Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/85/cfa2ae-e524-4bd0-875b-89ace38220fb/1/wm21lM5E1OHTZv85CK-SP_xfgMs.roa
File:                     wm21lM5E1OHTZv85CK-SP_xfgMs.roa (raw, json)
Hash identifier:          0+J3pmGbRf7xhKyzxQNPnRm8cHm2CCWNtBJBm88I5XM=
Subject key identifier:   C2:6D:B5:94:CE:44:D4:E1:D3:66:FF:39:08:AF:92:3F:FC:5F:80:CB
Certificate issuer:       /CN=46ba3f80039b9e784cfb24bf2c7ddb24e1900a76
Certificate serial:       018CC348FC2EC8AEE6B5C9DFA91F9CB5074C
Authority key identifier: 46:BA:3F:80:03:9B:9E:78:4C:FB:24:BF:2C:7D:DB:24:E1:90:0A:76
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Rro_gAObnnhM-yS_LH3bJOGQCnY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/85/cfa2ae-e524-4bd0-875b-89ace38220fb/1/wm21lM5E1OHTZv85CK-SP_xfgMs.roa
Signing time:             Mon 01 Jan 2024 04:29:49 +0000
ROA not before:           Mon 01 Jan 2024 04:29:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201512
IP address blocks:        176.101.92.0/24 maxlen: 24
                          185.62.202.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/85/cfa2ae-e524-4bd0-875b-89ace38220fb/1/Rro_gAObnnhM-yS_LH3bJOGQCnY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/85/cfa2ae-e524-4bd0-875b-89ace38220fb/1/Rro_gAObnnhM-yS_LH3bJOGQCnY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Rro_gAObnnhM-yS_LH3bJOGQCnY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 09:01:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:fc:2e:c8:ae:e6:b5:c9:df:a9:1f:9c:b5:07:4c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=46ba3f80039b9e784cfb24bf2c7ddb24e1900a76
        Validity
            Not Before: Jan  1 04:29:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c26db594ce44d4e1d366ff3908af923ffc5f80cb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:76:b8:2c:8e:33:26:2c:5c:2c:4d:13:0a:d1:
                    30:50:c0:76:9f:b6:77:87:01:23:9d:c8:51:c7:5a:
                    69:55:06:5f:14:ec:ac:8c:3e:7b:e6:e4:81:92:4c:
                    7e:1e:a0:2c:43:62:b8:98:72:c0:3c:aa:f3:30:43:
                    e4:21:8d:e6:e2:fb:6b:50:26:84:c6:af:a1:ad:18:
                    81:8e:ce:8f:61:63:f5:46:09:f7:20:3a:b5:92:03:
                    b8:a0:30:18:23:ba:0c:53:33:c4:7d:ca:f4:f0:be:
                    f2:bd:c8:5c:e2:93:8f:5f:0e:16:19:bf:c8:a6:0e:
                    96:5c:90:63:5e:62:9d:bd:66:7f:26:2f:54:3b:41:
                    d6:de:e0:17:c0:14:c0:04:d2:c1:ca:44:86:9e:a7:
                    48:46:ba:84:93:1f:f0:c6:c4:41:94:36:71:0c:78:
                    e7:f6:eb:07:2d:98:fa:08:9b:17:7f:80:c9:eb:06:
                    22:dd:a7:4c:39:f5:30:73:35:b6:36:45:cf:35:65:
                    1b:15:af:be:3b:1a:5e:93:95:d8:b4:1e:86:46:6f:
                    05:24:62:2a:d3:68:2c:5e:09:e7:61:9a:c3:7d:7c:
                    51:80:4f:3f:f2:a6:dc:1a:65:ba:d0:06:37:7e:72:
                    3b:53:13:ee:2d:dc:4e:20:fb:34:3f:d6:08:c7:74:
                    bf:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C2:6D:B5:94:CE:44:D4:E1:D3:66:FF:39:08:AF:92:3F:FC:5F:80:CB
            X509v3 Authority Key Identifier:
                keyid:46:BA:3F:80:03:9B:9E:78:4C:FB:24:BF:2C:7D:DB:24:E1:90:0A:76

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Rro_gAObnnhM-yS_LH3bJOGQCnY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/85/cfa2ae-e524-4bd0-875b-89ace38220fb/1/wm21lM5E1OHTZv85CK-SP_xfgMs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/85/cfa2ae-e524-4bd0-875b-89ace38220fb/1/Rro_gAObnnhM-yS_LH3bJOGQCnY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.101.92.0/24
                  185.62.202.0/24

    Signature Algorithm: sha256WithRSAEncryption
         80:a0:e0:1c:03:e3:6d:e1:0c:ad:93:46:73:06:be:90:4e:ee:
         4a:22:98:55:25:22:c1:b6:91:53:53:17:5e:30:d1:ea:b7:68:
         cf:a7:11:68:67:8e:c8:64:39:ab:76:f2:39:80:47:a7:5c:b0:
         43:5b:b6:87:d7:2e:c8:0b:39:0c:39:6d:b2:d5:aa:64:4f:ae:
         a7:b2:13:68:6f:84:df:2a:86:50:76:fa:49:45:a6:02:82:89:
         f1:a8:4a:61:0d:1d:77:2b:2c:b6:a0:7a:93:42:1d:39:17:7e:
         83:f5:e3:d7:a4:d5:50:e1:7e:d1:e4:b6:ed:a5:95:7b:dc:8c:
         42:63:27:ba:72:3d:a9:c4:f6:47:08:83:74:df:85:94:ce:ac:
         ec:df:b3:0e:e1:41:1c:19:f4:6a:09:54:1a:bb:c1:44:18:2b:
         be:a4:3f:3f:70:4a:f2:0f:5f:43:cd:b9:01:36:6c:22:65:df:
         10:a8:f7:b2:81:c5:4b:75:f3:be:fb:8b:3e:e1:dd:a6:1c:e1:
         39:32:77:18:25:65:45:54:a2:64:84:87:11:39:2a:6b:20:be:
         27:68:c6:b1:98:ed:ad:cf:c2:20:3c:eb:f9:fb:b4:92:e2:41:
         f1:9e:3c:8e:cd:99:04:96:d9:94:8f:65:08:d9:c1:fb:f0:ea:
         48:d7:55:13
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzDSPwuyK7mtcnfqR+ctQdMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ2YmEzZjgwMDM5YjllNzg0Y2ZiMjRiZjJjN2RkYjI0ZTE5
MDBhNzYwHhcNMjQwMTAxMDQyOTQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMjZkYjU5NGNlNDRkNGUxZDM2NmZmMzkwOGFmOTIzZmZjNWY4MGNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh3a4LI4zJixcLE0TCtEwUMB2n7Z3
hwEjnchRx1ppVQZfFOysjD575uSBkkx+HqAsQ2K4mHLAPKrzMEPkIY3m4vtrUCaE
xq+hrRiBjs6PYWP1Rgn3IDq1kgO4oDAYI7oMUzPEfcr08L7yvchc4pOPXw4WGb/I
pg6WXJBjXmKdvWZ/Ji9UO0HW3uAXwBTABNLBykSGnqdIRrqEkx/wxsRBlDZxDHjn
9usHLZj6CJsXf4DJ6wYi3adMOfUwczW2NkXPNWUbFa++Oxpek5XYtB6GRm8FJGIq
02gsXgnnYZrDfXxRgE8/8qbcGmW60AY3fnI7UxPuLdxOIPs0P9YIx3S/kQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFMJttZTORNTh02b/OQivkj/8X4DLMB8GA1UdIwQY
MBaAFEa6P4ADm554TPskvyx92yThkAp2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUnJvX2dBT2JubmhNLXlTX0xIM2JKT0dRQ25ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NS9jZmEyYWUtZTUyNC00YmQwLTg3NWIt
ODlhY2UzODIyMGZiLzEvd20yMWxNNUUxT0hUWnY4NUNLLVNQX3hmZ01zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NS9jZmEyYWUtZTUyNC00YmQwLTg3NWItODlhY2UzODIyMGZi
LzEvUnJvX2dBT2JubmhNLXlTX0xIM2JKT0dRQ25ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAsGVcAwQA
uT7KMA0GCSqGSIb3DQEBCwUAA4IBAQCAoOAcA+Nt4Qytk0ZzBr6QTu5KIphVJSLB
tpFTUxdeMNHqt2jPpxFoZ47IZDmrdvI5gEenXLBDW7aH1y7ICzkMOW2y1apkT66n
shNob4TfKoZQdvpJRaYCgonxqEphDR13Kyy2oHqTQh05F36D9ePXpNVQ4X7R5Lbt
pZV73IxCYye6cj2pxPZHCIN034WUzqzs37MO4UEcGfRqCVQau8FEGCu+pD8/cEry
D19DzbkBNmwiZd8QqPeygcVLdfO++4s+4d2mHOE5MncYJWVFVKJkhIcROSprIL4n
aMaxmO2tz8IgPOv5+7SS4kHxnjyOzZkEltmUj2UI2cH78OpI11UT
-----END CERTIFICATE-----