Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a8/cc3c28-7b13-4343-af37-25550ba29127/1/Wttete7Fl6g9AoCwe1ErkvHZLvQ.roa
File:                     Wttete7Fl6g9AoCwe1ErkvHZLvQ.roa (raw, json)
Hash identifier:          1Gx2yLLNGgiLd9SHsNABGyCV3/kDXPRQB/XvAw4SHII=
Subject key identifier:   5A:DB:5E:B5:EE:C5:97:A8:3D:02:80:B0:7B:51:2B:92:F1:D9:2E:F4
Certificate issuer:       /CN=638c83f9a3a3d2160a0178ca19ccb43a0d2f1890
Certificate serial:       018CC8011A8106370846D0AB45C7AB030548
Authority key identifier: 63:8C:83:F9:A3:A3:D2:16:0A:01:78:CA:19:CC:B4:3A:0D:2F:18:90
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y4yD-aOj0hYKAXjKGcy0Og0vGJA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a8/cc3c28-7b13-4343-af37-25550ba29127/1/Wttete7Fl6g9AoCwe1ErkvHZLvQ.roa
Signing time:             Tue 02 Jan 2024 02:29:24 +0000
ROA not before:           Tue 02 Jan 2024 02:29:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207721
IP address blocks:        2a12:fb40::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a8/cc3c28-7b13-4343-af37-25550ba29127/1/Y4yD-aOj0hYKAXjKGcy0Og0vGJA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a8/cc3c28-7b13-4343-af37-25550ba29127/1/Y4yD-aOj0hYKAXjKGcy0Og0vGJA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y4yD-aOj0hYKAXjKGcy0Og0vGJA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:1a:81:06:37:08:46:d0:ab:45:c7:ab:03:05:48
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=638c83f9a3a3d2160a0178ca19ccb43a0d2f1890
        Validity
            Not Before: Jan  2 02:29:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5adb5eb5eec597a83d0280b07b512b92f1d92ef4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:1a:9a:cd:b6:6b:4e:70:3b:47:0f:9c:27:62:
                    97:90:a5:df:de:86:08:03:ba:97:de:9e:47:be:51:
                    e6:f7:24:fc:16:36:30:52:82:40:0f:0f:a3:ef:53:
                    8d:80:d4:93:76:8f:4c:f4:6e:eb:84:aa:a0:37:cd:
                    06:37:2e:2d:6d:ba:39:be:08:8c:3a:10:0a:98:65:
                    70:a9:23:cf:bb:42:0b:24:2f:5a:c4:68:81:58:fc:
                    94:68:86:21:df:68:29:78:66:8f:e0:26:56:38:81:
                    e9:ee:6e:ba:ad:2b:a9:d3:0d:ab:b4:99:a2:e8:30:
                    35:a4:34:7c:c4:4d:d5:ed:95:92:b7:8e:ef:b8:75:
                    84:ed:d8:58:18:11:43:cf:be:10:58:1c:42:3a:16:
                    4f:5f:fa:b0:d9:50:a2:a4:0f:e0:f0:27:5e:bf:86:
                    b4:c2:f8:fd:0b:a2:cb:42:5c:02:32:0f:41:06:e9:
                    fa:74:36:a8:7e:96:c4:87:8d:01:5b:f9:0e:5b:1f:
                    bf:18:e2:44:76:d1:ed:f9:f0:b1:be:fe:95:e2:ad:
                    84:b3:5e:9d:66:7b:bb:82:61:65:da:cd:80:0a:f2:
                    21:fd:d9:97:7e:55:8f:f3:55:95:6c:a1:50:d0:3d:
                    9b:36:ab:c7:3d:71:b4:01:bf:6b:c4:3e:ff:64:fb:
                    bf:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5A:DB:5E:B5:EE:C5:97:A8:3D:02:80:B0:7B:51:2B:92:F1:D9:2E:F4
            X509v3 Authority Key Identifier:
                keyid:63:8C:83:F9:A3:A3:D2:16:0A:01:78:CA:19:CC:B4:3A:0D:2F:18:90

