Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/wvmxWu8gQhRku_CvLhr8HA2uUD4.roa
File:                     wvmxWu8gQhRku_CvLhr8HA2uUD4.roa (raw, json)
Hash identifier:          5Mn+0fEACbEzwMTaT8tT2L3B0sEOUVb/0+CB83VGA50=
Subject key identifier:   C2:F9:B1:5A:EF:20:42:14:64:BB:F0:AF:2E:1A:FC:1C:0D:AE:50:3E
Certificate issuer:       /CN=86d648bdba965461b1e8c11b9dd436c61382873c
Certificate serial:       018CC79537BBFFB5B0A3A3A100AE99E79874
Authority key identifier: 86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/wvmxWu8gQhRku_CvLhr8HA2uUD4.roa
Signing time:             Tue 02 Jan 2024 00:31:34 +0000
ROA not before:           Tue 02 Jan 2024 00:31:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210546
IP address blocks:        147.45.198.0/24 maxlen: 24
                          147.45.199.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 20:58:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:37:bb:ff:b5:b0:a3:a3:a1:00:ae:99:e7:98:74
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86d648bdba965461b1e8c11b9dd436c61382873c
        Validity
            Not Before: Jan  2 00:31:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c2f9b15aef20421464bbf0af2e1afc1c0dae503e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:d9:1b:69:d0:71:f5:55:c4:17:99:a1:5b:0d:
                    d2:43:84:cf:05:b2:64:26:d8:94:c1:42:76:84:40:
                    94:86:f0:44:c1:09:1b:40:51:86:63:ee:57:64:6a:
                    47:fe:44:5c:97:02:31:2c:ac:79:ed:7e:71:65:f2:
                    68:f5:5e:d0:e1:ab:89:68:43:8b:61:c9:88:49:3c:
                    11:d1:38:fb:f9:93:80:6d:e8:bd:df:96:e0:cd:11:
                    d0:80:07:70:63:10:cd:d2:d1:d3:9f:ac:d5:fa:64:
                    54:ad:e7:57:92:f5:0d:87:2e:ba:95:34:b8:ce:b9:
                    0e:bc:74:52:92:72:69:4c:0c:3f:0a:58:e8:b7:dd:
                    ee:e7:4d:7a:38:2a:30:72:5e:e8:b8:a3:b0:f3:92:
                    82:2a:16:90:a1:fa:a2:4b:ad:86:54:b7:59:47:e4:
                    2e:33:50:59:2d:21:6a:be:27:17:47:67:8f:ec:4d:
                    85:83:67:ed:29:c8:79:92:f0:c6:e5:b4:4f:58:6c:
                    dd:93:e0:a7:6f:b0:ef:86:07:53:b9:7a:7f:71:11:
                    e1:8e:6e:00:f8:c1:0d:89:39:3c:7e:3a:a0:ae:bd:
                    26:43:8e:5a:88:26:d0:d4:74:eb:61:84:1a:78:b3:
                    f1:b3:4e:82:c7:60:7d:4d:47:15:19:5e:fa:01:b5:
                    61:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C2:F9:B1:5A:EF:20:42:14:64:BB:F0:AF:2E:1A:FC:1C:0D:AE:50:3E
            X509v3 Authority Key Identifier:
                keyid:86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/wvmxWu8gQhRku_CvLhr8HA2uUD4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.45.198.0/23

    Signature Algorithm: sha256WithRSAEncryption
         8f:c8:26:ec:95:d3:cc:20:4d:65:1e:68:c2:02:6d:1a:8a:68:
         da:ca:11:e6:3f:47:23:0a:9e:ad:fb:1c:80:71:21:48:94:ec:
         9a:43:3c:c0:d0:bf:14:5a:0e:a8:97:4d:bf:99:f8:ea:6c:5e:
         89:a8:c2:85:85:1c:10:c7:4e:be:c4:87:53:22:8d:7d:18:2c:
         a0:80:0e:03:77:dc:0a:e9:03:05:be:e9:8f:1f:16:f2:72:e6:
         1c:48:25:0d:49:5f:e8:75:00:28:0e:57:2a:b1:63:a0:ea:b8:
         c7:10:df:3a:22:f6:3f:31:82:20:f2:e8:22:27:02:04:0e:ab:
         e1:94:fc:26:8e:0c:51:52:0f:d8:64:65:62:79:ec:64:4b:48:
         17:bc:95:06:3c:70:51:2c:c3:75:77:13:15:a1:3a:c0:aa:21:
         57:3b:f1:7d:3a:58:37:a4:25:ae:3e:fc:3a:b1:e6:1e:50:5a:
         4d:40:8b:a3:25:7c:75:ce:47:7f:98:76:cb:b5:c7:cc:c7:6a:
         9b:14:49:ef:fb:aa:ff:00:9c:7b:7e:92:ff:62:4e:44:df:23:
         5c:ef:6c:19:68:cb:d9:52:88:b1:bb:c0:08:12:b1:d2:60:d9:
         14:c2:ad:c0:9c:7a:ea:4f:07:d5:fe:27:e4:2c:49:a7:14:cc:
         fd:71:29:21
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlTe7/7Wwo6OhAK6Z55h0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2ZDY0OGJkYmE5NjU0NjFiMWU4YzExYjlkZDQzNmM2MTM4
Mjg3M2MwHhcNMjQwMTAyMDAzMTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMmY5YjE1YWVmMjA0MjE0NjRiYmYwYWYyZTFhZmMxYzBkYWU1MDNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvdkbadBx9VXEF5mhWw3SQ4TPBbJk
JtiUwUJ2hECUhvBEwQkbQFGGY+5XZGpH/kRclwIxLKx57X5xZfJo9V7Q4auJaEOL
YcmISTwR0Tj7+ZOAbei935bgzRHQgAdwYxDN0tHTn6zV+mRUredXkvUNhy66lTS4
zrkOvHRSknJpTAw/Cljot93u5016OCowcl7ouKOw85KCKhaQofqiS62GVLdZR+Qu
M1BZLSFqvicXR2eP7E2Fg2ftKch5kvDG5bRPWGzdk+Cnb7DvhgdTuXp/cRHhjm4A
+MENiTk8fjqgrr0mQ45aiCbQ1HTrYYQaeLPxs06Cx2B9TUcVGV76AbVhXQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFML5sVrvIEIUZLvwry4a/BwNrlA+MB8GA1UdIwQY
MBaAFIbWSL26llRhsejBG53UNsYTgoc8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmIt
NGRlYzRkYWZlZTQ5LzEvd3ZteFd1OGdRaFJrdV9DdkxocjhIQTJ1VUQ0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmItNGRlYzRkYWZlZTQ5
LzEvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBky3GMA0G
CSqGSIb3DQEBCwUAA4IBAQCPyCbsldPMIE1lHmjCAm0aimjayhHmP0cjCp6t+xyA
cSFIlOyaQzzA0L8UWg6ol02/mfjqbF6JqMKFhRwQx06+xIdTIo19GCyggA4Dd9wK
6QMFvumPHxbycuYcSCUNSV/odQAoDlcqsWOg6rjHEN86IvY/MYIg8ugiJwIEDqvh
lPwmjgxRUg/YZGVieexkS0gXvJUGPHBRLMN1dxMVoTrAqiFXO/F9Olg3pCWuPvw6
seYeUFpNQIujJXx1zkd/mHbLtcfMx2qbFEnv+6r/AJx7fpL/Yk5E3yNc72wZaMvZ
Uoixu8AIErHSYNkUwq3AnHrqTwfV/ifkLEmnFMz9cSkh
-----END CERTIFICATE-----