Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/3f5e8c-d377-4f43-8f24-de97e9141fed/1/4-WfO6vi57usPTB05BV5GJ31rGM.roa
File:                     4-WfO6vi57usPTB05BV5GJ31rGM.roa (raw, json)
Hash identifier:          VA1gjhdShA/9i1dmr35uQ85UKyhc+8PsGP0Wp/sm8Mw=
Subject key identifier:   E3:E5:9F:3B:AB:E2:E7:BB:AC:3D:30:74:E4:15:79:18:9D:F5:AC:63
Certificate issuer:       /CN=8d983a07e6db8bc494c88dfbd1317ba810d2d27a
Certificate serial:       019424B3B533E39700B779063F74D4A01137
Authority key identifier: 8D:98:3A:07:E6:DB:8B:C4:94:C8:8D:FB:D1:31:7B:A8:10:D2:D2:7A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jZg6B-bbi8SUyI370TF7qBDS0no.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/3f5e8c-d377-4f43-8f24-de97e9141fed/1/4-WfO6vi57usPTB05BV5GJ31rGM.roa
Signing time:             Thu 02 Jan 2025 01:49:04 +0000
ROA not before:           Thu 02 Jan 2025 01:49:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212606
IP address blocks:        185.178.49.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/3f5e8c-d377-4f43-8f24-de97e9141fed/1/jZg6B-bbi8SUyI370TF7qBDS0no.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/3f5e8c-d377-4f43-8f24-de97e9141fed/1/jZg6B-bbi8SUyI370TF7qBDS0no.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jZg6B-bbi8SUyI370TF7qBDS0no.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 14:28:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:b5:33:e3:97:00:b7:79:06:3f:74:d4:a0:11:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8d983a07e6db8bc494c88dfbd1317ba810d2d27a
        Validity
            Not Before: Jan  2 01:49:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e3e59f3babe2e7bbac3d3074e41579189df5ac63
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:a8:14:eb:bd:c3:5a:45:51:c7:ff:f0:6f:44:
                    28:e4:9b:e5:fa:98:0e:3e:77:26:39:f0:f3:fc:00:
                    a3:85:10:3e:0d:49:f1:59:37:01:3b:33:9b:10:f3:
                    4b:bc:9d:8f:b5:1a:f2:9a:ef:84:3d:cd:16:80:d2:
                    93:43:85:86:d4:7c:23:df:dc:e9:24:30:12:c4:55:
                    70:d3:02:fa:59:06:47:d0:71:77:ab:f6:c1:ba:64:
                    7f:ba:94:83:59:43:3e:a0:d4:5f:f3:ff:fc:ad:6e:
                    cc:c2:96:f6:9f:a1:f6:04:69:79:df:6a:02:55:72:
                    20:7d:f2:51:e0:1b:99:50:83:12:8f:a3:2e:6b:b3:
                    77:60:e7:db:65:fb:19:cc:cc:a2:ae:c0:ec:a6:88:
                    d3:2d:ec:c1:65:90:8e:4b:fa:e0:dc:aa:5b:6e:00:
                    f9:5f:a5:8e:ad:19:6e:90:fc:c8:0e:7f:c8:da:fc:
                    ba:0b:14:05:88:fe:5f:73:b5:9f:28:e0:eb:e5:96:
                    c8:98:9e:fa:cd:22:b4:b3:a6:10:52:9a:59:bb:7f:
                    ab:a0:33:63:6d:ea:96:14:fb:43:4c:49:81:ef:ca:
                    34:f5:f3:0b:0b:0d:6c:aa:f7:f2:c3:65:7c:38:1b:
                    77:5d:bb:06:13:7c:87:16:85:9a:5a:d5:1a:ad:8d:
                    72:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:E5:9F:3B:AB:E2:E7:BB:AC:3D:30:74:E4:15:79:18:9D:F5:AC:63
            X509v3 Authority Key Identifier:
                keyid:8D:98:3A:07:E6:DB:8B:C4:94:C8:8D:FB:D1:31:7B:A8:10:D2:D2:7A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jZg6B-bbi8SUyI370TF7qBDS0no.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/3f5e8c-d377-4f43-8f24-de97e9141fed/1/4-WfO6vi57usPTB05BV5GJ31rGM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/3f5e8c-d377-4f43-8f24-de97e9141fed/1/jZg6B-bbi8SUyI370TF7qBDS0no.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.178.49.0/24

    Signature Algorithm: sha256WithRSAEncryption
         87:65:0a:34:37:cb:01:5b:9a:f7:69:66:d0:9a:b2:fd:09:55:
         81:7a:3f:db:82:77:8c:7a:2f:f2:44:5f:a1:99:7b:07:ee:6e:
         02:49:d6:74:9c:cb:53:6e:0b:e0:92:07:69:f5:a3:72:02:43:
         6d:1c:91:20:b6:11:c0:b2:ba:97:b7:3b:f6:95:b5:c2:11:20:
         05:d8:b1:32:75:8d:50:50:d2:38:28:d2:ef:ad:bd:aa:44:39:
         dd:14:20:be:d0:c0:8a:70:e8:fc:ab:fe:de:d6:1d:38:e5:fb:
         b3:62:7b:e1:12:ef:4f:87:15:13:8b:cf:db:73:6d:8d:bd:12:
         96:a1:5d:30:9f:c1:99:16:f1:33:3f:0f:56:a5:f6:67:f6:39:
         b1:69:c0:a3:1d:30:23:c7:e9:98:7f:f3:1d:4f:16:5e:2d:f8:
         31:4a:6f:b6:73:49:c5:c0:e1:8d:0d:07:9a:ba:d9:f6:15:92:
         8b:31:e6:82:c7:9b:0f:c3:94:cf:6d:d6:10:31:3e:d8:0a:51:
         f4:67:0d:9a:64:bb:2c:5b:34:75:fe:42:b0:cd:18:7e:2d:1f:
         eb:57:89:68:cf:f8:7d:4b:d1:b1:76:26:6e:5c:40:3f:49:a1:
         de:8c:f9:cb:61:0b:b4:73:8a:94:f1:d4:e7:07:e7:57:db:ef:
         9d:ca:64:6e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQks7Uz45cAt3kGP3TUoBE3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkOTgzYTA3ZTZkYjhiYzQ5NGM4OGRmYmQxMzE3YmE4MTBk
MmQyN2EwHhcNMjUwMTAyMDE0OTA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlM2U1OWYzYmFiZTJlN2JiYWMzZDMwNzRlNDE1NzkxODlkZjVhYzYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAragU673DWkVRx//wb0Qo5Jvl+pgO
PncmOfDz/ACjhRA+DUnxWTcBOzObEPNLvJ2PtRrymu+EPc0WgNKTQ4WG1Hwj39zp
JDASxFVw0wL6WQZH0HF3q/bBumR/upSDWUM+oNRf8//8rW7Mwpb2n6H2BGl532oC
VXIgffJR4BuZUIMSj6Mua7N3YOfbZfsZzMyirsDspojTLezBZZCOS/rg3KpbbgD5
X6WOrRlukPzIDn/I2vy6CxQFiP5fc7WfKODr5ZbImJ76zSK0s6YQUppZu3+roDNj
beqWFPtDTEmB78o09fMLCw1sqvfyw2V8OBt3XbsGE3yHFoWaWtUarY1yRwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOPlnzur4ue7rD0wdOQVeRid9axjMB8GA1UdIwQY
MBaAFI2YOgfm24vElMiN+9Exe6gQ0tJ6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvalpnNkItYmJpOFNVeUkzNzBURjdxQkRTMG5vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC8zZjVlOGMtZDM3Ny00ZjQzLThmMjQt
ZGU5N2U5MTQxZmVkLzEvNC1XZk82dmk1N3VzUFRCMDVCVjVHSjMxckdNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC8zZjVlOGMtZDM3Ny00ZjQzLThmMjQtZGU5N2U5MTQxZmVk
LzEvalpnNkItYmJpOFNVeUkzNzBURjdxQkRTMG5vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAubIxMA0G
CSqGSIb3DQEBCwUAA4IBAQCHZQo0N8sBW5r3aWbQmrL9CVWBej/bgneMei/yRF+h
mXsH7m4CSdZ0nMtTbgvgkgdp9aNyAkNtHJEgthHAsrqXtzv2lbXCESAF2LEydY1Q
UNI4KNLvrb2qRDndFCC+0MCKcOj8q/7e1h045fuzYnvhEu9PhxUTi8/bc22NvRKW
oV0wn8GZFvEzPw9WpfZn9jmxacCjHTAjx+mYf/MdTxZeLfgxSm+2c0nFwOGNDQea
utn2FZKLMeaCx5sPw5TPbdYQMT7YClH0Zw2aZLssWzR1/kKwzRh+LR/rV4loz/h9
S9GxdiZuXEA/SaHejPnLYQu0c4qU8dTnB+dX2++dymRu
-----END CERTIFICATE-----