Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/83/a267f0-9efb-44af-a06a-61ddbf1c349b/1/WLUDJc0NGcw5kRS_oVSDkKAtSh8.roa
File:                     WLUDJc0NGcw5kRS_oVSDkKAtSh8.roa (raw, json)
Hash identifier:          y0eDvzCwkaPJWyUTAn+tyd5yEPIrTX34ivtbbOwzQrM=
Subject key identifier:   58:B5:03:25:CD:0D:19:CC:39:91:14:BF:A1:54:83:90:A0:2D:4A:1F
Certificate issuer:       /CN=78f0d8950c0fdb41dfd57c5948282520611c16c3
Certificate serial:       0190752F16406E01F16BBCCD6EF8A94E11F1
Authority key identifier: 78:F0:D8:95:0C:0F:DB:41:DF:D5:7C:59:48:28:25:20:61:1C:16:C3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ePDYlQwP20Hf1XxZSCglIGEcFsM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/83/a267f0-9efb-44af-a06a-61ddbf1c349b/1/WLUDJc0NGcw5kRS_oVSDkKAtSh8.roa
Signing time:             Tue 02 Jul 2024 20:42:18 +0000
ROA not before:           Tue 02 Jul 2024 20:42:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39704
IP address blocks:        91.208.60.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/83/a267f0-9efb-44af-a06a-61ddbf1c349b/1/ePDYlQwP20Hf1XxZSCglIGEcFsM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/83/a267f0-9efb-44af-a06a-61ddbf1c349b/1/ePDYlQwP20Hf1XxZSCglIGEcFsM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ePDYlQwP20Hf1XxZSCglIGEcFsM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Sep 2024 20:01:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:75:2f:16:40:6e:01:f1:6b:bc:cd:6e:f8:a9:4e:11:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=78f0d8950c0fdb41dfd57c5948282520611c16c3
        Validity
            Not Before: Jul  2 20:42:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=58b50325cd0d19cc399114bfa1548390a02d4a1f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:91:43:f2:27:71:61:fb:0d:4d:a5:43:12:b3:
                    4d:ae:9c:7f:31:bc:0d:ee:ec:5f:9c:9c:1c:f4:7a:
                    6a:77:54:d8:38:3a:13:07:dc:09:44:77:70:c2:2c:
                    55:6b:21:93:2f:4d:f3:d8:9a:ed:0b:64:e8:b1:e4:
                    14:13:24:ad:b7:b5:18:31:1f:58:71:27:e6:08:fa:
                    58:a0:6c:65:da:ac:b2:88:47:7f:c9:dd:4f:14:62:
                    f3:1b:8c:d3:b5:f2:d7:c7:9a:5d:fd:91:46:94:92:
                    e6:9c:e1:74:1b:6c:cc:1f:71:bd:87:21:7f:a9:2e:
                    07:2d:a5:04:6e:09:54:4c:31:a1:87:3c:73:00:f5:
                    34:79:69:f5:7d:5f:12:23:c9:aa:a3:48:98:2a:d2:
                    59:18:1a:c1:41:b0:d2:84:1a:3e:4a:b5:14:e8:b3:
                    32:06:4a:b8:a4:c7:c2:05:5a:c6:54:2d:ff:90:0d:
                    8e:88:38:90:f1:6f:fe:3a:44:9a:3e:90:6e:49:35:
                    6d:c4:c3:57:a8:94:5e:93:ba:f7:15:d3:2c:45:ab:
                    a2:2d:a9:51:c5:08:78:36:d2:87:13:55:3c:90:b2:
                    d0:b8:7a:94:37:ec:6c:af:44:78:2d:dd:b0:61:35:
                    9d:01:b5:ae:4e:b6:7a:b5:9e:cf:cf:7e:3c:18:d0:
                    d0:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:B5:03:25:CD:0D:19:CC:39:91:14:BF:A1:54:83:90:A0:2D:4A:1F
            X509v3 Authority Key Identifier:
                keyid:78:F0:D8:95:0C:0F:DB:41:DF:D5:7C:59:48:28:25:20:61:1C:16:C3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ePDYlQwP20Hf1XxZSCglIGEcFsM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/83/a267f0-9efb-44af-a06a-61ddbf1c349b/1/WLUDJc0NGcw5kRS_oVSDkKAtSh8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/83/a267f0-9efb-44af-a06a-61ddbf1c349b/1/ePDYlQwP20Hf1XxZSCglIGEcFsM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.208.60.0/24

    Signature Algorithm: sha256WithRSAEncryption
         24:41:49:4a:ba:c2:e9:c8:7f:21:92:aa:a8:38:f8:6f:89:83:
         f3:15:c4:b4:67:d0:27:45:3f:13:f0:23:b7:da:b0:9f:57:5d:
         59:4c:89:bf:44:41:33:23:f4:6f:91:55:8d:5f:91:95:18:1a:
         51:b8:75:d7:89:88:38:4a:25:b2:1c:d5:53:fb:53:a9:a4:8f:
         28:3b:a4:77:ff:07:ec:50:d6:6a:91:fa:f6:b3:a3:88:46:89:
         dd:09:e7:26:33:23:43:76:e3:31:e8:32:74:71:dd:aa:99:88:
         75:f5:e6:70:5e:bc:b8:56:3e:29:ee:9a:60:76:85:79:8f:ae:
         c3:ba:3b:68:d5:cd:96:92:37:05:dc:bf:18:4b:51:82:ca:54:
         a8:7b:49:0a:ec:7b:c5:49:ec:19:ba:30:7f:77:97:62:6a:d8:
         fd:95:c9:45:12:68:e4:19:7e:8f:91:79:b0:8e:38:87:11:72:
         96:28:c3:30:67:6b:d4:78:c1:7d:0c:8b:12:4c:29:87:88:b5:
         83:49:f9:ad:42:c9:58:59:0d:ae:97:88:f3:54:c1:e0:ac:5b:
         a8:54:d8:79:7e:9d:3f:7c:25:ef:f2:00:1c:e7:72:8d:e9:c4:
         2e:49:89:51:9a:f3:71:ce:3c:26:90:22:ae:bc:4a:de:1a:6b:
         f7:04:fb:45
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZB1LxZAbgHxa7zNbvipThHxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc4ZjBkODk1MGMwZmRiNDFkZmQ1N2M1OTQ4MjgyNTIwNjEx
YzE2YzMwHhcNMjQwNzAyMjA0MjE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OGI1MDMyNWNkMGQxOWNjMzk5MTE0YmZhMTU0ODM5MGEwMmQ0YTFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApJFD8idxYfsNTaVDErNNrpx/MbwN
7uxfnJwc9Hpqd1TYODoTB9wJRHdwwixVayGTL03z2JrtC2ToseQUEyStt7UYMR9Y
cSfmCPpYoGxl2qyyiEd/yd1PFGLzG4zTtfLXx5pd/ZFGlJLmnOF0G2zMH3G9hyF/
qS4HLaUEbglUTDGhhzxzAPU0eWn1fV8SI8mqo0iYKtJZGBrBQbDShBo+SrUU6LMy
Bkq4pMfCBVrGVC3/kA2OiDiQ8W/+OkSaPpBuSTVtxMNXqJRek7r3FdMsRauiLalR
xQh4NtKHE1U8kLLQuHqUN+xsr0R4Ld2wYTWdAbWuTrZ6tZ7Pz348GNDQsQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFi1AyXNDRnMOZEUv6FUg5CgLUofMB8GA1UdIwQY
MBaAFHjw2JUMD9tB39V8WUgoJSBhHBbDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZVBEWWxRd1AyMEhmMVh4WlNDZ2xJR0VjRnNNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84My9hMjY3ZjAtOWVmYi00NGFmLWEwNmEt
NjFkZGJmMWMzNDliLzEvV0xVREpjME5HY3c1a1JTX29WU0RrS0F0U2g4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84My9hMjY3ZjAtOWVmYi00NGFmLWEwNmEtNjFkZGJmMWMzNDli
LzEvZVBEWWxRd1AyMEhmMVh4WlNDZ2xJR0VjRnNNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9A8MA0G
CSqGSIb3DQEBCwUAA4IBAQAkQUlKusLpyH8hkqqoOPhviYPzFcS0Z9AnRT8T8CO3
2rCfV11ZTIm/REEzI/RvkVWNX5GVGBpRuHXXiYg4SiWyHNVT+1OppI8oO6R3/wfs
UNZqkfr2s6OIRondCecmMyNDduMx6DJ0cd2qmYh19eZwXry4Vj4p7ppgdoV5j67D
ujto1c2WkjcF3L8YS1GCylSoe0kK7HvFSewZujB/d5diatj9lclFEmjkGX6PkXmw
jjiHEXKWKMMwZ2vUeMF9DIsSTCmHiLWDSfmtQslYWQ2ul4jzVMHgrFuoVNh5fp0/
fCXv8gAc53KN6cQuSYlRmvNxzjwmkCKuvEreGmv3BPtF
-----END CERTIFICATE-----