Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/wYGywI43ms2YZGVF9xJb6kbeHy8.roa
File:                     wYGywI43ms2YZGVF9xJb6kbeHy8.roa (raw, json)
Hash identifier:          /8nEPcvEhLnGa82AsTCFBKS4obOTeiFn4aElU7ESiaw=
Subject key identifier:   C1:81:B2:C0:8E:37:9A:CD:98:64:65:45:F7:12:5B:EA:46:DE:1F:2F
Certificate issuer:       /CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
Certificate serial:       0194258FE0381CB6BFD9C1D72DD83615DD75
Authority key identifier: 74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/wYGywI43ms2YZGVF9xJb6kbeHy8.roa
Signing time:             Thu 02 Jan 2025 05:49:33 +0000
ROA not before:           Thu 02 Jan 2025 05:49:33 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     62247
IP address blocks:        93.170.82.0/24 maxlen: 24
                          93.171.213.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 14:28:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:e0:38:1c:b6:bf:d9:c1:d7:2d:d8:36:15:dd:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
        Validity
            Not Before: Jan  2 05:49:33 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c181b2c08e379acd98646545f7125bea46de1f2f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:6e:94:4c:c0:b7:3a:3e:77:06:ba:ea:96:99:
                    a9:24:f9:a6:71:26:cb:7c:61:d1:96:85:51:75:dd:
                    d3:7b:d5:da:6a:6e:51:8d:6c:dd:46:bc:d5:69:e6:
                    aa:b0:87:76:9d:6d:c9:17:ff:c5:e1:74:32:60:20:
                    e2:19:56:40:30:91:4e:7f:d2:ba:12:37:ec:64:c4:
                    eb:73:dc:0b:f9:7a:4a:aa:59:82:fe:19:26:ea:43:
                    24:8a:19:c3:1a:93:5b:a1:d9:58:61:41:cd:64:ff:
                    fe:ec:d1:0f:3b:ea:23:4b:95:9c:3d:24:ab:16:87:
                    c1:1e:a7:e3:39:e6:38:b4:3a:e4:73:fb:91:d7:0a:
                    d6:fc:fd:97:c0:3c:b5:86:55:a0:d8:93:3d:6d:1b:
                    23:1c:23:2d:5e:05:90:41:62:f9:3a:a4:23:e6:30:
                    f9:54:c5:25:a3:56:a3:8e:32:bf:d0:43:3c:af:08:
                    e9:7e:0a:a5:be:7a:98:5b:ef:4e:8c:31:c9:85:c6:
                    78:f4:7c:e3:25:7f:b6:b3:8b:4b:1f:bb:c4:cf:03:
                    7a:ab:05:fe:e6:d9:23:47:1b:4f:b5:5c:53:33:d6:
                    9c:e4:c9:b2:7c:9f:d9:13:70:02:b1:d1:ec:cf:40:
                    3a:79:48:9b:1e:3b:48:53:4f:80:13:39:43:e0:a5:
                    ef:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:81:B2:C0:8E:37:9A:CD:98:64:65:45:F7:12:5B:EA:46:DE:1F:2F
            X509v3 Authority Key Identifier:
                keyid:74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/wYGywI43ms2YZGVF9xJb6kbeHy8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.170.82.0/24
                  93.171.213.0/24

    Signature Algorithm: sha256WithRSAEncryption
         79:6d:92:df:0f:f4:9e:05:24:24:18:85:a1:f4:ae:e0:41:01:
         4c:64:2c:56:f7:0b:76:19:b1:b7:cf:7d:6d:30:38:c6:cf:1d:
         91:64:05:9f:05:c1:88:ab:1c:84:cf:a7:03:98:98:31:8b:3c:
         7a:51:58:2b:06:35:a5:e9:bf:40:61:92:0e:33:79:26:c2:63:
         f4:57:62:72:e9:72:47:82:d6:df:10:61:88:c1:e8:5b:55:59:
         ad:58:1c:2a:59:5b:c9:be:ad:3a:64:8f:64:6a:67:e5:37:c7:
         20:69:2c:58:64:99:ca:18:70:0d:54:e8:9f:ee:28:ac:b4:74:
         28:31:18:29:9a:0e:1a:85:1e:d5:8e:23:aa:c3:d6:c8:60:92:
         16:e8:29:a6:57:09:e0:94:db:b0:1b:26:f7:9d:0c:7a:78:6c:
         1b:65:13:27:19:c1:11:11:1c:81:51:73:ab:76:45:79:f0:a4:
         3c:03:71:62:62:3c:0c:f6:71:75:aa:54:6c:e0:25:3b:2e:b3:
         2b:df:2c:09:bc:62:6b:13:bd:19:d3:ba:bb:e7:91:ca:ec:f0:
         c3:ec:57:a9:c6:92:ce:13:be:03:6c:3e:b0:19:2c:c0:4e:e8:
         e6:af:12:d5:bb:f9:31:c6:ba:af:92:66:c2:3e:85:77:81:fd:
         91:fa:73:02
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQlj+A4HLa/2cHXLdg2Fd11MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0OTEyMmMzNTQzOGE0ZWIyNjIzM2ZkYzZlNGJiMWRmMmRh
YWVmNDIwHhcNMjUwMTAyMDU0OTMzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMTgxYjJjMDhlMzc5YWNkOTg2NDY1NDVmNzEyNWJlYTQ2ZGUxZjJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoW6UTMC3Oj53BrrqlpmpJPmmcSbL
fGHRloVRdd3Te9Xaam5RjWzdRrzVaeaqsId2nW3JF//F4XQyYCDiGVZAMJFOf9K6
EjfsZMTrc9wL+XpKqlmC/hkm6kMkihnDGpNbodlYYUHNZP/+7NEPO+ojS5WcPSSr
FofBHqfjOeY4tDrkc/uR1wrW/P2XwDy1hlWg2JM9bRsjHCMtXgWQQWL5OqQj5jD5
VMUlo1ajjjK/0EM8rwjpfgqlvnqYW+9OjDHJhcZ49HzjJX+2s4tLH7vEzwN6qwX+
5tkjRxtPtVxTM9ac5MmyfJ/ZE3ACsdHsz0A6eUibHjtIU0+AEzlD4KXvYwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFMGBssCON5rNmGRlRfcSW+pG3h8vMB8GA1UdIwQY
MBaAFHSRIsNUOKTrJiM/3G5Lsd8tqu9CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQt
MDYyYzY5MzNhYmVkLzEvd1lHeXdJNDNtczJZWkdWRjl4SmI2a2JlSHk4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQtMDYyYzY5MzNhYmVk
LzEvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAXapSAwQA
XavVMA0GCSqGSIb3DQEBCwUAA4IBAQB5bZLfD/SeBSQkGIWh9K7gQQFMZCxW9wt2
GbG3z31tMDjGzx2RZAWfBcGIqxyEz6cDmJgxizx6UVgrBjWl6b9AYZIOM3kmwmP0
V2Jy6XJHgtbfEGGIwehbVVmtWBwqWVvJvq06ZI9kamflN8cgaSxYZJnKGHANVOif
7iistHQoMRgpmg4ahR7VjiOqw9bIYJIW6CmmVwnglNuwGyb3nQx6eGwbZRMnGcER
ERyBUXOrdkV58KQ8A3FiYjwM9nF1qlRs4CU7LrMr3ywJvGJrE70Z07q755HK7PDD
7FepxpLOE74DbD6wGSzATujmrxLVu/kxxrqvkmbCPoV3gf2R+nMC
-----END CERTIFICATE-----