Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/46/a2ec9c-9d76-4e94-9e3a-6f7024c3aad7/1/WdOqlklUlY-sNbaLSfkpvoRt0iM.roa
File:                     WdOqlklUlY-sNbaLSfkpvoRt0iM.roa (raw, json)
Hash identifier:          nFChOa8TYCoMQ8iwf2JuylM1/1NoIavp13ZTbwdNwn8=
Subject key identifier:   59:D3:AA:96:49:54:95:8F:AC:35:B6:8B:49:F9:29:BE:84:6D:D2:23
Certificate issuer:       /CN=b03c302c2f52277e3d0ab6842f68aa5f8d0d7787
Certificate serial:       0194221FF6FAFC7D512FDF12702E89AB73F2
Authority key identifier: B0:3C:30:2C:2F:52:27:7E:3D:0A:B6:84:2F:68:AA:5F:8D:0D:77:87
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sDwwLC9SJ349CraEL2iqX40Nd4c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/46/a2ec9c-9d76-4e94-9e3a-6f7024c3aad7/1/WdOqlklUlY-sNbaLSfkpvoRt0iM.roa
Signing time:             Wed 01 Jan 2025 13:48:27 +0000
ROA not before:           Wed 01 Jan 2025 13:48:27 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     62232
IP address blocks:        91.250.245.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/46/a2ec9c-9d76-4e94-9e3a-6f7024c3aad7/1/sDwwLC9SJ349CraEL2iqX40Nd4c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/46/a2ec9c-9d76-4e94-9e3a-6f7024c3aad7/1/sDwwLC9SJ349CraEL2iqX40Nd4c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sDwwLC9SJ349CraEL2iqX40Nd4c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 16:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:f6:fa:fc:7d:51:2f:df:12:70:2e:89:ab:73:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b03c302c2f52277e3d0ab6842f68aa5f8d0d7787
        Validity
            Not Before: Jan  1 13:48:27 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=59d3aa964954958fac35b68b49f929be846dd223
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:68:a9:50:13:d5:0f:13:5a:d2:08:67:e6:0e:
                    e7:f8:fa:ed:d0:4e:9a:f4:1d:af:87:ce:2b:bc:bf:
                    8e:f7:89:29:15:69:9a:6a:c3:fc:ef:c5:74:65:6a:
                    6a:69:e0:53:38:4b:41:6e:23:8f:a2:27:5e:c7:53:
                    d4:30:50:5c:d2:7f:11:cb:ee:ab:39:69:ee:d1:93:
                    d3:7f:57:21:84:fd:9e:aa:8f:f6:52:3a:21:b2:63:
                    b0:98:03:ec:59:a0:0d:41:5d:98:37:80:69:06:b1:
                    07:f9:ce:5c:b8:0f:39:04:32:7f:07:67:bf:d2:a8:
                    2d:2c:91:1d:fd:74:51:a6:8a:cf:c6:5e:20:6b:36:
                    06:7e:4e:8b:f9:19:af:55:c5:df:35:2b:00:d5:39:
                    2d:b2:21:2a:5d:99:07:50:2b:86:fc:c8:25:37:a9:
                    84:a2:d6:2f:47:0f:a6:20:74:5c:d6:e6:8e:6f:29:
                    d8:83:80:66:f3:f1:67:65:9b:5c:23:09:60:5f:64:
                    25:88:a5:ff:fe:6a:b8:79:04:a8:70:6e:27:3e:7c:
                    54:97:ae:d5:b6:fa:38:7d:99:29:45:78:5c:6c:09:
                    43:5b:6b:0d:8a:10:63:92:ee:d8:ce:5c:a4:45:c7:
                    ed:62:64:78:ad:c0:2e:b6:5f:31:5d:18:61:17:4c:
                    c4:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:D3:AA:96:49:54:95:8F:AC:35:B6:8B:49:F9:29:BE:84:6D:D2:23
            X509v3 Authority Key Identifier:
                keyid:B0:3C:30:2C:2F:52:27:7E:3D:0A:B6:84:2F:68:AA:5F:8D:0D:77:87

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sDwwLC9SJ349CraEL2iqX40Nd4c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/46/a2ec9c-9d76-4e94-9e3a-6f7024c3aad7/1/WdOqlklUlY-sNbaLSfkpvoRt0iM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/46/a2ec9c-9d76-4e94-9e3a-6f7024c3aad7/1/sDwwLC9SJ349CraEL2iqX40Nd4c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.250.245.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3d:a1:3b:cf:30:25:d1:28:5e:02:60:84:35:d1:7b:6c:5d:c5:
         7d:21:f3:09:6f:b7:59:86:c6:0a:bb:23:ea:cc:55:8a:83:9b:
         1e:71:90:50:74:ef:67:94:03:ec:6c:10:6e:ab:5c:3b:85:40:
         8b:4b:30:6e:fa:20:d7:27:63:0d:59:20:cb:85:7b:57:54:dc:
         a0:bd:11:94:b6:87:b7:f5:5f:bd:d3:2d:c1:04:50:d4:de:30:
         26:5e:b5:57:97:65:2e:3c:82:51:1d:19:9a:5d:f8:00:7d:f1:
         4b:8d:51:bb:a1:75:89:a7:98:bc:e0:7a:a7:63:1d:f6:32:5b:
         9e:72:21:13:30:2b:01:ed:fe:70:e2:aa:91:d6:fb:45:9f:85:
         d2:78:bd:e0:07:e9:43:60:9a:75:69:61:98:fe:07:f8:b8:e8:
         ba:6a:e9:ab:1d:72:65:ee:19:eb:78:47:9c:78:35:3b:b8:94:
         e1:55:ff:a6:d6:a1:2b:14:77:6b:15:00:80:d5:31:ea:ea:92:
         70:1d:04:5a:36:79:9c:7c:d2:75:b2:71:08:cf:43:98:00:2c:
         cf:3f:a1:4b:ec:77:cb:b1:19:e8:e8:4d:27:d1:df:56:58:c4:
         2e:7f:0d:74:eb:84:cf:6e:f0:d6:5d:d1:ed:ce:34:8d:1c:8d:
         21:2b:d9:39
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiH/b6/H1RL98ScC6Jq3PyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIwM2MzMDJjMmY1MjI3N2UzZDBhYjY4NDJmNjhhYTVmOGQw
ZDc3ODcwHhcNMjUwMTAxMTM0ODI3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OWQzYWE5NjQ5NTQ5NThmYWMzNWI2OGI0OWY5MjliZTg0NmRkMjIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAimipUBPVDxNa0ghn5g7n+Prt0E6a
9B2vh84rvL+O94kpFWmaasP878V0ZWpqaeBTOEtBbiOPoidex1PUMFBc0n8Ry+6r
OWnu0ZPTf1chhP2eqo/2UjohsmOwmAPsWaANQV2YN4BpBrEH+c5cuA85BDJ/B2e/
0qgtLJEd/XRRporPxl4gazYGfk6L+RmvVcXfNSsA1TktsiEqXZkHUCuG/MglN6mE
otYvRw+mIHRc1uaObynYg4Bm8/FnZZtcIwlgX2QliKX//mq4eQSocG4nPnxUl67V
tvo4fZkpRXhcbAlDW2sNihBjku7YzlykRcftYmR4rcAutl8xXRhhF0zEgQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFnTqpZJVJWPrDW2i0n5Kb6EbdIjMB8GA1UdIwQY
MBaAFLA8MCwvUid+PQq2hC9oql+NDXeHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc0R3d0xDOVNKMzQ5Q3JhRUwyaXFYNDBOZDRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ni9hMmVjOWMtOWQ3Ni00ZTk0LTllM2Et
NmY3MDI0YzNhYWQ3LzEvV2RPcWxrbFVsWS1zTmJhTFNma3B2b1J0MGlNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ni9hMmVjOWMtOWQ3Ni00ZTk0LTllM2EtNmY3MDI0YzNhYWQ3
LzEvc0R3d0xDOVNKMzQ5Q3JhRUwyaXFYNDBOZDRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW/r1MA0G
CSqGSIb3DQEBCwUAA4IBAQA9oTvPMCXRKF4CYIQ10XtsXcV9IfMJb7dZhsYKuyPq
zFWKg5secZBQdO9nlAPsbBBuq1w7hUCLSzBu+iDXJ2MNWSDLhXtXVNygvRGUtoe3
9V+90y3BBFDU3jAmXrVXl2UuPIJRHRmaXfgAffFLjVG7oXWJp5i84HqnYx32Mlue
ciETMCsB7f5w4qqR1vtFn4XSeL3gB+lDYJp1aWGY/gf4uOi6aumrHXJl7hnreEec
eDU7uJThVf+m1qErFHdrFQCA1THq6pJwHQRaNnmcfNJ1snEIz0OYACzPP6FL7HfL
sRno6E0n0d9WWMQufw1064TPbvDWXdHtzjSNHI0hK9k5
-----END CERTIFICATE-----