Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/WaJSWuZs-uGS2ORKWSzzrMQV8TA.roa
File:                     WaJSWuZs-uGS2ORKWSzzrMQV8TA.roa (raw, json)
Hash identifier:          k2wK4vLsIXBQ2A5R5i2OeKNd5fxqGwJYnUWgBov2rbo=
Subject key identifier:   59:A2:52:5A:E6:6C:FA:E1:92:D8:E4:4A:59:2C:F3:AC:C4:15:F1:30
Certificate issuer:       /CN=131881732a3e245a959bc679e0458c39f893e46b
Certificate serial:       0191D4FD67AD5A9795487D6C3D53AD41FAE5
Authority key identifier: 13:18:81:73:2A:3E:24:5A:95:9B:C6:79:E0:45:8C:39:F8:93:E4:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/WaJSWuZs-uGS2ORKWSzzrMQV8TA.roa
Signing time:             Mon 09 Sep 2024 04:14:22 +0000
ROA not before:           Mon 09 Sep 2024 04:14:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57043
IP address blocks:        185.5.38.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:d4:fd:67:ad:5a:97:95:48:7d:6c:3d:53:ad:41:fa:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=131881732a3e245a959bc679e0458c39f893e46b
        Validity
            Not Before: Sep  9 04:14:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=59a2525ae66cfae192d8e44a592cf3acc415f130
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:8d:64:76:98:ba:37:0c:58:56:13:aa:83:8b:
                    50:eb:70:67:c0:63:a0:4e:0c:19:9f:5b:0d:b5:c3:
                    b7:70:b9:98:f9:08:47:7b:24:f4:0c:78:a5:6e:86:
                    18:40:9a:dd:de:f6:23:05:55:37:14:07:32:f3:25:
                    2c:18:6f:ac:01:2d:e2:7f:02:c7:65:d3:99:a0:b7:
                    66:8a:22:9b:c9:65:e3:7e:69:c9:2d:39:29:bf:1a:
                    a4:ef:9e:ed:d2:0a:d6:17:70:3a:69:e9:59:74:10:
                    65:0c:26:fd:7d:81:4a:90:80:d3:01:fc:6b:91:f5:
                    fd:74:be:d0:81:67:d6:e7:8b:76:67:a2:50:7f:91:
                    d4:a1:e9:c0:87:94:88:4b:ca:09:94:04:49:52:f4:
                    92:a7:d9:7a:65:6e:0f:89:f0:d9:1d:b4:eb:13:2e:
                    da:e2:23:19:9c:d7:72:e4:d8:d1:59:77:59:f2:82:
                    43:f7:48:8b:d3:9d:a5:50:ff:d8:8a:07:2d:d8:41:
                    a8:5c:77:19:7c:fc:c3:0a:b8:95:31:0e:87:e2:24:
                    00:62:66:1e:f9:a4:7f:b1:0a:1e:df:4f:71:bb:6e:
                    17:0c:cb:f2:4e:f2:ad:db:b6:c1:73:35:1b:29:76:
                    e5:0e:98:f7:17:e1:5d:71:a9:54:90:d0:70:2d:7e:
                    b0:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:A2:52:5A:E6:6C:FA:E1:92:D8:E4:4A:59:2C:F3:AC:C4:15:F1:30
            X509v3 Authority Key Identifier:
                keyid:13:18:81:73:2A:3E:24:5A:95:9B:C6:79:E0:45:8C:39:F8:93:E4:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/WaJSWuZs-uGS2ORKWSzzrMQV8TA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.5.38.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3a:43:6a:cc:3c:c0:ae:61:b3:17:f8:b7:4b:08:20:1a:ac:a3:
         6a:76:7a:ed:59:83:24:a1:e3:49:33:fc:5d:39:74:b4:25:35:
         7e:a1:d1:ca:0c:0e:b0:9b:6d:db:ef:eb:c9:78:5c:76:a7:5a:
         d9:4c:14:2c:da:4d:be:19:c0:4e:dc:b0:b2:fa:0e:d4:49:cf:
         84:36:08:06:03:78:3f:b1:2a:56:f8:e9:36:2c:94:b3:3c:fd:
         c5:be:8a:d0:9d:e2:53:c4:31:9c:50:78:fa:b8:82:48:1c:fe:
         75:dc:af:ab:b0:d2:fd:5e:38:64:fc:1d:1f:ee:da:f3:78:04:
         2f:0b:4c:6f:6f:f6:5a:5c:b4:36:65:12:b1:8f:e2:61:d1:5b:
         cd:fb:ba:96:ef:f0:28:bb:f4:c4:fb:3d:a5:f5:0a:bb:d2:85:
         ca:92:be:90:b0:af:2f:e9:c3:2c:87:90:a2:43:f2:f7:bb:bb:
         1a:a5:35:92:0a:89:6d:6e:51:de:d8:ea:81:86:00:86:4b:21:
         3e:08:ef:ca:53:15:44:2b:c3:53:2c:cb:23:38:52:93:6f:5a:
         9b:dc:cd:dc:83:68:bf:b1:7c:ce:b0:32:cb:bd:ea:d5:64:00:
         3b:91:78:48:bb:de:d0:fb:40:a7:fb:9a:28:15:18:a7:f0:a0:
         f1:1b:2e:41
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZHU/WetWpeVSH1sPVOtQfrlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEzMTg4MTczMmEzZTI0NWE5NTliYzY3OWUwNDU4YzM5Zjg5
M2U0NmIwHhcNMjQwOTA5MDQxNDIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OWEyNTI1YWU2NmNmYWUxOTJkOGU0NGE1OTJjZjNhY2M0MTVmMTMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqI1kdpi6NwxYVhOqg4tQ63BnwGOg
TgwZn1sNtcO3cLmY+QhHeyT0DHilboYYQJrd3vYjBVU3FAcy8yUsGG+sAS3ifwLH
ZdOZoLdmiiKbyWXjfmnJLTkpvxqk757t0grWF3A6aelZdBBlDCb9fYFKkIDTAfxr
kfX9dL7QgWfW54t2Z6JQf5HUoenAh5SIS8oJlARJUvSSp9l6ZW4PifDZHbTrEy7a
4iMZnNdy5NjRWXdZ8oJD90iL052lUP/Yigct2EGoXHcZfPzDCriVMQ6H4iQAYmYe
+aR/sQoe309xu24XDMvyTvKt27bBczUbKXblDpj3F+FdcalUkNBwLX6w+wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFmiUlrmbPrhktjkSlks86zEFfEwMB8GA1UdIwQY
MBaAFBMYgXMqPiRalZvGeeBFjDn4k+RrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRXhpQmN5by1KRnFWbThaNTRFV01PZmlUNUdzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYS84OWYwNzEtNTYzMS00NWRiLWE3ZTUt
Y2Q2MTUyMjYxYzZmLzEvV2FKU1d1WnMtdUdTMk9SS1dTenpyTVFWOFRBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYS84OWYwNzEtNTYzMS00NWRiLWE3ZTUtY2Q2MTUyMjYxYzZm
LzEvRXhpQmN5by1KRnFWbThaNTRFV01PZmlUNUdzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuQUmMA0G
CSqGSIb3DQEBCwUAA4IBAQA6Q2rMPMCuYbMX+LdLCCAarKNqdnrtWYMkoeNJM/xd
OXS0JTV+odHKDA6wm23b7+vJeFx2p1rZTBQs2k2+GcBO3LCy+g7USc+ENggGA3g/
sSpW+Ok2LJSzPP3FvorQneJTxDGcUHj6uIJIHP513K+rsNL9Xjhk/B0f7trzeAQv
C0xvb/ZaXLQ2ZRKxj+Jh0VvN+7qW7/Aou/TE+z2l9Qq70oXKkr6QsK8v6cMsh5Ci
Q/L3u7sapTWSColtblHe2OqBhgCGSyE+CO/KUxVEK8NTLMsjOFKTb1qb3M3cg2i/
sXzOsDLLverVZAA7kXhIu97Q+0Cn+5ooFRin8KDxGy5B
-----END CERTIFICATE-----