Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/23/12df2d-94f1-4d10-94a4-1f8368801fdc/1/WweAjVVXYM4ulxw4DZ_T1Am0xKo.roa
File:                     WweAjVVXYM4ulxw4DZ_T1Am0xKo.roa (raw, json)
Hash identifier:          zkhdO+z7L9WPI8XBV2N8TF+gLdPA2P4BB9PmmcpcZGw=
Subject key identifier:   5B:07:80:8D:55:57:60:CE:2E:97:1C:38:0D:9F:D3:D4:09:B4:C4:AA
Certificate issuer:       /CN=3814b648dd5742025c3dda5eaa66491ffdb2e5d9
Certificate serial:       018CC64B6F08493D2FBE0B66CC14F43378FC
Authority key identifier: 38:14:B6:48:DD:57:42:02:5C:3D:DA:5E:AA:66:49:1F:FD:B2:E5:D9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OBS2SN1XQgJcPdpeqmZJH_2y5dk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/23/12df2d-94f1-4d10-94a4-1f8368801fdc/1/WweAjVVXYM4ulxw4DZ_T1Am0xKo.roa
Signing time:             Mon 01 Jan 2024 18:31:21 +0000
ROA not before:           Mon 01 Jan 2024 18:31:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     31140
IP address blocks:        193.22.248.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/23/12df2d-94f1-4d10-94a4-1f8368801fdc/1/OBS2SN1XQgJcPdpeqmZJH_2y5dk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/23/12df2d-94f1-4d10-94a4-1f8368801fdc/1/OBS2SN1XQgJcPdpeqmZJH_2y5dk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OBS2SN1XQgJcPdpeqmZJH_2y5dk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:6f:08:49:3d:2f:be:0b:66:cc:14:f4:33:78:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3814b648dd5742025c3dda5eaa66491ffdb2e5d9
        Validity
            Not Before: Jan  1 18:31:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5b07808d555760ce2e971c380d9fd3d409b4c4aa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:a8:47:be:86:d4:1e:ed:b9:35:ed:59:cb:20:
                    2d:70:0b:9b:60:b1:5c:4c:5a:11:3a:05:10:af:20:
                    0d:e2:a8:50:66:62:bf:78:93:48:2d:32:56:5e:70:
                    d2:96:4c:be:4a:09:25:94:31:a4:b0:7a:a9:d0:96:
                    24:2a:3c:af:be:f9:27:a1:61:0f:1c:8a:10:3a:74:
                    90:ae:94:c9:a5:d2:de:f6:91:26:f0:a8:3a:2d:07:
                    1c:a8:3e:28:d8:86:93:fc:de:ba:c5:33:b4:28:45:
                    50:82:e5:8e:f8:7b:6c:01:6f:93:a8:2b:80:6b:60:
                    48:92:ad:ab:46:ee:2d:94:5d:5d:1b:76:b8:1e:ac:
                    5e:67:4e:81:9e:52:18:a0:ec:e0:f2:9d:bd:73:12:
                    bf:90:4b:5f:b3:4c:f0:93:69:87:f4:b4:e9:d8:3b:
                    74:b3:ba:3c:51:d0:af:1f:d1:00:7d:a7:4f:23:6b:
                    89:03:f6:50:ae:c4:4e:c3:f4:ce:ac:35:0d:a6:33:
                    3a:19:d7:22:a4:1f:bd:5e:7a:f6:0e:b5:f1:39:17:
                    42:d2:3f:14:61:51:5d:3b:62:dd:dc:1d:16:42:e0:
                    2d:66:dc:2e:be:56:b8:29:4a:f2:e1:34:3f:5d:e2:
                    70:82:4f:93:51:cc:d4:dd:e9:7e:f5:18:75:6e:58:
                    43:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:07:80:8D:55:57:60:CE:2E:97:1C:38:0D:9F:D3:D4:09:B4:C4:AA
            X509v3 Authority Key Identifier:
                keyid:38:14:B6:48:DD:57:42:02:5C:3D:DA:5E:AA:66:49:1F:FD:B2:E5:D9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OBS2SN1XQgJcPdpeqmZJH_2y5dk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/23/12df2d-94f1-4d10-94a4-1f8368801fdc/1/WweAjVVXYM4ulxw4DZ_T1Am0xKo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/23/12df2d-94f1-4d10-94a4-1f8368801fdc/1/OBS2SN1XQgJcPdpeqmZJH_2y5dk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.22.248.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0e:de:71:d2:a9:c7:15:2d:af:d6:c1:84:f6:e0:f5:9c:b3:b0:
         c0:69:3a:0f:21:57:a0:5c:41:b3:fc:e9:f8:cf:3b:8d:d0:45:
         ef:b9:46:70:fb:3a:d8:ae:74:fc:ab:cb:13:86:d8:fb:ee:ef:
         99:07:e4:d1:08:37:18:ae:d6:99:04:c0:46:cf:0d:24:f8:10:
         7e:e4:bf:94:51:2d:39:95:56:dc:93:4b:14:3a:2d:a4:3d:35:
         dc:75:be:c6:59:04:51:90:68:df:ce:80:4b:83:ef:e1:07:5a:
         a7:da:4f:7b:16:f3:d5:04:44:fd:c9:c8:2f:de:0a:6c:9b:45:
         d0:7b:9a:2c:80:69:e6:dc:38:a3:06:34:8e:1e:91:bb:d2:18:
         a0:84:33:4e:fe:ea:35:b7:17:19:1a:ce:87:93:2d:14:37:ba:
         0b:d4:bd:c2:f2:e4:f4:90:b6:26:42:57:56:3f:a7:a6:e6:d4:
         cc:69:12:a9:5e:04:b4:6d:7f:fb:fb:e4:3c:82:02:af:21:94:
         68:31:04:da:8c:1f:bf:5d:ca:7b:1f:a5:06:43:2e:a0:31:08:
         52:c2:94:62:1d:99:da:de:1f:24:c1:f1:57:80:95:f9:d0:63:
         bd:15:1b:10:8d:55:bf:47:bc:aa:6a:64:e6:49:45:3f:36:c6:
         fd:b0:22:89
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGS28IST0vvgtmzBT0M3j8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM4MTRiNjQ4ZGQ1NzQyMDI1YzNkZGE1ZWFhNjY0OTFmZmRi
MmU1ZDkwHhcNMjQwMTAxMTgzMTIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YjA3ODA4ZDU1NTc2MGNlMmU5NzFjMzgwZDlmZDNkNDA5YjRjNGFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh6hHvobUHu25Ne1ZyyAtcAubYLFc
TFoROgUQryAN4qhQZmK/eJNILTJWXnDSlky+SgkllDGksHqp0JYkKjyvvvknoWEP
HIoQOnSQrpTJpdLe9pEm8Kg6LQccqD4o2IaT/N66xTO0KEVQguWO+HtsAW+TqCuA
a2BIkq2rRu4tlF1dG3a4HqxeZ06BnlIYoOzg8p29cxK/kEtfs0zwk2mH9LTp2Dt0
s7o8UdCvH9EAfadPI2uJA/ZQrsROw/TOrDUNpjM6GdcipB+9Xnr2DrXxORdC0j8U
YVFdO2Ld3B0WQuAtZtwuvla4KUry4TQ/XeJwgk+TUczU3el+9Rh1blhDSwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFsHgI1VV2DOLpccOA2f09QJtMSqMB8GA1UdIwQY
MBaAFDgUtkjdV0ICXD3aXqpmSR/9suXZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT0JTMlNOMVhRZ0pjUGRwZXFtWkpIXzJ5NWRrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMy8xMmRmMmQtOTRmMS00ZDEwLTk0YTQt
MWY4MzY4ODAxZmRjLzEvV3dlQWpWVlhZTTR1bHh3NERaX1QxQW0weEtvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMy8xMmRmMmQtOTRmMS00ZDEwLTk0YTQtMWY4MzY4ODAxZmRj
LzEvT0JTMlNOMVhRZ0pjUGRwZXFtWkpIXzJ5NWRrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwRb4MA0G
CSqGSIb3DQEBCwUAA4IBAQAO3nHSqccVLa/WwYT24PWcs7DAaToPIVegXEGz/On4
zzuN0EXvuUZw+zrYrnT8q8sThtj77u+ZB+TRCDcYrtaZBMBGzw0k+BB+5L+UUS05
lVbck0sUOi2kPTXcdb7GWQRRkGjfzoBLg+/hB1qn2k97FvPVBET9ycgv3gpsm0XQ
e5osgGnm3DijBjSOHpG70highDNO/uo1txcZGs6Hky0UN7oL1L3C8uT0kLYmQldW
P6em5tTMaRKpXgS0bX/7++Q8ggKvIZRoMQTajB+/Xcp7H6UGQy6gMQhSwpRiHZna
3h8kwfFXgJX50GO9FRsQjVW/R7yqamTmSUU/Nsb9sCKJ
-----END CERTIFICATE-----