Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/WSh-sPHQG3WA_8JrLHCqMYPnOxg.roa
File:                     WSh-sPHQG3WA_8JrLHCqMYPnOxg.roa (raw, json)
Hash identifier:          2XNhx9TDm3JuuuyRJWKdnu3A4Dj8rFNvgmSOuebu3Yk=
Subject key identifier:   59:28:7E:B0:F1:D0:1B:75:80:FF:C2:6B:2C:70:AA:31:83:E7:3B:18
Certificate issuer:       /CN=73c69d04583500c5ef81136831237593e0bb86ce
Certificate serial:       019238345D3BB3EFE1424FF72F1581C37380
Authority key identifier: 73:C6:9D:04:58:35:00:C5:EF:81:13:68:31:23:75:93:E0:BB:86:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/c8adBFg1AMXvgRNoMSN1k-C7hs4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/WSh-sPHQG3WA_8JrLHCqMYPnOxg.roa
Signing time:             Sat 28 Sep 2024 10:36:48 +0000
ROA not before:           Sat 28 Sep 2024 10:36:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     58212
IP address blocks:        185.244.25.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/c8adBFg1AMXvgRNoMSN1k-C7hs4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/c8adBFg1AMXvgRNoMSN1k-C7hs4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/c8adBFg1AMXvgRNoMSN1k-C7hs4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:12:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:38:34:5d:3b:b3:ef:e1:42:4f:f7:2f:15:81:c3:73:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=73c69d04583500c5ef81136831237593e0bb86ce
        Validity
            Not Before: Sep 28 10:36:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=59287eb0f1d01b7580ffc26b2c70aa3183e73b18
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:01:8e:46:d1:c6:c6:b7:c0:37:9b:e0:ce:81:
                    ae:e3:ea:46:1f:6a:a9:12:92:94:c8:9f:42:a0:de:
                    40:9b:47:82:56:36:e8:6a:d8:3c:b9:33:00:7f:cb:
                    21:44:dd:88:9b:e9:d2:27:c7:b5:b9:4e:00:15:02:
                    c5:0e:40:ff:5a:0d:c2:f5:0c:24:4b:3b:f9:fb:8d:
                    33:29:db:73:56:b1:c7:b9:50:12:c1:75:25:b1:52:
                    f3:ad:71:ea:34:36:15:65:83:e0:fb:cc:f6:f6:4d:
                    12:85:87:b7:fd:e6:6c:b5:bb:d7:3d:7f:5f:02:da:
                    57:45:4a:d6:07:97:f7:55:b6:7b:a9:14:fc:8c:65:
                    99:56:88:57:2c:51:5d:af:79:5d:25:3d:39:c0:24:
                    cf:a9:cb:75:15:fa:bf:7e:d0:12:1e:11:31:2d:bc:
                    87:c1:df:98:be:88:10:7a:d1:2b:1f:5a:67:28:b2:
                    ae:2e:fc:62:40:d4:64:b8:6c:7e:c7:45:d0:ff:5e:
                    13:ae:b4:3b:01:6a:ea:6a:ad:0a:06:dc:57:05:25:
                    db:e5:af:60:45:31:1d:4d:19:d6:ef:53:0a:b9:40:
                    78:f4:0c:ee:95:e6:aa:9e:2b:79:1e:48:fb:13:5c:
                    28:f6:d7:cf:3c:34:93:c0:4c:9f:cb:d5:28:dc:8c:
                    e3:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:28:7E:B0:F1:D0:1B:75:80:FF:C2:6B:2C:70:AA:31:83:E7:3B:18
            X509v3 Authority Key Identifier:
                keyid:73:C6:9D:04:58:35:00:C5:EF:81:13:68:31:23:75:93:E0:BB:86:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8adBFg1AMXvgRNoMSN1k-C7hs4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/WSh-sPHQG3WA_8JrLHCqMYPnOxg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/c8adBFg1AMXvgRNoMSN1k-C7hs4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.244.25.0/24

    Signature Algorithm: sha256WithRSAEncryption
         40:4b:5d:4a:d5:a3:34:d5:ef:70:d7:c7:ad:23:00:63:ea:d1:
         c9:6d:4c:3a:5a:b0:83:e9:24:00:32:8d:dd:68:c3:a4:0d:d4:
         9b:d7:e4:b1:7d:71:cb:29:56:a1:9b:32:ee:96:76:29:2b:4f:
         d2:46:94:6d:ec:b6:f7:82:1b:26:53:10:5b:52:7b:a8:aa:cf:
         06:a6:c3:90:e8:2f:62:7d:91:24:32:01:b5:86:ce:3d:4f:42:
         63:c0:cf:b4:de:9d:b6:f0:29:e4:42:06:df:b6:e8:02:04:3f:
         6b:3d:92:58:51:0a:cc:86:f0:c0:51:9d:82:29:ea:59:08:df:
         f8:f7:d6:04:71:77:16:3b:8e:69:d6:79:f4:f1:66:92:48:ae:
         8b:6f:af:d3:80:79:7d:9f:8f:2f:ab:89:40:a9:2a:ad:df:2c:
         26:bc:f6:f3:fb:98:6c:e3:77:13:32:94:21:7f:2d:02:73:fe:
         d2:9a:09:ed:90:59:b0:89:89:1b:b1:1c:71:41:95:ea:29:22:
         ba:ea:d1:85:95:a0:c0:e0:24:9d:76:6b:f5:c9:df:f3:44:5a:
         84:7e:df:a4:62:fa:cd:07:87:d4:35:e2:5e:ed:50:c6:5a:c9:
         37:04:6c:d5:a0:f4:1b:87:82:f1:9f:09:c3:18:8c:37:ec:68:
         eb:73:7d:f1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZI4NF07s+/hQk/3LxWBw3OAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDczYzY5ZDA0NTgzNTAwYzVlZjgxMTM2ODMxMjM3NTkzZTBi
Yjg2Y2UwHhcNMjQwOTI4MTAzNjQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OTI4N2ViMGYxZDAxYjc1ODBmZmMyNmIyYzcwYWEzMTgzZTczYjE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3wGORtHGxrfAN5vgzoGu4+pGH2qp
EpKUyJ9CoN5Am0eCVjboatg8uTMAf8shRN2Im+nSJ8e1uU4AFQLFDkD/Wg3C9Qwk
Szv5+40zKdtzVrHHuVASwXUlsVLzrXHqNDYVZYPg+8z29k0ShYe3/eZstbvXPX9f
AtpXRUrWB5f3VbZ7qRT8jGWZVohXLFFdr3ldJT05wCTPqct1Ffq/ftASHhExLbyH
wd+YvogQetErH1pnKLKuLvxiQNRkuGx+x0XQ/14TrrQ7AWrqaq0KBtxXBSXb5a9g
RTEdTRnW71MKuUB49Azuleaqnit5Hkj7E1wo9tfPPDSTwEyfy9Uo3IzjlQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFkofrDx0Bt1gP/CayxwqjGD5zsYMB8GA1UdIwQY
MBaAFHPGnQRYNQDF74ETaDEjdZPgu4bOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYzhhZEJGZzFBTVh2Z1JOb01TTjFrLUM3aHM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OC82ZjZjZTItZTZlZS00ZTJhLTkwNWQt
ZjljYjBhN2IyMDZjLzEvV1NoLXNQSFFHM1dBXzhKckxIQ3FNWVBuT3hnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OC82ZjZjZTItZTZlZS00ZTJhLTkwNWQtZjljYjBhN2IyMDZj
LzEvYzhhZEJGZzFBTVh2Z1JOb01TTjFrLUM3aHM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAufQZMA0G
CSqGSIb3DQEBCwUAA4IBAQBAS11K1aM01e9w18etIwBj6tHJbUw6WrCD6SQAMo3d
aMOkDdSb1+SxfXHLKVahmzLulnYpK0/SRpRt7Lb3ghsmUxBbUnuoqs8GpsOQ6C9i
fZEkMgG1hs49T0JjwM+03p228CnkQgbftugCBD9rPZJYUQrMhvDAUZ2CKepZCN/4
99YEcXcWO45p1nn08WaSSK6Lb6/TgHl9n48vq4lAqSqt3ywmvPbz+5hs43cTMpQh
fy0Cc/7SmgntkFmwiYkbsRxxQZXqKSK66tGFlaDA4CSddmv1yd/zRFqEft+kYvrN
B4fUNeJe7VDGWsk3BGzVoPQbh4LxnwnDGIw37Gjrc33x
-----END CERTIFICATE-----