Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/fb42ec-10b4-4dcf-bef0-2d143d7b853c/1/WUNEHvr0ZgHtoqSJbuN62py92Io.roa
File:                     WUNEHvr0ZgHtoqSJbuN62py92Io.roa (raw, json)
Hash identifier:          lDW06UuCrPMY+xkAqwZXNOm1gvX0QoZBq3udHgV8zvs=
Subject key identifier:   59:43:44:1E:FA:F4:66:01:ED:A2:A4:89:6E:E3:7A:DA:9C:BD:D8:8A
Certificate issuer:       /CN=f5fb32d2266b1f9bce57cac98bc0247f2c9197f2
Certificate serial:       018CC26D008EB05988FCA42B6880A32EFB6A
Authority key identifier: F5:FB:32:D2:26:6B:1F:9B:CE:57:CA:C9:8B:C0:24:7F:2C:91:97:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9fsy0iZrH5vOV8rJi8AkfyyRl_I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/fb42ec-10b4-4dcf-bef0-2d143d7b853c/1/WUNEHvr0ZgHtoqSJbuN62py92Io.roa
Signing time:             Mon 01 Jan 2024 00:29:32 +0000
ROA not before:           Mon 01 Jan 2024 00:29:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     149428
IP address blocks:        147.185.226.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/fb42ec-10b4-4dcf-bef0-2d143d7b853c/1/9fsy0iZrH5vOV8rJi8AkfyyRl_I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/fb42ec-10b4-4dcf-bef0-2d143d7b853c/1/9fsy0iZrH5vOV8rJi8AkfyyRl_I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9fsy0iZrH5vOV8rJi8AkfyyRl_I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 02:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:00:8e:b0:59:88:fc:a4:2b:68:80:a3:2e:fb:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f5fb32d2266b1f9bce57cac98bc0247f2c9197f2
        Validity
            Not Before: Jan  1 00:29:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5943441efaf46601eda2a4896ee37ada9cbdd88a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:ee:ef:df:a8:c9:e5:00:8b:48:d9:a0:0f:02:
                    67:ca:e0:4a:34:bd:45:be:45:73:ae:28:8f:e8:d7:
                    ef:6f:0c:0d:a8:bf:44:19:81:99:e0:8d:63:14:da:
                    23:b9:df:95:83:bb:6f:5a:7f:11:cd:f4:ae:b4:49:
                    e9:45:ed:4e:59:3d:d1:1a:b6:93:17:f4:9c:13:d1:
                    e9:10:5b:3c:e6:d9:e8:4f:d7:91:30:f9:5d:4e:35:
                    33:ac:04:4b:53:a8:b2:5a:f5:e1:0f:2b:2f:21:72:
                    e4:98:0f:cc:57:01:51:15:9a:ce:fa:52:c0:1b:58:
                    62:ab:0f:d9:69:99:dd:ba:bd:ed:76:7c:e1:67:df:
                    23:31:25:ce:7f:f6:04:a8:f3:26:e0:60:8a:a6:8c:
                    71:59:18:76:75:16:45:c3:ca:bb:06:43:15:08:bd:
                    03:73:cf:b5:86:a7:f3:bc:e6:67:23:0e:87:72:55:
                    14:a2:cf:8d:e2:7d:b0:7b:25:d3:bd:a8:22:50:7c:
                    c0:d6:06:93:b0:d8:ce:5a:d7:ab:09:88:ba:59:04:
                    66:9c:51:36:bc:30:03:cd:be:61:6a:e4:b6:3d:25:
                    e4:af:c0:82:68:5c:2c:1d:02:99:a2:48:58:dd:2e:
                    1d:dd:32:65:b9:85:3b:e2:5c:70:2a:e4:20:7d:ad:
                    72:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:43:44:1E:FA:F4:66:01:ED:A2:A4:89:6E:E3:7A:DA:9C:BD:D8:8A
            X509v3 Authority Key Identifier:
