Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/88/0037eb-5e0b-4c2b-a94c-1dc3b8c61e6c/1/PWX1NMU8D_mWIdO37AiQe9opRNM.roa
File:                     PWX1NMU8D_mWIdO37AiQe9opRNM.roa (raw, json)
Hash identifier:          VGLQZIRcgsBtPfO3MfVbEjwCE8KqJjfczjr96PmM5cI=
Subject key identifier:   3D:65:F5:34:C5:3C:0F:F9:96:21:D3:B7:EC:08:90:7B:DA:29:44:D3
Certificate issuer:       /CN=60b28e2723955a3f63e47b3230317eae9292ff32
Certificate serial:       018CC9BB33EEBAFF2D5184E0A884AD4390A1
Authority key identifier: 60:B2:8E:27:23:95:5A:3F:63:E4:7B:32:30:31:7E:AE:92:92:FF:32
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YLKOJyOVWj9j5HsyMDF-rpKS_zI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/88/0037eb-5e0b-4c2b-a94c-1dc3b8c61e6c/1/PWX1NMU8D_mWIdO37AiQe9opRNM.roa
Signing time:             Tue 02 Jan 2024 10:32:18 +0000
ROA not before:           Tue 02 Jan 2024 10:32:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212344
IP address blocks:        2001:67c:1b18::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/88/0037eb-5e0b-4c2b-a94c-1dc3b8c61e6c/1/YLKOJyOVWj9j5HsyMDF-rpKS_zI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/88/0037eb-5e0b-4c2b-a94c-1dc3b8c61e6c/1/YLKOJyOVWj9j5HsyMDF-rpKS_zI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YLKOJyOVWj9j5HsyMDF-rpKS_zI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 29 Jun 2024 17:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bb:33:ee:ba:ff:2d:51:84:e0:a8:84:ad:43:90:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60b28e2723955a3f63e47b3230317eae9292ff32
        Validity
            Not Before: Jan  2 10:32:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3d65f534c53c0ff99621d3b7ec08907bda2944d3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:32:11:d5:e8:4b:fd:9d:5f:cd:6b:a4:e9:51:
                    34:a0:33:1b:41:c9:7e:5f:60:85:63:39:27:9d:d9:
                    d1:48:07:04:01:3d:5d:35:21:66:1c:f6:e7:e0:5c:
                    07:9a:bd:a7:2c:a1:9e:13:3b:fa:7f:f2:cc:2d:df:
                    aa:b1:56:30:f1:e6:2f:aa:2d:de:57:b1:c1:ab:ab:
                    d5:e3:a1:1a:b1:a4:9f:0d:2a:f3:28:54:93:99:60:
                    27:c0:ff:08:5f:2d:e9:b6:ae:f8:0f:4b:86:57:f6:
                    ef:f4:f1:a0:cb:06:28:e4:38:92:d8:44:97:db:07:
                    cf:84:fe:ac:c2:2d:cf:b8:9b:43:4d:4a:d6:d1:fe:
                    e5:bf:9b:b8:14:3d:8c:52:f7:f9:c7:f0:53:55:1b:
                    63:51:ae:59:72:19:7b:61:18:56:f8:a8:55:9a:4a:
                    7f:8a:e3:1a:17:5b:ae:9b:12:57:34:81:f1:28:2d:
                    fc:9a:6b:ba:00:84:a0:00:12:19:3d:1e:8e:60:6d:
                    c2:a8:b4:a4:69:67:4a:f3:3e:f4:06:4c:2d:6d:8a:
                    ca:a9:52:8f:84:4f:05:fb:57:b1:ef:b7:87:75:4a:
                    19:d3:92:e6:07:f2:a8:aa:d3:e3:85:fa:c0:75:8c:
                    7e:8f:30:3b:be:26:db:03:cf:6e:d7:6c:da:5b:26:
                    eb:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:65:F5:34:C5:3C:0F:F9:96:21:D3:B7:EC:08:90:7B:DA:29:44:D3
            X509v3 Authority Key Identifier:
                keyid:60:B2:8E:27:23:95:5A:3F:63:E4:7B:32:30:31:7E:AE:92:92:FF:32

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YLKOJyOVWj9j5HsyMDF-rpKS_zI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/88/0037eb-5e0b-4c2b-a94c-1dc3b8c61e6c/1/PWX1NMU8D_mWIdO37AiQe9opRNM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/88/0037eb-5e0b-4c2b-a94c-1dc3b8c61e6c/1/YLKOJyOVWj9j5HsyMDF-rpKS_zI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:1b18::/48

    Signature Algorithm: sha256WithRSAEncryption
         09:cd:b4:01:9d:5d:47:fc:4a:86:8e:af:b9:bf:55:fa:e8:70:
         94:39:83:08:e9:b5:e6:05:fb:ac:76:4d:48:bc:6b:a9:37:f2:
         12:fe:90:7e:a4:34:e1:c6:c9:25:2e:37:ae:5a:2a:1f:05:f9:
         d2:52:5d:1f:4a:bb:d9:12:cd:58:14:6f:75:f7:74:f3:fc:4a:
         bb:e4:a0:c7:7f:e7:11:4b:0d:f3:83:18:d1:3b:00:f2:ab:91:
         5e:92:eb:5d:20:34:c7:1a:b3:ab:68:3a:f0:b2:32:35:ec:3e:
         b6:65:3f:d0:c1:b8:96:32:10:4f:ae:db:59:1e:a8:6b:00:c9:
         18:45:32:74:c0:58:7b:64:ad:56:63:b2:bb:4d:84:e7:9c:5c:
         65:7d:dd:4a:b3:69:9b:8d:ea:f5:7e:a8:a4:88:31:7f:07:b8:
         f0:f3:f2:95:88:e2:32:23:c5:25:6d:40:ec:33:c5:c2:7e:11:
         22:87:b8:7c:b1:6d:ef:bc:63:81:1b:59:23:58:c6:3d:e6:d6:
         8e:ab:c7:26:f0:17:03:5a:38:e3:ca:57:85:da:f9:1e:6c:be:
         3c:a4:82:3f:33:7c:fe:b5:5d:8b:59:0d:7a:6b:4d:44:6b:3f:
         eb:59:19:63:0d:c2:0e:be:f2:27:fd:9a:64:17:c3:18:9e:bd:
         40:04:cd:6d
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzJuzPuuv8tUYTgqIStQ5ChMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwYjI4ZTI3MjM5NTVhM2Y2M2U0N2IzMjMwMzE3ZWFlOTI5
MmZmMzIwHhcNMjQwMTAyMTAzMjE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZDY1ZjUzNGM1M2MwZmY5OTYyMWQzYjdlYzA4OTA3YmRhMjk0NGQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjzIR1ehL/Z1fzWuk6VE0oDMbQcl+
X2CFYzknndnRSAcEAT1dNSFmHPbn4FwHmr2nLKGeEzv6f/LMLd+qsVYw8eYvqi3e
V7HBq6vV46EasaSfDSrzKFSTmWAnwP8IXy3ptq74D0uGV/bv9PGgywYo5DiS2ESX
2wfPhP6swi3PuJtDTUrW0f7lv5u4FD2MUvf5x/BTVRtjUa5Zchl7YRhW+KhVmkp/
iuMaF1uumxJXNIHxKC38mmu6AISgABIZPR6OYG3CqLSkaWdK8z70BkwtbYrKqVKP
hE8F+1ex77eHdUoZ05LmB/KoqtPjhfrAdYx+jzA7vibbA89u12zaWybrcwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFD1l9TTFPA/5liHTt+wIkHvaKUTTMB8GA1UdIwQY
MBaAFGCyjicjlVo/Y+R7MjAxfq6Skv8yMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUxLT0p5T1ZXajlqNUhzeU1ERi1ycEtTX3pJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OC8wMDM3ZWItNWUwYi00YzJiLWE5NGMt
MWRjM2I4YzYxZTZjLzEvUFdYMU5NVThEX21XSWRPMzdBaVFlOW9wUk5NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OC8wMDM3ZWItNWUwYi00YzJiLWE5NGMtMWRjM2I4YzYxZTZj
LzEvWUxLT0p5T1ZXajlqNUhzeU1ERi1ycEtTX3pJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfBsY
MA0GCSqGSIb3DQEBCwUAA4IBAQAJzbQBnV1H/EqGjq+5v1X66HCUOYMI6bXmBfus
dk1IvGupN/IS/pB+pDThxsklLjeuWiofBfnSUl0fSrvZEs1YFG9193Tz/Eq75KDH
f+cRSw3zgxjROwDyq5FekutdIDTHGrOraDrwsjI17D62ZT/QwbiWMhBPrttZHqhr
AMkYRTJ0wFh7ZK1WY7K7TYTnnFxlfd1Ks2mbjer1fqikiDF/B7jw8/KViOIyI8Ul
bUDsM8XCfhEih7h8sW3vvGOBG1kjWMY95taOq8cm8BcDWjjjyleF2vkebL48pII/
M3z+tV2LWQ16a01Eaz/rWRljDcIOvvIn/ZpkF8MYnr1ABM1t
-----END CERTIFICATE-----