Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4d/c8092e-9f8c-4718-b770-c29b44de53a8/1/wqK3FOzJ1TS01XVGxDFeoBFE4I4.roa
File:                     wqK3FOzJ1TS01XVGxDFeoBFE4I4.roa (raw, json)
Hash identifier:          RLgg0bpypFuMrpRUFWPxvPw5NCUNokCtUyTAA/Pl8N0=
Subject key identifier:   C2:A2:B7:14:EC:C9:D5:34:B4:D5:75:46:C4:31:5E:A0:11:44:E0:8E
Certificate issuer:       /CN=5d39d15bd2fcc84771ba6aa29aa54428b21cef60
Certificate serial:       018CC94AB8BC6CC804F814144CEE0C0D3894
Authority key identifier: 5D:39:D1:5B:D2:FC:C8:47:71:BA:6A:A2:9A:A5:44:28:B2:1C:EF:60
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XTnRW9L8yEdxumqimqVEKLIc72A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4d/c8092e-9f8c-4718-b770-c29b44de53a8/1/wqK3FOzJ1TS01XVGxDFeoBFE4I4.roa
Signing time:             Tue 02 Jan 2024 08:29:26 +0000
ROA not before:           Tue 02 Jan 2024 08:29:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39235
IP address blocks:        77.95.192.0/21 maxlen: 21
                          80.251.240.0/20 maxlen: 20

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4d/c8092e-9f8c-4718-b770-c29b44de53a8/1/XTnRW9L8yEdxumqimqVEKLIc72A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4d/c8092e-9f8c-4718-b770-c29b44de53a8/1/XTnRW9L8yEdxumqimqVEKLIc72A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XTnRW9L8yEdxumqimqVEKLIc72A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4a:b8:bc:6c:c8:04:f8:14:14:4c:ee:0c:0d:38:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5d39d15bd2fcc84771ba6aa29aa54428b21cef60
        Validity
            Not Before: Jan  2 08:29:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c2a2b714ecc9d534b4d57546c4315ea01144e08e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:94:7b:06:86:04:e6:03:70:d0:9c:f2:cb:7e:
                    e4:85:9c:8f:01:c0:45:30:89:99:ae:81:fa:7b:4f:
                    51:1b:89:6a:f4:6a:31:e1:a7:8d:18:ac:b3:43:ce:
                    f6:0b:14:75:a7:70:ac:58:c0:11:22:b2:06:e2:99:
                    ce:bb:73:af:16:61:7f:80:49:ea:c8:96:d8:3c:a8:
                    10:1d:11:8d:fa:18:cd:6b:91:8a:0b:95:c8:51:5b:
                    ab:5f:7d:80:7d:51:3c:78:6d:14:f2:af:45:96:32:
                    f9:ba:ce:c6:80:dc:02:c9:b0:55:dc:8c:a6:71:65:
                    89:44:bf:42:6a:e3:79:ce:57:49:b8:3a:fd:2f:1b:
                    7b:ec:3d:48:39:15:d4:b0:ee:c2:61:2f:78:1c:16:
                    7c:5a:bb:18:60:c7:98:98:b8:2f:52:64:9b:00:67:
                    f3:23:50:6e:cf:14:e3:9e:0d:8b:47:51:a9:1e:63:
                    5b:ac:13:e4:22:37:c1:ee:84:7d:f7:34:13:23:5f:
                    3f:39:cf:2f:0c:82:12:07:59:98:3e:fa:c9:c9:26:
                    c2:54:75:e5:1c:a1:6e:dd:08:ba:6f:e1:30:fa:c7:
                    a2:04:08:08:9f:d9:ae:49:cb:c1:be:d0:22:b3:e2:
                    73:9d:2b:95:45:72:08:18:3d:6c:7b:46:e3:06:29:
                    b6:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C2:A2:B7:14:EC:C9:D5:34:B4:D5:75:46:C4:31:5E:A0:11:44:E0:8E
            X509v3 Authority Key Identifier:
                keyid:5D:39:D1:5B:D2:FC:C8:47:71:BA:6A:A2:9A:A5:44:28:B2:1C:EF:60

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XTnRW9L8yEdxumqimqVEKLIc72A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/c8092e-9f8c-4718-b770-c29b44de53a8/1/wqK3FOzJ1TS01XVGxDFeoBFE4I4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/c8092e-9f8c-4718-b770-c29b44de53a8/1/XTnRW9L8yEdxumqimqVEKLIc72A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.95.192.0/21
                  80.251.240.0/20

