Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/23190c-e1a0-4ba4-b1d8-a102be382e51/1/wzW0DsNT9ZnSjkoq7Ump_WS_e9U.roa
File:                     wzW0DsNT9ZnSjkoq7Ump_WS_e9U.roa (raw, json)
Hash identifier:          e07sk8eGkIqDqbySdxdfHP64XP/zlw9tZ6QeWXfYG+M=
Subject key identifier:   C3:35:B4:0E:C3:53:F5:99:D2:8E:4A:2A:ED:49:A9:FD:64:BF:7B:D5
Certificate issuer:       /CN=ef7fd5d33061a9de920af1c2a13513d46dd24612
Certificate serial:       018F5815D53AA80363E0226984F0F3EE4E16
Authority key identifier: EF:7F:D5:D3:30:61:A9:DE:92:0A:F1:C2:A1:35:13:D4:6D:D2:46:12
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/73_V0zBhqd6SCvHCoTUT1G3SRhI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/23190c-e1a0-4ba4-b1d8-a102be382e51/1/wzW0DsNT9ZnSjkoq7Ump_WS_e9U.roa
Signing time:             Wed 08 May 2024 12:02:56 +0000
ROA not before:           Wed 08 May 2024 12:02:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     4755
IP address blocks:        193.32.247.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/23190c-e1a0-4ba4-b1d8-a102be382e51/1/73_V0zBhqd6SCvHCoTUT1G3SRhI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/23190c-e1a0-4ba4-b1d8-a102be382e51/1/73_V0zBhqd6SCvHCoTUT1G3SRhI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/73_V0zBhqd6SCvHCoTUT1G3SRhI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:12:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:58:15:d5:3a:a8:03:63:e0:22:69:84:f0:f3:ee:4e:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ef7fd5d33061a9de920af1c2a13513d46dd24612
        Validity
            Not Before: May  8 12:02:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c335b40ec353f599d28e4a2aed49a9fd64bf7bd5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:89:e1:d0:91:3d:b0:89:2e:94:03:29:83:09:
                    50:a6:4e:88:18:d4:33:42:b8:8c:0b:40:fa:b2:43:
                    fa:8d:df:da:b5:5e:c9:6d:03:53:59:cc:d6:01:81:
                    5d:97:87:07:25:2a:37:e5:f6:47:8b:36:2b:d2:f9:
                    21:56:86:af:fe:19:27:b8:01:96:47:15:fa:77:29:
                    2e:2d:67:84:56:05:ef:8f:6a:b7:2d:85:6a:e5:9b:
                    5a:88:6f:ee:8c:d2:93:5c:93:00:3f:f4:d0:7c:b8:
                    db:a8:f6:8f:ac:05:80:45:e6:44:10:37:f3:24:62:
                    2a:76:eb:31:cf:d2:23:d4:ec:60:c2:6b:a2:7b:35:
                    de:56:34:ca:cd:54:28:38:1c:2e:ec:0e:c4:bb:14:
                    60:3f:85:d4:f3:fd:95:d8:40:14:85:72:be:33:41:
                    60:a2:e4:8e:90:09:58:60:95:a7:0e:0b:16:9d:a5:
                    0b:94:8e:5b:eb:2d:c6:3d:77:f3:b8:52:b1:78:76:
                    49:96:c8:8e:e4:b5:90:90:1c:a8:9f:3f:ca:65:42:
                    23:28:fe:1b:3a:7f:03:99:7e:48:0b:5a:93:00:0c:
                    d0:de:d9:df:07:8d:ac:62:0e:b8:44:9f:7f:30:51:
                    0a:14:4f:87:7e:06:50:ec:af:2f:f9:f9:7d:40:ec:
                    ad:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C3:35:B4:0E:C3:53:F5:99:D2:8E:4A:2A:ED:49:A9:FD:64:BF:7B:D5
            X509v3 Authority Key Identifier:
                keyid:EF:7F:D5:D3:30:61:A9:DE:92:0A:F1:C2:A1:35:13:D4:6D:D2:46:12

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/73_V0zBhqd6SCvHCoTUT1G3SRhI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/23190c-e1a0-4ba4-b1d8-a102be382e51/1/wzW0DsNT9ZnSjkoq7Ump_WS_e9U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/23190c-e1a0-4ba4-b1d8-a102be382e51/1/73_V0zBhqd6SCvHCoTUT1G3SRhI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.32.247.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6e:16:72:da:32:88:8b:11:99:fb:f1:08:aa:d8:76:4b:08:0d:
         2e:51:80:d3:b7:87:7c:2e:d1:17:20:b9:b1:1b:9f:61:6b:62:
         00:a4:76:99:7f:ae:de:cc:3a:ed:ad:3b:37:43:17:d9:db:6c:
         04:c5:61:d6:a9:98:40:25:b3:65:a6:40:81:2a:ad:8d:ce:b7:
         0b:8d:17:f0:d0:f4:7e:58:9e:39:aa:94:67:d0:fb:c1:8f:59:
         0d:44:40:98:c4:cf:2d:e7:0d:86:d6:b3:f4:72:ab:77:f4:91:
         a4:1f:38:10:42:b1:ad:4e:81:db:b0:ba:31:b5:98:53:08:41:
         ad:17:f6:8a:b6:b4:69:b6:c1:75:1e:09:f0:6d:00:81:fa:a5:
         1f:70:97:71:74:bd:9f:10:49:62:9d:4f:e7:42:74:1b:f1:7d:
         6f:de:c2:2e:9f:4e:da:6d:cd:72:61:de:58:a3:61:aa:da:df:
         b7:51:57:fe:26:9a:54:3a:06:b1:30:4c:25:d5:5b:f3:22:53:
         b6:14:25:18:75:e9:23:2d:88:df:4d:ec:ed:ce:2a:68:18:7c:
         2e:b8:ef:d2:fc:12:ac:5c:11:1a:f3:74:b6:b1:58:99:e1:57:
         6e:28:cb:65:df:87:35:ed:40:18:8d:7d:14:c3:a8:44:91:4e:
         99:7d:ca:f9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY9YFdU6qANj4CJphPDz7k4WMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVmN2ZkNWQzMzA2MWE5ZGU5MjBhZjFjMmExMzUxM2Q0NmRk
MjQ2MTIwHhcNMjQwNTA4MTIwMjU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMzM1YjQwZWMzNTNmNTk5ZDI4ZTRhMmFlZDQ5YTlmZDY0YmY3YmQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvonh0JE9sIkulAMpgwlQpk6IGNQz
QriMC0D6skP6jd/atV7JbQNTWczWAYFdl4cHJSo35fZHizYr0vkhVoav/hknuAGW
RxX6dykuLWeEVgXvj2q3LYVq5ZtaiG/ujNKTXJMAP/TQfLjbqPaPrAWAReZEEDfz
JGIqdusxz9Ij1OxgwmuiezXeVjTKzVQoOBwu7A7EuxRgP4XU8/2V2EAUhXK+M0Fg
ouSOkAlYYJWnDgsWnaULlI5b6y3GPXfzuFKxeHZJlsiO5LWQkByonz/KZUIjKP4b
On8DmX5IC1qTAAzQ3tnfB42sYg64RJ9/MFEKFE+HfgZQ7K8v+fl9QOytcQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMM1tA7DU/WZ0o5KKu1Jqf1kv3vVMB8GA1UdIwQY
MBaAFO9/1dMwYanekgrxwqE1E9Rt0kYSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNzNfVjB6QmhxZDZTQ3ZIQ29UVVQxRzNTUmhJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8yMzE5MGMtZTFhMC00YmE0LWIxZDgt
YTEwMmJlMzgyZTUxLzEvd3pXMERzTlQ5Wm5TamtvcTdVbXBfV1NfZTlVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8yMzE5MGMtZTFhMC00YmE0LWIxZDgtYTEwMmJlMzgyZTUx
LzEvNzNfVjB6QmhxZDZTQ3ZIQ29UVVQxRzNTUmhJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwSD3MA0G
CSqGSIb3DQEBCwUAA4IBAQBuFnLaMoiLEZn78Qiq2HZLCA0uUYDTt4d8LtEXILmx
G59ha2IApHaZf67ezDrtrTs3QxfZ22wExWHWqZhAJbNlpkCBKq2NzrcLjRfw0PR+
WJ45qpRn0PvBj1kNRECYxM8t5w2G1rP0cqt39JGkHzgQQrGtToHbsLoxtZhTCEGt
F/aKtrRptsF1HgnwbQCB+qUfcJdxdL2fEElinU/nQnQb8X1v3sIun07abc1yYd5Y
o2Gq2t+3UVf+JppUOgaxMEwl1VvzIlO2FCUYdekjLYjfTeztzipoGHwuuO/S/BKs
XBEa83S2sViZ4VduKMtl34c17UAYjX0Uw6hEkU6Zfcr5
-----END CERTIFICATE-----