Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fc/c3ad2e-b52e-441c-89ba-44ab7a9d7dea/1/WWl7CH4AyFmZQGUrA2oj-fwUINA.roa
File:                     WWl7CH4AyFmZQGUrA2oj-fwUINA.roa (raw, json)
Hash identifier:          QctETKj8ZXEMwF9kx44yZXM8uKMhl7vfEa62OrwBmC4=
Subject key identifier:   59:69:7B:08:7E:00:C8:59:99:40:65:2B:03:6A:23:F9:FC:14:20:D0
Certificate issuer:       /CN=6640f89ce22645b97297d7803726dc2fb0e5f4b9
Certificate serial:       018CC3B6A2D4AAE5FA6DCC87CA0D6891739D
Authority key identifier: 66:40:F8:9C:E2:26:45:B9:72:97:D7:80:37:26:DC:2F:B0:E5:F4:B9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZkD4nOImRblyl9eANybcL7Dl9Lk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fc/c3ad2e-b52e-441c-89ba-44ab7a9d7dea/1/WWl7CH4AyFmZQGUrA2oj-fwUINA.roa
Signing time:             Mon 01 Jan 2024 06:29:35 +0000
ROA not before:           Mon 01 Jan 2024 06:29:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42216
IP address blocks:        212.64.222.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fc/c3ad2e-b52e-441c-89ba-44ab7a9d7dea/1/ZkD4nOImRblyl9eANybcL7Dl9Lk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fc/c3ad2e-b52e-441c-89ba-44ab7a9d7dea/1/ZkD4nOImRblyl9eANybcL7Dl9Lk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZkD4nOImRblyl9eANybcL7Dl9Lk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:a2:d4:aa:e5:fa:6d:cc:87:ca:0d:68:91:73:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6640f89ce22645b97297d7803726dc2fb0e5f4b9
        Validity
            Not Before: Jan  1 06:29:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=59697b087e00c8599940652b036a23f9fc1420d0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:f8:f4:98:9d:b9:35:21:d8:33:7b:93:3f:0f:
                    8f:07:4e:e6:27:b4:94:5a:5f:75:b4:79:90:0f:5f:
                    de:e9:f8:4b:41:f6:9c:7c:ac:2f:27:16:7e:e8:31:
                    d2:ad:96:7f:5d:b7:da:85:3e:17:e1:23:ff:91:3e:
                    2f:e5:7b:11:56:c5:1c:28:c3:f7:3e:51:35:b6:8b:
                    1c:69:34:97:9a:e7:28:48:a6:7e:ca:b7:ff:24:6e:
                    fe:f7:b8:2e:1c:d5:4f:25:e3:f2:c4:07:46:b9:69:
                    37:23:3f:43:8a:81:8f:7d:51:ad:61:c4:ed:a5:8c:
                    fe:e5:98:9b:3f:85:58:e8:b4:23:88:33:b3:b1:1b:
                    01:b8:62:4f:52:68:32:0a:0d:e7:1e:4b:72:20:65:
                    26:52:40:7a:37:cb:39:57:66:f7:7d:ae:4a:d7:a9:
                    5c:2f:ab:40:4a:92:4d:30:ff:1a:59:3f:3c:a4:9c:
                    8e:1c:f5:4a:d7:cc:90:04:a2:92:1f:5c:b9:8b:bf:
                    48:18:6f:39:55:1d:7f:c0:f7:3a:42:df:3a:49:fe:
                    fc:1e:34:45:c0:50:06:b9:8d:37:6d:8d:64:9c:fc:
                    b5:a3:57:2c:ee:8a:0d:fd:be:69:bf:0d:43:81:54:
                    b4:83:bc:32:d8:94:1b:f6:ba:af:61:fb:0a:e9:ea:
                    45:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:69:7B:08:7E:00:C8:59:99:40:65:2B:03:6A:23:F9:FC:14:20:D0
            X509v3 Authority Key Identifier:
                keyid:66:40:F8:9C:E2:26:45:B9:72:97:D7:80:37:26:DC:2F:B0:E5:F4:B9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZkD4nOImRblyl9eANybcL7Dl9Lk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/c3ad2e-b52e-441c-89ba-44ab7a9d7dea/1/WWl7CH4AyFmZQGUrA2oj-fwUINA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/c3ad2e-b52e-441c-89ba-44ab7a9d7dea/1/ZkD4nOImRblyl9eANybcL7Dl9Lk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.64.222.0/24

    Signature Algorithm: sha256WithRSAEncryption
         81:61:1b:52:eb:6d:19:27:41:5b:44:6a:f7:ba:c3:8e:73:9b:
         1b:55:49:07:70:4b:7b:ad:17:fa:d1:92:33:45:37:3c:47:c1:
         66:7e:96:2a:a2:56:16:0a:c5:03:8b:10:14:c9:d7:2f:59:ea:
         8c:69:aa:e6:4b:2f:ff:fe:62:fe:ae:54:c9:9b:2b:1a:40:12:
         68:4d:2f:a0:3b:89:87:72:15:af:20:29:b2:eb:0e:ab:47:f3:
         70:71:66:8c:f1:d9:01:59:81:56:df:3a:3a:35:76:04:52:0a:
         b3:36:31:79:50:a6:c6:80:90:cf:bb:2f:6a:c4:25:da:ef:c8:
         d4:91:cc:88:35:bf:2d:f2:4e:68:86:9d:d7:25:3c:25:1c:cf:
         0b:3a:a1:db:66:af:7e:95:be:29:7b:ae:e7:16:94:53:78:d2:
         96:e0:ce:23:58:64:3a:62:b0:ff:50:b1:bc:cf:ec:ca:64:d8:
         f4:74:e5:70:f8:7c:b2:88:27:a3:6d:3b:ce:f2:83:6c:37:6c:
         b9:3e:44:01:60:3d:78:b0:bc:0e:ed:96:d2:75:7d:0a:49:96:
         0d:ce:15:84:28:36:bc:0d:3a:ca:7d:b0:f9:e6:96:71:25:87:
         8a:c7:ca:7c:12:09:00:9e:36:8f:d6:e9:27:c8:a6:75:85:85:
         43:b1:6a:15
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtqLUquX6bcyHyg1okXOdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY2NDBmODljZTIyNjQ1Yjk3Mjk3ZDc4MDM3MjZkYzJmYjBl
NWY0YjkwHhcNMjQwMTAxMDYyOTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OTY5N2IwODdlMDBjODU5OTk0MDY1MmIwMzZhMjNmOWZjMTQyMGQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApfj0mJ25NSHYM3uTPw+PB07mJ7SU
Wl91tHmQD1/e6fhLQfacfKwvJxZ+6DHSrZZ/XbfahT4X4SP/kT4v5XsRVsUcKMP3
PlE1toscaTSXmucoSKZ+yrf/JG7+97guHNVPJePyxAdGuWk3Iz9DioGPfVGtYcTt
pYz+5ZibP4VY6LQjiDOzsRsBuGJPUmgyCg3nHktyIGUmUkB6N8s5V2b3fa5K16lc
L6tASpJNMP8aWT88pJyOHPVK18yQBKKSH1y5i79IGG85VR1/wPc6Qt86Sf78HjRF
wFAGuY03bY1knPy1o1cs7ooN/b5pvw1DgVS0g7wy2JQb9rqvYfsK6epFwQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFlpewh+AMhZmUBlKwNqI/n8FCDQMB8GA1UdIwQY
MBaAFGZA+JziJkW5cpfXgDcm3C+w5fS5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWmtENG5PSW1SYmx5bDllQU55YmNMN0RsOUxrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYy9jM2FkMmUtYjUyZS00NDFjLTg5YmEt
NDRhYjdhOWQ3ZGVhLzEvV1dsN0NINEF5Rm1aUUdVckEyb2otZndVSU5BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYy9jM2FkMmUtYjUyZS00NDFjLTg5YmEtNDRhYjdhOWQ3ZGVh
LzEvWmtENG5PSW1SYmx5bDllQU55YmNMN0RsOUxrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1EDeMA0G
CSqGSIb3DQEBCwUAA4IBAQCBYRtS620ZJ0FbRGr3usOOc5sbVUkHcEt7rRf60ZIz
RTc8R8FmfpYqolYWCsUDixAUydcvWeqMaarmSy///mL+rlTJmysaQBJoTS+gO4mH
chWvICmy6w6rR/NwcWaM8dkBWYFW3zo6NXYEUgqzNjF5UKbGgJDPuy9qxCXa78jU
kcyINb8t8k5ohp3XJTwlHM8LOqHbZq9+lb4pe67nFpRTeNKW4M4jWGQ6YrD/ULG8
z+zKZNj0dOVw+HyyiCejbTvO8oNsN2y5PkQBYD14sLwO7ZbSdX0KSZYNzhWEKDa8
DTrKfbD55pZxJYeKx8p8EgkAnjaP1uknyKZ1hYVDsWoV
-----END CERTIFICATE-----