    Signature Algorithm: sha256WithRSAEncryption
         2d:5b:4f:ca:a7:d5:38:7e:fb:c0:68:8d:db:60:3e:f5:80:30:
         34:2b:97:2a:8e:7a:0f:97:ea:ee:21:be:76:4c:51:00:c2:ba:
         73:4f:31:d9:40:88:a6:43:52:91:12:64:86:89:f2:b9:23:36:
         78:f0:74:15:63:b4:23:b0:7c:70:6e:08:56:7b:15:b6:b5:59:
         eb:6c:d9:16:ad:1e:92:d5:ec:b6:67:5a:83:83:de:eb:8b:93:
         44:aa:69:17:fc:bc:26:99:3e:82:cf:17:19:23:51:67:3d:1a:
         d1:32:4e:ea:86:bb:1d:8f:17:d5:95:e9:15:5e:7f:e5:34:c3:
         5a:38:99:5d:e2:8a:42:49:6b:ec:2c:f2:ce:92:3c:f3:05:ed:
         81:ac:ce:e9:38:e6:4f:aa:7f:03:bf:4e:1e:60:43:38:33:2b:
         65:48:a6:cb:18:ed:5c:06:7d:95:d1:92:5a:c6:84:03:1f:5f:
         8e:03:56:19:e1:87:43:95:43:64:01:dd:cd:fe:10:15:b3:60:
         4e:b4:5c:b6:01:0d:71:e9:40:e8:14:53:a0:29:97:6c:c0:86:
         6f:e1:3c:db:9b:7f:d8:de:4f:51:e9:01:f6:97:88:fe:15:6b:
         df:66:dd:bf:05:4d:5c:bb:c0:7e:e0:58:a9:a9:55:6e:c4:43:
         6d:24:16:3e
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzJSri8bMgE+BQUTO4MDTiUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVkMzlkMTViZDJmY2M4NDc3MWJhNmFhMjlhYTU0NDI4YjIx
Y2VmNjAwHhcNMjQwMTAyMDgyOTI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMmEyYjcxNGVjYzlkNTM0YjRkNTc1NDZjNDMxNWVhMDExNDRlMDhlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy5R7BoYE5gNw0Jzyy37khZyPAcBF
MImZroH6e09RG4lq9Gox4aeNGKyzQ872CxR1p3CsWMARIrIG4pnOu3OvFmF/gEnq
yJbYPKgQHRGN+hjNa5GKC5XIUVurX32AfVE8eG0U8q9FljL5us7GgNwCybBV3Iym
cWWJRL9CauN5zldJuDr9Lxt77D1IORXUsO7CYS94HBZ8WrsYYMeYmLgvUmSbAGfz
I1BuzxTjng2LR1GpHmNbrBPkIjfB7oR99zQTI18/Oc8vDIISB1mYPvrJySbCVHXl
HKFu3Qi6b+Ew+seiBAgIn9muScvBvtAis+JznSuVRXIIGD1se0bjBim2NwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFMKitxTsydU0tNV1RsQxXqARROCOMB8GA1UdIwQY
MBaAFF050VvS/MhHcbpqopqlRCiyHO9gMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWFRuUlc5TDh5RWR4dW1xaW1xVkVLTEljNzJBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZC9jODA5MmUtOWY4Yy00NzE4LWI3NzAt
YzI5YjQ0ZGU1M2E4LzEvd3FLM0ZPekoxVFMwMVhWR3hERmVvQkZFNEk0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZC9jODA5MmUtOWY4Yy00NzE4LWI3NzAtYzI5YjQ0ZGU1M2E4
LzEvWFRuUlc5TDh5RWR4dW1xaW1xVkVLTEljNzJBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQDTV/AAwQE
UPvwMA0GCSqGSIb3DQEBCwUAA4IBAQAtW0/Kp9U4fvvAaI3bYD71gDA0K5cqjnoP
l+ruIb52TFEAwrpzTzHZQIimQ1KREmSGifK5IzZ48HQVY7QjsHxwbghWexW2tVnr
bNkWrR6S1ey2Z1qDg97ri5NEqmkX/LwmmT6CzxcZI1FnPRrRMk7qhrsdjxfVlekV
Xn/lNMNaOJld4opCSWvsLPLOkjzzBe2BrM7pOOZPqn8Dv04eYEM4MytlSKbLGO1c
Bn2V0ZJaxoQDH1+OA1YZ4YdDlUNkAd3N/hAVs2BOtFy2AQ1x6UDoFFOgKZdswIZv
4Tzbm3/Y3k9R6QH2l4j+FWvfZt2/BU1cu8B+4FipqVVuxENtJBY+
-----END CERTIFICATE-----