Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/d2cec5-b245-4547-a9cd-f6c644c94608/1/wHxLK1OpzbWRT12gSPjhO5-TkEk.roa
File:                     wHxLK1OpzbWRT12gSPjhO5-TkEk.roa (raw, json)
Hash identifier:          L3gclDxqdCa9IiR8tU0u/GGRK9AVcWrRLydtYvV1Fm4=
Subject key identifier:   C0:7C:4B:2B:53:A9:CD:B5:91:4F:5D:A0:48:F8:E1:3B:9F:93:90:49
Certificate issuer:       /CN=73fba682d69c1d10708ed7b6aeaa232ee89b901d
Certificate serial:       018CC5DC27A834F3FBEB63D6D9CE8836E929
Authority key identifier: 73:FB:A6:82:D6:9C:1D:10:70:8E:D7:B6:AE:AA:23:2E:E8:9B:90:1D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/c_umgtacHRBwjte2rqojLuibkB0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b0/d2cec5-b245-4547-a9cd-f6c644c94608/1/wHxLK1OpzbWRT12gSPjhO5-TkEk.roa
Signing time:             Mon 01 Jan 2024 16:29:48 +0000
ROA not before:           Mon 01 Jan 2024 16:29:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     29121
IP address blocks:        195.69.96.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b0/d2cec5-b245-4547-a9cd-f6c644c94608/1/c_umgtacHRBwjte2rqojLuibkB0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b0/d2cec5-b245-4547-a9cd-f6c644c94608/1/c_umgtacHRBwjte2rqojLuibkB0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/c_umgtacHRBwjte2rqojLuibkB0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 05:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:27:a8:34:f3:fb:eb:63:d6:d9:ce:88:36:e9:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=73fba682d69c1d10708ed7b6aeaa232ee89b901d
        Validity
            Not Before: Jan  1 16:29:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c07c4b2b53a9cdb5914f5da048f8e13b9f939049
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:ac:0d:13:7b:5c:28:8d:17:90:6d:13:4a:22:
                    7d:24:ec:40:0f:de:4e:c7:de:7a:2f:68:ba:ae:da:
                    1e:d2:26:7d:31:77:a8:ba:78:04:72:2e:83:c6:4e:
                    29:50:75:87:8c:19:7d:06:86:a3:27:ec:34:8f:a4:
                    3e:bd:73:fb:3d:7b:d4:7e:97:83:13:b9:34:21:d5:
                    95:fa:f0:51:c1:e3:0e:de:95:f8:db:67:0b:7c:43:
                    13:9b:09:ac:7f:53:52:a1:e0:7e:1d:1b:6a:8f:45:
                    99:82:3c:14:df:32:e1:a5:28:75:0b:fc:f1:77:24:
                    5d:c8:6d:f0:8b:eb:3f:ee:61:1f:a1:85:c2:f5:c1:
                    68:64:5e:b2:41:a8:c9:df:51:0d:d3:01:d0:40:d7:
                    7e:df:a2:40:cd:7e:6e:46:aa:0c:5a:a3:f5:61:a1:
                    70:cc:21:87:ac:5f:a1:d7:a1:d6:7b:f3:d8:8d:1b:
                    00:65:d6:a6:7d:08:d7:6b:94:9a:85:75:c2:4a:b0:
                    1d:48:45:f5:43:9d:ae:bb:40:72:e1:53:de:7a:db:
                    f6:74:67:65:88:f1:1f:5c:a9:64:34:cb:da:64:60:
                    ec:40:f2:83:84:e5:be:8c:74:10:44:f2:7b:ec:9c:
                    27:bf:a0:c7:61:21:a0:7d:f0:51:ab:6b:8c:fb:fc:
                    6d:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C0:7C:4B:2B:53:A9:CD:B5:91:4F:5D:A0:48:F8:E1:3B:9F:93:90:49
            X509v3 Authority Key Identifier:
                keyid:73:FB:A6:82:D6:9C:1D:10:70:8E:D7:B6:AE:AA:23:2E:E8:9B:90:1D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/c_umgtacHRBwjte2rqojLuibkB0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/d2cec5-b245-4547-a9cd-f6c644c94608/1/wHxLK1OpzbWRT12gSPjhO5-TkEk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/d2cec5-b245-4547-a9cd-f6c644c94608/1/c_umgtacHRBwjte2rqojLuibkB0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.69.96.0/22

    Signature Algorithm: sha256WithRSAEncryption
         b6:ad:fe:3b:be:d6:33:8a:f2:1a:41:ff:6a:fe:a7:7b:9f:a9:
         ac:18:6c:06:dd:9a:93:9f:5e:cc:bc:e7:ff:83:e5:20:1d:5c:
         fd:51:a7:45:c9:bf:ab:71:6c:b8:a2:a4:48:1a:5c:b6:ab:98:
         17:70:54:58:09:7c:f3:22:8c:dc:58:5c:f8:c0:52:20:87:7c:
         b3:e9:e5:8d:3e:a7:0b:c8:23:2b:62:a9:f4:9d:b0:3c:04:a0:
         93:82:f9:42:56:79:fd:a8:89:99:9d:39:8c:af:b1:e7:b5:41:
         3b:d5:54:9b:7e:79:f9:77:f9:7b:90:a0:20:b1:fc:e6:ad:4f:
         8e:f8:09:90:b5:ce:cb:3e:01:67:cf:be:ae:d8:71:09:a1:24:
         ab:39:eb:de:fb:78:11:bd:0f:01:9b:4b:e4:c1:27:b6:00:11:
         50:ab:1c:f8:5c:ae:f2:ca:d4:b9:a4:12:84:ae:a7:69:60:06:
         80:cb:be:f7:3b:5d:68:2a:7b:f2:00:5d:b7:5e:1a:75:97:a7:
         63:d2:ef:47:3a:8e:7c:44:d2:18:3b:81:1a:76:b9:d6:bd:db:
         02:ea:da:d7:5c:76:f4:37:9a:ac:6e:93:20:e2:2e:0e:59:ba:
         42:67:a1:db:6b:7a:88:e3:06:0b:53:d3:b6:ad:cf:d3:68:1a:
         e4:49:e1:64
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3CeoNPP762PW2c6INukpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDczZmJhNjgyZDY5YzFkMTA3MDhlZDdiNmFlYWEyMzJlZTg5
YjkwMWQwHhcNMjQwMTAxMTYyOTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMDdjNGIyYjUzYTljZGI1OTE0ZjVkYTA0OGY4ZTEzYjlmOTM5MDQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmqwNE3tcKI0XkG0TSiJ9JOxAD95O
x956L2i6rtoe0iZ9MXeoungEci6Dxk4pUHWHjBl9BoajJ+w0j6Q+vXP7PXvUfpeD
E7k0IdWV+vBRweMO3pX422cLfEMTmwmsf1NSoeB+HRtqj0WZgjwU3zLhpSh1C/zx
dyRdyG3wi+s/7mEfoYXC9cFoZF6yQajJ31EN0wHQQNd+36JAzX5uRqoMWqP1YaFw
zCGHrF+h16HWe/PYjRsAZdamfQjXa5SahXXCSrAdSEX1Q52uu0By4VPeetv2dGdl
iPEfXKlkNMvaZGDsQPKDhOW+jHQQRPJ77Jwnv6DHYSGgffBRq2uM+/xtTQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMB8SytTqc21kU9doEj44Tufk5BJMB8GA1UdIwQY
MBaAFHP7poLWnB0QcI7Xtq6qIy7om5AdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY191bWd0YWNIUkJ3anRlMnJxb2pMdWlia0IwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC9kMmNlYzUtYjI0NS00NTQ3LWE5Y2Qt
ZjZjNjQ0Yzk0NjA4LzEvd0h4TEsxT3B6YldSVDEyZ1NQamhPNS1Ua0VrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC9kMmNlYzUtYjI0NS00NTQ3LWE5Y2QtZjZjNjQ0Yzk0NjA4
LzEvY191bWd0YWNIUkJ3anRlMnJxb2pMdWlia0IwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCw0VgMA0G
CSqGSIb3DQEBCwUAA4IBAQC2rf47vtYzivIaQf9q/qd7n6msGGwG3ZqTn17MvOf/
g+UgHVz9UadFyb+rcWy4oqRIGly2q5gXcFRYCXzzIozcWFz4wFIgh3yz6eWNPqcL
yCMrYqn0nbA8BKCTgvlCVnn9qImZnTmMr7HntUE71VSbfnn5d/l7kKAgsfzmrU+O
+AmQtc7LPgFnz76u2HEJoSSrOeve+3gRvQ8Bm0vkwSe2ABFQqxz4XK7yytS5pBKE
rqdpYAaAy773O11oKnvyAF23Xhp1l6dj0u9HOo58RNIYO4EadrnWvdsC6trXXHb0
N5qsbpMg4i4OWbpCZ6Hba3qI4wYLU9O2rc/TaBrkSeFk
-----END CERTIFICATE-----