Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b4/b862d3-6844-46f7-bd98-83bc797278e2/1/Wevpv1P6gEfQRXzo6vY3FJ4462A.roa
File:                     Wevpv1P6gEfQRXzo6vY3FJ4462A.roa (raw, json)
Hash identifier:          NmiW6UjFVi+7gN4KNO0Hc9HTnBZ90w0v0xQjygDDLGY=
Subject key identifier:   59:EB:E9:BF:53:FA:80:47:D0:45:7C:E8:EA:F6:37:14:9E:38:EB:60
Certificate issuer:       /CN=f3b2805d8776eedeb7aa4cbe5af568cdb2629fc2
Certificate serial:       018CC64B680C19853BCAF942E2E3BBD8EF17
Authority key identifier: F3:B2:80:5D:87:76:EE:DE:B7:AA:4C:BE:5A:F5:68:CD:B2:62:9F:C2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/87KAXYd27t63qky-WvVozbJin8I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b4/b862d3-6844-46f7-bd98-83bc797278e2/1/Wevpv1P6gEfQRXzo6vY3FJ4462A.roa
Signing time:             Mon 01 Jan 2024 18:31:19 +0000
ROA not before:           Mon 01 Jan 2024 18:31:19 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     7018
IP address blocks:        178.255.219.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b4/b862d3-6844-46f7-bd98-83bc797278e2/1/87KAXYd27t63qky-WvVozbJin8I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b4/b862d3-6844-46f7-bd98-83bc797278e2/1/87KAXYd27t63qky-WvVozbJin8I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/87KAXYd27t63qky-WvVozbJin8I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:68:0c:19:85:3b:ca:f9:42:e2:e3:bb:d8:ef:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f3b2805d8776eedeb7aa4cbe5af568cdb2629fc2
        Validity
            Not Before: Jan  1 18:31:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=59ebe9bf53fa8047d0457ce8eaf637149e38eb60
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:a0:c9:ac:f1:a6:ec:bd:27:2a:c1:0c:ab:0a:
                    9a:99:81:e4:b6:75:c2:82:e6:d2:17:a3:cd:3b:19:
                    8a:c3:d5:3f:99:d6:8a:9e:36:31:1a:c3:6c:10:1b:
                    09:e8:4e:85:22:c8:b7:99:ef:9d:8f:e7:99:e0:06:
                    b4:fd:4f:15:8e:c5:6e:61:f2:36:11:ca:f4:cb:6e:
                    b2:45:46:cd:3f:09:d5:17:be:f0:bd:37:1c:87:a1:
                    47:b4:db:7e:e3:70:6f:25:2d:55:10:88:c3:d9:63:
                    69:c0:fa:00:f8:5f:cc:09:54:3f:e5:35:d5:c3:12:
                    3a:31:cf:8a:06:22:ef:39:6a:c6:03:e3:c7:e8:f5:
                    89:5a:80:ac:09:cb:44:37:67:de:25:ba:c0:4b:75:
                    22:48:13:59:86:13:76:6e:1d:75:1f:33:63:85:1b:
                    2e:88:c9:ef:47:4b:00:d7:cc:9f:c4:22:d3:8d:c2:
                    61:f2:5f:0b:80:b2:84:b1:36:6c:a6:5f:88:3b:d2:
                    76:92:5d:80:d8:64:9c:97:51:d6:4c:c1:5b:4c:81:
                    54:a6:97:a1:92:08:31:7a:c5:8c:56:e7:ab:82:b3:
                    77:ef:38:de:04:e9:d4:7c:09:6a:f5:b2:74:9b:e2:
                    90:9c:28:fd:d3:c4:0e:9e:02:31:1f:e6:12:eb:97:
                    e2:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:EB:E9:BF:53:FA:80:47:D0:45:7C:E8:EA:F6:37:14:9E:38:EB:60
            X509v3 Authority Key Identifier:
                keyid:F3:B2:80:5D:87:76:EE:DE:B7:AA:4C:BE:5A:F5:68:CD:B2:62:9F:C2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/87KAXYd27t63qky-WvVozbJin8I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/b862d3-6844-46f7-bd98-83bc797278e2/1/Wevpv1P6gEfQRXzo6vY3FJ4462A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/b862d3-6844-46f7-bd98-83bc797278e2/1/87KAXYd27t63qky-WvVozbJin8I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.255.219.0/24

    Signature Algorithm: sha256WithRSAEncryption
         02:a0:63:77:04:92:fb:ca:33:5d:a7:47:00:86:27:bd:28:f2:
         ea:9e:a2:ff:04:34:02:3c:db:b7:28:7f:47:94:f3:5b:84:31:
         43:06:89:04:c4:eb:b0:39:91:7b:b1:ae:39:46:e4:0c:6e:9e:
         af:eb:1f:61:a1:09:24:5f:54:40:54:41:10:74:2a:57:31:82:
         e3:1c:37:47:33:2f:2c:ab:8a:63:57:fd:e8:74:59:7f:72:93:
         49:7b:af:d9:47:bc:bb:dc:cc:df:41:f0:85:d2:c7:f0:43:be:
         44:cf:ec:cc:0b:7b:3b:77:83:3b:ce:47:2c:3a:b5:25:06:58:
         1e:2c:ca:07:e3:57:c6:d6:84:4d:ca:f4:a5:b2:01:bd:5a:e5:
         a9:3c:a3:dc:f7:91:17:f8:fd:22:f2:f6:1a:7e:40:21:c0:1c:
         c4:83:a0:47:2e:83:2a:b3:59:b2:cb:bc:53:b9:32:6f:0a:19:
         28:9e:67:a1:30:bd:f2:e3:b8:a6:d6:68:73:e2:7a:09:f0:fb:
         39:6c:bd:9a:aa:85:f1:19:76:14:45:cb:90:af:df:b5:91:dc:
         aa:e0:74:cc:0b:0c:f9:87:f6:f9:ee:29:39:9c:23:11:7b:54:
         7b:9b:f1:db:2f:f1:d2:35:2a:5c:91:47:26:ea:e2:9b:2d:3b:
         e1:2f:eb:2d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGS2gMGYU7yvlC4uO72O8XMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYzYjI4MDVkODc3NmVlZGViN2FhNGNiZTVhZjU2OGNkYjI2
MjlmYzIwHhcNMjQwMTAxMTgzMTE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OWViZTliZjUzZmE4MDQ3ZDA0NTdjZThlYWY2MzcxNDllMzhlYjYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAraDJrPGm7L0nKsEMqwqamYHktnXC
gubSF6PNOxmKw9U/mdaKnjYxGsNsEBsJ6E6FIsi3me+dj+eZ4Aa0/U8VjsVuYfI2
Ecr0y26yRUbNPwnVF77wvTcch6FHtNt+43BvJS1VEIjD2WNpwPoA+F/MCVQ/5TXV
wxI6Mc+KBiLvOWrGA+PH6PWJWoCsCctEN2feJbrAS3UiSBNZhhN2bh11HzNjhRsu
iMnvR0sA18yfxCLTjcJh8l8LgLKEsTZspl+IO9J2kl2A2GScl1HWTMFbTIFUppeh
kggxesWMVuergrN37zjeBOnUfAlq9bJ0m+KQnCj908QOngIxH+YS65fiRQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFnr6b9T+oBH0EV86Or2NxSeOOtgMB8GA1UdIwQY
MBaAFPOygF2Hdu7et6pMvlr1aM2yYp/CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvODdLQVhZZDI3dDYzcWt5LVd2Vm96YkppbjhJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNC9iODYyZDMtNjg0NC00NmY3LWJkOTgt
ODNiYzc5NzI3OGUyLzEvV2V2cHYxUDZnRWZRUlh6bzZ2WTNGSjQ0NjJBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNC9iODYyZDMtNjg0NC00NmY3LWJkOTgtODNiYzc5NzI3OGUy
LzEvODdLQVhZZDI3dDYzcWt5LVd2Vm96YkppbjhJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsv/bMA0G
CSqGSIb3DQEBCwUAA4IBAQACoGN3BJL7yjNdp0cAhie9KPLqnqL/BDQCPNu3KH9H
lPNbhDFDBokExOuwOZF7sa45RuQMbp6v6x9hoQkkX1RAVEEQdCpXMYLjHDdHMy8s
q4pjV/3odFl/cpNJe6/ZR7y73MzfQfCF0sfwQ75Ez+zMC3s7d4M7zkcsOrUlBlge
LMoH41fG1oRNyvSlsgG9WuWpPKPc95EX+P0i8vYafkAhwBzEg6BHLoMqs1myy7xT
uTJvChkonmehML3y47im1mhz4noJ8Ps5bL2aqoXxGXYURcuQr9+1kdyq4HTMCwz5
h/b57ik5nCMRe1R7m/HbL/HSNSpckUcm6uKbLTvhL+st
-----END CERTIFICATE-----