Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/12/edc855-f2bc-4e9c-8c0c-b6f2ac86ef27/1/WfyIx_aAibcIEzp9Gdk36nwTUdU.roa
File:                     WfyIx_aAibcIEzp9Gdk36nwTUdU.roa (raw, json)
Hash identifier:          bj3DUQ/27CkQjgP4qNj0urWul7BNnBRYWqBydpjpHlY=
Subject key identifier:   59:FC:88:C7:F6:80:89:B7:08:13:3A:7D:19:D9:37:EA:7C:13:51:D5
Certificate issuer:       /CN=821a3f21fb0c294d6d4a529b2f1dbd4bd1119bd7
Certificate serial:       018EA02E7DE36B0240C626CA8B40C61DD789
Authority key identifier: 82:1A:3F:21:FB:0C:29:4D:6D:4A:52:9B:2F:1D:BD:4B:D1:11:9B:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gho_IfsMKU1tSlKbLx29S9ERm9c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/12/edc855-f2bc-4e9c-8c0c-b6f2ac86ef27/1/WfyIx_aAibcIEzp9Gdk36nwTUdU.roa
Signing time:             Tue 02 Apr 2024 18:59:45 +0000
ROA not before:           Tue 02 Apr 2024 18:59:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     134351
IP address blocks:        195.206.110.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/12/edc855-f2bc-4e9c-8c0c-b6f2ac86ef27/1/gho_IfsMKU1tSlKbLx29S9ERm9c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/12/edc855-f2bc-4e9c-8c0c-b6f2ac86ef27/1/gho_IfsMKU1tSlKbLx29S9ERm9c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gho_IfsMKU1tSlKbLx29S9ERm9c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:a0:2e:7d:e3:6b:02:40:c6:26:ca:8b:40:c6:1d:d7:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=821a3f21fb0c294d6d4a529b2f1dbd4bd1119bd7
        Validity
            Not Before: Apr  2 18:59:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=59fc88c7f68089b708133a7d19d937ea7c1351d5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:36:46:74:39:09:2b:fa:16:f5:45:52:27:35:
                    0c:78:d5:83:a3:0d:77:00:6b:d3:73:ff:3d:5c:f3:
                    ef:99:53:ad:45:69:2b:e1:01:f8:8d:35:10:5b:43:
                    07:8e:76:5a:22:d8:5d:4c:25:36:5d:2f:ac:89:fc:
                    af:62:34:ba:a0:d4:26:32:36:21:93:ef:a0:4f:30:
                    bd:5f:22:51:c2:27:54:b0:c7:13:8e:56:b9:a2:e3:
                    45:7c:e6:80:fa:8b:7f:0e:b3:d6:db:50:f1:50:c3:
                    72:e5:e6:0d:8b:0a:6a:74:94:98:aa:57:a2:44:a1:
                    5d:07:82:b2:75:70:33:4e:9c:9f:71:ed:57:68:07:
                    3e:ee:dc:28:c3:7f:d2:72:3d:a9:57:45:56:9d:85:
                    79:0b:0d:4f:13:e0:e5:22:77:9e:37:fa:97:b2:e5:
                    8f:e6:8b:90:a2:1e:12:27:3e:4a:16:03:48:3f:a5:
                    53:9e:2f:14:86:98:f8:41:59:ba:26:ad:ee:ce:73:
                    85:33:35:af:c3:19:61:91:9f:f2:0c:c9:0a:dc:8a:
                    dc:87:47:88:14:66:7e:d6:3c:7f:8f:98:c7:05:25:
                    2f:48:59:65:80:ad:02:62:2a:56:54:f0:b3:89:ee:
                    56:14:81:3f:02:9b:ef:f2:c4:83:f1:73:e2:0f:66:
                    86:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:FC:88:C7:F6:80:89:B7:08:13:3A:7D:19:D9:37:EA:7C:13:51:D5
            X509v3 Authority Key Identifier:
                keyid:82:1A:3F:21:FB:0C:29:4D:6D:4A:52:9B:2F:1D:BD:4B:D1:11:9B:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gho_IfsMKU1tSlKbLx29S9ERm9c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/12/edc855-f2bc-4e9c-8c0c-b6f2ac86ef27/1/WfyIx_aAibcIEzp9Gdk36nwTUdU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/12/edc855-f2bc-4e9c-8c0c-b6f2ac86ef27/1/gho_IfsMKU1tSlKbLx29S9ERm9c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.206.110.0/24

    Signature Algorithm: sha256WithRSAEncryption
         51:9e:a5:6a:62:30:5c:24:8b:63:c2:ab:6a:4c:70:3b:08:e3:
         3b:6e:a0:65:7f:ca:22:9a:0a:34:c2:fa:5c:54:c4:05:4c:ed:
         4f:ad:1d:63:df:38:44:51:6d:0d:8e:d8:78:27:02:19:92:24:
         09:ef:ec:41:2d:65:f5:76:ab:44:51:25:cf:81:ba:31:57:01:
         df:f4:c9:65:8c:48:1d:03:29:1e:e0:60:bd:d2:ce:5d:03:d3:
         4f:44:00:d1:c3:39:2a:1d:0f:d9:73:c2:b4:db:62:4a:25:1a:
         0b:de:b5:9c:54:da:90:00:99:4d:70:26:7a:ba:17:49:98:e1:
         df:ef:b0:64:ee:7b:02:8e:b6:01:16:b6:bf:ed:56:b7:ed:4e:
         6c:52:7c:6c:bd:4e:a3:39:e9:fe:45:70:2a:fa:dc:a6:82:e6:
         e0:14:f1:a8:60:f6:64:43:ad:f5:ca:1a:7a:59:8d:38:6d:cd:
         c1:99:f7:11:c9:0c:d0:48:da:a6:de:cc:dc:90:49:18:cc:18:
         27:88:24:6e:aa:08:62:0d:47:20:de:b1:8f:10:69:45:44:d8:
         bd:5c:1a:cc:82:25:b2:4f:3b:f3:7a:44:a4:3e:5f:5d:2c:dd:
         75:62:0a:40:a3:5f:c9:52:bd:e1:4b:30:ba:fb:20:92:26:68:
         80:5f:77:c9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY6gLn3jawJAxibKi0DGHdeJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgyMWEzZjIxZmIwYzI5NGQ2ZDRhNTI5YjJmMWRiZDRiZDEx
MTliZDcwHhcNMjQwNDAyMTg1OTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OWZjODhjN2Y2ODA4OWI3MDgxMzNhN2QxOWQ5MzdlYTdjMTM1MWQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuTZGdDkJK/oW9UVSJzUMeNWDow13
AGvTc/89XPPvmVOtRWkr4QH4jTUQW0MHjnZaIthdTCU2XS+sifyvYjS6oNQmMjYh
k++gTzC9XyJRwidUsMcTjla5ouNFfOaA+ot/DrPW21DxUMNy5eYNiwpqdJSYqlei
RKFdB4KydXAzTpyfce1XaAc+7twow3/Scj2pV0VWnYV5Cw1PE+DlIneeN/qXsuWP
5ouQoh4SJz5KFgNIP6VTni8Uhpj4QVm6Jq3uznOFMzWvwxlhkZ/yDMkK3Irch0eI
FGZ+1jx/j5jHBSUvSFllgK0CYipWVPCzie5WFIE/Apvv8sSD8XPiD2aGFwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFn8iMf2gIm3CBM6fRnZN+p8E1HVMB8GA1UdIwQY
MBaAFIIaPyH7DClNbUpSmy8dvUvREZvXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ2hvX0lmc01LVTF0U2xLYkx4MjlTOUVSbTljLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMi9lZGM4NTUtZjJiYy00ZTljLThjMGMt
YjZmMmFjODZlZjI3LzEvV2Z5SXhfYUFpYmNJRXpwOUdkazM2bndUVWRVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMi9lZGM4NTUtZjJiYy00ZTljLThjMGMtYjZmMmFjODZlZjI3
LzEvZ2hvX0lmc01LVTF0U2xLYkx4MjlTOUVSbTljLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw85uMA0G
CSqGSIb3DQEBCwUAA4IBAQBRnqVqYjBcJItjwqtqTHA7COM7bqBlf8oimgo0wvpc
VMQFTO1PrR1j3zhEUW0Njth4JwIZkiQJ7+xBLWX1dqtEUSXPgboxVwHf9MlljEgd
Ayke4GC90s5dA9NPRADRwzkqHQ/Zc8K022JKJRoL3rWcVNqQAJlNcCZ6uhdJmOHf
77Bk7nsCjrYBFra/7Va37U5sUnxsvU6jOen+RXAq+tymgubgFPGoYPZkQ631yhp6
WY04bc3BmfcRyQzQSNqm3szckEkYzBgniCRuqghiDUcg3rGPEGlFRNi9XBrMgiWy
TzvzekSkPl9dLN11YgpAo1/JUr3hSzC6+yCSJmiAX3fJ
-----END CERTIFICATE-----