Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a6/3dc3c4-9c48-4a64-8fa1-88f7b91b6e32/1/wUsbt-HTaTgAWsY_K2ZwhZempLg.roa
File:                     wUsbt-HTaTgAWsY_K2ZwhZempLg.roa (raw, json)
Hash identifier:          OXuJmL2+egILFuJsJVzo1F0QRoATbyDTCvgbpKqhXMA=
Subject key identifier:   C1:4B:1B:B7:E1:D3:69:38:00:5A:C6:3F:2B:66:70:85:97:A6:A4:B8
Certificate issuer:       /CN=ff62562cae873f4fc4a3232bf49dd5343b7084f9
Certificate serial:       01942368C75DB5455FC4BF1D25F8E9688177
Authority key identifier: FF:62:56:2C:AE:87:3F:4F:C4:A3:23:2B:F4:9D:D5:34:3B:70:84:F9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_2JWLK6HP0_EoyMr9J3VNDtwhPk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a6/3dc3c4-9c48-4a64-8fa1-88f7b91b6e32/1/wUsbt-HTaTgAWsY_K2ZwhZempLg.roa
Signing time:             Wed 01 Jan 2025 19:47:36 +0000
ROA not before:           Wed 01 Jan 2025 19:47:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     15576
IP address blocks:        185.187.120.0/23 maxlen: 23
                          2a0b:9e80::/36 maxlen: 36
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a6/3dc3c4-9c48-4a64-8fa1-88f7b91b6e32/1/_2JWLK6HP0_EoyMr9J3VNDtwhPk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a6/3dc3c4-9c48-4a64-8fa1-88f7b91b6e32/1/_2JWLK6HP0_EoyMr9J3VNDtwhPk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_2JWLK6HP0_EoyMr9J3VNDtwhPk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 23:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:68:c7:5d:b5:45:5f:c4:bf:1d:25:f8:e9:68:81:77
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ff62562cae873f4fc4a3232bf49dd5343b7084f9
        Validity
            Not Before: Jan  1 19:47:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c14b1bb7e1d36938005ac63f2b66708597a6a4b8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:1d:8e:1e:3b:a1:dd:78:19:11:f0:8c:72:0c:
                    4b:ca:4c:cf:2e:23:ff:21:63:11:92:ed:43:04:b3:
                    b0:77:ea:a6:bc:66:a1:33:d1:10:e1:3c:40:75:79:
                    c8:9a:36:78:0d:34:2b:cd:cb:9f:0f:23:65:b3:04:
                    88:d2:73:84:04:63:06:3b:e5:d7:47:68:af:bc:a7:
                    bc:a8:40:e6:c5:83:d8:3c:62:75:93:4f:2d:7d:f9:
                    05:5a:02:ae:c0:a1:3f:8e:9b:1f:61:ff:a4:a1:e1:
                    3d:e6:7a:0b:55:0a:ca:b8:a3:6a:25:69:cb:b6:79:
                    e4:6e:69:42:4c:c8:72:c6:db:42:45:40:fd:56:3c:
                    ce:c7:89:96:3d:63:a8:3c:8f:c7:c5:0d:7d:2e:64:
                    3a:16:42:27:47:7b:a7:b0:75:cb:1b:be:95:94:61:
                    ac:46:70:c3:86:43:68:81:7e:15:69:17:1b:73:95:
                    d6:f6:3d:70:42:eb:c6:cc:57:5e:7f:65:df:37:bc:
                    bf:45:10:73:84:27:6d:a1:8d:e2:56:1d:43:72:77:
                    d4:7a:1d:89:da:89:0b:b1:2f:c5:f7:3f:16:fd:0c:
                    42:61:1d:4a:07:95:c3:96:2d:36:91:dc:56:ec:df:
                    61:46:2f:5e:67:f9:5f:e9:a0:49:89:dd:35:bd:54:
                    c0:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:4B:1B:B7:E1:D3:69:38:00:5A:C6:3F:2B:66:70:85:97:A6:A4:B8
            X509v3 Authority Key Identifier:
                keyid:FF:62:56:2C:AE:87:3F:4F:C4:A3:23:2B:F4:9D:D5:34:3B:70:84:F9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_2JWLK6HP0_EoyMr9J3VNDtwhPk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/3dc3c4-9c48-4a64-8fa1-88f7b91b6e32/1/wUsbt-HTaTgAWsY_K2ZwhZempLg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/3dc3c4-9c48-4a64-8fa1-88f7b91b6e32/1/_2JWLK6HP0_EoyMr9J3VNDtwhPk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.187.120.0/23
                IPv6:
                  2a0b:9e80::/36

    Signature Algorithm: sha256WithRSAEncryption
         7e:02:29:ff:ef:66:a5:2f:b4:99:29:4c:6f:a6:51:88:c6:42:
         7f:92:8a:4b:11:e1:91:31:8b:8c:bf:44:1b:fc:0c:70:77:f9:
         ba:02:5b:9f:b6:08:a0:4f:68:92:12:53:17:cf:cd:21:3e:5c:
         de:07:6a:6e:c1:96:47:ac:f6:76:b0:79:93:7d:c1:2d:8d:64:
         a0:92:79:e1:51:20:9e:3f:b5:cd:b2:96:e4:69:f9:9d:84:b7:
         67:f9:17:e3:d0:63:36:fc:f3:b9:10:e3:ad:ca:d4:69:10:70:
         34:0a:b6:af:75:73:01:dc:3b:e5:28:60:ca:79:b5:9b:69:95:
         fa:bd:68:58:a8:b1:a7:f9:8b:1d:eb:78:f2:0a:84:37:38:fe:
         a0:74:08:63:77:42:0e:aa:0a:01:86:90:2e:13:fc:67:cf:eb:
         b5:b1:95:5e:47:99:f9:32:ff:b7:dc:51:63:42:2f:c8:3d:f2:
         7d:5e:ff:79:c0:fe:d3:72:73:ad:7b:a8:32:4a:61:04:60:21:
         7b:ea:34:3b:5f:90:00:3f:b0:53:87:a2:07:d5:a4:2e:5a:21:
         a7:ed:f3:60:e6:3b:37:31:e8:69:ca:9e:e7:37:50:69:0b:4c:
         b3:0b:ba:65:0f:fc:c5:89:c2:65:b6:c4:b8:0d:03:2b:27:4d:
         82:aa:b2:a7
-----BEGIN CERTIFICATE-----
MIIFDTCCA/WgAwIBAgISAZQjaMddtUVfxL8dJfjpaIF3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmNjI1NjJjYWU4NzNmNGZjNGEzMjMyYmY0OWRkNTM0M2I3
MDg0ZjkwHhcNMjUwMTAxMTk0NzM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMTRiMWJiN2UxZDM2OTM4MDA1YWM2M2YyYjY2NzA4NTk3YTZhNGI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzx2OHjuh3XgZEfCMcgxLykzPLiP/
IWMRku1DBLOwd+qmvGahM9EQ4TxAdXnImjZ4DTQrzcufDyNlswSI0nOEBGMGO+XX
R2ivvKe8qEDmxYPYPGJ1k08tffkFWgKuwKE/jpsfYf+koeE95noLVQrKuKNqJWnL
tnnkbmlCTMhyxttCRUD9VjzOx4mWPWOoPI/HxQ19LmQ6FkInR3unsHXLG76VlGGs
RnDDhkNogX4VaRcbc5XW9j1wQuvGzFdef2XfN7y/RRBzhCdtoY3iVh1DcnfUeh2J
2okLsS/F9z8W/QxCYR1KB5XDli02kdxW7N9hRi9eZ/lf6aBJid01vVTA8QIDAQAB
o4ICGTCCAhUwHQYDVR0OBBYEFMFLG7fh02k4AFrGPytmcIWXpqS4MB8GA1UdIwQY
MBaAFP9iViyuhz9PxKMjK/Sd1TQ7cIT5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzJKV0xLNkhQMF9Fb3lNcjlKM1ZORHR3aFBrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNi8zZGMzYzQtOWM0OC00YTY0LThmYTEt
ODhmN2I5MWI2ZTMyLzEvd1VzYnQtSFRhVGdBV3NZX0syWndoWmVtcExnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNi8zZGMzYzQtOWM0OC00YTY0LThmYTEtODhmN2I5MWI2ZTMy
LzEvXzJKV0xLNkhQMF9Fb3lNcjlKM1ZORHR3aFBrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC8GCCsGAQUFBwEHAQH/BCAwHjAMBAIAATAGAwQBubt4MA4E
AgACMAgDBgQqC56AADANBgkqhkiG9w0BAQsFAAOCAQEAfgIp/+9mpS+0mSlMb6ZR
iMZCf5KKSxHhkTGLjL9EG/wMcHf5ugJbn7YIoE9okhJTF8/NIT5c3gdqbsGWR6z2
drB5k33BLY1koJJ54VEgnj+1zbKW5Gn5nYS3Z/kX49BjNvzzuRDjrcrUaRBwNAq2
r3VzAdw75Shgynm1m2mV+r1oWKixp/mLHet48gqENzj+oHQIY3dCDqoKAYaQLhP8
Z8/rtbGVXkeZ+TL/t9xRY0IvyD3yfV7/ecD+03JzrXuoMkphBGAhe+o0O1+QAD+w
U4eiB9WkLlohp+3zYOY7NzHoacqe5zdQaQtMswu6ZQ/8xYnCZbbEuA0DKydNgqqy
pw==
-----END CERTIFICATE-----