Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/84/4f1b27-326a-4679-a64b-da6153885f3b/1/vWXWhkktZWC2_i0zKz5vdi-IvuE.roa
File:                     vWXWhkktZWC2_i0zKz5vdi-IvuE.roa (raw, json)
Hash identifier:          D7lRMIA1f5sBgefITMxbK3yGHotRr10qyY6m4yVQx28=
Subject key identifier:   BD:65:D6:86:49:2D:65:60:B6:FE:2D:33:2B:3E:6F:76:2F:88:BE:E1
Certificate issuer:       /CN=583d76051017d0afa915fcfb790a00f4667b0a88
Certificate serial:       019427485C35A9C467F161FE25824D1C4FC2
Authority key identifier: 58:3D:76:05:10:17:D0:AF:A9:15:FC:FB:79:0A:00:F4:66:7B:0A:88
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WD12BRAX0K-pFfz7eQoA9GZ7Cog.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/84/4f1b27-326a-4679-a64b-da6153885f3b/1/vWXWhkktZWC2_i0zKz5vdi-IvuE.roa
Signing time:             Thu 02 Jan 2025 13:50:41 +0000
ROA not before:           Thu 02 Jan 2025 13:50:41 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     61209
IP address blocks:        194.225.80.0/22 maxlen: 24
                          194.225.80.0/23 maxlen: 23
                          194.225.82.0/23 maxlen: 24
                          194.225.84.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/84/4f1b27-326a-4679-a64b-da6153885f3b/1/WD12BRAX0K-pFfz7eQoA9GZ7Cog.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/84/4f1b27-326a-4679-a64b-da6153885f3b/1/WD12BRAX0K-pFfz7eQoA9GZ7Cog.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WD12BRAX0K-pFfz7eQoA9GZ7Cog.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 19 Apr 2025 01:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:48:5c:35:a9:c4:67:f1:61:fe:25:82:4d:1c:4f:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=583d76051017d0afa915fcfb790a00f4667b0a88
        Validity
            Not Before: Jan  2 13:50:41 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=bd65d686492d6560b6fe2d332b3e6f762f88bee1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:d3:c4:de:ce:45:ff:4d:41:6c:3b:a6:ab:65:
                    46:ad:fb:61:12:17:3e:0d:94:9a:12:c1:3e:c5:04:
                    17:f2:d5:8e:da:df:a4:33:6a:20:5b:08:ca:49:08:
                    4c:23:92:7d:62:6b:23:cf:81:9a:d4:70:f4:ad:6b:
                    ee:a5:f6:d7:38:28:18:98:06:71:85:76:2e:4b:6e:
                    3e:01:47:d0:97:de:20:4a:96:4d:18:5d:c8:eb:69:
                    71:a6:c0:b0:64:22:1b:7d:dc:c3:55:93:b5:7c:04:
                    ad:a7:a8:28:2a:7c:f7:95:d3:56:5f:0e:c2:c8:40:
                    02:68:d9:7e:15:ee:2f:1e:3d:3b:d0:2a:68:fc:3f:
                    07:c9:37:7e:b1:d8:fd:3c:1a:2c:b9:9b:8c:f4:c3:
                    b7:85:83:92:02:40:6d:26:5a:96:40:91:bc:30:6b:
                    f5:56:c5:95:83:cc:24:56:a6:48:4b:ed:a2:2f:a2:
                    0e:49:e0:8e:85:ba:d3:7f:32:dd:85:41:43:f3:11:
                    ec:6b:6b:3f:73:b4:91:7e:54:63:b0:cd:04:86:c0:
                    07:26:f7:11:d3:d7:1a:d8:0f:55:a3:1d:2f:e7:6a:
                    e1:c8:35:04:61:ec:d0:5a:ea:73:a7:12:0f:25:eb:
                    6f:f8:4b:26:8e:44:29:9f:cc:d2:94:de:51:d7:c8:
                    95:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:65:D6:86:49:2D:65:60:B6:FE:2D:33:2B:3E:6F:76:2F:88:BE:E1
