Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7d/1c8896-7be2-42cd-911f-2fdb7ab65d52/1/wP7scxW_bApVi4Pmc8-u12SJKTk.roa
File:                     wP7scxW_bApVi4Pmc8-u12SJKTk.roa (raw, json)
Hash identifier:          B/fql9pw6F40EQbtMe9o0nHobz2QAowZO1cordbCq+c=
Subject key identifier:   C0:FE:EC:73:15:BF:6C:0A:55:8B:83:E6:73:CF:AE:D7:64:89:29:39
Certificate issuer:       /CN=1fc5955940bbd7555df0a2e417379fc447ef0cdc
Certificate serial:       018CC2DAE390735BFEDBA05A963F002738E8
Authority key identifier: 1F:C5:95:59:40:BB:D7:55:5D:F0:A2:E4:17:37:9F:C4:47:EF:0C:DC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/H8WVWUC711Vd8KLkFzefxEfvDNw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7d/1c8896-7be2-42cd-911f-2fdb7ab65d52/1/wP7scxW_bApVi4Pmc8-u12SJKTk.roa
Signing time:             Mon 01 Jan 2024 02:29:34 +0000
ROA not before:           Mon 01 Jan 2024 02:29:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        45.159.120.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7d/1c8896-7be2-42cd-911f-2fdb7ab65d52/1/H8WVWUC711Vd8KLkFzefxEfvDNw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7d/1c8896-7be2-42cd-911f-2fdb7ab65d52/1/H8WVWUC711Vd8KLkFzefxEfvDNw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/H8WVWUC711Vd8KLkFzefxEfvDNw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:e3:90:73:5b:fe:db:a0:5a:96:3f:00:27:38:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1fc5955940bbd7555df0a2e417379fc447ef0cdc
        Validity
            Not Before: Jan  1 02:29:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c0feec7315bf6c0a558b83e673cfaed764892939
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ea:ab:bb:98:30:e1:26:15:60:0b:fc:d1:7a:71:
                    70:25:89:94:25:bf:9b:cd:90:14:5a:7f:7b:0e:8b:
                    93:3c:9e:f5:e2:e4:4d:13:71:99:61:1b:35:13:28:
                    2c:59:ea:73:8e:e9:54:27:4e:8b:ef:df:70:cf:fa:
                    5d:70:54:b4:e1:a8:84:03:e6:aa:12:61:b2:48:b9:
                    17:39:26:56:87:e7:f0:6b:a4:93:53:5d:70:3e:48:
                    e2:08:ba:8e:b7:77:3c:01:95:29:08:04:93:96:d0:
                    d3:63:ca:9f:c0:88:1c:3c:c9:99:cc:c7:d6:03:6d:
                    5d:6d:79:dc:29:ee:a5:bd:47:4f:60:01:32:04:58:
                    a7:9f:84:e6:a0:11:d4:d0:4b:d0:1e:17:d6:cb:55:
                    1f:b3:bb:ee:8b:fe:cc:2d:1c:35:9f:dd:02:ea:66:
                    1d:64:f9:62:3e:ee:47:c7:2e:e4:a9:6f:32:76:d6:
                    47:0d:3d:8f:b9:2a:00:4f:16:c9:ce:f6:33:62:76:
                    e0:a9:88:0b:14:d5:4b:27:00:eb:6b:60:74:8e:46:
                    f5:f4:40:df:29:29:89:f0:cb:40:86:a5:03:bd:22:
                    e5:ed:4e:01:87:5d:ea:46:ff:b4:f1:2b:51:51:ae:
                    67:03:5b:ba:31:6e:80:91:e6:4c:9a:8f:e5:e6:30:
                    97:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C0:FE:EC:73:15:BF:6C:0A:55:8B:83:E6:73:CF:AE:D7:64:89:29:39
            X509v3 Authority Key Identifier:
                keyid:1F:C5:95:59:40:BB:D7:55:5D:F0:A2:E4:17:37:9F:C4:47:EF:0C:DC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/H8WVWUC711Vd8KLkFzefxEfvDNw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/1c8896-7be2-42cd-911f-2fdb7ab65d52/1/wP7scxW_bApVi4Pmc8-u12SJKTk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/1c8896-7be2-42cd-911f-2fdb7ab65d52/1/H8WVWUC711Vd8KLkFzefxEfvDNw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.159.120.0/22

    Signature Algorithm: sha256WithRSAEncryption
         c0:1a:40:d7:91:4f:5e:82:17:a6:2a:be:51:6e:2a:b4:26:e0:
         9f:62:c4:6f:6b:3b:ff:b0:1c:4f:72:b9:6f:7c:a3:a9:e6:dd:
         40:bd:c1:79:8d:5e:bc:50:c2:b2:3b:43:fd:8c:57:01:e8:3c:
         02:6c:a9:e5:f5:75:ca:61:9b:49:a4:74:98:83:59:88:99:8c:
         c5:bc:12:a5:0a:08:80:45:32:f8:65:37:51:7a:9f:44:73:98:
         11:8b:b4:a7:76:f4:48:6b:39:5f:a1:6f:df:cd:07:b5:b6:b8:
         b7:19:f4:2d:13:86:32:77:19:76:02:9e:89:d2:2c:ed:49:ef:
         3b:d5:51:cb:92:f7:3c:cf:ce:09:79:23:57:39:87:92:20:47:
         cd:16:08:24:05:bc:c8:83:69:81:a1:ba:0a:88:42:e6:f9:36:
         49:88:28:7f:28:17:0a:7b:02:a3:c3:84:7b:37:76:15:49:00:
         38:95:23:b2:80:42:15:5b:10:ef:16:dc:be:65:6f:15:83:c2:
         d4:f3:ef:56:a7:4f:82:4d:fb:77:01:e8:2a:31:b9:9b:cc:2f:
         b7:b2:f2:d1:ac:ca:9c:b9:22:d3:56:89:52:e5:49:fb:1f:74:
         a7:d6:f6:7b:2f:cf:a9:6c:56:4c:65:b5:67:27:42:5f:24:2b:
         0d:23:c3:b4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2uOQc1v+26Balj8AJzjoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFmYzU5NTU5NDBiYmQ3NTU1ZGYwYTJlNDE3Mzc5ZmM0NDdl
ZjBjZGMwHhcNMjQwMTAxMDIyOTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMGZlZWM3MzE1YmY2YzBhNTU4YjgzZTY3M2NmYWVkNzY0ODkyOTM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6qu7mDDhJhVgC/zRenFwJYmUJb+b
zZAUWn97DouTPJ714uRNE3GZYRs1EygsWepzjulUJ06L799wz/pdcFS04aiEA+aq
EmGySLkXOSZWh+fwa6STU11wPkjiCLqOt3c8AZUpCASTltDTY8qfwIgcPMmZzMfW
A21dbXncKe6lvUdPYAEyBFinn4TmoBHU0EvQHhfWy1Ufs7vui/7MLRw1n90C6mYd
ZPliPu5Hxy7kqW8ydtZHDT2PuSoATxbJzvYzYnbgqYgLFNVLJwDra2B0jkb19EDf
KSmJ8MtAhqUDvSLl7U4Bh13qRv+08StRUa5nA1u6MW6AkeZMmo/l5jCXbQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMD+7HMVv2wKVYuD5nPPrtdkiSk5MB8GA1UdIwQY
MBaAFB/FlVlAu9dVXfCi5Bc3n8RH7wzcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSDhXVldVQzcxMVZkOEtMa0Z6ZWZ4RWZ2RE53LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZC8xYzg4OTYtN2JlMi00MmNkLTkxMWYt
MmZkYjdhYjY1ZDUyLzEvd1A3c2N4V19iQXBWaTRQbWM4LXUxMlNKS1RrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZC8xYzg4OTYtN2JlMi00MmNkLTkxMWYtMmZkYjdhYjY1ZDUy
LzEvSDhXVldVQzcxMVZkOEtMa0Z6ZWZ4RWZ2RE53LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLZ94MA0G
CSqGSIb3DQEBCwUAA4IBAQDAGkDXkU9eghemKr5Rbiq0JuCfYsRvazv/sBxPcrlv
fKOp5t1AvcF5jV68UMKyO0P9jFcB6DwCbKnl9XXKYZtJpHSYg1mImYzFvBKlCgiA
RTL4ZTdRep9Ec5gRi7SndvRIazlfoW/fzQe1tri3GfQtE4Yydxl2Ap6J0iztSe87
1VHLkvc8z84JeSNXOYeSIEfNFggkBbzIg2mBoboKiELm+TZJiCh/KBcKewKjw4R7
N3YVSQA4lSOygEIVWxDvFty+ZW8Vg8LU8+9Wp0+CTft3AegqMbmbzC+3svLRrMqc
uSLTVolS5Un7H3Sn1vZ7L8+pbFZMZbVnJ0JfJCsNI8O0
-----END CERTIFICATE-----