Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/60/2f4c80-6ec0-480a-a809-1ef920875e37/1/wPgg6cqy6rf9BO8zaD6ucdD8Be0.roa
File:                     wPgg6cqy6rf9BO8zaD6ucdD8Be0.roa (raw, json)
Hash identifier:          RdjE7LrYg26BEsRadevOuBVgb+toppFi5F+BXDxpKHA=
Subject key identifier:   C0:F8:20:E9:CA:B2:EA:B7:FD:04:EF:33:68:3E:AE:71:D0:FC:05:ED
Certificate issuer:       /CN=c075b143b2c78a039db25bb8ee18fe9254fc90f3
Certificate serial:       018CC4934F7426595D75980E6192D6C0B472
Authority key identifier: C0:75:B1:43:B2:C7:8A:03:9D:B2:5B:B8:EE:18:FE:92:54:FC:90:F3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wHWxQ7LHigOdslu47hj-klT8kPM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/60/2f4c80-6ec0-480a-a809-1ef920875e37/1/wPgg6cqy6rf9BO8zaD6ucdD8Be0.roa
Signing time:             Mon 01 Jan 2024 10:30:37 +0000
ROA not before:           Mon 01 Jan 2024 10:30:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     0
IP address blocks:        195.64.96.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/60/2f4c80-6ec0-480a-a809-1ef920875e37/1/wHWxQ7LHigOdslu47hj-klT8kPM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/60/2f4c80-6ec0-480a-a809-1ef920875e37/1/wHWxQ7LHigOdslu47hj-klT8kPM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wHWxQ7LHigOdslu47hj-klT8kPM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 26 Apr 2024 13:01:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:4f:74:26:59:5d:75:98:0e:61:92:d6:c0:b4:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c075b143b2c78a039db25bb8ee18fe9254fc90f3
        Validity
            Not Before: Jan  1 10:30:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c0f820e9cab2eab7fd04ef33683eae71d0fc05ed
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:fb:cc:ee:19:97:ce:1e:7c:82:bc:b0:dc:b2:
                    14:48:38:12:c9:e1:5e:71:71:35:78:6c:70:05:32:
                    12:d7:2c:ea:5b:ec:d5:1d:ce:f8:20:ae:4f:37:fd:
                    c8:36:c6:0c:fc:ec:24:dd:97:11:59:d4:8a:d5:c5:
                    20:a9:b8:16:5e:78:dd:8b:aa:e2:6e:9d:be:0d:ed:
                    72:97:ea:20:c0:e3:63:f6:05:4d:31:46:98:ec:d2:
                    97:b4:cd:15:c0:0e:0f:ef:7f:f6:f9:e0:5e:b7:d3:
                    70:23:cd:e2:92:ab:39:c6:22:16:1c:02:c6:d8:9e:
                    a3:83:43:bf:f3:e9:ac:0f:1d:70:26:2a:24:3b:52:
                    c4:eb:cf:51:ab:bd:75:28:ec:b2:d4:59:31:47:77:
                    63:d2:a1:a4:70:37:30:7b:20:f9:bd:ee:8f:dc:b1:
                    7c:95:9d:46:9b:5f:cd:d4:95:a2:34:e3:cf:23:60:
                    a3:45:45:c7:ae:76:62:47:94:db:d2:17:e9:f8:f4:
                    c8:d9:7b:0d:98:50:23:19:1e:40:a2:3f:20:d0:ef:
                    75:4d:8c:17:e7:b3:c4:cb:8a:11:1c:5e:fa:c3:0d:
                    bf:b6:e4:84:19:98:84:b5:59:28:d3:fc:58:3b:77:
                    5f:7f:26:a8:ab:48:33:dc:47:9a:f7:a9:6e:30:48:
                    19:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C0:F8:20:E9:CA:B2:EA:B7:FD:04:EF:33:68:3E:AE:71:D0:FC:05:ED
            X509v3 Authority Key Identifier:
                keyid:C0:75:B1:43:B2:C7:8A:03:9D:B2:5B:B8:EE:18:FE:92:54:FC:90:F3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wHWxQ7LHigOdslu47hj-klT8kPM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/60/2f4c80-6ec0-480a-a809-1ef920875e37/1/wPgg6cqy6rf9BO8zaD6ucdD8Be0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/60/2f4c80-6ec0-480a-a809-1ef920875e37/1/wHWxQ7LHigOdslu47hj-klT8kPM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.64.96.0/24

    Signature Algorithm: sha256WithRSAEncryption
         71:8c:66:d1:0a:62:86:6f:1d:27:24:71:c6:54:4b:12:57:40:
         f2:2b:2c:c1:a6:f8:e7:6a:ed:0d:59:e7:a2:7e:a0:46:61:fa:
         b8:fe:59:6d:31:ab:62:44:25:4e:f4:ab:18:5d:26:c6:a7:12:
         d3:e9:c0:1b:67:0c:33:b3:49:63:55:65:8f:9e:c2:6f:d4:f6:
         1a:df:d9:87:31:6a:ba:54:09:08:b2:dc:2a:6f:36:9d:85:2a:
         b6:cd:f8:e7:c0:da:36:9f:58:11:bb:11:85:ec:95:40:23:08:
         ef:e9:1d:76:5f:53:6e:4a:c4:37:2e:4a:6e:34:a8:39:18:1b:
         ed:ad:74:4c:60:3b:f8:3d:c5:19:6a:30:22:d3:7c:e1:29:7f:
         9a:82:4d:59:43:2e:b9:14:be:cb:34:7d:22:78:d5:7e:b1:34:
         14:e5:db:9f:b3:1c:24:40:b5:1b:2c:e8:b6:6e:9b:20:25:15:
         bd:a8:39:25:c0:40:17:14:55:20:32:12:98:ca:14:25:7c:1a:
         71:20:14:b6:04:f9:2f:3e:75:a3:9b:a6:1a:b3:74:06:0b:20:
         12:4b:da:69:b1:14:63:68:17:4d:e3:7f:79:d2:49:20:42:3c:
         c0:ed:17:77:cc:36:f8:f9:22:f5:2b:b9:1c:db:e2:55:37:01:
         55:b8:a2:72
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEk090JllddZgOYZLWwLRyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMwNzViMTQzYjJjNzhhMDM5ZGIyNWJiOGVlMThmZTkyNTRm
YzkwZjMwHhcNMjQwMTAxMTAzMDM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMGY4MjBlOWNhYjJlYWI3ZmQwNGVmMzM2ODNlYWU3MWQwZmMwNWVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApfvM7hmXzh58gryw3LIUSDgSyeFe
cXE1eGxwBTIS1yzqW+zVHc74IK5PN/3INsYM/Owk3ZcRWdSK1cUgqbgWXnjdi6ri
bp2+De1yl+ogwONj9gVNMUaY7NKXtM0VwA4P73/2+eBet9NwI83ikqs5xiIWHALG
2J6jg0O/8+msDx1wJiokO1LE689Rq711KOyy1FkxR3dj0qGkcDcweyD5ve6P3LF8
lZ1Gm1/N1JWiNOPPI2CjRUXHrnZiR5Tb0hfp+PTI2XsNmFAjGR5Aoj8g0O91TYwX
57PEy4oRHF76ww2/tuSEGZiEtVko0/xYO3dffyaoq0gz3Eea96luMEgZiwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMD4IOnKsuq3/QTvM2g+rnHQ/AXtMB8GA1UdIwQY
MBaAFMB1sUOyx4oDnbJbuO4Y/pJU/JDzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd0hXeFE3TEhpZ09kc2x1NDdoai1rbFQ4a1BNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MC8yZjRjODAtNmVjMC00ODBhLWE4MDkt
MWVmOTIwODc1ZTM3LzEvd1BnZzZjcXk2cmY5Qk84emFENnVjZEQ4QmUwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MC8yZjRjODAtNmVjMC00ODBhLWE4MDktMWVmOTIwODc1ZTM3
LzEvd0hXeFE3TEhpZ09kc2x1NDdoai1rbFQ4a1BNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw0BgMA0G
CSqGSIb3DQEBCwUAA4IBAQBxjGbRCmKGbx0nJHHGVEsSV0DyKyzBpvjnau0NWeei
fqBGYfq4/lltMatiRCVO9KsYXSbGpxLT6cAbZwwzs0ljVWWPnsJv1PYa39mHMWq6
VAkIstwqbzadhSq2zfjnwNo2n1gRuxGF7JVAIwjv6R12X1NuSsQ3LkpuNKg5GBvt
rXRMYDv4PcUZajAi03zhKX+agk1ZQy65FL7LNH0ieNV+sTQU5dufsxwkQLUbLOi2
bpsgJRW9qDklwEAXFFUgMhKYyhQlfBpxIBS2BPkvPnWjm6Yas3QGCyASS9ppsRRj
aBdN43950kkgQjzA7Rd3zDb4+SL1K7kc2+JVNwFVuKJy
-----END CERTIFICATE-----