Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/0e3d64-f290-4893-9a40-c9e141333d58/1/WKELc_W8mdXUUZ324MSWDeu1wXI.roa
File:                     WKELc_W8mdXUUZ324MSWDeu1wXI.roa (raw, json)
Hash identifier:          0tteI0ps1fiC7XdrvhsFyeYnjz3rCzmXkLHL3vxN7GA=
Subject key identifier:   58:A1:0B:73:F5:BC:99:D5:D4:51:9D:F6:E0:C4:96:0D:EB:B5:C1:72
Certificate issuer:       /CN=b53d9f1bc3f0d90b6dcd1e9f6fd1e506188ea7c2
Certificate serial:       019424454F1E570CC68BFF0205F841A1D7CC
Authority key identifier: B5:3D:9F:1B:C3:F0:D9:0B:6D:CD:1E:9F:6F:D1:E5:06:18:8E:A7:C2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tT2fG8Pw2QttzR6fb9HlBhiOp8I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/15/0e3d64-f290-4893-9a40-c9e141333d58/1/WKELc_W8mdXUUZ324MSWDeu1wXI.roa
Signing time:             Wed 01 Jan 2025 23:48:29 +0000
ROA not before:           Wed 01 Jan 2025 23:48:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     200798
IP address blocks:        185.95.208.0/22 maxlen: 24
                          2a05:fc00::/29 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/15/0e3d64-f290-4893-9a40-c9e141333d58/1/tT2fG8Pw2QttzR6fb9HlBhiOp8I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/15/0e3d64-f290-4893-9a40-c9e141333d58/1/tT2fG8Pw2QttzR6fb9HlBhiOp8I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tT2fG8Pw2QttzR6fb9HlBhiOp8I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 16:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:45:4f:1e:57:0c:c6:8b:ff:02:05:f8:41:a1:d7:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b53d9f1bc3f0d90b6dcd1e9f6fd1e506188ea7c2
        Validity
            Not Before: Jan  1 23:48:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=58a10b73f5bc99d5d4519df6e0c4960debb5c172
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:72:10:a9:f8:9e:a1:30:e9:53:55:3c:c0:0d:
                    c2:cb:94:b0:9a:c8:0a:21:c9:26:2f:5b:86:c3:cd:
                    5a:fd:b8:2b:91:d6:ab:6b:f4:42:af:16:28:8d:fa:
                    a7:68:a1:8b:f9:b1:c6:49:14:39:e2:8c:c7:dd:de:
                    8d:27:34:1c:17:23:0c:ca:e2:f0:36:03:70:6c:9a:
                    ae:12:c4:8e:09:28:b9:bb:e2:e6:3f:f8:ad:ec:68:
                    00:b1:f4:26:3d:06:0d:14:1c:0b:33:23:14:c6:31:
                    27:50:bc:dc:d9:4e:e9:34:fc:8d:47:82:fc:33:4b:
                    2c:c1:e5:48:8d:3a:17:f6:0e:1a:74:98:05:3f:57:
                    c0:bd:28:5c:13:d4:92:04:2f:ed:0d:48:69:55:b4:
                    ca:a6:20:a6:15:e8:eb:db:51:31:ba:04:90:d7:4b:
                    a4:9b:0a:76:fa:57:e7:c1:7a:a2:b3:13:1f:18:68:
                    99:25:5f:69:51:37:e4:ae:d5:ba:67:a5:91:14:0b:
                    48:1c:fc:a7:a0:db:62:44:89:82:fc:8a:8e:45:b6:
                    ff:42:3d:a5:58:4d:c4:53:d4:59:e1:f8:d1:3e:f4:
                    c1:6a:f4:67:d4:cc:67:28:2c:f3:6f:32:21:b1:08:
                    71:8f:80:a5:9e:7c:80:7b:b6:c8:8b:66:a6:6c:1e:
                    3b:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:A1:0B:73:F5:BC:99:D5:D4:51:9D:F6:E0:C4:96:0D:EB:B5:C1:72
            X509v3 Authority Key Identifier:
                keyid:B5:3D:9F:1B:C3:F0:D9:0B:6D:CD:1E:9F:6F:D1:E5:06:18:8E:A7:C2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tT2fG8Pw2QttzR6fb9HlBhiOp8I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/0e3d64-f290-4893-9a40-c9e141333d58/1/WKELc_W8mdXUUZ324MSWDeu1wXI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/15/0e3d64-f290-4893-9a40-c9e141333d58/1/tT2fG8Pw2QttzR6fb9HlBhiOp8I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.95.208.0/22
                IPv6:
                  2a05:fc00::/29

    Signature Algorithm: sha256WithRSAEncryption
         21:3b:e4:5d:fd:c6:7f:d1:58:34:4c:c4:95:ab:6d:3f:86:63:
         68:82:cd:1d:a2:8c:73:fa:d0:01:f5:87:bf:ea:2e:c9:69:3e:
         6e:9b:51:78:8e:25:5e:4c:0d:44:59:36:a5:0b:d4:c6:5d:ca:
         2e:e0:63:b7:98:35:0c:b7:9a:ce:18:03:8b:97:dc:34:16:86:
         b5:1a:07:c7:d0:fe:31:e1:4b:0a:30:0a:86:9d:57:f1:3c:f3:
         38:90:59:52:f6:e8:9a:b3:43:a1:9e:4b:48:08:56:fa:e3:b4:
         74:62:9f:8d:b3:3a:a2:74:74:d9:3c:4e:70:ed:dd:e9:71:1e:
         69:6e:20:a8:5e:a1:68:e2:0d:86:52:f5:eb:30:7c:25:d8:f4:
         ce:85:bd:0d:45:cc:5d:37:15:0e:09:b4:ed:b3:50:d9:18:eb:
         91:18:50:78:dc:a6:db:29:2d:c9:1e:ed:b4:a4:e0:ac:3b:a4:
         7d:d1:b2:fe:ee:aa:60:d7:80:21:25:3d:3c:4b:6f:5b:8b:1e:
         d1:97:65:5d:8a:91:80:af:fd:5c:5b:bf:d4:b4:7a:0f:40:1c:
         50:fe:89:cd:8e:f4:3e:b3:6c:a4:1c:75:9e:72:e8:d2:f8:e7:
         59:6a:7a:fa:40:ca:e4:a5:ce:91:a8:c3:05:5e:c7:4c:5a:c6:
         17:44:07:1e
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQkRU8eVwzGi/8CBfhBodfMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI1M2Q5ZjFiYzNmMGQ5MGI2ZGNkMWU5ZjZmZDFlNTA2MTg4
ZWE3YzIwHhcNMjUwMTAxMjM0ODI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OGExMGI3M2Y1YmM5OWQ1ZDQ1MTlkZjZlMGM0OTYwZGViYjVjMTcyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApnIQqfieoTDpU1U8wA3Cy5SwmsgK
IckmL1uGw81a/bgrkdara/RCrxYojfqnaKGL+bHGSRQ54ozH3d6NJzQcFyMMyuLw
NgNwbJquEsSOCSi5u+LmP/it7GgAsfQmPQYNFBwLMyMUxjEnULzc2U7pNPyNR4L8
M0ssweVIjToX9g4adJgFP1fAvShcE9SSBC/tDUhpVbTKpiCmFejr21ExugSQ10uk
mwp2+lfnwXqisxMfGGiZJV9pUTfkrtW6Z6WRFAtIHPynoNtiRImC/IqORbb/Qj2l
WE3EU9RZ4fjRPvTBavRn1MxnKCzzbzIhsQhxj4ClnnyAe7bIi2ambB47kwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFFihC3P1vJnV1FGd9uDElg3rtcFyMB8GA1UdIwQY
MBaAFLU9nxvD8NkLbc0en2/R5QYYjqfCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFQyZkc4UHcyUXR0elI2ZmI5SGxCaGlPcDhJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNS8wZTNkNjQtZjI5MC00ODkzLTlhNDAt
YzllMTQxMzMzZDU4LzEvV0tFTGNfVzhtZFhVVVozMjRNU1dEZXUxd1hJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNS8wZTNkNjQtZjI5MC00ODkzLTlhNDAtYzllMTQxMzMzZDU4
LzEvdFQyZkc4UHcyUXR0elI2ZmI5SGxCaGlPcDhJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuV/QMA0E
AgACMAcDBQMqBfwAMA0GCSqGSIb3DQEBCwUAA4IBAQAhO+Rd/cZ/0Vg0TMSVq20/
hmNogs0dooxz+tAB9Ye/6i7JaT5um1F4jiVeTA1EWTalC9TGXcou4GO3mDUMt5rO
GAOLl9w0Foa1GgfH0P4x4UsKMAqGnVfxPPM4kFlS9uias0OhnktICFb647R0Yp+N
szqidHTZPE5w7d3pcR5pbiCoXqFo4g2GUvXrMHwl2PTOhb0NRcxdNxUOCbTts1DZ
GOuRGFB43KbbKS3JHu20pOCsO6R90bL+7qpg14AhJT08S29bix7Rl2VdipGAr/1c
W7/UtHoPQBxQ/onNjvQ+s2ykHHWecujS+OdZanr6QMrkpc6RqMMFXsdMWsYXRAce
-----END CERTIFICATE-----