Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3c/4a164e-1e58-4105-bed1-407af89ad8e9/1/wM1Xtp5Gyx91AmfiAm92MOlWexA.roa
File:                     wM1Xtp5Gyx91AmfiAm92MOlWexA.roa (raw, json)
Hash identifier:          7/LHzfjQOYia0QbwxMj0DALuLQfsf3Zsz4Bb04utlok=
Subject key identifier:   C0:CD:57:B6:9E:46:CB:1F:75:02:67:E2:02:6F:76:30:E9:56:7B:10
Certificate issuer:       /CN=137f23944e3d78da920055d72c74d02be5455f35
Certificate serial:       018CC7957A2485EA3F9E88BE8D71EE74FAE2
Authority key identifier: 13:7F:23:94:4E:3D:78:DA:92:00:55:D7:2C:74:D0:2B:E5:45:5F:35
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/E38jlE49eNqSAFXXLHTQK-VFXzU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3c/4a164e-1e58-4105-bed1-407af89ad8e9/1/wM1Xtp5Gyx91AmfiAm92MOlWexA.roa
Signing time:             Tue 02 Jan 2024 00:31:51 +0000
ROA not before:           Tue 02 Jan 2024 00:31:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     58744
IP address blocks:        185.252.252.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3c/4a164e-1e58-4105-bed1-407af89ad8e9/1/E38jlE49eNqSAFXXLHTQK-VFXzU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3c/4a164e-1e58-4105-bed1-407af89ad8e9/1/E38jlE49eNqSAFXXLHTQK-VFXzU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/E38jlE49eNqSAFXXLHTQK-VFXzU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 05:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:7a:24:85:ea:3f:9e:88:be:8d:71:ee:74:fa:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=137f23944e3d78da920055d72c74d02be5455f35
        Validity
            Not Before: Jan  2 00:31:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c0cd57b69e46cb1f750267e2026f7630e9567b10
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:30:f7:a2:78:dc:1a:e0:8a:c3:27:d5:25:a4:
                    3f:55:4e:a4:cd:bd:01:45:12:c6:31:51:1b:47:2a:
                    ff:2e:cc:19:43:42:b8:db:f6:ea:1f:0f:ce:fc:52:
                    2b:25:e1:cd:2a:cb:25:26:9c:39:0a:0c:ff:de:1a:
                    f2:74:b9:8c:f6:74:3c:67:28:40:35:ec:f2:7a:6f:
                    10:aa:f3:c2:b6:d8:38:e9:0e:44:83:73:67:ca:09:
                    ef:63:01:c9:87:53:d9:e4:c3:10:cf:10:bc:36:4f:
                    07:c9:7f:6c:d2:93:b4:de:05:a4:21:4a:99:df:b6:
                    fe:08:b2:46:29:bc:b2:5c:e0:d2:4f:06:43:cf:71:
                    12:bf:d4:55:a1:83:a6:f3:72:b0:78:67:f6:29:e1:
                    e7:9e:fd:c6:98:9b:00:d5:94:86:d7:d9:a0:43:7a:
                    3d:e1:eb:d3:e0:ab:d1:22:51:07:38:82:41:3b:1d:
                    93:d2:55:63:d1:18:bf:ca:b2:fe:6c:06:92:3d:bb:
                    ee:c6:6e:af:fd:8b:38:00:96:6f:39:0a:3d:a7:79:
                    79:f7:88:d9:2a:0c:b0:2a:0a:97:e0:79:37:0f:78:
                    9d:a2:3a:ee:43:a0:c1:f2:a6:f5:35:f7:80:14:13:
                    7d:34:87:0c:87:a1:94:4c:c2:04:f0:aa:3f:21:56:
                    f2:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C0:CD:57:B6:9E:46:CB:1F:75:02:67:E2:02:6F:76:30:E9:56:7B:10
            X509v3 Authority Key Identifier:
