Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/1fa4a1-9a1c-47de-aca6-9449957fd5a5/1/AVWI-VFmlsLsS8bGRFwAwKwOS8o.roa
File:                     AVWI-VFmlsLsS8bGRFwAwKwOS8o.roa (raw, json)
Hash identifier:          G9CJZ6wIRTUwv4iuP8Vjqm6804Sx62okAcNhCSJqZI8=
Subject key identifier:   01:55:88:F9:51:66:96:C2:EC:4B:C6:C6:44:5C:00:C0:AC:0E:4B:CA
Certificate issuer:       /CN=e0559ce889ae4241121fe0a1653e4b955f3edf4b
Certificate serial:       01951076E819C315AF71A3E477921092B359
Authority key identifier: E0:55:9C:E8:89:AE:42:41:12:1F:E0:A1:65:3E:4B:95:5F:3E:DF:4B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4FWc6ImuQkESH-ChZT5LlV8-30s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/62/1fa4a1-9a1c-47de-aca6-9449957fd5a5/1/AVWI-VFmlsLsS8bGRFwAwKwOS8o.roa
Signing time:             Sun 16 Feb 2025 20:33:02 +0000
ROA not before:           Sun 16 Feb 2025 20:33:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     58018
IP address blocks:        203.202.232.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/62/1fa4a1-9a1c-47de-aca6-9449957fd5a5/1/4FWc6ImuQkESH-ChZT5LlV8-30s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/62/1fa4a1-9a1c-47de-aca6-9449957fd5a5/1/4FWc6ImuQkESH-ChZT5LlV8-30s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4FWc6ImuQkESH-ChZT5LlV8-30s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 00:01:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:10:76:e8:19:c3:15:af:71:a3:e4:77:92:10:92:b3:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e0559ce889ae4241121fe0a1653e4b955f3edf4b
        Validity
            Not Before: Feb 16 20:33:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=015588f9516696c2ec4bc6c6445c00c0ac0e4bca
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:d9:43:d5:fb:e9:a6:4c:c4:bd:c3:68:a7:e7:
                    d6:d1:75:f4:f8:bd:b0:7c:94:ee:f3:d4:2b:f2:bf:
                    9d:47:30:43:ba:b8:49:70:da:56:fe:36:7b:56:e7:
                    7a:e0:0f:62:17:86:fd:94:ba:49:c1:7f:9b:37:01:
                    a2:e9:ca:bc:18:02:f3:72:b0:a3:78:4a:75:fb:d3:
                    ab:df:3a:9f:f4:91:6f:ec:d5:ac:a9:2f:09:d8:41:
                    41:0d:b4:6c:ca:e7:d1:a8:d7:54:b1:5b:2f:c1:0f:
                    21:66:bd:99:0d:84:7c:10:49:93:5d:ce:01:f6:b5:
                    9b:3e:26:c7:c5:56:16:95:97:9e:6f:07:a0:bb:5a:
                    20:20:58:d3:5b:81:5b:3f:dd:a0:d8:f9:f1:db:2b:
                    18:db:cb:d3:0f:61:b4:cb:c5:d2:bb:de:c8:96:ec:
                    c6:04:1d:3d:e9:2b:26:98:96:76:ac:e6:f0:98:3c:
                    d6:e8:a8:aa:e2:47:bf:e0:ea:6e:de:96:4c:8f:45:
                    9e:34:e2:e9:b6:19:cd:80:d4:25:aa:59:3e:41:77:
                    c3:51:75:46:98:8b:ab:44:4e:2d:17:9b:a1:45:3a:
                    57:2b:df:b3:38:af:11:89:ae:cf:76:95:f5:1a:30:
                    07:cd:06:d0:ba:16:c0:97:55:c6:3b:42:a1:4c:3d:
                    85:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                01:55:88:F9:51:66:96:C2:EC:4B:C6:C6:44:5C:00:C0:AC:0E:4B:CA
            X509v3 Authority Key Identifier:
