Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/08/37ebe6-8bfe-4c1f-a183-83d648f79746/1/wfQQMiynW2-7Eh6sEM42twkILNg.roa
File:                     wfQQMiynW2-7Eh6sEM42twkILNg.roa (raw, json)
Hash identifier:          zD5IDRl1LA0r8/5xeKh/1cseF9x1Vv7L7V2PUGwaecU=
Subject key identifier:   C1:F4:10:32:2C:A7:5B:6F:BB:12:1E:AC:10:CE:36:B7:09:08:2C:D8
Certificate issuer:       /CN=568fe35cc962633a2757af10a0e6e8ab6d01f4c9
Certificate serial:       018CC6B92FB4F7DD0055D1C89337AB976AFE
Authority key identifier: 56:8F:E3:5C:C9:62:63:3A:27:57:AF:10:A0:E6:E8:AB:6D:01:F4:C9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Vo_jXMliYzonV68QoOboq20B9Mk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/08/37ebe6-8bfe-4c1f-a183-83d648f79746/1/wfQQMiynW2-7Eh6sEM42twkILNg.roa
Signing time:             Mon 01 Jan 2024 20:31:14 +0000
ROA not before:           Mon 01 Jan 2024 20:31:14 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     30734
IP address blocks:        62.244.221.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/08/37ebe6-8bfe-4c1f-a183-83d648f79746/1/Vo_jXMliYzonV68QoOboq20B9Mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/08/37ebe6-8bfe-4c1f-a183-83d648f79746/1/Vo_jXMliYzonV68QoOboq20B9Mk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Vo_jXMliYzonV68QoOboq20B9Mk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b9:2f:b4:f7:dd:00:55:d1:c8:93:37:ab:97:6a:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=568fe35cc962633a2757af10a0e6e8ab6d01f4c9
        Validity
            Not Before: Jan  1 20:31:14 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c1f410322ca75b6fbb121eac10ce36b709082cd8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:e9:03:b2:dc:ae:47:84:75:f3:4d:a6:c9:d9:
                    08:1c:44:2b:b4:24:de:f2:b1:1d:37:b4:ac:7c:73:
                    8f:cd:d7:c7:99:6d:c8:4a:8f:4f:67:de:60:ea:e7:
                    2b:fa:70:b9:2a:b8:66:27:6b:52:6e:1d:0b:b8:8f:
                    f9:69:19:8a:8d:8a:60:6f:98:5f:e4:dd:a3:0f:62:
                    12:38:a6:67:8c:cb:4e:d1:6f:46:0d:46:c9:69:6a:
                    35:34:22:e5:6f:92:b1:03:e1:50:61:25:ce:7b:41:
                    a6:12:dc:da:74:3a:cf:48:a4:08:79:45:49:91:29:
                    3e:0f:fc:8e:91:7d:96:ff:69:9e:92:ba:42:41:21:
                    a2:9f:4e:8d:65:f9:23:1f:ce:8b:f3:7d:49:90:53:
                    41:30:f8:c0:5a:c4:d4:74:5f:67:13:23:d9:c4:ed:
                    32:fa:b2:6c:2a:57:db:40:39:10:0c:02:b0:c0:da:
                    51:a1:b0:bf:98:97:45:18:5f:5f:c7:b1:c8:a7:f1:
                    8b:88:f7:b1:28:65:3b:65:37:1f:c7:ad:0d:ae:fe:
                    ca:92:da:3f:80:e4:97:df:b2:65:50:0b:7b:2e:89:
                    17:35:b4:91:fb:0e:0d:b8:0f:b3:30:fa:a1:94:a1:
                    50:2a:01:4c:70:97:0d:2a:c3:27:dd:60:93:c8:ca:
                    f7:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:F4:10:32:2C:A7:5B:6F:BB:12:1E:AC:10:CE:36:B7:09:08:2C:D8
            X509v3 Authority Key Identifier:
