Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/20/9c2c90-c7d4-48b7-9baf-f1bf0c33a908/1/Wfi9weRVU_9728lCKtnUGbX_kfQ.roa
File:                     Wfi9weRVU_9728lCKtnUGbX_kfQ.roa (raw, json)
Hash identifier:          JBfMOb/0DpeHuMbuImj+0sfOPCYgSGOEaIZLNvUd2rQ=
Subject key identifier:   59:F8:BD:C1:E4:55:53:FF:7B:DB:C9:42:2A:D9:D4:19:B5:FF:91:F4
Certificate issuer:       /CN=23e3d92bfe16619ca500c03267effa9aa7ca0c47
Certificate serial:       018CC56E3105D28AA2662CA3EA577CA4DD9B
Authority key identifier: 23:E3:D9:2B:FE:16:61:9C:A5:00:C0:32:67:EF:FA:9A:A7:CA:0C:47
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/I-PZK_4WYZylAMAyZ-_6mqfKDEc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/20/9c2c90-c7d4-48b7-9baf-f1bf0c33a908/1/Wfi9weRVU_9728lCKtnUGbX_kfQ.roa
Signing time:             Mon 01 Jan 2024 14:29:42 +0000
ROA not before:           Mon 01 Jan 2024 14:29:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     59574
IP address blocks:        89.188.168.0/22 maxlen: 24
                          89.188.174.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/20/9c2c90-c7d4-48b7-9baf-f1bf0c33a908/1/I-PZK_4WYZylAMAyZ-_6mqfKDEc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/20/9c2c90-c7d4-48b7-9baf-f1bf0c33a908/1/I-PZK_4WYZylAMAyZ-_6mqfKDEc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/I-PZK_4WYZylAMAyZ-_6mqfKDEc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 17:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:31:05:d2:8a:a2:66:2c:a3:ea:57:7c:a4:dd:9b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=23e3d92bfe16619ca500c03267effa9aa7ca0c47
        Validity
            Not Before: Jan  1 14:29:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=59f8bdc1e45553ff7bdbc9422ad9d419b5ff91f4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:65:56:17:49:1a:d4:e6:c9:f8:49:86:8a:31:
                    c8:85:9e:11:6a:90:78:92:10:c5:a5:91:e6:1a:82:
                    fb:bb:8c:c6:37:52:74:91:c5:9d:21:ec:6a:b9:db:
                    c0:f5:c3:16:4d:96:98:df:29:e0:08:1f:55:64:b6:
                    c5:7b:44:7c:22:ae:9e:ff:58:16:7a:9e:47:7e:6b:
                    50:c9:11:23:49:c1:08:b9:21:90:9c:01:8f:6a:b4:
                    e6:be:08:bd:1e:5a:af:5c:76:05:69:cf:b4:8f:a9:
                    b4:75:d0:e7:a5:c3:9c:26:ec:35:1e:ca:d5:be:59:
                    66:6c:df:d0:ce:44:51:48:7a:47:8f:f9:26:74:1f:
                    48:13:27:11:8d:eb:42:80:3c:3f:e4:8d:b2:ba:53:
                    78:72:4e:10:e5:14:ef:d5:7c:21:92:b1:7d:f8:09:
                    40:c6:fe:d7:96:03:ac:7c:d1:d5:87:75:fc:a4:bb:
                    55:c6:9d:cc:36:45:bc:51:41:32:d5:d2:71:a5:53:
                    a5:a6:80:11:0a:55:f0:0c:89:4f:c7:b1:a0:b6:8e:
                    b2:7e:e0:4f:33:b8:9b:3d:bd:ef:87:76:ce:47:d2:
                    3f:1a:2f:f6:1f:00:ee:b7:cd:62:bc:5b:fa:fd:95:
                    0a:9b:f3:1d:97:3f:55:a8:6c:05:c2:e6:5f:78:31:
                    aa:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:F8:BD:C1:E4:55:53:FF:7B:DB:C9:42:2A:D9:D4:19:B5:FF:91:F4
            X509v3 Authority Key Identifier:
                keyid:23:E3:D9:2B:FE:16:61:9C:A5:00:C0:32:67:EF:FA:9A:A7:CA:0C:47

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/I-PZK_4WYZylAMAyZ-_6mqfKDEc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/9c2c90-c7d4-48b7-9baf-f1bf0c33a908/1/Wfi9weRVU_9728lCKtnUGbX_kfQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/20/9c2c90-c7d4-48b7-9baf-f1bf0c33a908/1/I-PZK_4WYZylAMAyZ-_6mqfKDEc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.188.168.0/22
                  89.188.174.0/23

    Signature Algorithm: sha256WithRSAEncryption
         5a:4b:80:0d:1c:9a:c5:0f:78:29:af:c4:ce:27:8b:90:ac:83:
         58:69:25:be:2d:75:5f:04:58:1f:9c:af:d0:64:d7:27:a7:98:
         99:9b:00:8b:93:fc:5d:3c:ac:a2:a9:3e:fe:ac:8a:1e:8e:cf:
         c1:e8:77:fe:ed:28:bc:66:f3:65:3b:58:d8:94:35:f3:f6:3d:
         0f:3e:7b:b0:53:21:03:55:2d:3a:31:97:cf:cf:78:03:6e:b0:
         95:51:b7:f9:87:f2:47:55:f3:81:af:2d:4a:c3:49:65:55:74:
         69:46:99:3d:c7:9d:93:af:b7:78:81:7c:7a:73:c3:81:0d:98:
         54:5d:b2:c4:cb:09:6f:90:84:7f:96:5a:c9:38:dc:ea:7a:0c:
         23:d1:6e:62:cd:3b:7e:64:b9:58:1a:9b:aa:35:ea:70:8f:9b:
         0f:f5:34:43:3a:13:bb:82:fd:86:8f:c7:1a:c5:4a:1c:f6:ac:
         65:40:dc:c1:7a:74:25:14:4f:ee:53:8f:4f:b9:a5:96:94:52:
         6c:fe:87:88:58:12:d8:df:8c:b3:1a:ff:09:32:75:3c:91:96:
         33:4d:88:f6:ad:ae:03:17:39:eb:06:51:3c:77:a0:06:67:ec:
         61:2f:df:d9:aa:1b:c2:2a:f4:35:58:ed:11:7c:d6:b0:49:4c:
         9f:f0:eb:93
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzFbjEF0oqiZiyj6ld8pN2bMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIzZTNkOTJiZmUxNjYxOWNhNTAwYzAzMjY3ZWZmYTlhYTdj
YTBjNDcwHhcNMjQwMTAxMTQyOTQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OWY4YmRjMWU0NTU1M2ZmN2JkYmM5NDIyYWQ5ZDQxOWI1ZmY5MWY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgGVWF0ka1ObJ+EmGijHIhZ4RapB4
khDFpZHmGoL7u4zGN1J0kcWdIexqudvA9cMWTZaY3yngCB9VZLbFe0R8Iq6e/1gW
ep5HfmtQyREjScEIuSGQnAGParTmvgi9HlqvXHYFac+0j6m0ddDnpcOcJuw1HsrV
vllmbN/QzkRRSHpHj/kmdB9IEycRjetCgDw/5I2yulN4ck4Q5RTv1XwhkrF9+AlA
xv7XlgOsfNHVh3X8pLtVxp3MNkW8UUEy1dJxpVOlpoARClXwDIlPx7Ggto6yfuBP
M7ibPb3vh3bOR9I/Gi/2HwDut81ivFv6/ZUKm/Mdlz9VqGwFwuZfeDGq+QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFFn4vcHkVVP/e9vJQirZ1Bm1/5H0MB8GA1UdIwQY
MBaAFCPj2Sv+FmGcpQDAMmfv+pqnygxHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSS1QWktfNFdZWnlsQU1BeVotXzZtcWZLREVjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMC85YzJjOTAtYzdkNC00OGI3LTliYWYt
ZjFiZjBjMzNhOTA4LzEvV2ZpOXdlUlZVXzk3MjhsQ0t0blVHYlhfa2ZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMC85YzJjOTAtYzdkNC00OGI3LTliYWYtZjFiZjBjMzNhOTA4
LzEvSS1QWktfNFdZWnlsQU1BeVotXzZtcWZLREVjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCWbyoAwQB
WbyuMA0GCSqGSIb3DQEBCwUAA4IBAQBaS4ANHJrFD3gpr8TOJ4uQrINYaSW+LXVf
BFgfnK/QZNcnp5iZmwCLk/xdPKyiqT7+rIoejs/B6Hf+7Si8ZvNlO1jYlDXz9j0P
PnuwUyEDVS06MZfPz3gDbrCVUbf5h/JHVfOBry1Kw0llVXRpRpk9x52Tr7d4gXx6
c8OBDZhUXbLEywlvkIR/llrJONzqegwj0W5izTt+ZLlYGpuqNepwj5sP9TRDOhO7
gv2Gj8caxUoc9qxlQNzBenQlFE/uU49PuaWWlFJs/oeIWBLY34yzGv8JMnU8kZYz
TYj2ra4DFznrBlE8d6AGZ+xhL9/ZqhvCKvQ1WO0RfNawSUyf8OuT
-----END CERTIFICATE-----