            X509v3 Authority Key Identifier:
                keyid:58:3D:76:05:10:17:D0:AF:A9:15:FC:FB:79:0A:00:F4:66:7B:0A:88

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WD12BRAX0K-pFfz7eQoA9GZ7Cog.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/84/4f1b27-326a-4679-a64b-da6153885f3b/1/vWXWhkktZWC2_i0zKz5vdi-IvuE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/84/4f1b27-326a-4679-a64b-da6153885f3b/1/WD12BRAX0K-pFfz7eQoA9GZ7Cog.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.225.80.0-194.225.85.255

    Signature Algorithm: sha256WithRSAEncryption
         15:0b:b6:c8:0e:41:3b:07:ec:63:85:cb:22:f6:ad:db:2f:b5:
         04:63:8f:5e:98:8d:6f:81:f3:e4:fa:95:89:9f:f0:f9:d3:c9:
         6f:8c:c2:b0:53:c9:cd:71:34:ba:bf:0a:41:09:b0:de:3f:8d:
         a4:78:b0:77:4c:6a:3f:df:c8:79:f4:e3:ec:01:69:a9:70:d3:
         ba:e8:e1:66:70:14:69:d8:92:3b:1c:79:a3:1f:d5:c3:d8:5d:
         c4:77:59:fe:c1:6b:65:04:53:31:54:04:af:77:c1:70:1c:cb:
         ee:a3:87:e6:73:b1:67:49:f8:3e:2e:48:37:1c:25:a4:2e:c2:
         04:d4:74:34:41:19:60:8c:1a:57:c7:31:66:e0:9a:2e:fb:d6:
         d1:1a:b0:3f:5c:83:ce:50:83:ef:82:17:d3:4d:18:1a:74:69:
         eb:a2:d6:9b:b6:16:88:50:e3:83:56:2c:e2:ad:dc:58:d2:ac:
         ba:b3:4e:7e:24:12:03:7d:3c:af:e8:87:c3:51:a9:d5:0d:e4:
         db:c3:aa:a7:95:7b:d9:ed:2d:ac:c9:40:7a:b8:77:8f:ee:98:
         dd:5e:8e:f3:c1:48:0d:23:5a:32:40:14:1f:8d:4e:c5:96:08:
         d4:f2:9a:05:22:c9:ee:d9:e4:2c:c5:ce:71:4e:03:01:6a:54:
         4e:cb:0f:be
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZQnSFw1qcRn8WH+JYJNHE/CMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4M2Q3NjA1MTAxN2QwYWZhOTE1ZmNmYjc5MGEwMGY0NjY3
YjBhODgwHhcNMjUwMTAyMTM1MDQxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZDY1ZDY4NjQ5MmQ2NTYwYjZmZTJkMzMyYjNlNmY3NjJmODhiZWUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj9PE3s5F/01BbDumq2VGrfthEhc+
DZSaEsE+xQQX8tWO2t+kM2ogWwjKSQhMI5J9Ymsjz4Ga1HD0rWvupfbXOCgYmAZx
hXYuS24+AUfQl94gSpZNGF3I62lxpsCwZCIbfdzDVZO1fAStp6goKnz3ldNWXw7C
yEACaNl+Fe4vHj070Cpo/D8HyTd+sdj9PBosuZuM9MO3hYOSAkBtJlqWQJG8MGv1
VsWVg8wkVqZIS+2iL6IOSeCOhbrTfzLdhUFD8xHsa2s/c7SRflRjsM0EhsAHJvcR
09ca2A9Vox0v52rhyDUEYezQWupzpxIPJetv+EsmjkQpn8zSlN5R18iV8wIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFL1l1oZJLWVgtv4tMys+b3YviL7hMB8GA1UdIwQY
MBaAFFg9dgUQF9CvqRX8+3kKAPRmewqIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0QxMkJSQVgwSy1wRmZ6N2VRb0E5R1o3Q29nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NC80ZjFiMjctMzI2YS00Njc5LWE2NGIt
ZGE2MTUzODg1ZjNiLzEvdldYV2hra3RaV0MyX2kwekt6NXZkaS1JdnVFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NC80ZjFiMjctMzI2YS00Njc5LWE2NGItZGE2MTUzODg1ZjNi
LzEvV0QxMkJSQVgwSy1wRmZ6N2VRb0E5R1o3Q29nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBATC4VAD
BAHC4VQwDQYJKoZIhvcNAQELBQADggEBABULtsgOQTsH7GOFyyL2rdsvtQRjj16Y
jW+B8+T6lYmf8PnTyW+MwrBTyc1xNLq/CkEJsN4/jaR4sHdMaj/fyHn04+wBaalw
07ro4WZwFGnYkjsceaMf1cPYXcR3Wf7Ba2UEUzFUBK93wXAcy+6jh+ZzsWdJ+D4u
SDccJaQuwgTUdDRBGWCMGlfHMWbgmi771tEasD9cg85Qg++CF9NNGBp0aeui1pu2
FohQ44NWLOKt3FjSrLqzTn4kEgN9PK/oh8NRqdUN5NvDqqeVe9ntLazJQHq4d4/u
mN1ejvPBSA0jWjJAFB+NTsWWCNTymgUiye7Z5CzFznFOAwFqVE7LD74=
-----END CERTIFICATE-----