Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/77/fb212a-7a76-42e2-8989-965529f20d11/1/wzKjh6BHaRNDac2yeLYLKiOgaHI.roa
File:                     wzKjh6BHaRNDac2yeLYLKiOgaHI.roa (raw, json)
Hash identifier:          WCBvi6ux6uzlR2ZirLD/h/6ZvSwzqoJpdBo5NOiwJv0=
Subject key identifier:   C3:32:A3:87:A0:47:69:13:43:69:CD:B2:78:B6:0B:2A:23:A0:68:72
Certificate issuer:       /CN=80f9a24bd26cc8217518a11f598e6372025e8ae9
Certificate serial:       018CCA2A308DBAD7556788658D2C1949540C
Authority key identifier: 80:F9:A2:4B:D2:6C:C8:21:75:18:A1:1F:59:8E:63:72:02:5E:8A:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gPmiS9JsyCF1GKEfWY5jcgJeiuk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/77/fb212a-7a76-42e2-8989-965529f20d11/1/wzKjh6BHaRNDac2yeLYLKiOgaHI.roa
Signing time:             Tue 02 Jan 2024 12:33:31 +0000
ROA not before:           Tue 02 Jan 2024 12:33:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41828
IP address blocks:        195.47.228.0/24 maxlen: 24
                          91.185.192.0/19 maxlen: 19
                          2a02:840::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/77/fb212a-7a76-42e2-8989-965529f20d11/1/gPmiS9JsyCF1GKEfWY5jcgJeiuk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/77/fb212a-7a76-42e2-8989-965529f20d11/1/gPmiS9JsyCF1GKEfWY5jcgJeiuk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gPmiS9JsyCF1GKEfWY5jcgJeiuk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 15:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:30:8d:ba:d7:55:67:88:65:8d:2c:19:49:54:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=80f9a24bd26cc8217518a11f598e6372025e8ae9
        Validity
            Not Before: Jan  2 12:33:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c332a387a04769134369cdb278b60b2a23a06872
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:e6:0d:cd:e7:a0:d0:95:50:97:46:af:d3:b6:
                    d2:bf:e6:62:5b:5a:99:bc:e5:16:2e:c3:c9:ef:18:
                    10:f9:38:d4:4a:c8:1f:3b:8c:f1:cf:22:b2:6b:e4:
                    d6:a1:59:14:3f:58:31:9c:ea:3f:76:03:e7:ab:06:
                    1f:d6:38:0a:fc:80:c8:d5:c1:29:21:46:40:ae:c8:
                    93:48:80:2e:ae:ab:19:e6:f1:1b:cb:54:2c:cf:2f:
                    84:06:a8:5c:d4:46:1a:96:99:2a:a8:ab:ca:95:7c:
                    a7:5e:db:62:4e:af:4c:a8:43:38:9f:df:80:9f:8f:
                    8d:b6:28:64:df:e4:18:63:e9:83:46:54:55:0f:a2:
                    f7:e2:12:6b:95:57:fb:a8:b0:59:3f:60:13:3d:8a:
                    f7:d5:01:fe:dc:cb:74:4c:56:a4:fc:e8:fe:cc:99:
                    3a:37:ed:51:95:2f:8a:39:c1:b5:f5:75:1e:f5:40:
                    41:cd:ab:af:e0:40:1d:60:05:ee:60:ab:c2:b3:60:
                    7e:7b:5a:73:25:c1:5b:95:80:df:77:b0:51:a8:fe:
                    2b:8b:31:95:09:82:49:00:4d:71:d2:64:ff:1d:d3:
                    b8:25:b5:bd:d7:d0:8e:d2:44:61:8c:2c:d9:06:6f:
                    27:24:a6:be:9e:07:38:9e:ee:3c:37:af:45:86:01:
                    a1:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C3:32:A3:87:A0:47:69:13:43:69:CD:B2:78:B6:0B:2A:23:A0:68:72
            X509v3 Authority Key Identifier:
