Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8f/863093-5ed6-43b2-bbda-14c6c5055f88/1/WMXPoc13Uqe498O30TMU9o_T170.roa
File:                     WMXPoc13Uqe498O30TMU9o_T170.roa (raw, json)
Hash identifier:          lft8vD8pORBQtelFXHXBGgVZJyEqTJN0ba+xZvhmwuA=
Subject key identifier:   58:C5:CF:A1:CD:77:52:A7:B8:F7:C3:B7:D1:33:14:F6:8F:D3:D7:BD
Certificate issuer:       /CN=b262bf21de51385859416c4c608001e2025a5d25
Certificate serial:       018F6BE4EFB250DA2B5E27269546DBA4A9FF
Authority key identifier: B2:62:BF:21:DE:51:38:58:59:41:6C:4C:60:80:01:E2:02:5A:5D:25
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/smK_Id5ROFhZQWxMYIAB4gJaXSU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8f/863093-5ed6-43b2-bbda-14c6c5055f88/1/WMXPoc13Uqe498O30TMU9o_T170.roa
Signing time:             Sun 12 May 2024 08:21:56 +0000
ROA not before:           Sun 12 May 2024 08:21:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215000
IP address blocks:        185.19.151.0/24 maxlen: 24
                          185.61.112.0/24 maxlen: 24
                          185.61.113.0/24 maxlen: 24
                          185.61.114.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8f/863093-5ed6-43b2-bbda-14c6c5055f88/1/smK_Id5ROFhZQWxMYIAB4gJaXSU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8f/863093-5ed6-43b2-bbda-14c6c5055f88/1/smK_Id5ROFhZQWxMYIAB4gJaXSU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/smK_Id5ROFhZQWxMYIAB4gJaXSU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:6b:e4:ef:b2:50:da:2b:5e:27:26:95:46:db:a4:a9:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b262bf21de51385859416c4c608001e2025a5d25
        Validity
            Not Before: May 12 08:21:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=58c5cfa1cd7752a7b8f7c3b7d13314f68fd3d7bd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:2d:17:f6:a9:8f:1c:66:5b:48:bb:c0:33:94:
                    f3:61:58:c0:5a:9b:9f:54:f7:3f:af:65:06:eb:0f:
                    e6:5e:03:3b:f1:29:5b:c8:ff:cf:7b:2d:68:cc:59:
                    25:a5:95:69:09:12:3c:84:78:af:20:d7:aa:27:65:
                    08:b0:f7:5e:99:82:4a:f5:a9:9a:af:bc:4d:52:ca:
                    64:f1:38:84:0d:ea:07:80:ec:a5:f5:50:4a:17:c2:
                    66:83:b3:2f:08:de:cf:83:98:a5:a6:7c:94:d0:39:
                    0c:eb:80:3b:e9:ac:61:a3:3a:e4:24:14:f7:f3:c2:
                    44:09:b8:77:b5:7f:4d:53:8d:6d:ef:00:f4:fb:45:
                    f1:ba:a4:83:7d:ec:20:c2:3a:77:7b:0e:de:de:38:
                    d0:bd:07:0f:80:0c:06:b5:81:98:d0:31:29:14:cb:
                    6f:a9:f0:e8:55:d2:89:66:77:d7:2d:24:62:94:01:
                    75:96:14:67:46:94:af:c0:39:3f:38:36:32:10:58:
                    d1:1d:c6:80:39:75:80:44:5e:72:87:4e:91:e3:ba:
                    f3:b5:af:59:8a:8f:be:64:42:ca:ff:3e:6a:4c:24:
                    31:b2:47:4c:43:2f:4e:8b:38:07:83:f3:99:69:fc:
                    c2:d2:96:13:3b:a2:71:fc:7a:af:d6:b1:d3:28:44:
                    4a:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:C5:CF:A1:CD:77:52:A7:B8:F7:C3:B7:D1:33:14:F6:8F:D3:D7:BD
            X509v3 Authority Key Identifier:
                keyid:B2:62:BF:21:DE:51:38:58:59:41:6C:4C:60:80:01:E2:02:5A:5D:25

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/smK_Id5ROFhZQWxMYIAB4gJaXSU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/863093-5ed6-43b2-bbda-14c6c5055f88/1/WMXPoc13Uqe498O30TMU9o_T170.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/863093-5ed6-43b2-bbda-14c6c5055f88/1/smK_Id5ROFhZQWxMYIAB4gJaXSU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.19.151.0/24
                  185.61.112.0-185.61.114.255

    Signature Algorithm: sha256WithRSAEncryption
         00:4e:82:9f:97:e3:76:bd:e8:5c:0f:c4:8a:71:81:2b:92:4c:
         88:17:87:ce:15:55:36:e5:94:d2:c0:53:c7:e2:67:b6:a1:a0:
         b7:ac:76:1c:55:39:55:eb:2b:f5:98:92:03:d3:80:2f:76:59:
         c1:59:37:7d:ad:dd:1d:4d:d9:24:0c:62:68:c0:e6:e9:73:52:
         71:68:8c:8e:34:a3:46:5c:65:95:a9:8a:57:6d:65:ca:e2:1d:
         d8:e7:1d:3b:80:1c:c0:af:15:10:21:ef:60:45:f8:c9:96:99:
         95:56:8d:95:c0:32:f0:47:6f:06:91:02:b0:9e:10:2f:ca:90:
         c3:f7:5d:54:b2:83:50:7c:6d:44:a8:dc:ef:5b:28:c3:18:4f:
         15:da:15:76:04:78:67:53:32:fb:a6:73:24:55:cc:fa:58:db:
         2f:c3:93:a6:d2:a3:0f:18:57:27:57:a1:89:cd:ad:13:d9:06:
         2e:57:55:af:11:97:63:4f:28:6c:c8:47:bb:4a:3d:60:d5:e7:
         35:2d:76:9d:f4:48:c9:5d:76:db:31:96:e8:d2:d0:5b:ab:8d:
         f0:f6:fc:dd:c4:47:6b:c8:b5:da:af:4a:0d:95:39:bc:ad:b5:
         87:e5:89:83:79:6d:08:11:c4:4a:85:94:94:0a:47:dd:7b:83:
         0a:f8:be:8e
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAY9r5O+yUNorXicmlUbbpKn/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIyNjJiZjIxZGU1MTM4NTg1OTQxNmM0YzYwODAwMWUyMDI1
YTVkMjUwHhcNMjQwNTEyMDgyMTU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OGM1Y2ZhMWNkNzc1MmE3YjhmN2MzYjdkMTMzMTRmNjhmZDNkN2JkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApC0X9qmPHGZbSLvAM5TzYVjAWpuf
VPc/r2UG6w/mXgM78SlbyP/Pey1ozFklpZVpCRI8hHivINeqJ2UIsPdemYJK9ama
r7xNUspk8TiEDeoHgOyl9VBKF8Jmg7MvCN7Pg5ilpnyU0DkM64A76axhozrkJBT3
88JECbh3tX9NU41t7wD0+0XxuqSDfewgwjp3ew7e3jjQvQcPgAwGtYGY0DEpFMtv
qfDoVdKJZnfXLSRilAF1lhRnRpSvwDk/ODYyEFjRHcaAOXWARF5yh06R47rzta9Z
io++ZELK/z5qTCQxskdMQy9OizgHg/OZafzC0pYTO6Jx/Hqv1rHTKERKxQIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFFjFz6HNd1KnuPfDt9EzFPaP09e9MB8GA1UdIwQY
MBaAFLJivyHeUThYWUFsTGCAAeICWl0lMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc21LX0lkNVJPRmhaUVd4TVlJQUI0Z0phWFNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Zi84NjMwOTMtNWVkNi00M2IyLWJiZGEt
MTRjNmM1MDU1Zjg4LzEvV01YUG9jMTNVcWU0OThPMzBUTVU5b19UMTcwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Zi84NjMwOTMtNWVkNi00M2IyLWJiZGEtMTRjNmM1MDU1Zjg4
LzEvc21LX0lkNVJPRmhaUVd4TVlJQUI0Z0phWFNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUAwQAuROXMAwD
BAS5PXADBAC5PXIwDQYJKoZIhvcNAQELBQADggEBAABOgp+X43a96FwPxIpxgSuS
TIgXh84VVTbllNLAU8fiZ7ahoLesdhxVOVXrK/WYkgPTgC92WcFZN32t3R1N2SQM
YmjA5ulzUnFojI40o0ZcZZWpildtZcriHdjnHTuAHMCvFRAh72BF+MmWmZVWjZXA
MvBHbwaRArCeEC/KkMP3XVSyg1B8bUSo3O9bKMMYTxXaFXYEeGdTMvumcyRVzPpY
2y/Dk6bSow8YVydXoYnNrRPZBi5XVa8Rl2NPKGzIR7tKPWDV5zUtdp30SMlddtsx
lujS0FurjfD2/N3ER2vItdqvSg2VObyttYfliYN5bQgRxEqFlJQKR917gwr4vo4=
-----END CERTIFICATE-----