Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/41/36362a-d91c-4ad4-92c7-1d2513308d21/1/WhUSFUiweGKbr09iXszTe2vszjE.roa
File:                     WhUSFUiweGKbr09iXszTe2vszjE.roa (raw, json)
Hash identifier:          JJZdc9S/OB8ZS05unfpcV4aBVoK1L/o4koaZlM4s9YQ=
Subject key identifier:   5A:15:12:15:48:B0:78:62:9B:AF:4F:62:5E:CC:D3:7B:6B:EC:CE:31
Certificate issuer:       /CN=fc9be4ed4e54b601e6b6a42d0ba04cfb7ab2c3bf
Certificate serial:       018E72079BE3F1284346CC15CEBEE24CE51E
Authority key identifier: FC:9B:E4:ED:4E:54:B6:01:E6:B6:A4:2D:0B:A0:4C:FB:7A:B2:C3:BF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_Jvk7U5UtgHmtqQtC6BM-3qyw78.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/41/36362a-d91c-4ad4-92c7-1d2513308d21/1/WhUSFUiweGKbr09iXszTe2vszjE.roa
Signing time:             Sun 24 Mar 2024 19:54:45 +0000
ROA not before:           Sun 24 Mar 2024 19:54:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49801
IP address blocks:        185.166.105.0/24 maxlen: 24
                          185.166.106.0/24 maxlen: 24
                          185.166.107.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/41/36362a-d91c-4ad4-92c7-1d2513308d21/1/_Jvk7U5UtgHmtqQtC6BM-3qyw78.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/41/36362a-d91c-4ad4-92c7-1d2513308d21/1/_Jvk7U5UtgHmtqQtC6BM-3qyw78.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_Jvk7U5UtgHmtqQtC6BM-3qyw78.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:72:07:9b:e3:f1:28:43:46:cc:15:ce:be:e2:4c:e5:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fc9be4ed4e54b601e6b6a42d0ba04cfb7ab2c3bf
        Validity
            Not Before: Mar 24 19:54:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5a15121548b078629baf4f625eccd37b6becce31
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:4b:c0:3e:3c:f6:60:26:e7:f2:5d:97:25:2f:
                    57:ff:62:68:a6:83:c7:51:5e:25:68:00:b2:64:5c:
                    ef:0b:d0:14:09:ce:57:6f:ed:af:f7:2b:82:82:8a:
                    45:c1:e8:b5:4f:c2:b9:aa:9c:ac:56:cb:d8:87:77:
                    4a:fb:24:df:4f:28:18:94:f3:c2:ed:7d:2d:8e:f8:
                    fb:04:1e:cb:e1:43:8a:a9:71:64:43:1c:f1:f4:b6:
                    1e:5f:b8:3f:c8:0e:28:c6:14:9d:1b:10:7f:40:1a:
                    3e:fb:48:a5:23:b5:ba:f7:74:e5:b8:4b:22:de:ec:
                    c8:85:4a:04:ac:9e:78:41:e6:8d:b2:49:fb:24:f1:
                    f0:7c:e2:82:0b:33:0d:8b:49:99:f0:b0:2d:51:1b:
                    63:13:ea:b7:6a:7f:5c:e4:44:3e:c4:b3:22:5d:2a:
                    cd:ef:0d:a7:c5:45:c4:71:28:46:e1:c8:da:32:4f:
                    9b:69:d6:7f:59:58:30:e2:00:ab:6e:09:14:d5:b8:
                    b4:44:b0:f3:e6:67:20:43:1f:3b:dd:e8:13:44:ee:
                    5c:ac:5c:86:a6:95:66:31:c2:ad:1e:c5:58:a8:1f:
                    1e:ff:ea:3b:4b:da:0f:25:1f:bd:f6:5f:f9:4b:ba:
                    5e:12:b6:29:eb:90:7d:e6:1f:69:46:ef:21:b9:21:
                    2c:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5A:15:12:15:48:B0:78:62:9B:AF:4F:62:5E:CC:D3:7B:6B:EC:CE:31
            X509v3 Authority Key Identifier:
                keyid:FC:9B:E4:ED:4E:54:B6:01:E6:B6:A4:2D:0B:A0:4C:FB:7A:B2:C3:BF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_Jvk7U5UtgHmtqQtC6BM-3qyw78.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/41/36362a-d91c-4ad4-92c7-1d2513308d21/1/WhUSFUiweGKbr09iXszTe2vszjE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/41/36362a-d91c-4ad4-92c7-1d2513308d21/1/_Jvk7U5UtgHmtqQtC6BM-3qyw78.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.166.105.0-185.166.107.255

    Signature Algorithm: sha256WithRSAEncryption
         8d:13:9a:ed:b0:69:fa:e4:61:e1:18:30:df:a2:bd:cb:11:fc:
         3a:aa:80:89:65:8d:19:d0:88:6c:1b:84:02:db:bf:8e:ee:81:
         34:f9:c8:af:8b:ea:b8:27:d9:90:30:dd:92:31:0e:07:df:22:
         a6:49:37:e1:61:66:6f:e3:3e:e9:d2:28:1f:08:7a:e4:51:f3:
         10:86:a6:dd:ed:bf:59:76:34:fe:db:24:53:51:cc:b5:b1:38:
         0d:b9:f9:50:66:59:f3:09:ef:4c:e1:e6:a8:64:b0:54:25:8d:
         08:97:45:67:1e:a9:02:cb:3b:07:15:70:a9:ef:f2:0b:dd:a6:
         32:fb:d0:79:3d:1d:c8:4e:d6:10:dc:d6:eb:5f:42:20:49:94:
         50:bb:bc:15:a9:d9:66:2e:54:e7:8d:76:07:26:51:45:65:8a:
         23:8f:3c:7a:9b:ab:d0:03:93:a8:9b:93:8c:10:6b:19:a0:87:
         f1:6d:1e:50:ee:f4:f5:db:15:28:89:78:1a:a3:ba:e8:00:39:
         62:97:99:3b:56:2f:af:fb:7e:df:5c:ce:30:43:aa:d0:fc:95:
         e8:75:5c:e7:43:a2:19:7c:f5:56:d8:42:ab:dc:cb:bd:96:c3:
         5b:2b:44:18:50:6c:82:78:53:69:47:74:5c:69:e5:64:c3:54:
         94:1d:b9:5a
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAY5yB5vj8ShDRswVzr7iTOUeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZjOWJlNGVkNGU1NGI2MDFlNmI2YTQyZDBiYTA0Y2ZiN2Fi
MmMzYmYwHhcNMjQwMzI0MTk1NDQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YTE1MTIxNTQ4YjA3ODYyOWJhZjRmNjI1ZWNjZDM3YjZiZWNjZTMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk0vAPjz2YCbn8l2XJS9X/2JopoPH
UV4laACyZFzvC9AUCc5Xb+2v9yuCgopFwei1T8K5qpysVsvYh3dK+yTfTygYlPPC
7X0tjvj7BB7L4UOKqXFkQxzx9LYeX7g/yA4oxhSdGxB/QBo++0ilI7W693TluEsi
3uzIhUoErJ54QeaNskn7JPHwfOKCCzMNi0mZ8LAtURtjE+q3an9c5EQ+xLMiXSrN
7w2nxUXEcShG4cjaMk+badZ/WVgw4gCrbgkU1bi0RLDz5mcgQx873egTRO5crFyG
ppVmMcKtHsVYqB8e/+o7S9oPJR+99l/5S7peErYp65B95h9pRu8huSEsLwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFFoVEhVIsHhim69PYl7M03tr7M4xMB8GA1UdIwQY
MBaAFPyb5O1OVLYB5rakLQugTPt6ssO/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX0p2azdVNVV0Z0htdHFRdEM2Qk0tM3F5dzc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MS8zNjM2MmEtZDkxYy00YWQ0LTkyYzct
MWQyNTEzMzA4ZDIxLzEvV2hVU0ZVaXdlR0ticjA5aVhzelRlMnZzempFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MS8zNjM2MmEtZDkxYy00YWQ0LTkyYzctMWQyNTEzMzA4ZDIx
LzEvX0p2azdVNVV0Z0htdHFRdEM2Qk0tM3F5dzc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAC5pmkD
BAK5pmgwDQYJKoZIhvcNAQELBQADggEBAI0Tmu2wafrkYeEYMN+ivcsR/DqqgIll
jRnQiGwbhALbv47ugTT5yK+L6rgn2ZAw3ZIxDgffIqZJN+FhZm/jPunSKB8IeuRR
8xCGpt3tv1l2NP7bJFNRzLWxOA25+VBmWfMJ70zh5qhksFQljQiXRWceqQLLOwcV
cKnv8gvdpjL70Hk9HchO1hDc1utfQiBJlFC7vBWp2WYuVOeNdgcmUUVliiOPPHqb
q9ADk6ibk4wQaxmgh/FtHlDu9PXbFSiJeBqjuugAOWKXmTtWL6/7ft9czjBDqtD8
leh1XOdDohl89VbYQqvcy72Ww1srRBhQbIJ4U2lHdFxp5WTDVJQduVo=
-----END CERTIFICATE-----