Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d8/14f2c5-46fe-4670-9dd6-21c58470b8d2/1/WoOSjvTcH2JZfuHt4Xzcpoe9J08.roa
File:                     WoOSjvTcH2JZfuHt4Xzcpoe9J08.roa (raw, json)
Hash identifier:          2BkslwtTwIE11Y3+hXgjQXLNFEBpash+LoY2VkAII2c=
Subject key identifier:   5A:83:92:8E:F4:DC:1F:62:59:7E:E1:ED:E1:7C:DC:A6:87:BD:27:4F
Certificate issuer:       /CN=e1e8b7cab521e88e8022a36424544185538a7b33
Certificate serial:       018E4C79A7C2159FB9F50A5DB4EE79FC74B4
Authority key identifier: E1:E8:B7:CA:B5:21:E8:8E:80:22:A3:64:24:54:41:85:53:8A:7B:33
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4ei3yrUh6I6AIqNkJFRBhVOKezM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d8/14f2c5-46fe-4670-9dd6-21c58470b8d2/1/WoOSjvTcH2JZfuHt4Xzcpoe9J08.roa
Signing time:             Sun 17 Mar 2024 12:53:44 +0000
ROA not before:           Sun 17 Mar 2024 12:53:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48214
IP address blocks:        2a13:1640::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d8/14f2c5-46fe-4670-9dd6-21c58470b8d2/1/4ei3yrUh6I6AIqNkJFRBhVOKezM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d8/14f2c5-46fe-4670-9dd6-21c58470b8d2/1/4ei3yrUh6I6AIqNkJFRBhVOKezM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4ei3yrUh6I6AIqNkJFRBhVOKezM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 16:02:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:4c:79:a7:c2:15:9f:b9:f5:0a:5d:b4:ee:79:fc:74:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e1e8b7cab521e88e8022a36424544185538a7b33
        Validity
            Not Before: Mar 17 12:53:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5a83928ef4dc1f62597ee1ede17cdca687bd274f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:6b:fa:c1:65:49:c1:6d:e4:1f:22:78:d5:df:
                    1c:34:0c:4f:13:74:d0:40:d0:c3:8d:51:3f:03:3f:
                    4b:28:bc:9f:f5:42:b6:b2:d9:dc:85:92:81:92:fe:
                    b2:93:af:e0:1c:f2:63:65:4d:7c:c1:26:25:12:16:
                    c4:29:48:1f:12:da:cf:57:a6:22:ed:e2:86:95:32:
                    d9:62:c2:00:d1:55:ce:be:ba:a5:c3:bc:ca:ad:69:
                    fd:58:ae:80:27:95:6e:57:e8:11:75:eb:30:30:33:
                    ea:6a:c3:bf:b1:44:96:36:22:3f:6a:31:f3:fc:5c:
                    86:e7:cc:e1:3a:96:fb:53:20:6c:6f:92:c1:e2:30:
                    13:a9:68:1e:24:50:f6:fa:ff:8b:56:99:d5:68:a6:
                    ed:7b:e2:b3:5f:37:b3:f6:06:87:7f:fe:51:db:c8:
                    e1:3e:59:d9:15:45:70:50:b8:6f:d9:4a:7e:fe:de:
                    43:29:f7:6d:3d:0e:91:be:ab:f6:24:c9:be:88:74:
                    a7:a2:d5:04:3e:12:99:d1:8b:e9:cf:c6:a4:98:72:
                    75:0b:f4:a0:ec:88:ff:e4:e1:1c:e2:1e:d6:b1:dd:
                    73:03:7c:03:dd:2e:dd:ef:46:de:c9:75:9e:ca:fd:
                    01:76:4a:1e:7d:87:88:d9:fc:54:cb:47:70:a5:0b:
                    7b:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5A:83:92:8E:F4:DC:1F:62:59:7E:E1:ED:E1:7C:DC:A6:87:BD:27:4F
            X509v3 Authority Key Identifier:
                keyid:E1:E8:B7:CA:B5:21:E8:8E:80:22:A3:64:24:54:41:85:53:8A:7B:33

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4ei3yrUh6I6AIqNkJFRBhVOKezM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/14f2c5-46fe-4670-9dd6-21c58470b8d2/1/WoOSjvTcH2JZfuHt4Xzcpoe9J08.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/14f2c5-46fe-4670-9dd6-21c58470b8d2/1/4ei3yrUh6I6AIqNkJFRBhVOKezM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:1640::/29

    Signature Algorithm: sha256WithRSAEncryption
         a2:2f:87:23:75:52:63:14:80:95:24:b1:31:53:b2:06:62:04:
         87:0b:5d:4f:90:7d:0f:a9:8f:0f:80:1d:e6:05:72:58:3b:28:
         c5:3f:a0:23:db:d3:18:5b:5c:42:a1:24:f1:99:7a:31:15:78:
         8a:af:53:3e:24:e6:92:5c:54:84:44:0a:10:08:36:21:0e:d6:
         fe:55:9f:e5:d2:ca:d8:aa:94:5b:69:11:08:d3:c2:f4:c4:e4:
         80:01:58:9c:3a:90:24:7c:2d:4b:9c:ec:ee:64:72:44:b6:4c:
         76:1b:04:0d:14:2a:3e:a9:e0:82:92:ba:2b:fd:14:19:39:ed:
         27:30:2e:85:b4:00:8e:5e:db:cc:5c:55:b4:79:af:3d:2b:bc:
         fe:1d:f2:4f:41:1a:2c:7f:fe:47:55:7b:65:88:fa:70:3a:3e:
         c5:15:6a:8d:54:b2:c2:30:f4:17:5e:ad:63:11:09:0f:06:13:
         f8:5a:7c:ed:61:3d:d5:96:bf:cf:bf:d6:c5:96:ad:46:44:16:
         10:51:c5:70:38:cd:3b:5e:75:ea:69:28:52:93:9b:be:95:15:
         38:47:82:2f:ff:40:09:1e:50:96:b1:8a:bc:e1:60:c0:67:a5:
         b6:cf:e0:67:2e:c4:10:94:f9:36:68:95:ac:e2:1b:35:72:3f:
         4e:e2:c2:f9
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAY5MeafCFZ+59QpdtO55/HS0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUxZThiN2NhYjUyMWU4OGU4MDIyYTM2NDI0NTQ0MTg1NTM4
YTdiMzMwHhcNMjQwMzE3MTI1MzQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YTgzOTI4ZWY0ZGMxZjYyNTk3ZWUxZWRlMTdjZGNhNjg3YmQyNzRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgWv6wWVJwW3kHyJ41d8cNAxPE3TQ
QNDDjVE/Az9LKLyf9UK2stnchZKBkv6yk6/gHPJjZU18wSYlEhbEKUgfEtrPV6Yi
7eKGlTLZYsIA0VXOvrqlw7zKrWn9WK6AJ5VuV+gRdeswMDPqasO/sUSWNiI/ajHz
/FyG58zhOpb7UyBsb5LB4jATqWgeJFD2+v+LVpnVaKbte+KzXzez9gaHf/5R28jh
PlnZFUVwULhv2Up+/t5DKfdtPQ6Rvqv2JMm+iHSnotUEPhKZ0Yvpz8akmHJ1C/Sg
7Ij/5OEc4h7Wsd1zA3wD3S7d70beyXWeyv0BdkoefYeI2fxUy0dwpQt7MwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFFqDko703B9iWX7h7eF83KaHvSdPMB8GA1UdIwQY
MBaAFOHot8q1IeiOgCKjZCRUQYVTinszMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNGVpM3lyVWg2STZBSXFOa0pGUkJoVk9LZXpNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOC8xNGYyYzUtNDZmZS00NjcwLTlkZDYt
MjFjNTg0NzBiOGQyLzEvV29PU2p2VGNIMkpaZnVIdDRYemNwb2U5SjA4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOC8xNGYyYzUtNDZmZS00NjcwLTlkZDYtMjFjNTg0NzBiOGQy
LzEvNGVpM3lyVWg2STZBSXFOa0pGUkJoVk9LZXpNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhMWQDAN
BgkqhkiG9w0BAQsFAAOCAQEAoi+HI3VSYxSAlSSxMVOyBmIEhwtdT5B9D6mPD4Ad
5gVyWDsoxT+gI9vTGFtcQqEk8Zl6MRV4iq9TPiTmklxUhEQKEAg2IQ7W/lWf5dLK
2KqUW2kRCNPC9MTkgAFYnDqQJHwtS5zs7mRyRLZMdhsEDRQqPqnggpK6K/0UGTnt
JzAuhbQAjl7bzFxVtHmvPSu8/h3yT0EaLH/+R1V7ZYj6cDo+xRVqjVSywjD0F16t
YxEJDwYT+Fp87WE91Za/z7/WxZatRkQWEFHFcDjNO1516mkoUpObvpUVOEeCL/9A
CR5QlrGKvOFgwGelts/gZy7EEJT5NmiVrOIbNXI/TuLC+Q==
-----END CERTIFICATE-----