Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/99/f33229-ca2d-4108-892d-4c910ae3735d/1/WyTHnFNcmWpTrxdhC8lFzmknWXA.roa
File:                     WyTHnFNcmWpTrxdhC8lFzmknWXA.roa (raw, json)
Hash identifier:          O4CFXZrV7LMiccxvTFaO49p/kjPz70mICS4Zh0D7ARw=
Subject key identifier:   5B:24:C7:9C:53:5C:99:6A:53:AF:17:61:0B:C9:45:CE:69:27:59:70
Certificate issuer:       /CN=a15237c39a325aa309b69e66fe09237da1ad0d2b
Certificate serial:       018EED2E6AC40FA892770BA74F6AB58C469D
Authority key identifier: A1:52:37:C3:9A:32:5A:A3:09:B6:9E:66:FE:09:23:7D:A1:AD:0D:2B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/oVI3w5oyWqMJtp5m_gkjfaGtDSs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/99/f33229-ca2d-4108-892d-4c910ae3735d/1/WyTHnFNcmWpTrxdhC8lFzmknWXA.roa
Signing time:             Wed 17 Apr 2024 17:50:25 +0000
ROA not before:           Wed 17 Apr 2024 17:50:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200260
IP address blocks:        2a13:75c1:100::/40 maxlen: 48
                          2a13:75c1:2000::/36 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/99/f33229-ca2d-4108-892d-4c910ae3735d/1/oVI3w5oyWqMJtp5m_gkjfaGtDSs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/99/f33229-ca2d-4108-892d-4c910ae3735d/1/oVI3w5oyWqMJtp5m_gkjfaGtDSs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/oVI3w5oyWqMJtp5m_gkjfaGtDSs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 21 Apr 2024 20:00:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:ed:2e:6a:c4:0f:a8:92:77:0b:a7:4f:6a:b5:8c:46:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a15237c39a325aa309b69e66fe09237da1ad0d2b
        Validity
            Not Before: Apr 17 17:50:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5b24c79c535c996a53af17610bc945ce69275970
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:9d:4c:2f:a6:73:5a:03:f6:92:42:2a:dd:a4:
                    94:48:b5:eb:4b:55:63:a1:b2:58:44:85:d0:0f:60:
                    3c:de:ad:a2:b2:a5:18:61:67:6d:15:b7:22:f3:ab:
                    3d:87:c5:1e:41:eb:63:81:9d:39:02:da:04:06:b1:
                    cf:3e:d8:55:4e:c2:40:03:c7:d6:a0:b1:c7:67:08:
                    05:9f:37:49:40:65:1f:47:e9:b4:34:3a:77:bc:27:
                    63:c1:95:0d:22:2c:ec:d6:0d:d1:91:7c:64:f8:51:
                    c8:75:2d:ed:24:c1:c6:bd:c3:5d:a4:ba:d1:2e:a1:
                    7a:53:c3:4c:7f:ce:44:92:bb:b9:fe:26:0e:fb:01:
                    d4:e7:03:86:7b:ed:4e:99:11:6c:87:d0:f5:71:26:
                    e9:fb:8a:d3:b1:37:1b:c2:35:81:e8:02:df:68:49:
                    a6:25:f3:e6:a5:12:12:70:c3:6b:53:08:12:b9:1b:
                    ea:21:8d:41:48:14:76:9d:5a:9e:f8:f2:b0:d3:2b:
                    bf:5c:78:46:84:38:0b:62:9f:2a:b2:55:19:e2:01:
                    3a:25:27:f9:ff:45:77:37:18:c6:23:26:26:f6:e4:
                    bc:28:ad:21:24:da:ed:f7:17:5f:4c:c2:48:d4:ca:
                    f2:df:1f:e0:ab:7e:87:3a:cd:a1:08:79:3a:56:e4:
                    cc:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:24:C7:9C:53:5C:99:6A:53:AF:17:61:0B:C9:45:CE:69:27:59:70
            X509v3 Authority Key Identifier:
                keyid:A1:52:37:C3:9A:32:5A:A3:09:B6:9E:66:FE:09:23:7D:A1:AD:0D:2B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oVI3w5oyWqMJtp5m_gkjfaGtDSs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/99/f33229-ca2d-4108-892d-4c910ae3735d/1/WyTHnFNcmWpTrxdhC8lFzmknWXA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/99/f33229-ca2d-4108-892d-4c910ae3735d/1/oVI3w5oyWqMJtp5m_gkjfaGtDSs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:75c1:100::/40
                  2a13:75c1:2000::/36

    Signature Algorithm: sha256WithRSAEncryption
         c9:04:e5:2b:6f:3c:c2:3f:65:58:6a:a3:84:9a:00:65:b9:a2:
         20:5b:c9:36:d6:2d:92:b2:bb:da:9d:8c:2c:80:d7:f2:d0:f8:
         ec:67:aa:17:f6:79:11:16:c4:c5:84:7f:ca:5b:31:0a:98:55:
         2a:2c:68:cf:64:6a:c9:bc:11:a7:77:d6:06:d8:32:f7:bb:2c:
         2d:68:da:b6:96:3b:5f:5e:7e:04:9d:c7:cf:a6:3b:a8:4a:d7:
         6e:f2:6f:3b:da:f0:40:b7:bb:23:ff:94:1f:40:77:db:85:5f:
         dd:b2:40:80:3b:8c:28:1b:28:1c:4d:ef:c3:7e:f9:1f:e3:b2:
         c2:06:f5:b4:2c:a1:82:fb:0b:61:a5:e3:a1:9b:3a:2f:a1:4c:
         04:02:e5:52:61:bc:a2:3e:99:14:88:8f:00:27:67:db:17:ba:
         6b:af:79:fd:29:23:4d:7f:6a:cb:77:67:a6:e7:88:bc:6f:d1:
         38:c9:a9:b5:7f:f9:54:41:ce:3f:b9:b8:46:c7:59:d8:81:58:
         47:ad:76:8e:6f:e8:75:fc:4d:a7:f0:78:51:17:2f:57:71:34:
         cc:33:a8:b3:d5:4b:d1:a6:33:6d:94:10:78:06:77:98:59:ea:
         9b:28:78:a3:ec:00:da:8a:bb:6c:a7:47:3d:4e:a2:82:17:eb:
         58:ea:a3:0f
-----BEGIN CERTIFICATE-----
MIIFBzCCA++gAwIBAgISAY7tLmrED6iSdwunT2q1jEadMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGExNTIzN2MzOWEzMjVhYTMwOWI2OWU2NmZlMDkyMzdkYTFh
ZDBkMmIwHhcNMjQwNDE3MTc1MDI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YjI0Yzc5YzUzNWM5OTZhNTNhZjE3NjEwYmM5NDVjZTY5Mjc1OTcwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgJ1ML6ZzWgP2kkIq3aSUSLXrS1Vj
obJYRIXQD2A83q2isqUYYWdtFbci86s9h8UeQetjgZ05AtoEBrHPPthVTsJAA8fW
oLHHZwgFnzdJQGUfR+m0NDp3vCdjwZUNIizs1g3RkXxk+FHIdS3tJMHGvcNdpLrR
LqF6U8NMf85Ekru5/iYO+wHU5wOGe+1OmRFsh9D1cSbp+4rTsTcbwjWB6ALfaEmm
JfPmpRIScMNrUwgSuRvqIY1BSBR2nVqe+PKw0yu/XHhGhDgLYp8qslUZ4gE6JSf5
/0V3NxjGIyYm9uS8KK0hJNrt9xdfTMJI1Mry3x/gq36HOs2hCHk6VuTMUwIDAQAB
o4ICEzCCAg8wHQYDVR0OBBYEFFskx5xTXJlqU68XYQvJRc5pJ1lwMB8GA1UdIwQY
MBaAFKFSN8OaMlqjCbaeZv4JI32hrQ0rMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb1ZJM3c1b3lXcU1KdHA1bV9na2pmYUd0RFNzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OS9mMzMyMjktY2EyZC00MTA4LTg5MmQt
NGM5MTBhZTM3MzVkLzEvV3lUSG5GTmNtV3BUcnhkaEM4bEZ6bWtuV1hBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OS9mMzMyMjktY2EyZC00MTA4LTg5MmQtNGM5MTBhZTM3MzVk
LzEvb1ZJM3c1b3lXcU1KdHA1bV9na2pmYUd0RFNzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCkGCCsGAQUFBwEHAQH/BBowGDAWBAIAAjAQAwYAKhN1wQED
BgQqE3XBIDANBgkqhkiG9w0BAQsFAAOCAQEAyQTlK288wj9lWGqjhJoAZbmiIFvJ
NtYtkrK72p2MLIDX8tD47GeqF/Z5ERbExYR/ylsxCphVKixoz2RqybwRp3fWBtgy
97ssLWjatpY7X15+BJ3Hz6Y7qErXbvJvO9rwQLe7I/+UH0B324Vf3bJAgDuMKBso
HE3vw375H+Oywgb1tCyhgvsLYaXjoZs6L6FMBALlUmG8oj6ZFIiPACdn2xe6a695
/SkjTX9qy3dnpueIvG/ROMmptX/5VEHOP7m4RsdZ2IFYR612jm/odfxNp/B4URcv
V3E0zDOos9VL0aYzbZQQeAZ3mFnqmyh4o+wA2oq7bKdHPU6ighfrWOqjDw==
-----END CERTIFICATE-----