Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/2c4fbb-7745-4759-a0c8-6689f872fc87/1/WFhioSuNqPbe_VFk_C1_788BV60.roa
File:                     WFhioSuNqPbe_VFk_C1_788BV60.roa (raw, json)
Hash identifier:          adz2qtW5a+8NHqpcy4NLo7O215EQBE/r0F7r3v264G0=
Subject key identifier:   58:58:62:A1:2B:8D:A8:F6:DE:FD:51:64:FC:2D:7F:EF:CF:01:57:AD
Certificate issuer:       /CN=3351a9ec0aa91b932ac3c3586cfcacf0ca29f580
Certificate serial:       018CCA99D3030400B0156A5CAE3B8042F70C
Authority key identifier: 33:51:A9:EC:0A:A9:1B:93:2A:C3:C3:58:6C:FC:AC:F0:CA:29:F5:80
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/M1Gp7AqpG5Mqw8NYbPys8Mop9YA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/40/2c4fbb-7745-4759-a0c8-6689f872fc87/1/WFhioSuNqPbe_VFk_C1_788BV60.roa
Signing time:             Tue 02 Jan 2024 14:35:27 +0000
ROA not before:           Tue 02 Jan 2024 14:35:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     59934
IP address blocks:        91.247.179.0/24 maxlen: 24
                          89.35.35.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/40/2c4fbb-7745-4759-a0c8-6689f872fc87/1/M1Gp7AqpG5Mqw8NYbPys8Mop9YA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/40/2c4fbb-7745-4759-a0c8-6689f872fc87/1/M1Gp7AqpG5Mqw8NYbPys8Mop9YA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/M1Gp7AqpG5Mqw8NYbPys8Mop9YA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 28 Sep 2024 22:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:99:d3:03:04:00:b0:15:6a:5c:ae:3b:80:42:f7:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3351a9ec0aa91b932ac3c3586cfcacf0ca29f580
        Validity
            Not Before: Jan  2 14:35:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=585862a12b8da8f6defd5164fc2d7fefcf0157ad
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:c9:cf:d7:44:46:b6:78:de:ae:3f:3c:4a:f9:
                    07:f9:ad:4c:d8:ba:62:76:8f:f7:a5:a9:cb:c0:de:
                    c6:24:a5:c1:52:25:d0:56:d4:43:ce:70:58:2f:83:
                    c4:ae:ae:62:5a:a1:19:4b:80:60:b4:22:5e:49:79:
                    a9:d4:1e:a3:d8:01:bf:fb:08:ac:c1:34:06:fa:c4:
                    5d:02:0b:89:6b:9f:73:26:e4:45:13:4a:71:63:4c:
                    08:66:05:e9:c4:45:89:5d:f5:8e:de:50:30:bb:b1:
                    99:40:f9:4f:1b:a6:cf:5d:1f:59:44:6a:b0:e0:99:
                    f5:b7:38:01:f8:f1:98:87:4b:fd:69:14:dd:9c:9a:
                    80:d1:d1:35:92:2f:c5:c0:00:90:50:ac:a2:c7:21:
                    11:a1:00:22:ca:09:31:e5:54:8f:98:ba:45:e1:ed:
                    d5:27:6e:6e:0e:48:d0:b7:c9:73:9c:89:e5:9a:38:
                    4e:3e:96:c7:75:ff:4b:8b:d3:35:7c:d1:89:6d:e9:
                    2c:aa:1e:e0:ec:7a:42:21:2f:f1:cf:52:79:bf:2c:
                    31:6c:19:7b:3e:06:88:65:31:88:0b:26:b0:de:be:
                    c5:06:5f:4e:2e:3e:29:ee:80:4e:aa:e2:cf:41:12:
                    93:6e:f1:e1:eb:00:12:50:0a:bd:80:e3:88:dc:2b:
                    f0:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:58:62:A1:2B:8D:A8:F6:DE:FD:51:64:FC:2D:7F:EF:CF:01:57:AD
            X509v3 Authority Key Identifier:
                keyid:33:51:A9:EC:0A:A9:1B:93:2A:C3:C3:58:6C:FC:AC:F0:CA:29:F5:80

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/M1Gp7AqpG5Mqw8NYbPys8Mop9YA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/2c4fbb-7745-4759-a0c8-6689f872fc87/1/WFhioSuNqPbe_VFk_C1_788BV60.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/40/2c4fbb-7745-4759-a0c8-6689f872fc87/1/M1Gp7AqpG5Mqw8NYbPys8Mop9YA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.35.35.0/24
                  91.247.179.0/24

    Signature Algorithm: sha256WithRSAEncryption
         39:2b:11:56:1f:ad:62:de:02:32:34:ee:de:ab:41:aa:c7:07:
         8d:bf:03:0e:9d:fd:b9:9e:6d:4f:b5:bd:b5:56:f1:fc:6d:89:
         2d:ec:7b:e0:48:50:c3:01:05:74:a1:bd:aa:4a:6f:fd:58:7a:
         f6:88:c4:65:03:32:3d:d1:01:f4:d4:7c:13:25:47:16:1b:20:
         6c:2e:c3:70:7c:5d:71:0f:6e:51:e0:90:d7:e6:c3:66:7d:84:
         9f:11:7e:22:e6:e4:06:4e:73:37:01:f0:b6:c1:69:5f:83:9c:
         2c:90:46:b2:b8:40:d2:d1:76:b6:44:24:06:2b:8b:1d:e4:99:
         4e:fe:26:54:e3:79:ae:3e:c0:55:99:98:08:b7:86:51:45:5d:
         cd:8f:c9:f0:2e:72:fa:52:d3:2f:64:df:06:22:f7:0e:e4:6b:
         7c:fa:34:46:c9:06:e5:c7:d9:ba:d7:8b:31:d1:3f:f7:04:5f:
         eb:dd:6a:21:b2:36:8c:c9:5e:66:cd:a0:ce:33:9f:92:b3:96:
         4b:76:4a:7d:7e:b9:3c:dc:ed:f1:d3:5f:60:47:2e:77:ba:9e:
         6a:37:06:a3:49:6c:8f:30:1e:38:08:2a:a8:2d:bc:7b:31:e1:
         8c:35:0e:e4:98:e3:7d:90:f8:2f:54:c1:be:a0:12:91:5c:d4:
         72:62:10:f3
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzKmdMDBACwFWpcrjuAQvcMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMzNTFhOWVjMGFhOTFiOTMyYWMzYzM1ODZjZmNhY2YwY2Ey
OWY1ODAwHhcNMjQwMTAyMTQzNTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ODU4NjJhMTJiOGRhOGY2ZGVmZDUxNjRmYzJkN2ZlZmNmMDE1N2FkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhsnP10RGtnjerj88SvkH+a1M2Lpi
do/3panLwN7GJKXBUiXQVtRDznBYL4PErq5iWqEZS4BgtCJeSXmp1B6j2AG/+wis
wTQG+sRdAguJa59zJuRFE0pxY0wIZgXpxEWJXfWO3lAwu7GZQPlPG6bPXR9ZRGqw
4Jn1tzgB+PGYh0v9aRTdnJqA0dE1ki/FwACQUKyixyERoQAiygkx5VSPmLpF4e3V
J25uDkjQt8lznInlmjhOPpbHdf9Li9M1fNGJbeksqh7g7HpCIS/xz1J5vywxbBl7
PgaIZTGICyaw3r7FBl9OLj4p7oBOquLPQRKTbvHh6wASUAq9gOOI3CvwEwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFFhYYqErjaj23v1RZPwtf+/PAVetMB8GA1UdIwQY
MBaAFDNRqewKqRuTKsPDWGz8rPDKKfWAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTTFHcDdBcXBHNU1xdzhOWWJQeXM4TW9wOVlBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC8yYzRmYmItNzc0NS00NzU5LWEwYzgt
NjY4OWY4NzJmYzg3LzEvV0ZoaW9TdU5xUGJlX1ZGa19DMV83ODhCVjYwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC8yYzRmYmItNzc0NS00NzU5LWEwYzgtNjY4OWY4NzJmYzg3
LzEvTTFHcDdBcXBHNU1xdzhOWWJQeXM4TW9wOVlBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAWSMjAwQA
W/ezMA0GCSqGSIb3DQEBCwUAA4IBAQA5KxFWH61i3gIyNO7eq0GqxweNvwMOnf25
nm1Ptb21VvH8bYkt7HvgSFDDAQV0ob2qSm/9WHr2iMRlAzI90QH01HwTJUcWGyBs
LsNwfF1xD25R4JDX5sNmfYSfEX4i5uQGTnM3AfC2wWlfg5wskEayuEDS0Xa2RCQG
K4sd5JlO/iZU43muPsBVmZgIt4ZRRV3Nj8nwLnL6UtMvZN8GIvcO5Gt8+jRGyQbl
x9m614sx0T/3BF/r3WohsjaMyV5mzaDOM5+Ss5ZLdkp9frk83O3x019gRy53up5q
NwajSWyPMB44CCqoLbx7MeGMNQ7kmON9kPgvVMG+oBKRXNRyYhDz
-----END CERTIFICATE-----