Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/77/951c8e-4a86-4c8e-9986-0bfbad4849cd/1/wLZ4tdq1mv7uF6FgUCl6C3LjOJE.roa
File:                     wLZ4tdq1mv7uF6FgUCl6C3LjOJE.roa (raw, json)
Hash identifier:          xC5aUGaPaKSJeJn+l30PuciJV19+zIm95lga5Izdx1Q=
Subject key identifier:   C0:B6:78:B5:DA:B5:9A:FE:EE:17:A1:60:50:29:7A:0B:72:E3:38:91
Certificate issuer:       /CN=1d8626749cbf84bcf42ebb2985b86dee830e5c14
Certificate serial:       018CC26D36190B5B9875626D55A0AFFC828B
Authority key identifier: 1D:86:26:74:9C:BF:84:BC:F4:2E:BB:29:85:B8:6D:EE:83:0E:5C:14
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HYYmdJy_hLz0Lrsphbht7oMOXBQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/77/951c8e-4a86-4c8e-9986-0bfbad4849cd/1/wLZ4tdq1mv7uF6FgUCl6C3LjOJE.roa
Signing time:             Mon 01 Jan 2024 00:29:46 +0000
ROA not before:           Mon 01 Jan 2024 00:29:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213303
IP address blocks:        185.228.172.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/77/951c8e-4a86-4c8e-9986-0bfbad4849cd/1/HYYmdJy_hLz0Lrsphbht7oMOXBQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/77/951c8e-4a86-4c8e-9986-0bfbad4849cd/1/HYYmdJy_hLz0Lrsphbht7oMOXBQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HYYmdJy_hLz0Lrsphbht7oMOXBQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 05:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:36:19:0b:5b:98:75:62:6d:55:a0:af:fc:82:8b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1d8626749cbf84bcf42ebb2985b86dee830e5c14
        Validity
            Not Before: Jan  1 00:29:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c0b678b5dab59afeee17a16050297a0b72e33891
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:78:f8:3e:fb:bb:95:82:fb:50:16:43:31:73:
                    01:00:0e:a3:6d:f5:e2:b5:1f:8d:13:8b:02:19:01:
                    87:d0:76:5b:b3:58:a3:7d:e5:65:53:7f:91:8c:c3:
                    e5:77:aa:c4:01:e0:d4:cf:4a:ed:a3:fb:e2:b2:47:
                    ae:e0:12:20:81:4e:c4:6e:5a:4b:0e:17:e3:c3:b4:
                    02:e0:44:33:67:f8:87:94:9e:86:c3:b3:22:1f:4a:
                    44:11:df:d6:ca:fd:a7:8a:a8:2a:5f:7e:db:7d:a0:
                    23:22:b7:9b:a4:92:24:6c:d8:e3:3d:28:84:eb:8e:
                    3d:1f:e8:a1:bf:2a:09:5f:c1:18:9f:03:a7:67:90:
                    91:5e:36:58:4c:8a:0a:c6:54:af:f4:d8:78:ff:5b:
                    39:6b:5a:59:64:4d:bb:00:ae:ea:50:36:26:19:fe:
                    d4:19:a2:b5:30:c7:04:5d:14:9e:00:7c:e0:c6:e2:
                    25:3f:b9:7a:42:36:12:6f:0f:d2:ad:d8:aa:66:4f:
                    ae:1e:a1:6a:3f:4e:da:5c:ed:a5:ab:bd:ae:a3:72:
                    6a:68:95:ce:0a:64:2f:f4:db:a2:dd:cd:d0:43:55:
                    1b:cb:a2:aa:8d:b7:9c:6e:eb:c5:b8:69:73:e8:00:
                    77:e3:79:ba:b9:02:05:89:aa:f9:11:ab:fa:3d:14:
                    f0:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C0:B6:78:B5:DA:B5:9A:FE:EE:17:A1:60:50:29:7A:0B:72:E3:38:91
            X509v3 Authority Key Identifier:
                keyid:1D:86:26:74:9C:BF:84:BC:F4:2E:BB:29:85:B8:6D:EE:83:0E:5C:14

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HYYmdJy_hLz0Lrsphbht7oMOXBQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/77/951c8e-4a86-4c8e-9986-0bfbad4849cd/1/wLZ4tdq1mv7uF6FgUCl6C3LjOJE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/77/951c8e-4a86-4c8e-9986-0bfbad4849cd/1/HYYmdJy_hLz0Lrsphbht7oMOXBQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.228.172.0/24

    Signature Algorithm: sha256WithRSAEncryption
         34:17:94:ec:3f:70:7d:7b:f0:7a:cf:bb:36:97:8d:d1:b0:5f:
         4a:13:99:30:4e:1c:3f:81:79:7c:eb:74:cd:7c:06:9f:3e:68:
         e8:19:33:48:9e:d0:e8:ab:d3:c9:53:9b:43:4e:48:26:5d:0e:
         93:8a:f8:c3:c5:76:0b:50:40:c2:57:c8:12:66:f8:fc:c8:aa:
         b5:6e:9a:4a:1b:ab:90:cb:f2:7b:fc:a6:64:e7:1a:0a:44:0d:
         99:69:74:9f:c5:44:e3:25:d3:2a:ab:00:4e:29:81:40:da:fd:
         bf:53:16:c6:a2:30:87:b1:0f:2f:a1:7f:ae:eb:7f:11:5d:22:
         b7:4d:a2:d0:6a:74:db:fa:6b:1c:29:9d:ca:f4:2f:89:44:33:
         03:4f:14:d8:b5:7a:e5:4a:3a:4a:59:4c:73:33:97:77:e9:a4:
         bd:98:0d:e1:98:75:21:be:07:88:35:7a:05:2a:46:11:55:17:
         fe:c6:3b:39:44:ad:9a:7c:88:ea:ac:e4:84:fd:4b:f3:91:34:
         a3:ea:03:43:c7:b7:8f:76:58:34:67:af:fb:a7:6a:9e:56:ff:
         8e:1c:3b:6e:2d:35:06:48:14:9b:ba:6d:8d:25:83:44:1e:bb:
         10:19:ba:7f:d3:b8:98:22:7c:0d:67:bb:36:5e:ed:1c:0e:f4:
         d7:94:a9:02
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbTYZC1uYdWJtVaCv/IKLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFkODYyNjc0OWNiZjg0YmNmNDJlYmIyOTg1Yjg2ZGVlODMw
ZTVjMTQwHhcNMjQwMTAxMDAyOTQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMGI2NzhiNWRhYjU5YWZlZWUxN2ExNjA1MDI5N2EwYjcyZTMzODkxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoHj4Pvu7lYL7UBZDMXMBAA6jbfXi
tR+NE4sCGQGH0HZbs1ijfeVlU3+RjMPld6rEAeDUz0rto/viskeu4BIggU7EblpL
Dhfjw7QC4EQzZ/iHlJ6Gw7MiH0pEEd/Wyv2niqgqX37bfaAjIrebpJIkbNjjPSiE
6449H+ihvyoJX8EYnwOnZ5CRXjZYTIoKxlSv9Nh4/1s5a1pZZE27AK7qUDYmGf7U
GaK1MMcEXRSeAHzgxuIlP7l6QjYSbw/SrdiqZk+uHqFqP07aXO2lq72uo3JqaJXO
CmQv9Nui3c3QQ1Uby6KqjbecbuvFuGlz6AB343m6uQIFiar5Eav6PRTwBwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMC2eLXatZr+7hehYFApegty4ziRMB8GA1UdIwQY
MBaAFB2GJnScv4S89C67KYW4be6DDlwUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSFlZbWRKeV9oTHowTHJzcGhiaHQ3b01PWEJRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ny85NTFjOGUtNGE4Ni00YzhlLTk5ODYt
MGJmYmFkNDg0OWNkLzEvd0xaNHRkcTFtdjd1RjZGZ1VDbDZDM0xqT0pFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ny85NTFjOGUtNGE4Ni00YzhlLTk5ODYtMGJmYmFkNDg0OWNk
LzEvSFlZbWRKeV9oTHowTHJzcGhiaHQ3b01PWEJRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAueSsMA0G
CSqGSIb3DQEBCwUAA4IBAQA0F5TsP3B9e/B6z7s2l43RsF9KE5kwThw/gXl863TN
fAafPmjoGTNIntDoq9PJU5tDTkgmXQ6TivjDxXYLUEDCV8gSZvj8yKq1bppKG6uQ
y/J7/KZk5xoKRA2ZaXSfxUTjJdMqqwBOKYFA2v2/UxbGojCHsQ8voX+u638RXSK3
TaLQanTb+mscKZ3K9C+JRDMDTxTYtXrlSjpKWUxzM5d36aS9mA3hmHUhvgeINXoF
KkYRVRf+xjs5RK2afIjqrOSE/UvzkTSj6gNDx7ePdlg0Z6/7p2qeVv+OHDtuLTUG
SBSbum2NJYNEHrsQGbp/07iYInwNZ7s2Xu0cDvTXlKkC
-----END CERTIFICATE-----