Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/27/d8e184-e79b-47fe-96dc-5ba4235ce619/1/WonCC1d05Rdnfwi1S0l7W6HpVyg.roa
File:                     WonCC1d05Rdnfwi1S0l7W6HpVyg.roa (raw, json)
Hash identifier:          xatVlPZAdSMa/SeJyryxqZaOu8tf4Aog24rhyw+bqWQ=
Subject key identifier:   5A:89:C2:0B:57:74:E5:17:67:7F:08:B5:4B:49:7B:5B:A1:E9:57:28
Certificate issuer:       /CN=aa70fbb3db228437d605799ac4f4598d22e13e1b
Certificate serial:       018CC348A8DEFE6C261225F81DCD837268DA
Authority key identifier: AA:70:FB:B3:DB:22:84:37:D6:05:79:9A:C4:F4:59:8D:22:E1:3E:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qnD7s9sihDfWBXmaxPRZjSLhPhs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/27/d8e184-e79b-47fe-96dc-5ba4235ce619/1/WonCC1d05Rdnfwi1S0l7W6HpVyg.roa
Signing time:             Mon 01 Jan 2024 04:29:28 +0000
ROA not before:           Mon 01 Jan 2024 04:29:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35223
IP address blocks:        193.168.168.0/22 maxlen: 22
                          82.117.0.0/19 maxlen: 19
                          2a03:5480::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/27/d8e184-e79b-47fe-96dc-5ba4235ce619/1/qnD7s9sihDfWBXmaxPRZjSLhPhs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/27/d8e184-e79b-47fe-96dc-5ba4235ce619/1/qnD7s9sihDfWBXmaxPRZjSLhPhs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qnD7s9sihDfWBXmaxPRZjSLhPhs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:a8:de:fe:6c:26:12:25:f8:1d:cd:83:72:68:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aa70fbb3db228437d605799ac4f4598d22e13e1b
        Validity
            Not Before: Jan  1 04:29:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5a89c20b5774e517677f08b54b497b5ba1e95728
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:18:5c:e6:fa:63:04:94:77:ae:db:64:14:d3:
                    d9:39:21:10:ed:a2:3a:2a:74:1e:9d:f1:8b:bb:e3:
                    b0:3e:58:b9:33:51:a0:b2:47:87:54:ae:30:ee:64:
                    79:0f:ae:0b:9b:2b:72:4f:28:69:4e:60:f1:c8:93:
                    7f:f4:16:b4:d4:93:da:d6:fb:39:83:89:ee:06:b4:
                    7f:08:f9:6d:0f:92:c0:d2:e0:5c:14:d5:57:e6:8a:
                    58:e5:30:0e:99:56:88:67:ff:db:73:8b:bd:e8:a2:
                    0f:05:2e:2e:46:50:d7:08:9c:33:2f:90:01:1f:7f:
                    98:3d:fb:1c:5b:91:52:63:a9:b0:33:1f:33:30:de:
                    88:a8:ef:51:93:02:20:ee:30:a0:b6:b4:d1:e9:4a:
                    3e:db:8c:30:4b:f9:12:b9:76:86:c9:53:6b:1b:d2:
                    09:1d:5d:4e:a3:2e:a2:7f:71:d1:5f:6b:6a:e2:ae:
                    0d:6a:4a:ca:c3:62:15:cc:15:09:f5:28:e7:c6:c5:
                    7a:df:5f:c5:36:48:29:f7:81:b9:28:7f:ac:fe:5b:
                    46:06:22:0a:11:e5:a3:6f:a9:9e:77:d6:79:56:89:
                    f6:da:fc:09:98:a5:86:6e:15:87:b0:78:54:73:00:
                    5d:98:ef:d9:6b:ed:dc:6b:82:ea:cf:d3:3a:a8:26:
                    2e:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5A:89:C2:0B:57:74:E5:17:67:7F:08:B5:4B:49:7B:5B:A1:E9:57:28
            X509v3 Authority Key Identifier:
                keyid:AA:70:FB:B3:DB:22:84:37:D6:05:79:9A:C4:F4:59:8D:22:E1:3E:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qnD7s9sihDfWBXmaxPRZjSLhPhs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/27/d8e184-e79b-47fe-96dc-5ba4235ce619/1/WonCC1d05Rdnfwi1S0l7W6HpVyg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/27/d8e184-e79b-47fe-96dc-5ba4235ce619/1/qnD7s9sihDfWBXmaxPRZjSLhPhs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.117.0.0/19
                  193.168.168.0/22
                IPv6:
                  2a03:5480::/29

    Signature Algorithm: sha256WithRSAEncryption
         61:94:33:db:fb:2d:c1:54:e8:0b:ea:94:94:3a:8f:4f:61:9e:
         f9:91:ff:05:27:a3:ae:b6:a9:37:74:a9:53:02:b0:a0:2e:fc:
         e0:d5:c5:ec:de:07:dd:a1:f6:81:70:94:57:94:e3:93:db:27:
         a6:ce:f2:d4:2d:e5:ff:84:a7:98:e5:23:ca:2f:5a:3a:67:8e:
         9f:d1:f5:39:25:e3:c0:6c:b4:7c:fa:f6:e1:85:1d:03:95:a7:
         04:19:8d:f6:05:56:5a:2c:9b:7d:d1:90:f2:e5:74:52:03:1f:
         3b:c2:15:b4:9b:02:63:6d:6f:dd:7e:1c:11:11:60:d4:1a:3d:
         f4:d5:f1:2e:96:58:62:0c:17:b1:b1:2a:15:fa:42:dc:0a:c2:
         bd:6f:af:2f:38:0b:41:ea:5b:2f:35:75:6a:b6:33:ec:f1:ac:
         3c:6e:ce:f0:31:40:78:e9:f7:aa:81:7e:9a:19:90:c6:1f:cf:
         b5:5d:25:ff:f8:2e:ab:80:4b:2e:3b:05:9b:85:81:4e:b3:a7:
         5a:0c:61:43:63:7e:e8:70:a2:1b:b6:20:e9:be:ca:1a:59:20:
         b4:07:fe:c6:55:e5:45:fe:e2:85:42:a3:e9:73:58:f8:cd:e6:
         19:d1:4f:b9:f0:14:ae:e0:ed:1b:82:89:45:41:2f:f5:c3:ed:
         c2:07:96:59
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzDSKje/mwmEiX4Hc2DcmjaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFhNzBmYmIzZGIyMjg0MzdkNjA1Nzk5YWM0ZjQ1OThkMjJl
MTNlMWIwHhcNMjQwMTAxMDQyOTI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YTg5YzIwYjU3NzRlNTE3Njc3ZjA4YjU0YjQ5N2I1YmExZTk1NzI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkxhc5vpjBJR3rttkFNPZOSEQ7aI6
KnQenfGLu+OwPli5M1GgskeHVK4w7mR5D64LmytyTyhpTmDxyJN/9Ba01JPa1vs5
g4nuBrR/CPltD5LA0uBcFNVX5opY5TAOmVaIZ//bc4u96KIPBS4uRlDXCJwzL5AB
H3+YPfscW5FSY6mwMx8zMN6IqO9RkwIg7jCgtrTR6Uo+24wwS/kSuXaGyVNrG9IJ
HV1Ooy6if3HRX2tq4q4NakrKw2IVzBUJ9SjnxsV631/FNkgp94G5KH+s/ltGBiIK
EeWjb6med9Z5Von22vwJmKWGbhWHsHhUcwBdmO/Za+3ca4Lqz9M6qCYubQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFFqJwgtXdOUXZ38ItUtJe1uh6VcoMB8GA1UdIwQY
MBaAFKpw+7PbIoQ31gV5msT0WY0i4T4bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcW5EN3M5c2loRGZXQlhtYXhQUlpqU0xoUGhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNy9kOGUxODQtZTc5Yi00N2ZlLTk2ZGMt
NWJhNDIzNWNlNjE5LzEvV29uQ0MxZDA1UmRuZndpMVMwbDdXNkhwVnlnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNy9kOGUxODQtZTc5Yi00N2ZlLTk2ZGMtNWJhNDIzNWNlNjE5
LzEvcW5EN3M5c2loRGZXQlhtYXhQUlpqU0xoUGhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQFUnUAAwQC
waioMA0EAgACMAcDBQMqA1SAMA0GCSqGSIb3DQEBCwUAA4IBAQBhlDPb+y3BVOgL
6pSUOo9PYZ75kf8FJ6Outqk3dKlTArCgLvzg1cXs3gfdofaBcJRXlOOT2yemzvLU
LeX/hKeY5SPKL1o6Z46f0fU5JePAbLR8+vbhhR0DlacEGY32BVZaLJt90ZDy5XRS
Ax87whW0mwJjbW/dfhwREWDUGj301fEullhiDBexsSoV+kLcCsK9b68vOAtB6lsv
NXVqtjPs8aw8bs7wMUB46feqgX6aGZDGH8+1XSX/+C6rgEsuOwWbhYFOs6daDGFD
Y37ocKIbtiDpvsoaWSC0B/7GVeVF/uKFQqPpc1j4zeYZ0U+58BSu4O0bgolFQS/1
w+3CB5ZZ
-----END CERTIFICATE-----