Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/wxYW7JIFJ78xRZmUxUH9TojTQEc.roa
File:                     wxYW7JIFJ78xRZmUxUH9TojTQEc.roa (raw, json)
Hash identifier:          R/p2E/ZtTi69RuF6GcQ4tKW8DDqhHFOmkgmoKd+3jEE=
Subject key identifier:   C3:16:16:EC:92:05:27:BF:31:45:99:94:C5:41:FD:4E:88:D3:40:47
Certificate issuer:       /CN=38b22023b6ead4c29683a9fed4493d03dee2c685
Certificate serial:       018CC7277E3FCA6C3D47C2AA1DA7E25E978F
Authority key identifier: 38:B2:20:23:B6:EA:D4:C2:96:83:A9:FE:D4:49:3D:03:DE:E2:C6:85
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OLIgI7bq1MKWg6n-1Ek9A97ixoU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/wxYW7JIFJ78xRZmUxUH9TojTQEc.roa
Signing time:             Mon 01 Jan 2024 22:31:43 +0000
ROA not before:           Mon 01 Jan 2024 22:31:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207256
IP address blocks:        85.142.251.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/OLIgI7bq1MKWg6n-1Ek9A97ixoU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/OLIgI7bq1MKWg6n-1Ek9A97ixoU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OLIgI7bq1MKWg6n-1Ek9A97ixoU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 14:21:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:7e:3f:ca:6c:3d:47:c2:aa:1d:a7:e2:5e:97:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=38b22023b6ead4c29683a9fed4493d03dee2c685
        Validity
            Not Before: Jan  1 22:31:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c31616ec920527bf31459994c541fd4e88d34047
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:e5:ee:b7:0f:ea:a9:16:9b:bd:be:83:60:95:
                    e2:68:81:0b:c7:42:4c:e1:10:e3:d1:9c:c6:c7:2a:
                    bf:31:94:05:65:26:b0:62:dd:53:51:7b:9d:f6:10:
                    4a:36:d4:ff:f8:a9:40:2f:08:a8:21:5e:fc:b3:09:
                    60:86:b4:8d:26:f2:0d:29:50:12:07:4a:a0:26:ce:
                    c1:58:42:38:f6:4f:8d:93:86:55:eb:a4:0b:9d:2e:
                    5e:5b:67:cb:a8:03:2c:59:aa:b5:02:e3:49:98:54:
                    3b:1d:c7:10:7d:73:07:b5:27:91:4f:d1:fc:58:6d:
                    7a:53:22:fa:46:20:e2:a5:3f:81:61:7a:2c:53:bd:
                    64:33:16:4c:1e:71:e3:e3:18:db:e3:34:b5:81:f8:
                    61:63:a3:0d:39:e6:19:ba:90:d7:6f:f0:d8:b0:08:
                    72:69:44:5d:c0:ea:72:d0:02:b1:7d:e5:a3:53:c4:
                    5b:bc:58:3b:64:fd:2c:d2:de:ce:44:05:7e:c7:f9:
                    74:06:5e:41:ef:c5:45:84:ed:56:7c:5d:fb:20:a1:
                    b5:35:58:77:73:9e:74:2e:0f:27:6d:96:e1:d2:6b:
                    e0:bf:06:1b:04:5e:b3:66:71:76:f8:09:c1:69:82:
                    e6:57:fe:3e:90:80:c0:49:9a:0b:a3:f9:02:29:0a:
                    df:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C3:16:16:EC:92:05:27:BF:31:45:99:94:C5:41:FD:4E:88:D3:40:47
            X509v3 Authority Key Identifier:
                keyid:38:B2:20:23:B6:EA:D4:C2:96:83:A9:FE:D4:49:3D:03:DE:E2:C6:85