                keyid:E0:55:9C:E8:89:AE:42:41:12:1F:E0:A1:65:3E:4B:95:5F:3E:DF:4B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4FWc6ImuQkESH-ChZT5LlV8-30s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/1fa4a1-9a1c-47de-aca6-9449957fd5a5/1/AVWI-VFmlsLsS8bGRFwAwKwOS8o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/62/1fa4a1-9a1c-47de-aca6-9449957fd5a5/1/4FWc6ImuQkESH-ChZT5LlV8-30s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  203.202.232.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4d:f1:7b:79:7f:ae:07:86:31:7e:2a:8b:df:4a:8b:da:4b:31:
         ef:7c:a8:19:10:1c:38:31:89:92:70:4b:69:da:61:a9:f9:60:
         c4:05:96:5c:d8:0a:67:c2:c5:d2:3c:6e:9a:ee:95:46:e9:84:
         d3:dc:5e:c5:9a:43:6f:46:0f:05:0e:f1:f0:02:9a:19:90:b6:
         59:89:16:9b:40:63:2c:69:1e:7c:82:d2:37:71:25:47:de:e1:
         9f:e5:68:bd:f3:0d:99:67:de:36:50:21:fe:69:65:32:aa:34:
         93:d3:46:99:f5:2b:bd:b9:b4:9c:ca:da:02:d3:c1:e5:fb:10:
         51:c0:96:54:a7:82:77:fa:45:11:21:bf:bf:d0:54:e3:53:8f:
         9d:d5:73:eb:03:a7:b3:17:ee:4d:39:f0:66:3d:aa:a8:78:7e:
         ee:8d:49:3c:b8:d3:76:54:b5:96:58:eb:b1:bd:0f:b9:02:4b:
         ac:f0:55:4c:8b:98:93:e9:1b:4f:f4:ff:a2:01:27:c2:5b:44:
         bb:47:58:5c:c7:fa:9e:26:ad:ef:ac:68:c1:5f:ee:e8:77:ad:
         23:ed:38:03:d4:cf:7b:db:72:5a:6f:52:84:aa:1d:1e:63:5c:
         88:7e:5f:86:13:31:91:bd:2f:b0:58:a7:b4:09:7b:46:56:fa:
         8d:d3:d7:0c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZUQdugZwxWvcaPkd5IQkrNZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUwNTU5Y2U4ODlhZTQyNDExMjFmZTBhMTY1M2U0Yjk1NWYz
ZWRmNGIwHhcNMjUwMjE2MjAzMzAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMTU1ODhmOTUxNjY5NmMyZWM0YmM2YzY0NDVjMDBjMGFjMGU0YmNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt9lD1fvppkzEvcNop+fW0XX0+L2w
fJTu89Qr8r+dRzBDurhJcNpW/jZ7Vud64A9iF4b9lLpJwX+bNwGi6cq8GALzcrCj
eEp1+9Or3zqf9JFv7NWsqS8J2EFBDbRsyufRqNdUsVsvwQ8hZr2ZDYR8EEmTXc4B
9rWbPibHxVYWlZeebwegu1ogIFjTW4FbP92g2Pnx2ysY28vTD2G0y8XSu97IluzG
BB096SsmmJZ2rObwmDzW6Kiq4ke/4Opu3pZMj0WeNOLpthnNgNQlqlk+QXfDUXVG
mIurRE4tF5uhRTpXK9+zOK8Ria7PdpX1GjAHzQbQuhbAl1XGO0KhTD2F+wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAFViPlRZpbC7EvGxkRcAMCsDkvKMB8GA1UdIwQY
MBaAFOBVnOiJrkJBEh/goWU+S5VfPt9LMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNEZXYzZJbXVRa0VTSC1DaFpUNUxsVjgtMzBzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi8xZmE0YTEtOWExYy00N2RlLWFjYTYt
OTQ0OTk1N2ZkNWE1LzEvQVZXSS1WRm1sc0xzUzhiR1JGd0F3S3dPUzhvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi8xZmE0YTEtOWExYy00N2RlLWFjYTYtOTQ0OTk1N2ZkNWE1
LzEvNEZXYzZJbXVRa0VTSC1DaFpUNUxsVjgtMzBzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAy8roMA0G
CSqGSIb3DQEBCwUAA4IBAQBN8Xt5f64HhjF+KovfSovaSzHvfKgZEBw4MYmScEtp
2mGp+WDEBZZc2ApnwsXSPG6a7pVG6YTT3F7FmkNvRg8FDvHwApoZkLZZiRabQGMs
aR58gtI3cSVH3uGf5Wi98w2ZZ942UCH+aWUyqjST00aZ9Su9ubScytoC08Hl+xBR
wJZUp4J3+kURIb+/0FTjU4+d1XPrA6ezF+5NOfBmPaqoeH7ujUk8uNN2VLWWWOux
vQ+5Akus8FVMi5iT6RtP9P+iASfCW0S7R1hcx/qeJq3vrGjBX+7od60j7TgD1M97
23Jab1KEqh0eY1yIfl+GEzGRvS+wWKe0CXtGVvqN09cM
-----END CERTIFICATE-----