Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/77/4901f3-8934-4e90-aaf7-6761d2784d8d/1/7W8eYCQR1gvjfWgrfSnogkOFcxk.roa
File:                     7W8eYCQR1gvjfWgrfSnogkOFcxk.roa (raw, json)
Hash identifier:          UFbZQJ5acf+PAUwxnTzDedz7AaCrRC23rxKRoylsSkI=
Subject key identifier:   ED:6F:1E:60:24:11:D6:0B:E3:7D:68:2B:7D:29:E8:82:43:85:73:19
Certificate issuer:       /CN=58153fb20b9c8f8ccf6c398f4d61b21707e1bbe2
Certificate serial:       0194258E78850CD136AB27E11939ED46B1FB
Authority key identifier: 58:15:3F:B2:0B:9C:8F:8C:CF:6C:39:8F:4D:61:B2:17:07:E1:BB:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WBU_sgucj4zPbDmPTWGyFwfhu-I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/77/4901f3-8934-4e90-aaf7-6761d2784d8d/1/7W8eYCQR1gvjfWgrfSnogkOFcxk.roa
Signing time:             Thu 02 Jan 2025 05:48:01 +0000
ROA not before:           Thu 02 Jan 2025 05:48:01 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     3257
IP address blocks:        193.24.127.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/77/4901f3-8934-4e90-aaf7-6761d2784d8d/1/WBU_sgucj4zPbDmPTWGyFwfhu-I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/77/4901f3-8934-4e90-aaf7-6761d2784d8d/1/WBU_sgucj4zPbDmPTWGyFwfhu-I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WBU_sgucj4zPbDmPTWGyFwfhu-I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Feb 2025 23:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8e:78:85:0c:d1:36:ab:27:e1:19:39:ed:46:b1:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=58153fb20b9c8f8ccf6c398f4d61b21707e1bbe2
        Validity
            Not Before: Jan  2 05:48:01 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ed6f1e602411d60be37d682b7d29e88243857319
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:25:7a:f2:b7:a2:12:85:10:30:79:1f:9f:45:
                    13:57:bd:56:78:df:ab:f0:aa:00:18:36:59:3b:9f:
                    11:0a:d8:be:31:cb:bd:0c:68:c7:a8:07:59:5b:57:
                    33:2c:0b:fc:a6:9e:73:81:fb:ef:78:e0:c0:05:f7:
                    82:1f:f9:ca:f3:bc:7c:07:f5:81:ea:2e:bc:2f:3a:
                    7e:cd:38:9a:14:45:a6:06:6b:50:55:6b:8a:65:bb:
                    2f:bc:8f:09:26:dd:b4:38:d1:c5:17:7c:67:60:62:
                    87:35:52:da:0f:53:7d:d9:bd:a3:96:3d:ec:09:27:
                    0d:2e:4e:e0:70:ca:b2:51:5e:08:9b:cd:17:7b:8c:
                    8b:17:76:b1:f0:8d:9e:ce:2c:fd:0a:58:89:9c:cc:
                    53:26:dd:7e:e9:2e:41:dc:2d:1a:df:d6:04:d3:48:
                    ce:a5:3c:5e:6f:5e:8a:dc:46:65:80:b4:d8:98:6c:
                    b7:cc:45:bf:59:03:d5:a5:f7:e3:32:2d:98:cb:bc:
                    c8:98:ef:b4:1a:bf:bc:e1:f3:75:71:17:24:48:63:
                    5a:a7:a6:53:7a:ae:29:da:1b:90:3b:21:1c:bb:22:
                    b4:68:e1:e6:f9:b8:18:13:9f:93:05:6b:42:71:d1:
                    3d:71:63:7b:86:bd:a3:a0:e4:4f:5f:e5:b7:61:73:
                    31:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                ED:6F:1E:60:24:11:D6:0B:E3:7D:68:2B:7D:29:E8:82:43:85:73:19
            X509v3 Authority Key Identifier:
                keyid:58:15:3F:B2:0B:9C:8F:8C:CF:6C:39:8F:4D:61:B2:17:07:E1:BB:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WBU_sgucj4zPbDmPTWGyFwfhu-I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/77/4901f3-8934-4e90-aaf7-6761d2784d8d/1/7W8eYCQR1gvjfWgrfSnogkOFcxk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/77/4901f3-8934-4e90-aaf7-6761d2784d8d/1/WBU_sgucj4zPbDmPTWGyFwfhu-I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.24.127.0/24

    Signature Algorithm: sha256WithRSAEncryption
         d3:a3:a5:f7:d7:7a:de:68:58:3e:9f:30:81:26:01:6a:27:81:
         da:e2:16:9c:61:8a:ec:30:ae:03:a2:ea:22:24:70:2f:32:df:
         45:63:11:a8:a0:cd:52:78:47:5f:f8:94:63:74:0a:c9:51:95:
         f5:69:69:4c:19:de:a0:b8:32:bd:c2:32:b6:4d:65:77:22:43:
         7a:8d:56:05:1b:80:0a:79:99:2d:36:a5:d3:a0:56:9d:6e:72:
         6d:a4:c3:e1:11:e0:64:00:47:72:d1:4c:d3:5a:60:8e:5d:43:
         db:6d:13:b3:b8:8c:bc:3e:80:19:b3:ac:0d:cd:6f:56:07:ce:
         02:23:7a:f3:e1:27:bb:a6:4c:bf:de:96:85:a9:5a:f6:65:c6:
         91:b4:d3:c6:7f:f5:6e:c6:b8:b9:29:cc:81:5a:ad:64:4b:3a:
         25:47:28:6b:23:8c:34:06:a0:82:93:31:be:3e:58:cf:51:16:
         51:04:6b:11:ee:66:da:7f:b7:72:58:44:a8:b9:7e:94:ed:22:
         79:80:f8:bf:74:c5:37:96:30:b6:0b:3c:85:8b:cd:a8:dc:94:
         ee:e6:00:6b:36:4c:f4:c0:62:e9:0f:ab:59:67:88:55:1d:67:
         8b:63:e9:f9:0e:b5:8c:24:bb:bd:da:50:6c:c8:b7:6e:4a:2c:
         18:64:a3:61
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQljniFDNE2qyfhGTntRrH7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4MTUzZmIyMGI5YzhmOGNjZjZjMzk4ZjRkNjFiMjE3MDdl
MWJiZTIwHhcNMjUwMTAyMDU0ODAxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZDZmMWU2MDI0MTFkNjBiZTM3ZDY4MmI3ZDI5ZTg4MjQzODU3MzE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuCV68reiEoUQMHkfn0UTV71WeN+r
8KoAGDZZO58RCti+Mcu9DGjHqAdZW1czLAv8pp5zgfvveODABfeCH/nK87x8B/WB
6i68Lzp+zTiaFEWmBmtQVWuKZbsvvI8JJt20ONHFF3xnYGKHNVLaD1N92b2jlj3s
CScNLk7gcMqyUV4Im80Xe4yLF3ax8I2eziz9CliJnMxTJt1+6S5B3C0a39YE00jO
pTxeb16K3EZlgLTYmGy3zEW/WQPVpffjMi2Yy7zImO+0Gr+84fN1cRckSGNap6ZT
eq4p2huQOyEcuyK0aOHm+bgYE5+TBWtCcdE9cWN7hr2joORPX+W3YXMxzwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO1vHmAkEdYL431oK30p6IJDhXMZMB8GA1UdIwQY
MBaAFFgVP7ILnI+Mz2w5j01hshcH4bviMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0JVX3NndWNqNHpQYkRtUFRXR3lGd2ZodS1JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ny80OTAxZjMtODkzNC00ZTkwLWFhZjct
Njc2MWQyNzg0ZDhkLzEvN1c4ZVlDUVIxZ3ZqZldncmZTbm9na09GY3hrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ny80OTAxZjMtODkzNC00ZTkwLWFhZjctNjc2MWQyNzg0ZDhk
LzEvV0JVX3NndWNqNHpQYkRtUFRXR3lGd2ZodS1JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwRh/MA0G
CSqGSIb3DQEBCwUAA4IBAQDTo6X313reaFg+nzCBJgFqJ4Ha4hacYYrsMK4Douoi
JHAvMt9FYxGooM1SeEdf+JRjdArJUZX1aWlMGd6guDK9wjK2TWV3IkN6jVYFG4AK
eZktNqXToFadbnJtpMPhEeBkAEdy0UzTWmCOXUPbbROzuIy8PoAZs6wNzW9WB84C
I3rz4Se7pky/3paFqVr2ZcaRtNPGf/Vuxri5KcyBWq1kSzolRyhrI4w0BqCCkzG+
PljPURZRBGsR7mbaf7dyWESouX6U7SJ5gPi/dMU3ljC2CzyFi82o3JTu5gBrNkz0
wGLpD6tZZ4hVHWeLY+n5DrWMJLu92lBsyLduSiwYZKNh
-----END CERTIFICATE-----