                keyid:F5:FB:32:D2:26:6B:1F:9B:CE:57:CA:C9:8B:C0:24:7F:2C:91:97:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9fsy0iZrH5vOV8rJi8AkfyyRl_I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/fb42ec-10b4-4dcf-bef0-2d143d7b853c/1/WUNEHvr0ZgHtoqSJbuN62py92Io.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/fb42ec-10b4-4dcf-bef0-2d143d7b853c/1/9fsy0iZrH5vOV8rJi8AkfyyRl_I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.185.226.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1f:e9:b8:e9:04:fa:98:c2:27:c6:a0:69:58:74:fa:33:21:e5:
         f7:9a:b7:30:47:b2:f3:28:04:27:35:ab:29:72:72:6f:9a:45:
         37:57:93:59:d1:b4:3b:6f:ee:03:a9:34:8b:2b:55:b3:18:e1:
         5b:1b:04:36:c9:da:d2:6b:d3:5c:7e:90:13:b5:78:19:9a:f7:
         5b:a2:d3:27:1d:9a:19:b6:67:a9:62:ad:d2:d0:3e:fb:d7:93:
         be:0f:70:60:9f:e0:68:db:de:1a:75:7b:a9:86:c9:11:df:2c:
         7f:47:12:79:4a:16:4d:9c:32:04:98:c0:a3:e3:30:b4:d6:a6:
         a8:ad:be:ac:45:df:54:16:6c:b7:2b:37:d8:d8:7d:a4:03:37:
         42:51:16:00:ab:45:76:fd:e0:5a:70:a1:3d:26:87:44:1b:3d:
         ae:29:6d:fb:f9:c8:4b:e4:01:85:3d:7e:a7:da:22:42:a4:b9:
         e3:b3:11:50:66:d2:c9:d7:c8:28:2b:5d:2a:53:9a:d8:b3:38:
         a5:80:70:b5:b8:8a:9b:73:89:57:dd:74:05:ef:12:b0:99:f3:
         46:21:17:08:11:7f:dc:a8:b1:7d:63:3b:1e:a7:d1:08:32:7e:
         e9:a9:8c:90:7d:43:82:8c:df:a8:fd:51:b5:9e:a1:e0:6b:26:
         98:e7:6e:27
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbQCOsFmI/KQraICjLvtqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY1ZmIzMmQyMjY2YjFmOWJjZTU3Y2FjOThiYzAyNDdmMmM5
MTk3ZjIwHhcNMjQwMTAxMDAyOTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OTQzNDQxZWZhZjQ2NjAxZWRhMmE0ODk2ZWUzN2FkYTljYmRkODhhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu+7v36jJ5QCLSNmgDwJnyuBKNL1F
vkVzriiP6NfvbwwNqL9EGYGZ4I1jFNojud+Vg7tvWn8RzfSutEnpRe1OWT3RGraT
F/ScE9HpEFs85tnoT9eRMPldTjUzrARLU6iyWvXhDysvIXLkmA/MVwFRFZrO+lLA
G1hiqw/ZaZndur3tdnzhZ98jMSXOf/YEqPMm4GCKpoxxWRh2dRZFw8q7BkMVCL0D
c8+1hqfzvOZnIw6HclUUos+N4n2weyXTvagiUHzA1gaTsNjOWterCYi6WQRmnFE2
vDADzb5hauS2PSXkr8CCaFwsHQKZokhY3S4d3TJluYU74lxwKuQgfa1ywwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFlDRB769GYB7aKkiW7jetqcvdiKMB8GA1UdIwQY
MBaAFPX7MtImax+bzlfKyYvAJH8skZfyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOWZzeTBpWnJINXZPVjhySmk4QWtmeXlSbF9JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC9mYjQyZWMtMTBiNC00ZGNmLWJlZjAt
MmQxNDNkN2I4NTNjLzEvV1VORUh2cjBaZ0h0b3FTSmJ1TjYycHk5MklvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC9mYjQyZWMtMTBiNC00ZGNmLWJlZjAtMmQxNDNkN2I4NTNj
LzEvOWZzeTBpWnJINXZPVjhySmk4QWtmeXlSbF9JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAk7niMA0G
CSqGSIb3DQEBCwUAA4IBAQAf6bjpBPqYwifGoGlYdPozIeX3mrcwR7LzKAQnNasp
cnJvmkU3V5NZ0bQ7b+4DqTSLK1WzGOFbGwQ2ydrSa9NcfpATtXgZmvdbotMnHZoZ
tmepYq3S0D7715O+D3Bgn+Bo294adXuphskR3yx/RxJ5ShZNnDIEmMCj4zC01qao
rb6sRd9UFmy3KzfY2H2kAzdCURYAq0V2/eBacKE9JodEGz2uKW37+chL5AGFPX6n
2iJCpLnjsxFQZtLJ18goK10qU5rYszilgHC1uIqbc4lX3XQF7xKwmfNGIRcIEX/c
qLF9Yzsep9EIMn7pqYyQfUOCjN+o/VG1nqHgayaY524n
-----END CERTIFICATE-----