Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/82/492e56-0bae-461a-8f65-0390ed7732a5/1/1gW4wInA_dSwaTybzK2cECnN9GM.roa
File:                     1gW4wInA_dSwaTybzK2cECnN9GM.roa (raw, json)
Hash identifier:          lDMswWk6x4gxqUk8wVyldaT2YU119AYZXfT2M/CJ54Y=
Subject key identifier:   D6:05:B8:C0:89:C0:FD:D4:B0:69:3C:9B:CC:AD:9C:10:29:CD:F4:63
Certificate issuer:       /CN=c0fec178763a701e2211672e2e36e6d527f41f3d
Certificate serial:       019420D6041FCB8C32CF06A8733A4B3B8683
Authority key identifier: C0:FE:C1:78:76:3A:70:1E:22:11:67:2E:2E:36:E6:D5:27:F4:1F:3D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wP7BeHY6cB4iEWcuLjbm1Sf0Hz0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/82/492e56-0bae-461a-8f65-0390ed7732a5/1/1gW4wInA_dSwaTybzK2cECnN9GM.roa
Signing time:             Wed 01 Jan 2025 07:48:04 +0000
ROA not before:           Wed 01 Jan 2025 07:48:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     48682
IP address blocks:        176.124.70.0/24 maxlen: 24
                          193.169.133.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/82/492e56-0bae-461a-8f65-0390ed7732a5/1/wP7BeHY6cB4iEWcuLjbm1Sf0Hz0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/82/492e56-0bae-461a-8f65-0390ed7732a5/1/wP7BeHY6cB4iEWcuLjbm1Sf0Hz0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wP7BeHY6cB4iEWcuLjbm1Sf0Hz0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d6:04:1f:cb:8c:32:cf:06:a8:73:3a:4b:3b:86:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c0fec178763a701e2211672e2e36e6d527f41f3d
        Validity
            Not Before: Jan  1 07:48:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d605b8c089c0fdd4b0693c9bccad9c1029cdf463
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:57:48:5f:ee:6e:5f:ce:da:5a:3e:96:ac:f3:
                    7d:ec:26:6c:56:5f:35:12:4b:be:2c:80:ad:df:4e:
                    fd:da:b9:14:ce:81:5d:58:05:a9:e5:ee:1c:5f:e4:
                    41:cb:d1:32:e0:1d:1f:75:3f:65:4a:77:eb:f5:69:
                    8e:36:3e:29:8a:13:b0:f2:f3:93:e4:41:3c:8b:a4:
                    21:58:68:04:96:23:0a:9d:79:15:80:a3:5d:57:97:
                    df:31:84:4a:fb:4d:ad:38:32:8d:0f:fa:9a:71:f3:
                    c9:3d:5a:10:27:ad:6c:a5:40:f8:84:6f:b8:f7:c1:
                    cd:55:84:ee:31:fc:69:c9:4a:d3:f7:43:65:62:44:
                    57:1d:84:9b:a3:49:14:d1:78:1a:5d:4b:e7:74:6f:
                    0f:c2:3b:68:a2:00:eb:0d:29:bd:0e:69:68:63:96:
                    96:45:6f:ba:25:f0:50:d4:fa:a9:f6:8c:d5:b4:b7:
                    41:13:ca:8f:93:f2:57:cf:e0:40:78:73:2b:b8:df:
                    a1:3d:8b:05:ce:a3:1f:87:95:e0:e8:75:66:d4:d7:
                    46:f9:cc:e8:e8:7f:fb:c8:4f:bf:60:bf:b9:8f:90:
                    a8:0e:fa:6d:e6:26:0f:76:29:95:ab:4e:ac:cd:a9:
                    3e:03:3e:75:85:89:ac:81:10:9e:92:8b:46:e4:5a:
                    07:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:05:B8:C0:89:C0:FD:D4:B0:69:3C:9B:CC:AD:9C:10:29:CD:F4:63
            X509v3 Authority Key Identifier:
                keyid:C0:FE:C1:78:76:3A:70:1E:22:11:67:2E:2E:36:E6:D5:27:F4:1F:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wP7BeHY6cB4iEWcuLjbm1Sf0Hz0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/82/492e56-0bae-461a-8f65-0390ed7732a5/1/1gW4wInA_dSwaTybzK2cECnN9GM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/82/492e56-0bae-461a-8f65-0390ed7732a5/1/wP7BeHY6cB4iEWcuLjbm1Sf0Hz0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.124.70.0/24
                  193.169.133.0/24

    Signature Algorithm: sha256WithRSAEncryption
         52:72:6a:ef:97:ee:6e:48:66:4b:dc:59:9d:bf:19:05:4a:75:
         4b:a3:61:f5:9e:17:bc:74:9f:08:08:59:bc:96:09:a2:2b:5a:
         4c:62:55:6a:09:9d:c1:c8:ac:53:28:c6:d0:5b:73:48:6a:0c:
         7e:0b:d5:3a:c6:e4:c0:0c:27:c5:68:d4:b2:65:d4:b6:3d:c4:
         91:7f:ea:76:4f:1c:09:88:0a:db:22:62:29:a7:b8:61:be:35:
         ce:60:da:04:4b:23:11:55:7c:33:b9:7c:f3:30:28:04:b0:83:
         f8:97:57:f1:e8:15:f8:37:29:eb:22:93:c9:f0:4e:b4:d1:ed:
         a6:fe:39:30:05:d3:b8:05:40:98:0a:3d:51:62:32:9f:7b:11:
         2d:e2:d9:a9:6d:d7:4b:dc:01:67:75:c3:cd:55:64:00:06:88:
         ad:85:df:49:c3:04:4c:fe:28:d4:ff:3b:7c:d3:c3:7e:24:0a:
         f9:36:2e:15:b9:f6:6e:e8:8d:0f:2c:fe:45:e0:bb:7f:3c:b1:
         87:86:1b:73:db:dd:6d:b4:ad:7c:05:15:95:b4:2f:c8:a2:8a:
         16:62:51:60:b5:a8:c5:fc:b8:3f:0a:a3:3a:2c:cc:02:0f:26:
         7b:5a:23:7c:69:d0:e3:68:37:a6:9f:ea:80:79:d2:57:83:2d:
         da:e6:8b:23
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQg1gQfy4wyzwaoczpLO4aDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMwZmVjMTc4NzYzYTcwMWUyMjExNjcyZTJlMzZlNmQ1Mjdm
NDFmM2QwHhcNMjUwMTAxMDc0ODA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNjA1YjhjMDg5YzBmZGQ0YjA2OTNjOWJjY2FkOWMxMDI5Y2RmNDYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxVdIX+5uX87aWj6WrPN97CZsVl81
Eku+LICt30792rkUzoFdWAWp5e4cX+RBy9Ey4B0fdT9lSnfr9WmONj4pihOw8vOT
5EE8i6QhWGgEliMKnXkVgKNdV5ffMYRK+02tODKND/qacfPJPVoQJ61spUD4hG+4
98HNVYTuMfxpyUrT90NlYkRXHYSbo0kU0XgaXUvndG8PwjtoogDrDSm9DmloY5aW
RW+6JfBQ1Pqp9ozVtLdBE8qPk/JXz+BAeHMruN+hPYsFzqMfh5Xg6HVm1NdG+czo
6H/7yE+/YL+5j5CoDvpt5iYPdimVq06szak+Az51hYmsgRCekotG5FoHBwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFNYFuMCJwP3UsGk8m8ytnBApzfRjMB8GA1UdIwQY
MBaAFMD+wXh2OnAeIhFnLi425tUn9B89MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd1A3QmVIWTZjQjRpRVdjdUxqYm0xU2YwSHowLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Mi80OTJlNTYtMGJhZS00NjFhLThmNjUt
MDM5MGVkNzczMmE1LzEvMWdXNHdJbkFfZFN3YVR5YnpLMmNFQ25OOUdNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Mi80OTJlNTYtMGJhZS00NjFhLThmNjUtMDM5MGVkNzczMmE1
LzEvd1A3QmVIWTZjQjRpRVdjdUxqYm0xU2YwSHowLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAsHxGAwQA
wamFMA0GCSqGSIb3DQEBCwUAA4IBAQBScmrvl+5uSGZL3FmdvxkFSnVLo2H1nhe8
dJ8ICFm8lgmiK1pMYlVqCZ3ByKxTKMbQW3NIagx+C9U6xuTADCfFaNSyZdS2PcSR
f+p2TxwJiArbImIpp7hhvjXOYNoESyMRVXwzuXzzMCgEsIP4l1fx6BX4NynrIpPJ
8E600e2m/jkwBdO4BUCYCj1RYjKfexEt4tmpbddL3AFndcPNVWQABoithd9JwwRM
/ijU/zt808N+JAr5Ni4VufZu6I0PLP5F4Lt/PLGHhhtz291ttK18BRWVtC/IoooW
YlFgtajF/Lg/CqM6LMwCDyZ7WiN8adDjaDemn+qAedJXgy3a5osj
-----END CERTIFICATE-----