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y4yD-aOj0hYKAXjKGcy0Og0vGJA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/cc3c28-7b13-4343-af37-25550ba29127/1/Wttete7Fl6g9AoCwe1ErkvHZLvQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/cc3c28-7b13-4343-af37-25550ba29127/1/Y4yD-aOj0hYKAXjKGcy0Og0vGJA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:fb40::/29

    Signature Algorithm: sha256WithRSAEncryption
         b7:24:e1:d8:da:40:f7:4c:2f:37:bb:5f:25:e6:e8:ca:c9:35:
         60:86:24:5c:ff:d2:d8:84:37:fb:53:8f:1b:2e:bb:fe:0e:5f:
         36:41:df:7d:79:6d:e0:b7:5c:98:58:0f:51:93:8e:99:90:88:
         d1:0e:d0:eb:21:01:1a:ce:57:88:8b:de:c3:44:6b:76:bc:6c:
         8f:8a:08:cd:45:6a:c9:28:57:06:98:73:81:fc:d2:1c:0e:fd:
         63:19:c4:4a:2c:90:15:3e:61:45:4e:3e:77:1a:1e:f5:86:07:
         15:fe:7c:5d:24:84:9a:52:9e:50:2f:52:24:d9:d1:ff:32:e2:
         26:95:fe:6a:17:00:d7:f5:4b:f2:2b:7f:9a:cd:b9:f3:25:53:
         2d:ec:48:e8:53:cb:0d:7d:da:ab:79:31:11:c8:dd:fa:b5:06:
         9e:c5:30:75:e3:3b:7c:13:f8:88:aa:0f:40:8c:4b:73:23:51:
         d4:85:74:0b:68:49:b1:61:a8:9f:d5:ee:dd:46:b6:14:8d:d4:
         52:a8:c9:fb:98:d0:e5:50:6c:ff:72:a8:66:59:f2:3d:71:3f:
         38:e2:5e:9a:18:a6:e1:5e:a0:9e:69:07:86:13:91:f3:b2:21:
         eb:bf:90:14:eb:ee:c8:dc:8d:92:3e:51:3b:f0:62:da:97:80:
         b2:c0:f5:83
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzIARqBBjcIRtCrRcerAwVIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzOGM4M2Y5YTNhM2QyMTYwYTAxNzhjYTE5Y2NiNDNhMGQy
ZjE4OTAwHhcNMjQwMTAyMDIyOTI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YWRiNWViNWVlYzU5N2E4M2QwMjgwYjA3YjUxMmI5MmYxZDkyZWY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoxqazbZrTnA7Rw+cJ2KXkKXf3oYI
A7qX3p5HvlHm9yT8FjYwUoJADw+j71ONgNSTdo9M9G7rhKqgN80GNy4tbbo5vgiM
OhAKmGVwqSPPu0ILJC9axGiBWPyUaIYh32gpeGaP4CZWOIHp7m66rSup0w2rtJmi
6DA1pDR8xE3V7ZWSt47vuHWE7dhYGBFDz74QWBxCOhZPX/qw2VCipA/g8Cdev4a0
wvj9C6LLQlwCMg9BBun6dDaofpbEh40BW/kOWx+/GOJEdtHt+fCxvv6V4q2Es16d
Znu7gmFl2s2ACvIh/dmXflWP81WVbKFQ0D2bNqvHPXG0Ab9rxD7/ZPu/SQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFFrbXrXuxZeoPQKAsHtRK5Lx2S70MB8GA1UdIwQY
MBaAFGOMg/mjo9IWCgF4yhnMtDoNLxiQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWTR5RC1hT2owaFlLQVhqS0djeTBPZzB2R0pBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOC9jYzNjMjgtN2IxMy00MzQzLWFmMzct
MjU1NTBiYTI5MTI3LzEvV3R0ZXRlN0ZsNmc5QW9Dd2UxRXJrdkhaTHZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOC9jYzNjMjgtN2IxMy00MzQzLWFmMzctMjU1NTBiYTI5MTI3
LzEvWTR5RC1hT2owaFlLQVhqS0djeTBPZzB2R0pBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhL7QDAN
BgkqhkiG9w0BAQsFAAOCAQEAtyTh2NpA90wvN7tfJeboysk1YIYkXP/S2IQ3+1OP
Gy67/g5fNkHffXlt4LdcmFgPUZOOmZCI0Q7Q6yEBGs5XiIvew0Rrdrxsj4oIzUVq
yShXBphzgfzSHA79YxnESiyQFT5hRU4+dxoe9YYHFf58XSSEmlKeUC9SJNnR/zLi
JpX+ahcA1/VL8it/ms258yVTLexI6FPLDX3aq3kxEcjd+rUGnsUwdeM7fBP4iKoP
QIxLcyNR1IV0C2hJsWGon9Xu3Ua2FI3UUqjJ+5jQ5VBs/3KoZlnyPXE/OOJemhim
4V6gnmkHhhOR87Ih67+QFOvuyNyNkj5RO/Bi2peAssD1gw==
-----END CERTIFICATE-----