Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/20/acf2a2-4d52-40cd-a5f8-59591389e242/1/WlE0pnb_a8E0LWydKNNKkO-Wvms.roa
File:                     WlE0pnb_a8E0LWydKNNKkO-Wvms.roa (raw, json)
Hash identifier:          OwFGuRY7hPFwg7QV9kjn3+RIiDCgK7LVwDC4mb4e/+c=
Subject key identifier:   5A:51:34:A6:76:FF:6B:C1:34:2D:6C:9D:28:D3:4A:90:EF:96:BE:6B
Certificate issuer:       /CN=9da4e95d2f4cc34a7376b73c0f039b3e158f5152
Certificate serial:       019016D23A8C293E06B8E018DE0D39A0883F
Authority key identifier: 9D:A4:E9:5D:2F:4C:C3:4A:73:76:B7:3C:0F:03:9B:3E:15:8F:51:52
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/naTpXS9Mw0pzdrc8DwObPhWPUVI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/20/acf2a2-4d52-40cd-a5f8-59591389e242/1/WlE0pnb_a8E0LWydKNNKkO-Wvms.roa
Signing time:             Fri 14 Jun 2024 12:56:34 +0000
ROA not before:           Fri 14 Jun 2024 12:56:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198504
IP address blocks:        185.19.80.0/23 maxlen: 23
                          185.19.83.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/20/acf2a2-4d52-40cd-a5f8-59591389e242/1/naTpXS9Mw0pzdrc8DwObPhWPUVI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/20/acf2a2-4d52-40cd-a5f8-59591389e242/1/naTpXS9Mw0pzdrc8DwObPhWPUVI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/naTpXS9Mw0pzdrc8DwObPhWPUVI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 22 Jun 2024 09:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:16:d2:3a:8c:29:3e:06:b8:e0:18:de:0d:39:a0:88:3f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9da4e95d2f4cc34a7376b73c0f039b3e158f5152
        Validity
            Not Before: Jun 14 12:56:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5a5134a676ff6bc1342d6c9d28d34a90ef96be6b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:9e:3e:2a:ce:2d:f9:97:e2:75:dc:e5:73:5a:
                    37:dd:26:a9:ac:c1:50:4f:eb:e6:ec:b5:8e:64:03:
                    f0:03:07:16:fb:fd:78:4a:96:ad:c1:f1:7a:27:cf:
                    6c:6a:25:4c:1f:81:84:7b:89:40:b3:30:14:d4:b9:
                    88:50:87:8b:8b:98:42:36:02:d2:e3:62:62:c7:52:
                    99:bd:3a:fe:03:68:fc:ef:ed:e6:08:7e:03:a5:ba:
                    84:e5:5a:ae:0e:15:4d:93:da:b2:7a:55:fe:e3:a0:
                    22:50:be:b9:29:9a:1e:12:ae:30:39:b8:8c:86:47:
                    63:ea:26:cc:5c:a5:89:60:80:92:d4:6e:e2:c4:3d:
                    b0:98:02:c9:72:e3:e3:ea:4b:11:24:77:d6:81:f9:
                    93:4a:e8:6d:ab:ef:aa:2b:4d:14:8c:3e:1b:5f:2f:
                    c9:a4:a9:40:53:89:d9:b5:71:5a:23:c4:78:14:de:
                    ac:74:2a:6d:7c:64:b8:2d:85:97:f6:44:22:3a:cb:
                    39:2d:08:4e:6d:f8:c9:b4:2a:1d:e2:e7:16:31:1d:
                    8f:4b:39:fc:72:71:e4:9f:c8:5d:48:3d:1a:c6:4d:
                    60:26:f8:2f:52:69:cd:29:b2:5d:d0:98:8e:73:e9:
                    bf:d2:bd:1d:f1:14:9c:da:e1:6a:6e:30:79:9c:0b:
                    1e:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5A:51:34:A6:76:FF:6B:C1:34:2D:6C:9D:28:D3:4A:90:EF:96:BE:6B
            X509v3 Authority Key Identifier:
                keyid:9D:A4:E9:5D:2F:4C:C3:4A:73:76:B7:3C:0F:03:9B:3E:15:8F:51:52

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/naTpXS9Mw0pzdrc8DwObPhWPUVI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/acf2a2-4d52-40cd-a5f8-59591389e242/1/WlE0pnb_a8E0LWydKNNKkO-Wvms.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/20/acf2a2-4d52-40cd-a5f8-59591389e242/1/naTpXS9Mw0pzdrc8DwObPhWPUVI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.19.80.0/23
                  185.19.83.0/24

    Signature Algorithm: sha256WithRSAEncryption
         05:c4:ad:a2:8c:58:41:69:b5:26:a9:09:db:34:9a:d8:b6:e2:
         8d:35:59:88:38:e8:53:41:19:e7:e0:d6:b2:4d:7d:82:90:bb:
         80:5b:4a:89:0a:ca:29:7f:86:be:13:33:59:30:fa:e8:d0:9c:
         7b:2d:57:33:50:23:de:b4:ed:b5:c3:20:be:ce:e6:db:94:a5:
         f1:85:04:d9:4a:6f:fe:48:05:c2:42:eb:ec:86:ad:4f:ef:b5:
         33:7b:d1:fd:b3:a2:9e:b4:ee:de:3b:cb:99:63:3d:7b:e1:91:
         dd:55:59:73:f1:95:50:5c:f3:53:12:c3:c9:5f:67:d8:70:60:
         4e:8e:09:01:7a:5c:e1:06:87:19:e5:a5:f7:4a:72:62:29:e7:
         3e:56:37:e4:19:db:c5:38:fd:1f:4d:61:af:30:b1:9e:cc:c0:
         57:3b:67:55:9a:db:5b:e1:32:d5:ab:43:4e:15:aa:fa:79:13:
         62:41:d2:87:fa:59:15:a7:66:ca:7f:08:8f:6b:f8:d2:9c:c9:
         69:3d:5e:e5:60:9c:16:19:67:50:ef:30:15:07:f3:2d:8b:62:
         f2:53:ff:2e:b9:d3:85:22:94:ab:3f:a8:ac:e1:ba:b0:1d:94:
         38:58:2b:c0:f1:79:72:c5:22:8d:74:ff:f7:19:2e:67:a5:9f:
         7e:0e:27:43
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZAW0jqMKT4GuOAY3g05oIg/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkYTRlOTVkMmY0Y2MzNGE3Mzc2YjczYzBmMDM5YjNlMTU4
ZjUxNTIwHhcNMjQwNjE0MTI1NjM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YTUxMzRhNjc2ZmY2YmMxMzQyZDZjOWQyOGQzNGE5MGVmOTZiZTZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtZ4+Ks4t+Zfiddzlc1o33SaprMFQ
T+vm7LWOZAPwAwcW+/14SpatwfF6J89saiVMH4GEe4lAszAU1LmIUIeLi5hCNgLS
42Jix1KZvTr+A2j87+3mCH4DpbqE5VquDhVNk9qyelX+46AiUL65KZoeEq4wObiM
hkdj6ibMXKWJYICS1G7ixD2wmALJcuPj6ksRJHfWgfmTSuhtq++qK00UjD4bXy/J
pKlAU4nZtXFaI8R4FN6sdCptfGS4LYWX9kQiOss5LQhObfjJtCod4ucWMR2PSzn8
cnHkn8hdSD0axk1gJvgvUmnNKbJd0JiOc+m/0r0d8RSc2uFqbjB5nAsehwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFFpRNKZ2/2vBNC1snSjTSpDvlr5rMB8GA1UdIwQY
MBaAFJ2k6V0vTMNKc3a3PA8Dmz4Vj1FSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbmFUcFhTOU13MHB6ZHJjOER3T2JQaFdQVVZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMC9hY2YyYTItNGQ1Mi00MGNkLWE1Zjgt
NTk1OTEzODllMjQyLzEvV2xFMHBuYl9hOEUwTFd5ZEtOTktrTy1Xdm1zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMC9hY2YyYTItNGQ1Mi00MGNkLWE1ZjgtNTk1OTEzODllMjQy
LzEvbmFUcFhTOU13MHB6ZHJjOER3T2JQaFdQVVZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBuRNQAwQA
uRNTMA0GCSqGSIb3DQEBCwUAA4IBAQAFxK2ijFhBabUmqQnbNJrYtuKNNVmIOOhT
QRnn4NayTX2CkLuAW0qJCsopf4a+EzNZMPro0Jx7LVczUCPetO21wyC+zubblKXx
hQTZSm/+SAXCQuvshq1P77Uze9H9s6KetO7eO8uZYz174ZHdVVlz8ZVQXPNTEsPJ
X2fYcGBOjgkBelzhBocZ5aX3SnJiKec+VjfkGdvFOP0fTWGvMLGezMBXO2dVmttb
4TLVq0NOFar6eRNiQdKH+lkVp2bKfwiPa/jSnMlpPV7lYJwWGWdQ7zAVB/Mti2Ly
U/8uudOFIpSrP6is4bqwHZQ4WCvA8XlyxSKNdP/3GS5npZ9+DidD
-----END CERTIFICATE-----