Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7b/fb844a-f373-4e3c-8f76-5b7c431ab61e/1/wthdZ6FEfhDo6bp06Qaw_bAkSjA.roa
File:                     wthdZ6FEfhDo6bp06Qaw_bAkSjA.roa (raw, json)
Hash identifier:          6cUCKZ7dKYpij5tiBY0zOkdGGl+UtRXerhx1uUGndnM=
Subject key identifier:   C2:D8:5D:67:A1:44:7E:10:E8:E9:BA:74:E9:06:B0:FD:B0:24:4A:30
Certificate issuer:       /CN=629e80e88bb766291e5ec80338732511e4d41e04
Certificate serial:       018CC64B8A632BE7786558112572F45B193A
Authority key identifier: 62:9E:80:E8:8B:B7:66:29:1E:5E:C8:03:38:73:25:11:E4:D4:1E:04
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Yp6A6Iu3ZikeXsgDOHMlEeTUHgQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7b/fb844a-f373-4e3c-8f76-5b7c431ab61e/1/wthdZ6FEfhDo6bp06Qaw_bAkSjA.roa
Signing time:             Mon 01 Jan 2024 18:31:28 +0000
ROA not before:           Mon 01 Jan 2024 18:31:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     53589
IP address blocks:        146.19.134.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7b/fb844a-f373-4e3c-8f76-5b7c431ab61e/1/Yp6A6Iu3ZikeXsgDOHMlEeTUHgQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7b/fb844a-f373-4e3c-8f76-5b7c431ab61e/1/Yp6A6Iu3ZikeXsgDOHMlEeTUHgQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Yp6A6Iu3ZikeXsgDOHMlEeTUHgQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 07:01:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:8a:63:2b:e7:78:65:58:11:25:72:f4:5b:19:3a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=629e80e88bb766291e5ec80338732511e4d41e04
        Validity
            Not Before: Jan  1 18:31:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c2d85d67a1447e10e8e9ba74e906b0fdb0244a30
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:37:6a:61:51:9f:2d:a8:6a:5a:7f:a3:5f:08:
                    70:bc:3f:38:ad:ad:6f:45:8f:3b:c9:5d:b2:5b:01:
                    2c:c8:fb:31:e1:13:aa:98:45:4a:b2:f6:a1:4e:33:
                    2b:2f:16:59:58:f2:65:4d:3f:81:e1:37:6a:fd:02:
                    a9:66:5f:5c:f5:10:47:20:f6:7a:9a:69:72:64:8f:
                    ce:25:6a:45:05:99:47:a3:5c:db:e1:78:d1:8d:09:
                    8e:f2:81:60:a1:c6:6f:a7:86:60:27:4d:fa:85:5b:
                    e9:7b:e0:20:f0:e1:97:61:ad:50:58:e8:25:96:a7:
                    55:9f:6c:fd:37:8f:56:9f:d3:03:bf:d4:4f:42:df:
                    f6:62:33:45:b0:b7:23:71:6f:31:59:7e:b5:f6:a3:
                    69:71:de:75:57:c5:10:5d:fc:41:5b:35:64:95:3c:
                    95:b9:a8:28:92:1a:c6:ed:9f:d2:64:8c:92:36:80:
                    1b:b2:e5:85:02:36:58:e2:50:2c:e4:b6:16:34:12:
                    bb:5a:4d:bc:f0:a3:14:f3:2f:1a:0c:60:35:5b:b2:
                    17:77:52:9b:f1:75:ce:34:a7:53:8a:90:2e:d3:6e:
                    de:3a:a7:61:d8:81:f1:49:9c:f6:8a:fc:5d:ba:6f:
                    8f:31:0b:60:f8:d8:2f:cb:ed:fd:24:d1:f4:38:e3:
                    94:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C2:D8:5D:67:A1:44:7E:10:E8:E9:BA:74:E9:06:B0:FD:B0:24:4A:30
            X509v3 Authority Key Identifier:
                keyid:62:9E:80:E8:8B:B7:66:29:1E:5E:C8:03:38:73:25:11:E4:D4:1E:04

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Yp6A6Iu3ZikeXsgDOHMlEeTUHgQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/fb844a-f373-4e3c-8f76-5b7c431ab61e/1/wthdZ6FEfhDo6bp06Qaw_bAkSjA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/fb844a-f373-4e3c-8f76-5b7c431ab61e/1/Yp6A6Iu3ZikeXsgDOHMlEeTUHgQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.19.134.0/24

    Signature Algorithm: sha256WithRSAEncryption
         29:8b:45:20:0b:c5:f7:fd:f7:a5:6b:5b:a3:60:01:c5:6f:7f:
         6b:44:4c:d8:8c:27:5b:a3:e1:40:67:85:eb:33:68:c9:42:00:
         19:76:d5:c8:5a:44:cc:65:36:28:73:0c:66:40:31:30:13:58:
         c4:2e:cf:40:c0:1c:1e:65:ed:49:89:26:ee:79:41:4e:ee:dc:
         76:6f:0c:05:05:f9:fc:78:8b:01:ed:1e:37:17:95:9e:60:81:
         73:7b:8b:50:f9:3d:bc:86:d4:c5:f3:85:35:e0:92:cb:e9:d7:
         d2:c5:15:ea:17:91:90:45:d9:07:06:fe:67:a0:05:cf:a6:9a:
         fd:19:2d:a7:b7:d4:6d:15:23:69:e9:13:0e:90:cf:8a:08:e0:
         8f:89:6b:ff:7e:91:5a:33:cb:74:cb:37:e5:d8:e8:ac:96:45:
         85:06:6b:3d:fb:15:23:ed:d1:76:bd:85:5b:96:d9:84:fd:a0:
         e4:32:58:7b:58:87:2a:75:9d:6f:75:8c:3a:24:07:c2:9e:31:
         06:52:c7:b3:a2:4e:53:8b:5b:b4:6d:c0:6e:93:b1:ca:a6:76:
         89:0e:43:e0:b0:b8:0f:17:35:f0:90:f2:4e:9f:65:55:4a:df:
         4f:e2:bc:14:64:8c:89:84:f0:7d:eb:da:58:40:57:a2:1e:fe:
         b3:5c:3e:7a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGS4pjK+d4ZVgRJXL0Wxk6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyOWU4MGU4OGJiNzY2MjkxZTVlYzgwMzM4NzMyNTExZTRk
NDFlMDQwHhcNMjQwMTAxMTgzMTI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMmQ4NWQ2N2ExNDQ3ZTEwZThlOWJhNzRlOTA2YjBmZGIwMjQ0YTMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzDdqYVGfLahqWn+jXwhwvD84ra1v
RY87yV2yWwEsyPsx4ROqmEVKsvahTjMrLxZZWPJlTT+B4Tdq/QKpZl9c9RBHIPZ6
mmlyZI/OJWpFBZlHo1zb4XjRjQmO8oFgocZvp4ZgJ036hVvpe+Ag8OGXYa1QWOgl
lqdVn2z9N49Wn9MDv9RPQt/2YjNFsLcjcW8xWX619qNpcd51V8UQXfxBWzVklTyV
uagokhrG7Z/SZIySNoAbsuWFAjZY4lAs5LYWNBK7Wk288KMU8y8aDGA1W7IXd1Kb
8XXONKdTipAu027eOqdh2IHxSZz2ivxdum+PMQtg+Ngvy+39JNH0OOOUkQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMLYXWehRH4Q6Om6dOkGsP2wJEowMB8GA1UdIwQY
MBaAFGKegOiLt2YpHl7IAzhzJRHk1B4EMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXA2QTZJdTNaaWtlWHNnRE9ITWxFZVRVSGdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yi9mYjg0NGEtZjM3My00ZTNjLThmNzYt
NWI3YzQzMWFiNjFlLzEvd3RoZFo2RkVmaERvNmJwMDZRYXdfYkFrU2pBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yi9mYjg0NGEtZjM3My00ZTNjLThmNzYtNWI3YzQzMWFiNjFl
LzEvWXA2QTZJdTNaaWtlWHNnRE9ITWxFZVRVSGdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAkhOGMA0G
CSqGSIb3DQEBCwUAA4IBAQApi0UgC8X3/fela1ujYAHFb39rREzYjCdbo+FAZ4Xr
M2jJQgAZdtXIWkTMZTYocwxmQDEwE1jELs9AwBweZe1JiSbueUFO7tx2bwwFBfn8
eIsB7R43F5WeYIFze4tQ+T28htTF84U14JLL6dfSxRXqF5GQRdkHBv5noAXPppr9
GS2nt9RtFSNp6RMOkM+KCOCPiWv/fpFaM8t0yzfl2OislkWFBms9+xUj7dF2vYVb
ltmE/aDkMlh7WIcqdZ1vdYw6JAfCnjEGUsezok5Ti1u0bcBuk7HKpnaJDkPgsLgP
FzXwkPJOn2VVSt9P4rwUZIyJhPB969pYQFeiHv6zXD56
-----END CERTIFICATE-----