Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/7335d2-3c3f-4fca-8000-ccf9b89e22e2/1/w3WdLrG11Hcizd38RMPawO0L4qU.roa
File:                     w3WdLrG11Hcizd38RMPawO0L4qU.roa (raw, json)
Hash identifier:          WilhLv70xGbCk11/rKb6tCwImttwcBKoi6AY8pQmCMg=
Subject key identifier:   C3:75:9D:2E:B1:B5:D4:77:22:CD:DD:FC:44:C3:DA:C0:ED:0B:E2:A5
Certificate issuer:       /CN=d2e6ddda40d782559ee65e50f908e1689a65a800
Certificate serial:       0193CAAD694FF22BE4DAC4AAEAFA4C3742BB
Authority key identifier: D2:E6:DD:DA:40:D7:82:55:9E:E6:5E:50:F9:08:E1:68:9A:65:A8:00
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0ubd2kDXglWe5l5Q-QjhaJplqAA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/02/7335d2-3c3f-4fca-8000-ccf9b89e22e2/1/w3WdLrG11Hcizd38RMPawO0L4qU.roa
Signing time:             Sun 15 Dec 2024 14:16:22 +0000
ROA not before:           Sun 15 Dec 2024 14:16:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211856
IP address blocks:        62.192.164.0/22 maxlen: 24
                          2a09:18c0::/29 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/02/7335d2-3c3f-4fca-8000-ccf9b89e22e2/1/0ubd2kDXglWe5l5Q-QjhaJplqAA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/02/7335d2-3c3f-4fca-8000-ccf9b89e22e2/1/0ubd2kDXglWe5l5Q-QjhaJplqAA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0ubd2kDXglWe5l5Q-QjhaJplqAA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 28 Dec 2024 18:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:ca:ad:69:4f:f2:2b:e4:da:c4:aa:ea:fa:4c:37:42:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d2e6ddda40d782559ee65e50f908e1689a65a800
        Validity
            Not Before: Dec 15 14:16:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c3759d2eb1b5d47722cdddfc44c3dac0ed0be2a5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:7d:eb:ac:ef:a1:8b:84:01:38:b6:53:2f:c9:
                    f1:0c:18:9b:0a:ce:2b:67:4d:9d:96:af:1d:c9:f9:
                    f7:e7:6b:9c:1e:82:6f:f0:c8:4a:f0:55:94:be:79:
                    51:aa:45:8a:d8:69:6c:df:0e:6a:e7:16:55:4b:d1:
                    94:d9:ae:e1:ab:7b:fd:2c:b3:62:f9:90:01:e7:02:
                    ad:07:0d:2e:7f:1a:e3:2b:02:b7:7c:e2:e5:a4:33:
                    93:fb:26:12:03:ba:a8:ba:53:f7:07:b1:c4:c2:0d:
                    df:28:65:c1:88:36:6b:e4:88:8a:3e:db:80:4e:d8:
                    56:0e:a9:00:41:58:c5:b9:1a:bd:e7:67:44:0b:bb:
                    8b:a4:24:44:a3:82:f7:49:62:57:47:58:3d:db:5a:
                    47:91:49:f3:91:14:5e:d3:d2:37:1d:13:3f:7d:4f:
                    d4:e3:e3:ba:0c:a6:19:98:7d:4a:18:d1:dd:d0:3c:
                    7f:88:48:54:da:91:74:21:24:d4:94:7f:bd:fd:b2:
                    59:01:26:2b:67:ab:0f:38:21:bf:31:b3:40:1a:36:
                    0d:4b:3a:52:aa:c7:7b:bc:18:29:d6:58:17:f0:fa:
                    7b:13:75:80:a3:1a:ee:eb:b6:8a:ba:96:e5:6b:73:
                    11:de:f7:bb:a3:2f:91:f5:ee:6b:cc:d8:23:7e:98:
                    f0:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C3:75:9D:2E:B1:B5:D4:77:22:CD:DD:FC:44:C3:DA:C0:ED:0B:E2:A5
            X509v3 Authority Key Identifier:
                keyid:D2:E6:DD:DA:40:D7:82:55:9E:E6:5E:50:F9:08:E1:68:9A:65:A8:00

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0ubd2kDXglWe5l5Q-QjhaJplqAA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/7335d2-3c3f-4fca-8000-ccf9b89e22e2/1/w3WdLrG11Hcizd38RMPawO0L4qU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/02/7335d2-3c3f-4fca-8000-ccf9b89e22e2/1/0ubd2kDXglWe5l5Q-QjhaJplqAA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.192.164.0/22
                IPv6:
                  2a09:18c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         cd:68:68:f9:1e:77:28:b2:76:2c:e1:af:63:57:28:57:f7:c0:
         8b:55:5f:01:6e:7e:ea:ff:c5:3e:28:e6:fa:86:45:d0:d8:e0:
         41:a8:fe:50:c4:01:47:7e:6d:de:6f:e8:5c:67:88:5b:71:ec:
         57:05:c0:de:59:db:d0:b6:48:6a:8d:8e:2d:02:8c:01:34:00:
         af:f4:9b:11:da:53:c2:e9:bb:5d:81:ec:1a:59:d0:4a:67:1b:
         ff:f0:71:91:59:47:44:a7:cb:80:36:0e:cd:1f:00:c6:3a:c3:
         48:4e:29:07:c0:8e:1e:76:c8:71:c6:3d:94:70:0d:7d:d7:dd:
         c1:45:1c:43:c3:25:05:97:bd:80:8f:9b:b8:33:80:d3:49:0d:
         af:3c:ef:52:2f:03:6e:41:32:43:d7:3e:ef:52:ac:b4:6b:64:
         ab:be:34:85:26:9a:77:14:cb:e8:41:39:db:14:ce:40:4f:fa:
         2f:87:48:b0:f3:9c:bf:0a:5d:3f:26:16:ea:39:b1:45:9a:7a:
         35:c6:5c:6b:16:06:e1:48:e2:88:98:43:3e:bf:04:68:e5:1b:
         e0:be:d9:88:d5:9b:f0:e9:fc:b7:39:38:22:32:fc:6e:0d:16:
         18:c6:da:8b:5a:36:a5:44:e8:40:d3:f0:cf:68:20:48:87:c3:
         df:b4:78:53
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZPKrWlP8ivk2sSq6vpMN0K7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQyZTZkZGRhNDBkNzgyNTU5ZWU2NWU1MGY5MDhlMTY4OWE2
NWE4MDAwHhcNMjQxMjE1MTQxNjIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMzc1OWQyZWIxYjVkNDc3MjJjZGRkZmM0NGMzZGFjMGVkMGJlMmE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtn3rrO+hi4QBOLZTL8nxDBibCs4r
Z02dlq8dyfn352ucHoJv8MhK8FWUvnlRqkWK2Gls3w5q5xZVS9GU2a7hq3v9LLNi
+ZAB5wKtBw0ufxrjKwK3fOLlpDOT+yYSA7qoulP3B7HEwg3fKGXBiDZr5IiKPtuA
TthWDqkAQVjFuRq952dEC7uLpCREo4L3SWJXR1g921pHkUnzkRRe09I3HRM/fU/U
4+O6DKYZmH1KGNHd0Dx/iEhU2pF0ISTUlH+9/bJZASYrZ6sPOCG/MbNAGjYNSzpS
qsd7vBgp1lgX8Pp7E3WAoxru67aKupbla3MR3ve7oy+R9e5rzNgjfpjwZQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFMN1nS6xtdR3Is3d/ETD2sDtC+KlMB8GA1UdIwQY
MBaAFNLm3dpA14JVnuZeUPkI4WiaZagAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMHViZDJrRFhnbFdlNWw1US1RamhhSnBscUFBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi83MzM1ZDItM2MzZi00ZmNhLTgwMDAt
Y2NmOWI4OWUyMmUyLzEvdzNXZExyRzExSGNpemQzOFJNUGF3TzBMNHFVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMi83MzM1ZDItM2MzZi00ZmNhLTgwMDAtY2NmOWI4OWUyMmUy
LzEvMHViZDJrRFhnbFdlNWw1US1RamhhSnBscUFBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCPsCkMA0E
AgACMAcDBQMqCRjAMA0GCSqGSIb3DQEBCwUAA4IBAQDNaGj5HncosnYs4a9jVyhX
98CLVV8Bbn7q/8U+KOb6hkXQ2OBBqP5QxAFHfm3eb+hcZ4hbcexXBcDeWdvQtkhq
jY4tAowBNACv9JsR2lPC6btdgewaWdBKZxv/8HGRWUdEp8uANg7NHwDGOsNITikH
wI4edshxxj2UcA19193BRRxDwyUFl72Aj5u4M4DTSQ2vPO9SLwNuQTJD1z7vUqy0
a2SrvjSFJpp3FMvoQTnbFM5AT/ovh0iw85y/Cl0/JhbqObFFmno1xlxrFgbhSOKI
mEM+vwRo5RvgvtmI1Zvw6fy3OTgiMvxuDRYYxtqLWjalROhA0/DPaCBIh8PftHhT
-----END CERTIFICATE-----