Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/90/4bc7fa-0462-4cf6-9189-ae4e698664f1/1/W-jYS_PCrAq3_zdWEcwjUf3Wi1I.roa
File:                     W-jYS_PCrAq3_zdWEcwjUf3Wi1I.roa (raw, json)
Hash identifier:          IVV5CVl2S9wNArhrvTucQri2efMJot4DbuYaM57L0e8=
Subject key identifier:   5B:E8:D8:4B:F3:C2:AC:0A:B7:FF:37:56:11:CC:23:51:FD:D6:8B:52
Certificate issuer:       /CN=a561ccb03741056715a6be4805321662d88e7e7c
Certificate serial:       018CC42546CE55B76CE4D3F635C5CB3C4B07
Authority key identifier: A5:61:CC:B0:37:41:05:67:15:A6:BE:48:05:32:16:62:D8:8E:7E:7C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pWHMsDdBBWcVpr5IBTIWYtiOfnw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/90/4bc7fa-0462-4cf6-9189-ae4e698664f1/1/W-jYS_PCrAq3_zdWEcwjUf3Wi1I.roa
Signing time:             Mon 01 Jan 2024 08:30:26 +0000
ROA not before:           Mon 01 Jan 2024 08:30:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35280
IP address blocks:        185.142.148.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/90/4bc7fa-0462-4cf6-9189-ae4e698664f1/1/pWHMsDdBBWcVpr5IBTIWYtiOfnw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/90/4bc7fa-0462-4cf6-9189-ae4e698664f1/1/pWHMsDdBBWcVpr5IBTIWYtiOfnw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pWHMsDdBBWcVpr5IBTIWYtiOfnw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 May 2024 08:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:46:ce:55:b7:6c:e4:d3:f6:35:c5:cb:3c:4b:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a561ccb03741056715a6be4805321662d88e7e7c
        Validity
            Not Before: Jan  1 08:30:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5be8d84bf3c2ac0ab7ff375611cc2351fdd68b52
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:ff:66:b5:8a:5a:26:cb:19:73:2f:db:e9:65:
                    3c:50:9a:3d:a1:b2:4e:f6:b7:ce:13:15:b8:ce:28:
                    32:a5:18:d9:83:76:89:c7:cb:40:86:e6:2d:10:fc:
                    76:54:62:ce:62:72:d8:b4:18:dd:46:4e:1d:99:d7:
                    83:41:1c:a1:67:65:b0:59:dc:30:30:57:67:24:3a:
                    94:4a:1e:d9:4b:b0:04:34:51:4d:6e:cd:59:3d:e6:
                    c8:e2:00:75:7d:e2:7e:41:9e:73:6b:f6:39:8e:a4:
                    b2:f5:b4:d2:8d:39:0a:c1:8a:33:63:11:ab:ef:76:
                    fa:2d:b3:66:25:e4:85:1b:c2:f7:48:08:89:08:ed:
                    d4:77:32:f3:ec:3f:78:37:d5:c0:02:4b:9f:38:57:
                    2c:86:c7:27:ff:9c:ff:c4:eb:8b:09:dd:c0:ae:51:
                    93:67:c5:69:8f:a9:f2:70:fb:dd:44:31:e6:eb:6a:
                    bb:6f:93:53:fd:e6:63:81:e5:66:02:25:a0:b0:d7:
                    91:a1:0d:f0:1a:72:df:6c:25:a1:f7:6c:2f:84:60:
                    79:55:5b:d4:b6:c0:ca:b1:04:7a:75:18:3b:24:da:
                    58:66:f1:34:e3:ec:d2:1f:8a:8d:33:e6:17:e9:de:
                    d3:87:1d:41:0d:da:09:03:46:ef:07:8a:12:b6:42:
                    ec:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:E8:D8:4B:F3:C2:AC:0A:B7:FF:37:56:11:CC:23:51:FD:D6:8B:52
            X509v3 Authority Key Identifier:
