Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/69/414b36-eca9-4e22-aed5-a48ac31dbbf0/1/wwZy967K0kaiULGURPRIujSTcOo.roa
File:                     wwZy967K0kaiULGURPRIujSTcOo.roa (raw, json)
Hash identifier:          vNjif0ZJvkMUe2G7dAUGl4j4TYsS+I8BRRbofJk7BNE=
Subject key identifier:   C3:06:72:F7:AE:CA:D2:46:A2:50:B1:94:44:F4:48:BA:34:93:70:EA
Certificate issuer:       /CN=5e23518faa9b94a42d1a3b4d9f63b974394d0662
Certificate serial:       0194228E0D3B57DEB8B4AF6CDD93EDDDFDF5
Authority key identifier: 5E:23:51:8F:AA:9B:94:A4:2D:1A:3B:4D:9F:63:B9:74:39:4D:06:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XiNRj6qblKQtGjtNn2O5dDlNBmI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/69/414b36-eca9-4e22-aed5-a48ac31dbbf0/1/wwZy967K0kaiULGURPRIujSTcOo.roa
Signing time:             Wed 01 Jan 2025 15:48:42 +0000
ROA not before:           Wed 01 Jan 2025 15:48:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     61316
IP address blocks:        185.10.208.0/22 maxlen: 22
                          193.33.212.0/23 maxlen: 23
                          2a03:6540::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/69/414b36-eca9-4e22-aed5-a48ac31dbbf0/1/XiNRj6qblKQtGjtNn2O5dDlNBmI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/69/414b36-eca9-4e22-aed5-a48ac31dbbf0/1/XiNRj6qblKQtGjtNn2O5dDlNBmI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XiNRj6qblKQtGjtNn2O5dDlNBmI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 19 Apr 2025 23:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8e:0d:3b:57:de:b8:b4:af:6c:dd:93:ed:dd:fd:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5e23518faa9b94a42d1a3b4d9f63b974394d0662
        Validity
            Not Before: Jan  1 15:48:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c30672f7aecad246a250b19444f448ba349370ea
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:a7:04:70:a5:fc:38:cb:9c:43:38:c6:4b:e6:
                    e3:24:21:a1:13:fc:fa:67:2f:69:e1:51:3a:24:8b:
                    b4:d7:88:15:0e:f2:a3:71:4b:bb:73:86:63:36:d8:
                    5e:6e:c0:59:dd:9f:be:32:ed:94:69:01:20:e1:d5:
                    30:d3:54:aa:d9:8e:a7:1a:09:71:52:63:13:d6:21:
                    ab:56:a0:a7:d5:34:9a:0b:ef:fc:9c:73:e7:e4:ed:
                    9c:9f:ae:9d:13:8d:f9:c0:d1:d8:3c:87:2a:5b:db:
                    7d:61:bf:e8:11:9f:23:f5:1d:e1:1b:e3:17:70:5d:
                    04:2f:06:b1:0c:93:43:72:88:f9:b5:45:3f:68:32:
                    28:33:2b:f5:98:ef:a9:19:e6:45:fb:73:da:9e:b3:
                    47:65:33:e2:d4:9c:97:b6:9f:2d:17:83:7a:3b:c6:
                    eb:34:6f:10:14:2d:26:f9:c9:25:6c:64:23:db:7d:
                    b6:02:1b:c5:15:0c:3c:fc:d1:74:e4:21:00:eb:15:
                    75:d5:26:1a:dd:7d:38:62:61:00:30:94:11:8c:c3:
                    34:10:c4:e3:75:ef:c0:6f:39:f7:23:53:e4:98:24:
                    f9:65:5c:83:72:f7:7f:42:bc:13:12:51:7f:6d:01:
                    31:5a:b3:26:42:62:3b:78:58:a4:89:5e:58:d1:ea:
                    7b:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C3:06:72:F7:AE:CA:D2:46:A2:50:B1:94:44:F4:48:BA:34:93:70:EA
            X509v3 Authority Key Identifier:
                keyid:5E:23:51:8F:AA:9B:94:A4:2D:1A:3B:4D:9F:63:B9:74:39:4D:06:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XiNRj6qblKQtGjtNn2O5dDlNBmI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/69/414b36-eca9-4e22-aed5-a48ac31dbbf0/1/wwZy967K0kaiULGURPRIujSTcOo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/69/414b36-eca9-4e22-aed5-a48ac31dbbf0/1/XiNRj6qblKQtGjtNn2O5dDlNBmI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.10.208.0/22
                  193.33.212.0/23
                IPv6:
                  2a03:6540::/32

    Signature Algorithm: sha256WithRSAEncryption
         13:52:88:c4:c8:f8:5b:34:78:8b:67:1b:29:c8:01:5b:dd:1b:
         4d:fb:e8:d3:a5:de:b5:69:15:16:84:17:20:7d:c9:bc:89:ee:
         00:bd:bb:70:61:0d:f9:27:f3:22:81:13:35:e4:4b:05:5a:9d:
         b0:47:b2:01:9e:4b:4f:0c:79:cf:47:93:34:de:4e:0f:11:0b:
         f0:6e:32:e9:0f:77:fa:04:c5:30:98:c6:11:8b:ac:6b:ad:08:
         48:7d:86:87:78:44:52:ea:93:9b:2e:50:2a:9a:a0:d4:90:a9:
         ab:61:c2:e3:87:4f:e4:f3:52:b3:30:12:9d:4c:61:a9:73:ac:
         ff:b8:0d:e6:e5:b9:a1:c3:c9:2b:06:04:d7:2f:91:58:9b:16:
         88:53:ff:61:11:5f:5e:12:c4:c1:3d:3f:5d:a6:8f:3d:c5:d3:
         22:f1:d5:67:c0:ee:39:f7:78:c5:fb:de:e2:35:ac:14:cd:f0:
         b2:e3:14:86:79:86:d0:77:2c:8f:a8:c9:e7:0a:23:f3:30:b5:
         03:4e:4e:f8:11:30:6c:19:90:86:1b:9b:12:02:7e:04:a3:f9:
         27:da:ca:2f:6d:c3:41:a8:3f:82:3e:a0:38:91:98:e5:a3:43:
         5b:5b:91:03:39:71:ed:aa:19:f8:43:9e:c8:c1:1a:ed:8b:19:
         bf:63:73:25
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZQijg07V964tK9s3ZPt3f31MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVlMjM1MThmYWE5Yjk0YTQyZDFhM2I0ZDlmNjNiOTc0Mzk0
ZDA2NjIwHhcNMjUwMTAxMTU0ODQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMzA2NzJmN2FlY2FkMjQ2YTI1MGIxOTQ0NGY0NDhiYTM0OTM3MGVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvacEcKX8OMucQzjGS+bjJCGhE/z6
Zy9p4VE6JIu014gVDvKjcUu7c4ZjNthebsBZ3Z++Mu2UaQEg4dUw01Sq2Y6nGglx
UmMT1iGrVqCn1TSaC+/8nHPn5O2cn66dE435wNHYPIcqW9t9Yb/oEZ8j9R3hG+MX
cF0ELwaxDJNDcoj5tUU/aDIoMyv1mO+pGeZF+3PanrNHZTPi1JyXtp8tF4N6O8br
NG8QFC0m+cklbGQj2322AhvFFQw8/NF05CEA6xV11SYa3X04YmEAMJQRjMM0EMTj
de/Abzn3I1PkmCT5ZVyDcvd/QrwTElF/bQExWrMmQmI7eFikiV5Y0ep7dwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFMMGcveuytJGolCxlET0SLo0k3DqMB8GA1UdIwQY
MBaAFF4jUY+qm5SkLRo7TZ9juXQ5TQZiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWGlOUmo2cWJsS1F0R2p0Tm4yTzVkRGxOQm1JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OS80MTRiMzYtZWNhOS00ZTIyLWFlZDUt
YTQ4YWMzMWRiYmYwLzEvd3daeTk2N0swa2FpVUxHVVJQUkl1alNUY09vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OS80MTRiMzYtZWNhOS00ZTIyLWFlZDUtYTQ4YWMzMWRiYmYw
LzEvWGlOUmo2cWJsS1F0R2p0Tm4yTzVkRGxOQm1JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCuQrQAwQB
wSHUMA0EAgACMAcDBQAqA2VAMA0GCSqGSIb3DQEBCwUAA4IBAQATUojEyPhbNHiL
ZxspyAFb3RtN++jTpd61aRUWhBcgfcm8ie4AvbtwYQ35J/MigRM15EsFWp2wR7IB
nktPDHnPR5M03k4PEQvwbjLpD3f6BMUwmMYRi6xrrQhIfYaHeERS6pObLlAqmqDU
kKmrYcLjh0/k81KzMBKdTGGpc6z/uA3m5bmhw8krBgTXL5FYmxaIU/9hEV9eEsTB
PT9dpo89xdMi8dVnwO4593jF+97iNawUzfCy4xSGeYbQdyyPqMnnCiPzMLUDTk74
ETBsGZCGG5sSAn4Eo/kn2sovbcNBqD+CPqA4kZjlo0NbW5EDOXHtqhn4Q57IwRrt
ixm/Y3Ml
-----END CERTIFICATE-----