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OLIgI7bq1MKWg6n-1Ek9A97ixoU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/wxYW7JIFJ78xRZmUxUH9TojTQEc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/OLIgI7bq1MKWg6n-1Ek9A97ixoU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.142.251.0/24

    Signature Algorithm: sha256WithRSAEncryption
         92:70:ea:02:00:97:80:80:fd:9a:8d:e9:00:a3:71:99:64:ae:
         09:a8:fe:ca:d6:db:89:c5:31:dc:bf:fa:19:2b:03:75:3b:85:
         ab:0a:8e:7f:29:a9:4d:f0:75:0f:a5:9e:5a:db:a4:03:d1:b9:
         12:5e:d8:4e:38:5e:ef:60:75:62:b2:e5:7e:46:88:b2:f6:0b:
         3b:3a:7a:9f:3f:79:05:b8:b7:43:7c:b6:28:ed:7c:59:92:69:
         8a:b7:44:23:d5:d7:c0:b7:8c:54:66:e7:b8:fa:05:54:ce:21:
         fd:d0:d1:17:9a:bd:d6:ab:55:da:1b:91:c3:bd:94:cd:26:f9:
         5a:ac:dc:22:f3:fa:ef:ca:f3:a4:66:1f:67:d1:68:34:e4:29:
         77:23:90:91:3f:be:84:ad:ed:01:56:80:4c:a1:2c:87:11:bb:
         5f:33:e9:fc:21:4d:39:c4:de:da:4a:08:0d:f4:f3:7f:e5:90:
         77:33:79:de:e1:a5:97:48:2f:29:96:43:39:a1:e5:d9:4e:af:
         f7:e5:4c:65:d4:7a:0c:bc:74:e8:29:f2:12:4d:e8:03:05:ca:
         94:74:30:c8:15:8c:b3:87:19:57:66:6d:eb:43:a9:1e:ce:00:
         17:e1:55:a2:16:cd:ee:75:5c:e8:c2:88:5b:60:72:01:93:d8:
         ee:26:7c:d6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJ34/ymw9R8KqHafiXpePMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM4YjIyMDIzYjZlYWQ0YzI5NjgzYTlmZWQ0NDkzZDAzZGVl
MmM2ODUwHhcNMjQwMTAxMjIzMTQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMzE2MTZlYzkyMDUyN2JmMzE0NTk5OTRjNTQxZmQ0ZTg4ZDM0MDQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAueXutw/qqRabvb6DYJXiaIELx0JM
4RDj0ZzGxyq/MZQFZSawYt1TUXud9hBKNtT/+KlALwioIV78swlghrSNJvINKVAS
B0qgJs7BWEI49k+Nk4ZV66QLnS5eW2fLqAMsWaq1AuNJmFQ7HccQfXMHtSeRT9H8
WG16UyL6RiDipT+BYXosU71kMxZMHnHj4xjb4zS1gfhhY6MNOeYZupDXb/DYsAhy
aURdwOpy0AKxfeWjU8RbvFg7ZP0s0t7ORAV+x/l0Bl5B78VFhO1WfF37IKG1NVh3
c550Lg8nbZbh0mvgvwYbBF6zZnF2+AnBaYLmV/4+kIDASZoLo/kCKQrfowIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMMWFuySBSe/MUWZlMVB/U6I00BHMB8GA1UdIwQY
MBaAFDiyICO26tTCloOp/tRJPQPe4saFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT0xJZ0k3YnExTUtXZzZuLTFFazlBOTdpeG9VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy84ODEzZjUtNGU3Yi00ZDUxLWI1ZjMt
NDBkOTViZDMzZmNiLzEvd3hZVzdKSUZKNzh4UlptVXhVSDlUb2pUUUVjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy84ODEzZjUtNGU3Yi00ZDUxLWI1ZjMtNDBkOTViZDMzZmNi
LzEvT0xJZ0k3YnExTUtXZzZuLTFFazlBOTdpeG9VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVY77MA0G
CSqGSIb3DQEBCwUAA4IBAQCScOoCAJeAgP2ajekAo3GZZK4JqP7K1tuJxTHcv/oZ
KwN1O4WrCo5/KalN8HUPpZ5a26QD0bkSXthOOF7vYHVisuV+Roiy9gs7OnqfP3kF
uLdDfLYo7XxZkmmKt0Qj1dfAt4xUZue4+gVUziH90NEXmr3Wq1XaG5HDvZTNJvla
rNwi8/rvyvOkZh9n0Wg05Cl3I5CRP76Ere0BVoBMoSyHEbtfM+n8IU05xN7aSggN
9PN/5ZB3M3ne4aWXSC8plkM5oeXZTq/35Uxl1HoMvHToKfISTegDBcqUdDDIFYyz
hxlXZm3rQ6kezgAX4VWiFs3udVzowohbYHIBk9juJnzW
-----END CERTIFICATE-----