Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/wF5SHYxxKr_U1nVO_VgzCwRfhqo.roa
File:                     wF5SHYxxKr_U1nVO_VgzCwRfhqo.roa (raw, json)
Hash identifier:          gJQaWU/RKGR0c0Rxi3L9fGfy2ebEJaMCujD2f3fOeEE=
Subject key identifier:   C0:5E:52:1D:8C:71:2A:BF:D4:D6:75:4E:FD:58:33:0B:04:5F:86:AA
Certificate issuer:       /CN=885b857706dac54e20ca0d11bd6416cb634203b4
Certificate serial:       018CC7941BFB7C807795009FEA8D14F78F33
Authority key identifier: 88:5B:85:77:06:DA:C5:4E:20:CA:0D:11:BD:64:16:CB:63:42:03:B4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/wF5SHYxxKr_U1nVO_VgzCwRfhqo.roa
Signing time:             Tue 02 Jan 2024 00:30:21 +0000
ROA not before:           Tue 02 Jan 2024 00:30:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51248
IP address blocks:        188.130.208.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 04:00:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:1b:fb:7c:80:77:95:00:9f:ea:8d:14:f7:8f:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=885b857706dac54e20ca0d11bd6416cb634203b4
        Validity
            Not Before: Jan  2 00:30:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c05e521d8c712abfd4d6754efd58330b045f86aa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:7c:96:fa:f9:05:7f:bc:48:7a:6d:da:8c:3a:
                    5b:6c:88:4b:6f:a3:d6:23:fb:fe:66:f0:31:9b:56:
                    41:c4:3f:ed:49:0b:a9:32:b2:2f:c5:35:93:8f:31:
                    a2:f6:d5:53:b4:58:09:33:17:fc:d8:06:26:a2:b1:
                    c9:8d:7b:ec:a4:ba:32:a2:3a:e1:c8:27:2a:68:0a:
                    6d:18:06:5c:fa:1e:f0:a6:94:4f:64:39:18:ec:66:
                    73:d4:8c:41:69:27:d3:ff:c1:b1:71:41:19:a3:99:
                    ec:b6:b7:7e:31:e6:50:fe:3b:c7:7f:ea:c5:b7:ca:
                    19:bb:51:ff:cc:a3:fe:1e:36:05:e6:4c:c6:66:9a:
                    03:29:51:b0:a4:01:5e:ee:94:d7:6d:91:2e:30:de:
                    99:fe:54:59:45:65:92:7d:a3:71:f5:8a:13:97:9e:
                    76:74:bd:f9:8e:df:bb:2f:da:11:22:7b:c4:f0:82:
                    78:d4:47:3b:f8:eb:fe:1d:8d:97:74:ef:37:a2:32:
                    f4:fe:0f:b5:38:9f:45:8a:97:6d:3a:df:19:b9:ee:
                    1f:6c:27:46:fe:82:83:ca:60:71:ec:5e:21:57:1e:
                    4f:5b:8c:12:d1:6d:7e:fa:45:a2:d4:a2:73:00:84:
                    08:20:b4:bb:5f:80:73:88:7c:97:85:da:5d:04:d5:
                    3b:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C0:5E:52:1D:8C:71:2A:BF:D4:D6:75:4E:FD:58:33:0B:04:5F:86:AA
            X509v3 Authority Key Identifier:
                keyid:88:5B:85:77:06:DA:C5:4E:20:CA:0D:11:BD:64:16:CB:63:42:03:B4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/wF5SHYxxKr_U1nVO_VgzCwRfhqo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.130.208.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ae:87:31:ea:75:70:9e:68:15:58:5e:f8:bf:7e:05:14:f4:af:
         50:f0:c8:91:d4:30:cc:3c:35:4c:69:1c:05:12:45:51:6b:dd:
         c4:0c:33:ab:71:84:27:f8:a7:05:2f:20:35:c2:5c:3f:f9:8e:
         1d:9d:ee:b7:9f:d5:a0:d3:aa:14:08:e2:c2:a2:c5:0f:94:36:
         4a:e2:67:c3:84:66:21:9b:15:90:2d:9e:1c:68:9f:05:8e:5d:
         78:cb:f7:78:00:45:fe:76:ca:b4:6b:41:e4:20:af:df:13:9b:
         15:f6:13:0a:1b:2e:69:d7:4b:c5:f4:eb:3b:75:5a:68:04:09:
         2b:cf:03:62:95:5d:2f:9c:53:c8:37:a3:23:b3:53:21:b7:e7:
         6d:79:12:68:0c:44:e4:66:98:ca:64:2c:48:bb:3f:f9:15:69:
         76:53:7a:8f:b0:14:5b:06:d3:06:c1:92:e3:a5:7e:87:35:02:
         2e:28:9a:8b:2b:6f:09:41:d5:c5:9a:0e:53:78:03:e0:44:78:
         7a:f5:71:ae:51:88:32:35:5f:02:c8:7a:ee:d0:bc:79:28:dd:
         2a:41:05:f7:a4:fd:ef:31:3b:81:61:ea:ca:1e:2d:e5:97:ca:
         9e:07:ab:fe:b7:cd:f0:d4:67:e4:3d:80:76:a0:f7:ef:1d:84:
         cb:01:3c:25
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlBv7fIB3lQCf6o0U948zMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4NWI4NTc3MDZkYWM1NGUyMGNhMGQxMWJkNjQxNmNiNjM0
MjAzYjQwHhcNMjQwMTAyMDAzMDIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMDVlNTIxZDhjNzEyYWJmZDRkNjc1NGVmZDU4MzMwYjA0NWY4NmFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtHyW+vkFf7xIem3ajDpbbIhLb6PW
I/v+ZvAxm1ZBxD/tSQupMrIvxTWTjzGi9tVTtFgJMxf82AYmorHJjXvspLoyojrh
yCcqaAptGAZc+h7wppRPZDkY7GZz1IxBaSfT/8GxcUEZo5nstrd+MeZQ/jvHf+rF
t8oZu1H/zKP+HjYF5kzGZpoDKVGwpAFe7pTXbZEuMN6Z/lRZRWWSfaNx9YoTl552
dL35jt+7L9oRInvE8IJ41Ec7+Ov+HY2XdO83ojL0/g+1OJ9FipdtOt8Zue4fbCdG
/oKDymBx7F4hVx5PW4wS0W1++kWi1KJzAIQIILS7X4BziHyXhdpdBNU7awIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMBeUh2McSq/1NZ1Tv1YMwsEX4aqMB8GA1UdIwQY
MBaAFIhbhXcG2sVOIMoNEb1kFstjQgO0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUZ1RmR3YmF4VTRneWcwUnZXUVd5Mk5DQTdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8zMjFjZGMtMjE0My00YjVjLTk3MzMt
MTY2OTljOTZkZDVlLzEvd0Y1U0hZeHhLcl9VMW5WT19WZ3pDd1JmaHFvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8zMjFjZGMtMjE0My00YjVjLTk3MzMtMTY2OTljOTZkZDVl
LzEvaUZ1RmR3YmF4VTRneWcwUnZXUVd5Mk5DQTdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvILQMA0G
CSqGSIb3DQEBCwUAA4IBAQCuhzHqdXCeaBVYXvi/fgUU9K9Q8MiR1DDMPDVMaRwF
EkVRa93EDDOrcYQn+KcFLyA1wlw/+Y4dne63n9Wg06oUCOLCosUPlDZK4mfDhGYh
mxWQLZ4caJ8Fjl14y/d4AEX+dsq0a0HkIK/fE5sV9hMKGy5p10vF9Os7dVpoBAkr
zwNilV0vnFPIN6Mjs1Mht+dteRJoDETkZpjKZCxIuz/5FWl2U3qPsBRbBtMGwZLj
pX6HNQIuKJqLK28JQdXFmg5TeAPgRHh69XGuUYgyNV8CyHru0Lx5KN0qQQX3pP3v
MTuBYerKHi3ll8qeB6v+t83w1GfkPYB2oPfvHYTLATwl
-----END CERTIFICATE-----