Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/WewlruqwkDBrOY4Ur1aP2wEkRrc.roa
File:                     WewlruqwkDBrOY4Ur1aP2wEkRrc.roa (raw, json)
Hash identifier:          Nw53cfqxEHSwkPyvgkD9jrYIwY4GHqqPHjAre0Ta2lA=
Subject key identifier:   59:EC:25:AE:EA:B0:90:30:6B:39:8E:14:AF:56:8F:DB:01:24:46:B7
Certificate issuer:       /CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
Certificate serial:       018CC649FB71DD3C18F35F15A9D6ABC7E5F0
Authority key identifier: B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/WewlruqwkDBrOY4Ur1aP2wEkRrc.roa
Signing time:             Mon 01 Jan 2024 18:29:46 +0000
ROA not before:           Mon 01 Jan 2024 18:29:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49592
IP address blocks:        2a12:bec0:340::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 14:21:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:49:fb:71:dd:3c:18:f3:5f:15:a9:d6:ab:c7:e5:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
        Validity
            Not Before: Jan  1 18:29:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=59ec25aeeab090306b398e14af568fdb012446b7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:d6:7c:a6:a9:3e:52:f8:81:aa:37:9a:4e:ce:
                    95:96:32:ab:4c:02:1f:6a:a6:4c:0d:2f:03:64:5b:
                    91:61:f2:f7:13:f7:66:b6:a5:bd:67:49:21:d5:03:
                    1e:3f:0f:a6:e1:ff:ea:af:53:f3:9e:2b:87:9a:cb:
                    f0:8e:6d:72:5e:02:90:8a:08:04:ce:53:5a:a9:7f:
                    19:28:f0:3f:5e:dc:65:a2:87:77:c3:cc:7c:e1:df:
                    dd:f9:5f:c0:58:3b:55:44:df:b3:c3:0d:ef:9c:a8:
                    2a:8f:b2:2e:43:ca:3d:bf:32:88:13:44:4e:96:29:
                    a3:99:17:db:5c:c1:2e:b7:a1:27:94:eb:8c:09:be:
                    9f:70:06:8c:5c:2b:c2:1c:71:7b:d4:bb:b8:52:a5:
                    cf:c9:dd:43:c1:b2:2e:c3:1b:b1:7a:5d:60:48:86:
                    d6:0d:82:52:3e:85:ae:aa:db:e9:6d:35:1b:95:20:
                    92:24:28:5a:3a:d4:6a:69:e5:af:f4:16:9b:7b:92:
                    ff:7d:83:fa:72:61:23:67:4e:f4:be:da:c9:21:7f:
                    f8:ac:52:2c:ed:e9:92:b4:15:1a:61:07:19:2a:c6:
                    69:06:46:d6:09:1d:49:5b:25:39:29:a8:9c:92:2b:
                    9e:da:b3:9f:04:fb:32:42:69:5a:a2:72:98:47:da:
                    0c:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:EC:25:AE:EA:B0:90:30:6B:39:8E:14:AF:56:8F:DB:01:24:46:B7
            X509v3 Authority Key Identifier:
                keyid:B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/WewlruqwkDBrOY4Ur1aP2wEkRrc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:bec0:340::/44

    Signature Algorithm: sha256WithRSAEncryption
         1f:76:98:23:89:36:45:3e:72:24:05:64:6b:25:1a:41:c2:88:
         6b:84:b8:b0:2a:88:e7:cc:0b:62:9d:36:41:93:86:3a:f6:84:
         90:00:8f:ca:bb:9d:b6:a3:8b:70:37:d7:c6:06:66:e7:69:8d:
         64:7d:b9:e2:4f:49:b9:c5:62:4f:cf:41:51:8f:b4:e4:98:79:
         2f:a6:9b:d7:62:70:df:84:a0:e1:e5:c2:e5:38:f1:49:3b:a0:
         f2:a0:81:cd:ba:f8:ec:ac:44:e4:50:b0:da:a9:b5:67:8c:36:
         47:d1:aa:cd:47:85:fe:15:6b:1e:eb:10:ff:91:b0:84:dc:06:
         05:da:8c:f4:b2:0f:e4:25:4b:42:84:c5:5e:10:80:4a:48:26:
         fa:0c:31:28:36:ed:c0:55:0d:cf:93:5f:67:f5:44:0f:ed:d6:
         fd:3b:85:e2:e0:94:19:50:f2:b9:a8:5e:fa:8c:84:44:03:0a:
         51:b6:3d:ce:d5:67:ab:89:48:6a:13:b9:5c:f9:e2:78:2d:f5:
         81:80:47:b5:d9:d8:6d:aa:28:58:8c:56:67:01:25:51:a0:63:
         e3:b2:c2:68:81:06:cf:c1:a3:d4:e6:32:ee:49:67:20:e4:f4:
         d6:32:1c:5e:9a:0b:55:e3:db:77:1b:a2:eb:1a:0b:49:0f:eb:
         c4:40:dc:8a
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzGSftx3TwY818Vqdarx+XwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzN2UyMTVhNDE1ZWQ3YjVkZTRiNmRjMTJmMmY3Yjc3NTBj
M2Q2NmYwHhcNMjQwMTAxMTgyOTQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OWVjMjVhZWVhYjA5MDMwNmIzOThlMTRhZjU2OGZkYjAxMjQ0NmI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAudZ8pqk+UviBqjeaTs6VljKrTAIf
aqZMDS8DZFuRYfL3E/dmtqW9Z0kh1QMePw+m4f/qr1PzniuHmsvwjm1yXgKQiggE
zlNaqX8ZKPA/Xtxlood3w8x84d/d+V/AWDtVRN+zww3vnKgqj7IuQ8o9vzKIE0RO
limjmRfbXMEut6EnlOuMCb6fcAaMXCvCHHF71Lu4UqXPyd1DwbIuwxuxel1gSIbW
DYJSPoWuqtvpbTUblSCSJChaOtRqaeWv9Babe5L/fYP6cmEjZ070vtrJIX/4rFIs
7emStBUaYQcZKsZpBkbWCR1JWyU5Kaickiue2rOfBPsyQmlaonKYR9oMEQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFFnsJa7qsJAwazmOFK9Wj9sBJEa3MB8GA1UdIwQY
MBaAFLN+IVpBXte13kttwS8ve3dQw9ZvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQt
NTUzNjljZjUwN2VlLzEvV2V3bHJ1cXdrREJyT1k0VXIxYVAyd0VrUnJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQtNTUzNjljZjUwN2Vl
LzEvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhK+wANA
MA0GCSqGSIb3DQEBCwUAA4IBAQAfdpgjiTZFPnIkBWRrJRpBwohrhLiwKojnzAti
nTZBk4Y69oSQAI/Ku522o4twN9fGBmbnaY1kfbniT0m5xWJPz0FRj7TkmHkvppvX
YnDfhKDh5cLlOPFJO6DyoIHNuvjsrETkULDaqbVnjDZH0arNR4X+FWse6xD/kbCE
3AYF2oz0sg/kJUtChMVeEIBKSCb6DDEoNu3AVQ3Pk19n9UQP7db9O4Xi4JQZUPK5
qF76jIREAwpRtj3O1WeriUhqE7lc+eJ4LfWBgEe12dhtqihYjFZnASVRoGPjssJo
gQbPwaPU5jLuSWcg5PTWMhxemgtV49t3G6LrGgtJD+vEQNyK
-----END CERTIFICATE-----