                keyid:56:8F:E3:5C:C9:62:63:3A:27:57:AF:10:A0:E6:E8:AB:6D:01:F4:C9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Vo_jXMliYzonV68QoOboq20B9Mk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/08/37ebe6-8bfe-4c1f-a183-83d648f79746/1/wfQQMiynW2-7Eh6sEM42twkILNg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/08/37ebe6-8bfe-4c1f-a183-83d648f79746/1/Vo_jXMliYzonV68QoOboq20B9Mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.244.221.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2e:5c:7a:6e:fe:29:2f:9f:1c:d5:0f:4e:24:a8:d8:85:ef:46:
         97:ce:d9:5e:60:33:d3:5b:a4:f5:6f:d3:4a:c8:78:c1:92:ae:
         2c:a2:c9:1e:58:49:ff:6c:ca:c3:9f:6c:8d:04:34:20:1f:95:
         bf:ef:37:c2:77:db:43:48:1a:3f:f5:f8:db:63:76:cc:67:1c:
         11:6f:5f:e7:14:92:a3:e2:01:35:61:20:a3:cf:7a:12:14:61:
         43:50:7f:10:e0:7a:ea:68:b8:9c:15:f9:b6:af:5d:4c:ae:67:
         75:0f:3a:37:b5:53:0f:e0:ef:14:92:fb:ae:63:d7:10:b7:c6:
         9f:61:93:63:02:58:bf:54:18:85:b1:e1:d7:20:79:5a:32:2a:
         22:e9:d1:69:1a:40:ad:d0:47:ff:0c:24:f9:49:8f:78:16:a2:
         8e:fc:3c:c3:9e:08:9c:ff:95:a7:44:3e:58:1a:09:12:50:42:
         29:16:d1:ce:97:14:0b:59:55:d8:19:8f:b3:d6:e9:9e:5a:a0:
         d7:d9:f5:a6:5e:e8:b0:a4:af:5f:22:c1:80:cc:13:8b:43:1c:
         0f:28:16:9e:b4:00:c2:27:74:a4:03:53:16:26:10:04:98:77:
         0c:53:07:14:07:fa:51:01:23:b9:99:c9:78:8d:a3:d3:93:9f:
         84:50:6c:e1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGuS+0990AVdHIkzerl2r+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU2OGZlMzVjYzk2MjYzM2EyNzU3YWYxMGEwZTZlOGFiNmQw
MWY0YzkwHhcNMjQwMTAxMjAzMTE0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMWY0MTAzMjJjYTc1YjZmYmIxMjFlYWMxMGNlMzZiNzA5MDgyY2Q4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvOkDstyuR4R1802mydkIHEQrtCTe
8rEdN7SsfHOPzdfHmW3ISo9PZ95g6ucr+nC5KrhmJ2tSbh0LuI/5aRmKjYpgb5hf
5N2jD2ISOKZnjMtO0W9GDUbJaWo1NCLlb5KxA+FQYSXOe0GmEtzadDrPSKQIeUVJ
kSk+D/yOkX2W/2mekrpCQSGin06NZfkjH86L831JkFNBMPjAWsTUdF9nEyPZxO0y
+rJsKlfbQDkQDAKwwNpRobC/mJdFGF9fx7HIp/GLiPexKGU7ZTcfx60Nrv7Kkto/
gOSX37JlUAt7LokXNbSR+w4NuA+zMPqhlKFQKgFMcJcNKsMn3WCTyMr3WwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMH0EDIsp1tvuxIerBDONrcJCCzYMB8GA1UdIwQY
MBaAFFaP41zJYmM6J1evEKDm6KttAfTJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVm9falhNbGlZem9uVjY4UW9PYm9xMjBCOU1rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOC8zN2ViZTYtOGJmZS00YzFmLWExODMt
ODNkNjQ4Zjc5NzQ2LzEvd2ZRUU1peW5XMi03RWg2c0VNNDJ0d2tJTE5nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOC8zN2ViZTYtOGJmZS00YzFmLWExODMtODNkNjQ4Zjc5NzQ2
LzEvVm9falhNbGlZem9uVjY4UW9PYm9xMjBCOU1rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAPvTdMA0G
CSqGSIb3DQEBCwUAA4IBAQAuXHpu/ikvnxzVD04kqNiF70aXztleYDPTW6T1b9NK
yHjBkq4soskeWEn/bMrDn2yNBDQgH5W/7zfCd9tDSBo/9fjbY3bMZxwRb1/nFJKj
4gE1YSCjz3oSFGFDUH8Q4HrqaLicFfm2r11Mrmd1Dzo3tVMP4O8UkvuuY9cQt8af
YZNjAli/VBiFseHXIHlaMioi6dFpGkCt0Ef/DCT5SY94FqKO/DzDngic/5WnRD5Y
GgkSUEIpFtHOlxQLWVXYGY+z1umeWqDX2fWmXuiwpK9fIsGAzBOLQxwPKBaetADC
J3SkA1MWJhAEmHcMUwcUB/pRASO5mcl4jaPTk5+EUGzh
-----END CERTIFICATE-----