                keyid:13:7F:23:94:4E:3D:78:DA:92:00:55:D7:2C:74:D0:2B:E5:45:5F:35

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/E38jlE49eNqSAFXXLHTQK-VFXzU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/4a164e-1e58-4105-bed1-407af89ad8e9/1/wM1Xtp5Gyx91AmfiAm92MOlWexA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/4a164e-1e58-4105-bed1-407af89ad8e9/1/E38jlE49eNqSAFXXLHTQK-VFXzU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.252.252.0/22

    Signature Algorithm: sha256WithRSAEncryption
         30:8c:4a:2d:47:06:f0:a4:48:65:53:20:01:bc:4a:da:85:4e:
         4e:bd:29:3f:17:f5:c4:48:11:f0:2f:2a:df:ea:df:bb:43:41:
         ca:1d:11:63:27:83:c9:2e:92:64:44:9a:74:bb:1e:57:3f:12:
         75:e4:c1:0b:6e:ab:66:cc:43:e8:a1:47:b0:99:16:65:1c:27:
         45:a9:66:05:ae:2b:f8:d9:76:4d:2a:27:a8:a4:7a:44:06:36:
         b8:59:74:5c:8d:0b:dd:a6:6b:19:7e:bf:59:8c:f3:de:b6:22:
         76:d7:58:77:76:a6:a3:c9:5d:d6:7e:fd:a3:d7:1c:ad:b0:58:
         7d:10:24:4b:09:e6:6e:28:9e:4c:0c:4e:5f:5b:01:1c:cc:e6:
         c7:86:a0:27:ef:e7:62:4a:90:27:01:f1:f0:ce:65:f3:8b:75:
         8b:df:9f:93:5a:ea:f1:58:68:c6:d7:4f:94:64:63:4a:87:c3:
         4d:a0:d9:44:d0:a4:2b:55:72:21:58:61:72:90:46:1f:c4:e1:
         1e:95:96:90:ea:88:e9:dc:fc:a3:f1:c4:f7:5d:36:2d:71:1d:
         c7:eb:68:f3:1f:43:8e:22:fc:c2:1c:9e:5c:c4:bc:08:2d:6c:
         43:bf:63:a8:09:b8:52:a6:d0:31:5a:77:54:0b:ce:ae:91:b9:
         30:0a:ac:a6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlXokheo/noi+jXHudPriMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEzN2YyMzk0NGUzZDc4ZGE5MjAwNTVkNzJjNzRkMDJiZTU0
NTVmMzUwHhcNMjQwMTAyMDAzMTUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMGNkNTdiNjllNDZjYjFmNzUwMjY3ZTIwMjZmNzYzMGU5NTY3YjEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlTD3onjcGuCKwyfVJaQ/VU6kzb0B
RRLGMVEbRyr/LswZQ0K42/bqHw/O/FIrJeHNKsslJpw5Cgz/3hrydLmM9nQ8ZyhA
Nezyem8QqvPCttg46Q5Eg3NnygnvYwHJh1PZ5MMQzxC8Nk8HyX9s0pO03gWkIUqZ
37b+CLJGKbyyXODSTwZDz3ESv9RVoYOm83KweGf2KeHnnv3GmJsA1ZSG19mgQ3o9
4evT4KvRIlEHOIJBOx2T0lVj0Ri/yrL+bAaSPbvuxm6v/Ys4AJZvOQo9p3l594jZ
KgywKgqX4Hk3D3idojruQ6DB8qb1NfeAFBN9NIcMh6GUTMIE8Ko/IVbyswIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMDNV7aeRssfdQJn4gJvdjDpVnsQMB8GA1UdIwQY
MBaAFBN/I5ROPXjakgBV1yx00CvlRV81MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRTM4amxFNDllTnFTQUZYWExIVFFLLVZGWHpVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYy80YTE2NGUtMWU1OC00MTA1LWJlZDEt
NDA3YWY4OWFkOGU5LzEvd00xWHRwNUd5eDkxQW1maUFtOTJNT2xXZXhBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYy80YTE2NGUtMWU1OC00MTA1LWJlZDEtNDA3YWY4OWFkOGU5
LzEvRTM4amxFNDllTnFTQUZYWExIVFFLLVZGWHpVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCufz8MA0G
CSqGSIb3DQEBCwUAA4IBAQAwjEotRwbwpEhlUyABvErahU5OvSk/F/XESBHwLyrf
6t+7Q0HKHRFjJ4PJLpJkRJp0ux5XPxJ15MELbqtmzEPooUewmRZlHCdFqWYFriv4
2XZNKieopHpEBja4WXRcjQvdpmsZfr9ZjPPetiJ211h3dqajyV3Wfv2j1xytsFh9
ECRLCeZuKJ5MDE5fWwEczObHhqAn7+diSpAnAfHwzmXzi3WL35+TWurxWGjG10+U
ZGNKh8NNoNlE0KQrVXIhWGFykEYfxOEelZaQ6ojp3Pyj8cT3XTYtcR3H62jzH0OO
IvzCHJ5cxLwILWxDv2OoCbhSptAxWndUC86ukbkwCqym
-----END CERTIFICATE-----