                keyid:80:F9:A2:4B:D2:6C:C8:21:75:18:A1:1F:59:8E:63:72:02:5E:8A:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gPmiS9JsyCF1GKEfWY5jcgJeiuk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/77/fb212a-7a76-42e2-8989-965529f20d11/1/wzKjh6BHaRNDac2yeLYLKiOgaHI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/77/fb212a-7a76-42e2-8989-965529f20d11/1/gPmiS9JsyCF1GKEfWY5jcgJeiuk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.185.192.0/19
                  195.47.228.0/24
                IPv6:
                  2a02:840::/32

    Signature Algorithm: sha256WithRSAEncryption
         13:93:c8:d4:68:0a:72:4f:02:dd:f3:c9:3b:03:65:35:ea:b2:
         40:b3:8b:44:3d:e8:da:e9:0f:6e:56:4e:3c:b3:4e:a3:ea:8d:
         1e:5f:c9:2e:6d:02:e5:f1:09:30:3f:62:ab:51:19:cf:8e:6c:
         b8:57:80:9c:20:9c:96:2f:79:fd:79:10:1d:66:89:63:fe:cb:
         a5:55:eb:8c:65:40:1f:79:d5:1e:ca:cc:d4:58:7e:80:08:1d:
         fb:ea:d6:4d:88:be:fb:1f:9d:04:4a:49:63:66:f9:a1:af:76:
         be:4e:99:61:4a:8a:e1:13:be:fb:f6:57:fc:94:84:c4:c5:de:
         92:74:2b:ea:c7:27:98:e5:1f:93:3e:be:25:e3:e0:45:53:fc:
         fe:3c:c4:6f:b9:78:7a:ce:cd:d5:07:f9:1f:d5:75:02:f8:48:
         a6:e6:48:12:de:af:2a:6a:c0:ea:d7:ac:f8:b5:a8:a8:fc:db:
         13:6c:3a:11:a8:b7:50:d2:57:a6:c3:de:0a:58:e2:c6:e8:c1:
         11:25:ea:99:d9:28:2f:8f:37:f9:07:8e:70:93:b1:e5:15:f5:
         74:90:a0:73:7d:7e:36:de:63:13:a8:6f:85:9d:36:7c:18:a6:
         27:ac:6c:6d:db:33:74:81:99:28:72:f3:73:e8:69:76:92:98:
         6e:f0:6f:07
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzKKjCNutdVZ4hljSwZSVQMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgwZjlhMjRiZDI2Y2M4MjE3NTE4YTExZjU5OGU2MzcyMDI1
ZThhZTkwHhcNMjQwMTAyMTIzMzMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMzMyYTM4N2EwNDc2OTEzNDM2OWNkYjI3OGI2MGIyYTIzYTA2ODcyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmeYNzeeg0JVQl0av07bSv+ZiW1qZ
vOUWLsPJ7xgQ+TjUSsgfO4zxzyKya+TWoVkUP1gxnOo/dgPnqwYf1jgK/IDI1cEp
IUZArsiTSIAurqsZ5vEby1Qszy+EBqhc1EYalpkqqKvKlXynXttiTq9MqEM4n9+A
n4+Ntihk3+QYY+mDRlRVD6L34hJrlVf7qLBZP2ATPYr31QH+3Mt0TFak/Oj+zJk6
N+1RlS+KOcG19XUe9UBBzauv4EAdYAXuYKvCs2B+e1pzJcFblYDfd7BRqP4rizGV
CYJJAE1x0mT/HdO4JbW919CO0kRhjCzZBm8nJKa+ngc4nu48N69FhgGhkQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFMMyo4egR2kTQ2nNsni2CyojoGhyMB8GA1UdIwQY
MBaAFID5okvSbMghdRihH1mOY3ICXorpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ1BtaVM5SnN5Q0YxR0tFZldZNWpjZ0plaXVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ny9mYjIxMmEtN2E3Ni00MmUyLTg5ODkt
OTY1NTI5ZjIwZDExLzEvd3pLamg2QkhhUk5EYWMyeWVMWUxLaU9nYUhJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ny9mYjIxMmEtN2E3Ni00MmUyLTg5ODktOTY1NTI5ZjIwZDEx
LzEvZ1BtaVM5SnN5Q0YxR0tFZldZNWpjZ0plaXVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQFW7nAAwQA
wy/kMA0EAgACMAcDBQAqAghAMA0GCSqGSIb3DQEBCwUAA4IBAQATk8jUaApyTwLd
88k7A2U16rJAs4tEPeja6Q9uVk48s06j6o0eX8kubQLl8QkwP2KrURnPjmy4V4Cc
IJyWL3n9eRAdZolj/sulVeuMZUAfedUeyszUWH6ACB376tZNiL77H50ESkljZvmh
r3a+TplhSorhE7779lf8lITExd6SdCvqxyeY5R+TPr4l4+BFU/z+PMRvuXh6zs3V
B/kf1XUC+Eim5kgS3q8qasDq16z4taio/NsTbDoRqLdQ0lemw94KWOLG6MERJeqZ
2Sgvjzf5B45wk7HlFfV0kKBzfX423mMTqG+FnTZ8GKYnrGxt2zN0gZkocvNz6Gl2
kphu8G8H
-----END CERTIFICATE-----