Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e7/b41d13-cc7a-49d6-91c4-70aa645ecc29/1/WZ6QV7I388WfR1atNyelt0Q9Mso.roa
File:                     WZ6QV7I388WfR1atNyelt0Q9Mso.roa (raw, json)
Hash identifier:          KwrEk8zO8slIVjQv6gkfQCNK8LKZkPpOkNAIgKKlEQo=
Subject key identifier:   59:9E:90:57:B2:37:F3:C5:9F:47:56:AD:37:27:A5:B7:44:3D:32:CA
Certificate issuer:       /CN=e544eb328591184b3faf9e71a931cb325dcb11a8
Certificate serial:       01943C29C928590DAEAA39FC57DF63AE1059
Authority key identifier: E5:44:EB:32:85:91:18:4B:3F:AF:9E:71:A9:31:CB:32:5D:CB:11:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5UTrMoWRGEs_r55xqTHLMl3LEag.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e7/b41d13-cc7a-49d6-91c4-70aa645ecc29/1/WZ6QV7I388WfR1atNyelt0Q9Mso.roa
Signing time:             Mon 06 Jan 2025 15:09:18 +0000
ROA not before:           Mon 06 Jan 2025 15:09:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215694
IP address blocks:        2.59.67.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e7/b41d13-cc7a-49d6-91c4-70aa645ecc29/1/5UTrMoWRGEs_r55xqTHLMl3LEag.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e7/b41d13-cc7a-49d6-91c4-70aa645ecc29/1/5UTrMoWRGEs_r55xqTHLMl3LEag.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5UTrMoWRGEs_r55xqTHLMl3LEag.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:3c:29:c9:28:59:0d:ae:aa:39:fc:57:df:63:ae:10:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e544eb328591184b3faf9e71a931cb325dcb11a8
        Validity
            Not Before: Jan  6 15:09:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=599e9057b237f3c59f4756ad3727a5b7443d32ca
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:ae:a5:6f:a1:1c:14:ed:a4:b5:68:5f:ab:06:
                    51:d5:26:ce:70:e3:c0:67:ff:64:13:99:9b:8e:05:
                    66:45:c8:46:3f:27:40:f9:81:53:d4:c3:dc:17:a6:
                    e8:f7:25:38:9b:e4:3c:a6:25:e0:16:ba:14:a5:07:
                    c2:bb:05:0d:37:fe:dd:42:a0:13:fb:5d:c4:10:36:
                    a9:60:b1:ee:76:ff:44:db:23:b5:b7:8e:59:76:ba:
                    9c:b1:3e:7c:57:a9:33:cd:65:ec:8f:f4:86:09:fc:
                    72:5a:ec:a2:84:e0:94:4a:24:a6:81:e6:82:92:50:
                    87:8b:ba:79:77:69:d7:a8:cd:f0:b9:80:85:e7:6a:
                    c9:4e:76:c9:53:ea:27:64:ea:37:c0:e9:fd:d6:3b:
                    c5:be:09:5f:96:84:b0:fe:9f:67:9e:a7:a1:1d:f7:
                    2a:c9:fb:61:ae:4c:74:d9:e1:b8:a9:b6:3e:b8:2d:
                    bd:98:a9:e7:35:2b:b5:d8:5c:87:8f:68:c8:b9:c0:
                    8d:fe:47:3c:15:d4:0f:f0:d1:60:e1:84:e8:47:d4:
                    57:0d:51:8e:7e:f3:b1:a7:87:a2:55:5e:49:17:73:
                    4d:2d:9e:83:43:12:06:24:74:a6:03:ba:9f:b3:cd:
                    da:7d:e9:ee:af:dc:d1:5a:78:48:cb:58:a9:b9:5a:
                    cd:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:9E:90:57:B2:37:F3:C5:9F:47:56:AD:37:27:A5:B7:44:3D:32:CA
            X509v3 Authority Key Identifier:
                keyid:E5:44:EB:32:85:91:18:4B:3F:AF:9E:71:A9:31:CB:32:5D:CB:11:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5UTrMoWRGEs_r55xqTHLMl3LEag.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/b41d13-cc7a-49d6-91c4-70aa645ecc29/1/WZ6QV7I388WfR1atNyelt0Q9Mso.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/b41d13-cc7a-49d6-91c4-70aa645ecc29/1/5UTrMoWRGEs_r55xqTHLMl3LEag.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.59.67.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a2:29:f1:d9:1b:99:4f:71:9a:05:ee:a1:99:a5:9e:3a:5c:ee:
         d2:66:07:26:28:da:ce:72:12:98:b6:a1:d9:63:95:1e:54:bf:
         35:3a:72:a8:11:41:0e:b9:7f:91:41:4e:ad:ad:a4:dc:fa:af:
         b8:56:46:26:6c:22:ee:d4:65:aa:6b:55:09:6b:6e:2f:dc:56:
         68:9c:78:ee:5c:69:41:9d:bb:56:8a:42:1c:cc:d8:e7:67:70:
         dc:8a:b4:89:e5:9f:0d:a9:83:90:de:2b:f7:b7:a4:a0:b3:29:
         b9:5e:b3:30:5e:b1:97:b5:e4:5f:e3:7e:7b:8a:03:b1:bb:c9:
         ad:96:46:7c:df:86:c1:6f:d8:53:15:6d:d1:0b:19:d6:a3:5f:
         ff:77:b2:c9:de:5b:21:40:d8:e2:b0:fe:f2:28:8c:54:a2:2f:
         78:fc:02:99:7b:6a:c3:a9:7e:09:84:f9:37:0b:2b:95:f4:af:
         ba:03:7c:64:3a:f7:0a:9c:2f:57:a0:c9:f5:71:7a:1f:10:b1:
         af:5a:97:04:ba:ae:ab:77:8e:ca:6d:52:6c:de:fd:4d:51:10:
         79:d4:2b:f4:e2:05:68:db:c5:d5:16:de:42:5f:0b:ad:f3:f8:
         66:1d:15:4b:12:28:af:b5:12:e5:ae:a1:ec:4f:80:b0:27:15:
         ea:07:25:13
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQ8KckoWQ2uqjn8V99jrhBZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU1NDRlYjMyODU5MTE4NGIzZmFmOWU3MWE5MzFjYjMyNWRj
YjExYTgwHhcNMjUwMTA2MTUwOTE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OTllOTA1N2IyMzdmM2M1OWY0NzU2YWQzNzI3YTViNzQ0M2QzMmNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw66lb6EcFO2ktWhfqwZR1SbOcOPA
Z/9kE5mbjgVmRchGPydA+YFT1MPcF6bo9yU4m+Q8piXgFroUpQfCuwUNN/7dQqAT
+13EEDapYLHudv9E2yO1t45ZdrqcsT58V6kzzWXsj/SGCfxyWuyihOCUSiSmgeaC
klCHi7p5d2nXqM3wuYCF52rJTnbJU+onZOo3wOn91jvFvglfloSw/p9nnqehHfcq
yfthrkx02eG4qbY+uC29mKnnNSu12FyHj2jIucCN/kc8FdQP8NFg4YToR9RXDVGO
fvOxp4eiVV5JF3NNLZ6DQxIGJHSmA7qfs83afenur9zRWnhIy1ipuVrNGQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFmekFeyN/PFn0dWrTcnpbdEPTLKMB8GA1UdIwQY
MBaAFOVE6zKFkRhLP6+ecakxyzJdyxGoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNVVUck1vV1JHRXNfcjU1eHFUSExNbDNMRWFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNy9iNDFkMTMtY2M3YS00OWQ2LTkxYzQt
NzBhYTY0NWVjYzI5LzEvV1o2UVY3STM4OFdmUjFhdE55ZWx0MFE5TXNvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNy9iNDFkMTMtY2M3YS00OWQ2LTkxYzQtNzBhYTY0NWVjYzI5
LzEvNVVUck1vV1JHRXNfcjU1eHFUSExNbDNMRWFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAAjtDMA0G
CSqGSIb3DQEBCwUAA4IBAQCiKfHZG5lPcZoF7qGZpZ46XO7SZgcmKNrOchKYtqHZ
Y5UeVL81OnKoEUEOuX+RQU6traTc+q+4VkYmbCLu1GWqa1UJa24v3FZonHjuXGlB
nbtWikIczNjnZ3DcirSJ5Z8NqYOQ3iv3t6Sgsym5XrMwXrGXteRf4357igOxu8mt
lkZ834bBb9hTFW3RCxnWo1//d7LJ3lshQNjisP7yKIxUoi94/AKZe2rDqX4JhPk3
CyuV9K+6A3xkOvcKnC9XoMn1cXofELGvWpcEuq6rd47KbVJs3v1NURB51Cv04gVo
28XVFt5CXwut8/hmHRVLEiivtRLlrqHsT4CwJxXqByUT
-----END CERTIFICATE-----