Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/702a72-3112-4d9f-bba9-8034e2d05d39/1/w3vHheXW98Rsk-66US-HnFzknyA.roa
File:                     w3vHheXW98Rsk-66US-HnFzknyA.roa (raw, json)
Hash identifier:          khvaK5tBRWNESYR4nc8noXbxFkOLKhFtnzNSwQ95ViQ=
Subject key identifier:   C3:7B:C7:85:E5:D6:F7:C4:6C:93:EE:BA:51:2F:87:9C:5C:E4:9F:20
Certificate issuer:       /CN=146170cb906ef42d097c6402d83eec3d92677a68
Certificate serial:       018CC3491807154493260A45CAADA7349C04
Authority key identifier: 14:61:70:CB:90:6E:F4:2D:09:7C:64:02:D8:3E:EC:3D:92:67:7A:68
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FGFwy5Bu9C0JfGQC2D7sPZJnemg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/702a72-3112-4d9f-bba9-8034e2d05d39/1/w3vHheXW98Rsk-66US-HnFzknyA.roa
Signing time:             Mon 01 Jan 2024 04:29:56 +0000
ROA not before:           Mon 01 Jan 2024 04:29:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201690
IP address blocks:        2a03:22e0::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/702a72-3112-4d9f-bba9-8034e2d05d39/1/FGFwy5Bu9C0JfGQC2D7sPZJnemg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/702a72-3112-4d9f-bba9-8034e2d05d39/1/FGFwy5Bu9C0JfGQC2D7sPZJnemg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FGFwy5Bu9C0JfGQC2D7sPZJnemg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 16:46:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:18:07:15:44:93:26:0a:45:ca:ad:a7:34:9c:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=146170cb906ef42d097c6402d83eec3d92677a68
        Validity
            Not Before: Jan  1 04:29:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c37bc785e5d6f7c46c93eeba512f879c5ce49f20
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:7e:eb:8e:13:27:59:86:89:24:ff:9d:2c:e0:
                    94:01:50:0c:44:e5:24:47:52:e6:da:73:34:79:7a:
                    5d:d1:52:92:a7:23:71:f4:f0:7a:d3:1c:67:4b:3b:
                    7a:98:e2:0b:34:82:cf:13:3a:75:36:24:5d:67:1f:
                    02:cc:47:b5:7a:55:b8:73:40:a0:69:a4:86:0a:6d:
                    ec:0a:b2:2c:3e:63:73:03:9f:c6:9f:7f:20:6a:05:
                    74:7e:6c:c7:ff:4a:59:52:77:26:83:48:5d:1f:94:
                    3d:a5:49:0e:b5:10:ec:4a:b6:65:66:88:e1:05:fc:
                    6a:47:cc:f9:98:31:f2:2b:82:6e:7b:6d:c8:c1:b9:
                    cc:6b:61:06:16:e0:ee:de:e4:89:03:56:63:02:b3:
                    af:fc:ca:e8:d3:e9:be:09:ae:54:9b:f4:04:4f:91:
                    98:0e:8b:33:4b:00:0e:c5:34:fb:67:1f:5a:76:4d:
                    6f:00:1e:a4:e8:35:a8:ac:bd:3c:3e:67:4a:cf:86:
                    2d:40:33:ac:66:bb:ce:37:f1:20:23:e5:bc:48:84:
                    2e:5f:e2:f1:96:13:f1:14:37:36:51:76:80:c9:fd:
                    e0:b3:78:9a:14:3a:df:a6:74:5b:35:b8:82:15:50:
                    c5:c4:a8:78:f5:f5:97:9a:8f:18:de:89:f1:cf:b5:
                    f1:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C3:7B:C7:85:E5:D6:F7:C4:6C:93:EE:BA:51:2F:87:9C:5C:E4:9F:20
            X509v3 Authority Key Identifier:
                keyid:14:61:70:CB:90:6E:F4:2D:09:7C:64:02:D8:3E:EC:3D:92:67:7A:68

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FGFwy5Bu9C0JfGQC2D7sPZJnemg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/702a72-3112-4d9f-bba9-8034e2d05d39/1/w3vHheXW98Rsk-66US-HnFzknyA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/702a72-3112-4d9f-bba9-8034e2d05d39/1/FGFwy5Bu9C0JfGQC2D7sPZJnemg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a03:22e0::/32

    Signature Algorithm: sha256WithRSAEncryption
         19:1c:f7:b9:42:fe:94:65:da:c9:38:46:68:2a:1d:4e:86:c6:
         3e:47:de:67:38:a1:5b:47:fb:51:5b:ae:31:30:64:9a:1b:44:
         fc:71:ed:7d:57:af:d3:61:d9:d5:af:8c:2c:d8:f7:2b:6b:e5:
         08:d4:97:d7:bc:64:74:cc:e2:61:1f:5f:16:30:27:73:ff:69:
         b4:04:f7:3f:8a:41:b1:f3:ce:31:a1:e3:87:76:08:a5:03:95:
         cc:5a:27:cf:55:95:5e:cc:19:10:ba:11:4d:25:3c:e6:6a:32:
         23:ff:98:30:ee:8d:79:76:cc:30:25:83:2a:da:f9:44:28:8b:
         16:64:90:80:c2:47:a5:06:5b:ef:51:39:3a:b0:36:df:be:d9:
         50:2a:4f:c9:90:1e:61:70:c2:1b:47:38:3e:8a:9c:83:3d:5c:
         50:44:31:a0:f1:98:7f:7d:b6:1d:52:71:b9:92:b8:30:3b:74:
         45:67:3a:bc:83:a3:02:2b:53:f1:6d:e6:46:2a:79:8c:c0:72:
         c8:1a:7c:a9:59:9e:8f:61:87:f1:95:98:46:05:c4:d5:c7:45:
         fc:e0:11:31:80:00:f0:28:54:3c:c1:d2:23:a9:6e:be:7f:79:
         a6:d0:2d:73:11:f0:e3:95:1d:fb:b0:b6:25:62:7d:bf:5f:76:
         76:2a:67:b1
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzDSRgHFUSTJgpFyq2nNJwEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE0NjE3MGNiOTA2ZWY0MmQwOTdjNjQwMmQ4M2VlYzNkOTI2
NzdhNjgwHhcNMjQwMTAxMDQyOTU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMzdiYzc4NWU1ZDZmN2M0NmM5M2VlYmE1MTJmODc5YzVjZTQ5ZjIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv37rjhMnWYaJJP+dLOCUAVAMROUk
R1Lm2nM0eXpd0VKSpyNx9PB60xxnSzt6mOILNILPEzp1NiRdZx8CzEe1elW4c0Cg
aaSGCm3sCrIsPmNzA5/Gn38gagV0fmzH/0pZUncmg0hdH5Q9pUkOtRDsSrZlZojh
BfxqR8z5mDHyK4Jue23IwbnMa2EGFuDu3uSJA1ZjArOv/Mro0+m+Ca5Um/QET5GY
DoszSwAOxTT7Zx9adk1vAB6k6DWorL08PmdKz4YtQDOsZrvON/EgI+W8SIQuX+Lx
lhPxFDc2UXaAyf3gs3iaFDrfpnRbNbiCFVDFxKh49fWXmo8Y3onxz7XxcQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFMN7x4Xl1vfEbJPuulEvh5xc5J8gMB8GA1UdIwQY
MBaAFBRhcMuQbvQtCXxkAtg+7D2SZ3poMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRkdGd3k1QnU5QzBKZkdRQzJEN3NQWkpuZW1nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC83MDJhNzItMzExMi00ZDlmLWJiYTkt
ODAzNGUyZDA1ZDM5LzEvdzN2SGhlWFc5OFJzay02NlVTLUhuRnprbnlBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC83MDJhNzItMzExMi00ZDlmLWJiYTktODAzNGUyZDA1ZDM5
LzEvRkdGd3k1QnU5QzBKZkdRQzJEN3NQWkpuZW1nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgMi4DAN
BgkqhkiG9w0BAQsFAAOCAQEAGRz3uUL+lGXayThGaCodTobGPkfeZzihW0f7UVuu
MTBkmhtE/HHtfVev02HZ1a+MLNj3K2vlCNSX17xkdMziYR9fFjAnc/9ptAT3P4pB
sfPOMaHjh3YIpQOVzFonz1WVXswZELoRTSU85moyI/+YMO6NeXbMMCWDKtr5RCiL
FmSQgMJHpQZb71E5OrA2377ZUCpPyZAeYXDCG0c4Poqcgz1cUEQxoPGYf322HVJx
uZK4MDt0RWc6vIOjAitT8W3mRip5jMByyBp8qVmej2GH8ZWYRgXE1cdF/OARMYAA
8ChUPMHSI6luvn95ptAtcxHw45Ud+7C2JWJ9v192dipnsQ==
-----END CERTIFICATE-----