         80:2b:36:e7:9e:ba:0a:3c:2d:b2:cc:88:7d:1b:1a:de:68:7e:
         a7:80:67:9c:ac:d6:a5:a6:63:d9:9d:c7:36:8b:6d:de:e4:3e:
         e5:0c:01:cc:22:ca:56:30:65:36:ce:c7:c4:77:ee:6e:aa:16:
         5a:3a:a7:51:41:f7:2a:06:72:eb:3f:b5:f4:c0:84:ba:e4:54:
         76:0c:bb:cd:05:43:30:a9:e7:d8:fc:ad:ab:17:d5:02:f9:c8:
         ac:b5:b6:d4:5a:56:cb:73:8b:24:0f:13:92:db:2f:61:d3:6e:
         1b:90:12:1c:27:27:2f:31:fa:8e:46:56:00:6f:7d:a4:dd:fe:
         00:19:0c:61
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZQksqO3CFBpA0/47CE20UcJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZhNTgzNmRkZTliOWRhZWYzNWE4YTdmNzRkNjMyNmY2YjQy
ZGE3NGQwHhcNMjUwMTAyMDE0NzU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YjBjYzYwODkzOWVkZTE2ZDM3ZTE3MTI5MTA4NTQ2MGFiNTlhNWUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAssSYs+cSpLtKS0/jszEjhbpC9KUP
ifkoohwFrlwu3t9fKcYq4lmcFvVTmOLu7ddy1nV+D0vU+ecO8mnIXyVOYPQIzk3H
iLKL63mExqjx2p/yIRvsnM6SH8n5xbBE9mg4myD52Rr67B3GCT0BhXYQEjM2vaY+
WL7pTlLl4OgyP/KUmaGIimdCFzKwoUVS9dFhHy4J3iL84LeZo6dlg7Da9Pv2Qnst
QSNsVg1mobYlNKMcKJnwx8wX9z6ap1/+qofgqSTYLYRuY6ncEkNztzC4IUo4JDL6
UvRlPvs981kKFMb6RfUBQFIjlg8n3bwrAhiXWWl6+25tmm4W8FGp/IgL2QIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFFsMxgiTnt4W034XEpEIVGCrWaXhMB8GA1UdIwQY
MBaAFGpYNt3pudrvNain901jJva0LadNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYWxnMjNlbTUydTgxcUtmM1RXTW05clF0cDAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yi84MzgwMzItZGI5Ny00OTdmLThjOTUt
YzE5OTQyNzM3ZTZkLzEvV3d6R0NKT2UzaGJUZmhjU2tRaFVZS3RacGVFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yi84MzgwMzItZGI5Ny00OTdmLThjOTUtYzE5OTQyNzM3ZTZk
LzEvYWxnMjNlbTUydTgxcUtmM1RXTW05clF0cDAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQD1RLIAwQB
1RLwAwQB2bQkMA0GCSqGSIb3DQEBCwUAA4IBAQApsQPXrEcdQsa+kRYL+0ZZlLGc
DWQi4gSS14atmom5Hx3CvAT6vtJYmi7zsA35KxlNXDSi438rCfW7bG3Bn5brToiP
8NnoeavEREfNnH6Jcbzk718LEL1jjKRaps4UhT0uTJdtsBKScm0dEmvSRLU0qPdU
NlYvjzFfTwX1kGqAKzbnnroKPC2yzIh9GxreaH6ngGecrNalpmPZncc2i23e5D7l
DAHMIspWMGU2zsfEd+5uqhZaOqdRQfcqBnLrP7X0wIS65FR2DLvNBUMwqefY/K2r
F9UC+cistbbUWlbLc4skDxOS2y9h024bkBIcJycvMfqORlYAb32k3f4AGQxh
-----END CERTIFICATE-----