                keyid:A5:61:CC:B0:37:41:05:67:15:A6:BE:48:05:32:16:62:D8:8E:7E:7C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pWHMsDdBBWcVpr5IBTIWYtiOfnw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/90/4bc7fa-0462-4cf6-9189-ae4e698664f1/1/W-jYS_PCrAq3_zdWEcwjUf3Wi1I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/90/4bc7fa-0462-4cf6-9189-ae4e698664f1/1/pWHMsDdBBWcVpr5IBTIWYtiOfnw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.142.148.0/24

    Signature Algorithm: sha256WithRSAEncryption
         03:43:0e:6c:ed:1e:b6:5d:a9:82:90:6d:36:88:23:eb:a9:9b:
         ae:18:be:3e:46:ef:4a:b6:ae:7d:da:d6:f3:75:56:06:9f:40:
         9a:eb:7e:f2:74:d4:d0:42:9f:38:a2:04:24:85:86:38:66:2a:
         59:40:24:10:45:9b:e4:44:0b:b6:70:2d:dc:02:a6:00:49:84:
         97:52:92:d9:25:a5:48:f1:08:d1:80:23:27:f6:9c:fd:7f:b8:
         b7:ff:1a:8d:fb:7d:4f:01:2c:01:f0:d1:7a:15:d6:3f:52:ec:
         a1:b9:39:19:3c:31:ac:f6:d5:c7:5f:36:62:03:6a:a5:4c:2d:
         87:f4:a4:73:3b:52:d2:43:d9:08:ce:a9:07:f9:95:a0:e1:c2:
         ed:74:f1:59:15:bc:40:d7:b2:7d:41:da:a9:fa:05:97:20:a4:
         58:1b:14:66:2f:b4:72:51:c6:e7:48:34:58:ec:2b:59:a3:e5:
         c9:8c:35:fe:03:ed:74:13:38:fc:0c:af:f6:6c:c5:ac:7a:33:
         03:9c:ad:05:a5:b5:3a:59:b7:64:fe:f7:69:bc:a4:6d:4e:ea:
         e8:6b:1b:17:e9:00:34:4d:77:11:1c:97:08:e1:aa:11:66:c0:
         83:0a:9a:33:2d:2f:52:b5:c6:e3:fe:68:99:1d:ec:e6:d4:33:
         01:01:ea:2c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJUbOVbds5NP2NcXLPEsHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE1NjFjY2IwMzc0MTA1NjcxNWE2YmU0ODA1MzIxNjYyZDg4
ZTdlN2MwHhcNMjQwMTAxMDgzMDI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YmU4ZDg0YmYzYzJhYzBhYjdmZjM3NTYxMWNjMjM1MWZkZDY4YjUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp/9mtYpaJssZcy/b6WU8UJo9obJO
9rfOExW4zigypRjZg3aJx8tAhuYtEPx2VGLOYnLYtBjdRk4dmdeDQRyhZ2WwWdww
MFdnJDqUSh7ZS7AENFFNbs1ZPebI4gB1feJ+QZ5za/Y5jqSy9bTSjTkKwYozYxGr
73b6LbNmJeSFG8L3SAiJCO3UdzLz7D94N9XAAkufOFcshscn/5z/xOuLCd3ArlGT
Z8Vpj6nycPvdRDHm62q7b5NT/eZjgeVmAiWgsNeRoQ3wGnLfbCWh92wvhGB5VVvU
tsDKsQR6dRg7JNpYZvE04+zSH4qNM+YX6d7Thx1BDdoJA0bvB4oStkLsoQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFvo2EvzwqwKt/83VhHMI1H91otSMB8GA1UdIwQY
MBaAFKVhzLA3QQVnFaa+SAUyFmLYjn58MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcFdITXNEZEJCV2NWcHI1SUJUSVdZdGlPZm53LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MC80YmM3ZmEtMDQ2Mi00Y2Y2LTkxODkt
YWU0ZTY5ODY2NGYxLzEvVy1qWVNfUENyQXEzX3pkV0Vjd2pVZjNXaTFJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MC80YmM3ZmEtMDQ2Mi00Y2Y2LTkxODktYWU0ZTY5ODY2NGYx
LzEvcFdITXNEZEJCV2NWcHI1SUJUSVdZdGlPZm53LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuY6UMA0G
CSqGSIb3DQEBCwUAA4IBAQADQw5s7R62XamCkG02iCPrqZuuGL4+Ru9Ktq592tbz
dVYGn0Ca637ydNTQQp84ogQkhYY4ZipZQCQQRZvkRAu2cC3cAqYASYSXUpLZJaVI
8QjRgCMn9pz9f7i3/xqN+31PASwB8NF6FdY/UuyhuTkZPDGs9tXHXzZiA2qlTC2H
9KRzO1LSQ9kIzqkH+ZWg4cLtdPFZFbxA17J9Qdqp+gWXIKRYGxRmL7RyUcbnSDRY
7CtZo+XJjDX+A+10Ezj8DK/2bMWsejMDnK0FpbU6Wbdk/vdpvKRtTuroaxsX6QA0
TXcRHJcI4aoRZsCDCpozLS9Stcbj/miZHezm1DMBAeos
-----END CERTIFICATE-----