Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/67/a59390-8048-43b9-82b5-761dab389b5b/1/pWgX5JiF8p7IJPd1N7EyBTiovEk.roa
File:                     pWgX5JiF8p7IJPd1N7EyBTiovEk.roa (raw, json)
Hash identifier:          b0ArhWGdNOXnp+wzwnp1QcD9Bn6HmXnGIfByPMG51fs=
Subject key identifier:   A5:68:17:E4:98:85:F2:9E:C8:24:F7:75:37:B1:32:05:38:A8:BC:49
Certificate issuer:       /CN=87107e3fd9b94b4b36e6a8f370e8650a7f57e6c3
Certificate serial:       019560A45EEC531C0145A2EDE05613B865F2
Authority key identifier: 87:10:7E:3F:D9:B9:4B:4B:36:E6:A8:F3:70:E8:65:0A:7F:57:E6:C3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hxB-P9m5S0s25qjzcOhlCn9X5sM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/67/a59390-8048-43b9-82b5-761dab389b5b/1/pWgX5JiF8p7IJPd1N7EyBTiovEk.roa
Signing time:             Tue 04 Mar 2025 10:12:19 +0000
ROA not before:           Tue 04 Mar 2025 10:12:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     30784
IP address blocks:        79.172.64.0/18 maxlen: 24
                          81.200.0.0/19 maxlen: 24
                          82.199.96.0/19 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/67/a59390-8048-43b9-82b5-761dab389b5b/1/hxB-P9m5S0s25qjzcOhlCn9X5sM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/67/a59390-8048-43b9-82b5-761dab389b5b/1/hxB-P9m5S0s25qjzcOhlCn9X5sM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hxB-P9m5S0s25qjzcOhlCn9X5sM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 14 Apr 2025 08:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:60:a4:5e:ec:53:1c:01:45:a2:ed:e0:56:13:b8:65:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=87107e3fd9b94b4b36e6a8f370e8650a7f57e6c3
        Validity
            Not Before: Mar  4 10:12:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a56817e49885f29ec824f77537b1320538a8bc49
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:9f:85:f7:c4:a8:ac:bb:01:2a:f6:52:1d:c3:
                    b1:a3:e6:dd:49:95:34:2f:35:be:f2:0a:6f:f6:6c:
                    12:dd:ea:9e:31:d8:e3:a7:9f:d7:f1:dd:81:6e:5a:
                    df:39:38:db:0f:67:c0:31:ad:ee:a9:d5:63:3a:1b:
                    0a:8f:81:e9:5c:06:e1:05:3c:db:28:0d:5e:8c:5b:
                    d2:41:6d:3d:94:30:ce:ee:78:8f:15:b5:85:75:39:
                    28:d4:cc:dd:0d:00:d4:0f:f1:bb:cd:e0:1a:9a:a9:
                    ca:66:78:f3:f0:c1:c0:53:d0:7a:9e:1c:36:c0:4f:
                    bf:4e:3d:63:88:c3:e0:a9:8e:ca:37:7a:3f:71:7b:
                    ce:e5:ed:c1:19:bc:bb:db:93:f9:76:19:87:ab:80:
                    70:da:14:73:6b:ec:22:8e:6c:f7:ee:b5:cf:0d:60:
                    23:45:f5:88:ce:c9:e4:8d:a8:70:e7:f5:85:95:8e:
                    ee:89:3e:82:56:0b:8a:df:6c:2e:4e:98:b8:61:73:
                    ac:15:d7:c4:f8:da:70:24:be:b7:98:1a:8d:4d:b7:
                    0e:e9:1d:4d:10:01:52:49:50:9e:5b:f4:85:2f:51:
                    17:04:dc:ba:f5:c8:c5:bf:86:5f:2f:3e:d6:3f:c1:
                    03:78:47:e3:f1:91:eb:1f:2a:b9:41:5a:55:0d:97:
                    15:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:68:17:E4:98:85:F2:9E:C8:24:F7:75:37:B1:32:05:38:A8:BC:49
            X509v3 Authority Key Identifier:
                keyid:87:10:7E:3F:D9:B9:4B:4B:36:E6:A8:F3:70:E8:65:0A:7F:57:E6:C3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hxB-P9m5S0s25qjzcOhlCn9X5sM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/67/a59390-8048-43b9-82b5-761dab389b5b/1/pWgX5JiF8p7IJPd1N7EyBTiovEk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/67/a59390-8048-43b9-82b5-761dab389b5b/1/hxB-P9m5S0s25qjzcOhlCn9X5sM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.172.64.0/18
                  81.200.0.0/19
                  82.199.96.0/19

    Signature Algorithm: sha256WithRSAEncryption
         b6:ff:ce:9f:7a:77:a6:ec:97:b9:6f:6f:a2:83:b5:45:9e:5c:
         b9:09:8e:eb:6a:a8:72:15:f7:0e:eb:d9:4d:79:5e:c1:67:c7:
         27:80:ca:ca:bf:26:e7:a8:3e:1e:d8:59:6d:3d:30:04:81:87:
         07:e7:9d:a1:0f:87:4a:ea:89:db:da:86:4b:73:98:77:7d:c6:
         45:d8:9b:99:87:33:e8:3f:8c:ce:cc:58:b1:69:10:27:64:3d:
         e9:e1:2f:a9:36:df:de:0a:e6:78:ed:0d:2f:f0:39:b2:06:1a:
         f9:b1:cb:b1:36:3c:e8:bb:31:f7:9f:8e:3d:59:f6:1b:86:08:
         a6:d8:47:11:a7:58:48:76:05:ed:33:96:7a:a4:a5:ef:06:00:
         92:0c:b0:ab:b5:79:f3:9d:ef:de:d3:08:8a:bd:c1:93:b5:b1:
         dc:bf:eb:46:ca:dc:df:ee:3e:1e:ce:36:15:a8:ad:46:70:a9:
         da:e6:70:87:e3:25:51:ef:26:cd:44:5e:39:c6:02:ad:e5:6f:
         c8:c0:5a:22:af:42:03:b2:35:66:1a:84:44:94:7c:0f:08:83:
         91:fd:6e:09:b0:6e:24:b5:fc:2a:a9:05:bf:9c:02:b6:ed:2b:
         f9:e5:1a:d1:58:7a:b4:2a:1e:50:55:fa:bb:94:b4:57:f1:d7:
         b3:84:4b:aa
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZVgpF7sUxwBRaLt4FYTuGXyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg3MTA3ZTNmZDliOTRiNGIzNmU2YThmMzcwZTg2NTBhN2Y1
N2U2YzMwHhcNMjUwMzA0MTAxMjE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNTY4MTdlNDk4ODVmMjllYzgyNGY3NzUzN2IxMzIwNTM4YThiYzQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApZ+F98SorLsBKvZSHcOxo+bdSZU0
LzW+8gpv9mwS3eqeMdjjp5/X8d2BblrfOTjbD2fAMa3uqdVjOhsKj4HpXAbhBTzb
KA1ejFvSQW09lDDO7niPFbWFdTko1MzdDQDUD/G7zeAamqnKZnjz8MHAU9B6nhw2
wE+/Tj1jiMPgqY7KN3o/cXvO5e3BGby725P5dhmHq4Bw2hRza+wijmz37rXPDWAj
RfWIzsnkjahw5/WFlY7uiT6CVguK32wuTpi4YXOsFdfE+NpwJL63mBqNTbcO6R1N
EAFSSVCeW/SFL1EXBNy69cjFv4ZfLz7WP8EDeEfj8ZHrHyq5QVpVDZcVmQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFKVoF+SYhfKeyCT3dTexMgU4qLxJMB8GA1UdIwQY
MBaAFIcQfj/ZuUtLNuao83DoZQp/V+bDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHhCLVA5bTVTMHMyNXFqemNPaGxDbjlYNXNNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ny9hNTkzOTAtODA0OC00M2I5LTgyYjUt
NzYxZGFiMzg5YjViLzEvcFdnWDVKaUY4cDdJSlBkMU43RXlCVGlvdkVrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ny9hNTkzOTAtODA0OC00M2I5LTgyYjUtNzYxZGFiMzg5YjVi
LzEvaHhCLVA5bTVTMHMyNXFqemNPaGxDbjlYNXNNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQGT6xAAwQF
UcgAAwQFUsdgMA0GCSqGSIb3DQEBCwUAA4IBAQC2/86fenem7Je5b2+ig7VFnly5
CY7raqhyFfcO69lNeV7BZ8cngMrKvybnqD4e2FltPTAEgYcH552hD4dK6onb2oZL
c5h3fcZF2JuZhzPoP4zOzFixaRAnZD3p4S+pNt/eCuZ47Q0v8DmyBhr5scuxNjzo
uzH3n449WfYbhgim2EcRp1hIdgXtM5Z6pKXvBgCSDLCrtXnzne/e0wiKvcGTtbHc
v+tGytzf7j4ezjYVqK1GcKna5nCH4yVR7ybNRF45xgKt5W/IwFoir0IDsjVmGoRE
lHwPCIOR/W4JsG4ktfwqqQW/nAK27Sv55RrRWHq0Kh5QVfq7lLRX8dezhEuq
-----END CERTIFICATE-----