Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/6c27f0-137d-471b-9d1d-b7578b10ba7e/1/wZH1WS1rQ3W5agGFtn5MWH1kPCg.roa
File:                     wZH1WS1rQ3W5agGFtn5MWH1kPCg.roa (raw, json)
Hash identifier:          1SNCnWLLjaupfl9DVzkycpKTgzuibxmPpqpeSTUFO9A=
Subject key identifier:   C1:91:F5:59:2D:6B:43:75:B9:6A:01:85:B6:7E:4C:58:7D:64:3C:28
Certificate issuer:       /CN=c1aaf043fe209c0345362205f8cc7cd61951c27e
Certificate serial:       018CC5DC06F0AA60F9D0BC916640142A3539
Authority key identifier: C1:AA:F0:43:FE:20:9C:03:45:36:22:05:F8:CC:7C:D6:19:51:C2:7E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/warwQ_4gnANFNiIF-Mx81hlRwn4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/6c27f0-137d-471b-9d1d-b7578b10ba7e/1/wZH1WS1rQ3W5agGFtn5MWH1kPCg.roa
Signing time:             Mon 01 Jan 2024 16:29:40 +0000
ROA not before:           Mon 01 Jan 2024 16:29:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     29608
IP address blocks:        185.150.88.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/34/6c27f0-137d-471b-9d1d-b7578b10ba7e/1/warwQ_4gnANFNiIF-Mx81hlRwn4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/34/6c27f0-137d-471b-9d1d-b7578b10ba7e/1/warwQ_4gnANFNiIF-Mx81hlRwn4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/warwQ_4gnANFNiIF-Mx81hlRwn4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 06:21:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:06:f0:aa:60:f9:d0:bc:91:66:40:14:2a:35:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c1aaf043fe209c0345362205f8cc7cd61951c27e
        Validity
            Not Before: Jan  1 16:29:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c191f5592d6b4375b96a0185b67e4c587d643c28
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:80:ca:05:67:50:08:3e:91:b1:6f:21:a0:72:
                    25:98:f8:d3:bc:2c:ee:c6:58:c0:e4:96:89:a5:58:
                    1d:1c:0c:3c:5f:41:56:04:13:0f:32:e3:85:09:06:
                    4b:42:ed:cc:8d:4f:01:3d:13:b3:a9:36:83:63:23:
                    18:4e:ed:01:f2:77:dd:16:c4:8a:25:72:21:24:64:
                    c6:9d:4b:e0:d5:80:b1:61:60:f4:2b:fc:27:d9:6c:
                    ad:ef:c6:34:da:2e:9a:bb:3f:2e:70:8c:9d:b2:b8:
                    fd:3d:f9:fd:54:08:58:43:41:50:cc:dc:86:7e:7a:
                    8f:0f:bf:1d:f0:45:e9:33:cc:6c:11:99:fe:9c:41:
                    b6:a2:86:9c:49:95:db:8f:b1:ee:6a:84:5d:05:d5:
                    22:86:2d:6b:c0:5a:67:bf:b3:72:fa:ad:52:15:73:
                    b5:bf:12:ef:dc:22:fa:f6:c1:0d:ac:9a:e1:53:e6:
                    a9:b7:9b:c2:5d:28:ab:dd:50:f3:db:6d:32:bb:88:
                    a4:95:cd:12:27:0c:c0:83:51:38:8d:87:76:b3:5c:
                    34:83:15:b6:c2:b8:cf:af:a3:a8:67:df:64:84:8e:
                    26:27:22:99:33:a9:f4:f5:97:31:87:d5:12:4d:95:
                    3c:99:bf:14:a4:a4:67:93:19:86:2d:4b:4d:e6:8d:
                    61:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:91:F5:59:2D:6B:43:75:B9:6A:01:85:B6:7E:4C:58:7D:64:3C:28
            X509v3 Authority Key Identifier:
                keyid:C1:AA:F0:43:FE:20:9C:03:45:36:22:05:F8:CC:7C:D6:19:51:C2:7E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/warwQ_4gnANFNiIF-Mx81hlRwn4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/6c27f0-137d-471b-9d1d-b7578b10ba7e/1/wZH1WS1rQ3W5agGFtn5MWH1kPCg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/6c27f0-137d-471b-9d1d-b7578b10ba7e/1/warwQ_4gnANFNiIF-Mx81hlRwn4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.150.88.0/22

    Signature Algorithm: sha256WithRSAEncryption
         5e:e9:6b:ee:0e:31:62:79:06:be:7d:ab:36:5c:70:b2:16:a8:
         ec:1c:4b:68:f7:d8:9f:db:ab:01:f8:3e:70:83:12:33:5d:c9:
         be:08:a6:c6:9e:7d:11:02:d3:91:01:f6:7e:57:80:3e:3a:ad:
         82:7e:07:b6:8a:5b:c8:05:81:55:2c:8d:14:d3:47:fb:1b:e4:
         1d:e4:ad:13:f1:5e:ef:55:c6:50:9d:33:4e:80:0f:85:a9:55:
         ba:fe:8d:bd:10:ef:51:7e:79:4a:18:c1:b3:f8:37:14:be:14:
         29:b3:e1:21:24:36:f7:3a:5b:f5:a0:54:28:16:95:de:9c:53:
         51:e6:44:60:8a:02:81:a9:a5:8b:7c:26:2f:b7:10:2b:a0:27:
         5b:d7:4c:c5:92:c2:b8:a5:ad:b3:26:af:03:4d:a8:d0:03:12:
         96:61:60:a6:80:80:b7:77:ac:f1:64:5d:1b:a1:46:05:8f:ff:
         6c:05:10:f6:4a:75:84:77:f4:26:1c:f6:f0:90:bd:78:d1:55:
         f0:06:2d:78:0c:48:b2:69:9c:fd:d5:b5:4e:92:65:c1:73:c8:
         7f:1e:c5:3d:68:4b:db:7d:81:b2:02:1c:27:76:1c:1c:84:e7:
         ad:69:45:43:a1:02:02:b1:aa:62:86:66:05:a9:88:e9:72:89:
         c3:cc:10:04
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3AbwqmD50LyRZkAUKjU5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMxYWFmMDQzZmUyMDljMDM0NTM2MjIwNWY4Y2M3Y2Q2MTk1
MWMyN2UwHhcNMjQwMTAxMTYyOTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMTkxZjU1OTJkNmI0Mzc1Yjk2YTAxODViNjdlNGM1ODdkNjQzYzI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2IDKBWdQCD6RsW8hoHIlmPjTvCzu
xljA5JaJpVgdHAw8X0FWBBMPMuOFCQZLQu3MjU8BPROzqTaDYyMYTu0B8nfdFsSK
JXIhJGTGnUvg1YCxYWD0K/wn2Wyt78Y02i6auz8ucIydsrj9Pfn9VAhYQ0FQzNyG
fnqPD78d8EXpM8xsEZn+nEG2ooacSZXbj7HuaoRdBdUihi1rwFpnv7Ny+q1SFXO1
vxLv3CL69sENrJrhU+apt5vCXSir3VDz220yu4iklc0SJwzAg1E4jYd2s1w0gxW2
wrjPr6OoZ99khI4mJyKZM6n09Zcxh9USTZU8mb8UpKRnkxmGLUtN5o1hBQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMGR9Vkta0N1uWoBhbZ+TFh9ZDwoMB8GA1UdIwQY
MBaAFMGq8EP+IJwDRTYiBfjMfNYZUcJ+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd2Fyd1FfNGduQU5GTmlJRi1NeDgxaGxSd240LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC82YzI3ZjAtMTM3ZC00NzFiLTlkMWQt
Yjc1NzhiMTBiYTdlLzEvd1pIMVdTMXJRM1c1YWdHRnRuNU1XSDFrUENnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC82YzI3ZjAtMTM3ZC00NzFiLTlkMWQtYjc1NzhiMTBiYTdl
LzEvd2Fyd1FfNGduQU5GTmlJRi1NeDgxaGxSd240LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuZZYMA0G
CSqGSIb3DQEBCwUAA4IBAQBe6WvuDjFieQa+fas2XHCyFqjsHEto99if26sB+D5w
gxIzXcm+CKbGnn0RAtORAfZ+V4A+Oq2Cfge2ilvIBYFVLI0U00f7G+Qd5K0T8V7v
VcZQnTNOgA+FqVW6/o29EO9RfnlKGMGz+DcUvhQps+EhJDb3Olv1oFQoFpXenFNR
5kRgigKBqaWLfCYvtxAroCdb10zFksK4pa2zJq8DTajQAxKWYWCmgIC3d6zxZF0b
oUYFj/9sBRD2SnWEd/QmHPbwkL140VXwBi14DEiyaZz91bVOkmXBc8h/HsU9aEvb
fYGyAhwndhwchOetaUVDoQICsapihmYFqYjpconDzBAE
-----END CERTIFICATE-----