Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/wxnY9b08TChoTsEaJKPXwUNJu2w.roa
File:                     wxnY9b08TChoTsEaJKPXwUNJu2w.roa (raw, json)
Hash identifier:          4xmNSWLl66S4Gx8/VecC1LiCWStD7lekOa9TDQb8Sdk=
Subject key identifier:   C3:19:D8:F5:BD:3C:4C:28:68:4E:C1:1A:24:A3:D7:C1:43:49:BB:6C
Certificate issuer:       /CN=f13533399f55eb52e6b2200c7cae4272b74d6464
Certificate serial:       018D05F6DCC0D237213973FFB0A41189C5E2
Authority key identifier: F1:35:33:39:9F:55:EB:52:E6:B2:20:0C:7C:AE:42:72:B7:4D:64:64
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/wxnY9b08TChoTsEaJKPXwUNJu2w.roa
Signing time:             Sun 14 Jan 2024 03:14:40 +0000
ROA not before:           Sun 14 Jan 2024 03:14:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204104
IP address blocks:        5.57.33.0/24 maxlen: 24
                          185.26.32.0/24 maxlen: 24
                          185.26.33.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 14:00:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:05:f6:dc:c0:d2:37:21:39:73:ff:b0:a4:11:89:c5:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f13533399f55eb52e6b2200c7cae4272b74d6464
        Validity
            Not Before: Jan 14 03:14:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c319d8f5bd3c4c28684ec11a24a3d7c14349bb6c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:ea:54:2b:a4:0a:2c:79:6b:aa:85:d3:91:6e:
                    ba:ba:72:5a:23:d0:8f:68:a7:95:67:6c:7a:01:db:
                    3c:9a:13:70:12:76:48:45:7a:86:c2:b5:cf:06:00:
                    26:34:26:7b:58:fd:da:07:ab:88:17:8e:5a:be:5e:
                    a2:ee:31:4e:b1:1d:22:e5:32:51:6e:4f:d1:39:32:
                    d1:f0:27:a9:4c:a4:0e:19:c1:c8:5e:d2:79:5a:f5:
                    89:71:2c:95:0a:74:08:c8:9e:0f:24:c2:6a:a6:a6:
                    9c:dc:f7:32:6c:c7:8c:97:f7:7a:e7:f7:ff:5f:e9:
                    76:e4:c2:70:80:55:46:b4:3f:09:27:fb:8c:cb:77:
                    87:c7:32:ae:bc:48:3f:9c:62:ed:1d:d1:40:4f:0a:
                    9c:00:4e:bf:cf:dc:cd:d7:b2:6e:8f:c7:16:d2:fc:
                    9f:fd:65:af:94:cd:e7:4a:58:2b:e2:a8:d1:b5:92:
                    18:d5:93:f1:0c:48:ea:d5:c1:12:6e:d3:03:d3:ce:
                    f5:25:67:8b:16:ba:af:14:ef:2e:4d:b3:80:59:1c:
                    60:8f:85:21:26:ba:7b:fc:2e:90:7d:62:ef:d2:a0:
                    d8:95:0e:8e:91:05:29:98:6e:0b:73:b3:ed:d7:76:
                    34:3a:e3:88:65:e3:45:42:43:1d:5b:72:26:06:d3:
                    f2:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C3:19:D8:F5:BD:3C:4C:28:68:4E:C1:1A:24:A3:D7:C1:43:49:BB:6C
            X509v3 Authority Key Identifier:
                keyid:F1:35:33:39:9F:55:EB:52:E6:B2:20:0C:7C:AE:42:72:B7:4D:64:64

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/wxnY9b08TChoTsEaJKPXwUNJu2w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.57.33.0/24
                  185.26.32.0/23

    Signature Algorithm: sha256WithRSAEncryption
         2a:bf:ed:26:ca:92:fb:75:9e:9d:03:c6:0d:6c:44:7b:6d:69:
         98:fe:95:62:4a:90:47:84:87:b4:d9:1a:bc:bb:1a:67:2d:7d:
         e2:96:be:49:d6:8e:3d:ea:f8:f6:6a:76:2d:ea:35:ad:14:91:
         9f:57:f0:60:fd:bb:fd:9f:1c:d5:5e:eb:77:78:4e:a0:13:30:
         38:94:f6:64:32:8e:59:c0:4f:ef:bd:fb:f7:6b:fe:bf:c1:0c:
         e7:d7:40:50:f1:31:17:68:fb:b8:31:df:18:d7:a0:3a:11:8a:
         b2:78:b5:4b:9d:d4:e0:2e:2c:88:4a:9b:87:e5:14:66:a8:da:
         3c:9f:b8:5b:0b:d6:51:53:2b:37:2c:0f:05:25:e5:f0:96:b2:
         2b:f3:c1:a6:fa:7b:0c:c0:b3:4e:a5:25:9e:0d:e7:0d:a8:a6:
         f6:f4:51:de:07:5d:9b:07:f0:15:01:6f:28:9d:54:aa:39:7a:
         f8:7e:a7:87:96:83:36:9f:4f:cd:36:54:f6:a4:d3:ab:08:eb:
         ef:34:76:14:65:c7:e6:f3:e2:65:33:24:34:32:b2:7b:a5:d4:
         10:4f:cc:bd:35:a3:c1:b5:e4:c5:07:44:6d:54:92:71:e2:6e:
         76:88:b5:10:fd:bd:e9:ff:34:02:1d:4d:e0:3c:18:0e:3e:f9:
         54:ee:eb:1c
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY0F9tzA0jchOXP/sKQRicXiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxMzUzMzM5OWY1NWViNTJlNmIyMjAwYzdjYWU0MjcyYjc0
ZDY0NjQwHhcNMjQwMTE0MDMxNDQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMzE5ZDhmNWJkM2M0YzI4Njg0ZWMxMWEyNGEzZDdjMTQzNDliYjZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk+pUK6QKLHlrqoXTkW66unJaI9CP
aKeVZ2x6Ads8mhNwEnZIRXqGwrXPBgAmNCZ7WP3aB6uIF45avl6i7jFOsR0i5TJR
bk/ROTLR8CepTKQOGcHIXtJ5WvWJcSyVCnQIyJ4PJMJqpqac3PcybMeMl/d65/f/
X+l25MJwgFVGtD8JJ/uMy3eHxzKuvEg/nGLtHdFATwqcAE6/z9zN17Juj8cW0vyf
/WWvlM3nSlgr4qjRtZIY1ZPxDEjq1cESbtMD0871JWeLFrqvFO8uTbOAWRxgj4Uh
Jrp7/C6QfWLv0qDYlQ6OkQUpmG4Lc7Pt13Y0OuOIZeNFQkMdW3ImBtPyVQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFMMZ2PW9PEwoaE7BGiSj18FDSbtsMB8GA1UdIwQY
MBaAFPE1MzmfVetS5rIgDHyuQnK3TWRkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOFRVek9aOVY2MUxtc2lBTWZLNUNjcmROWkdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi84NDRlZWItY2RmMS00N2YxLWJjZmEt
OTg5MTY2ODgxOTY5LzEvd3huWTliMDhUQ2hvVHNFYUpLUFh3VU5KdTJ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi84NDRlZWItY2RmMS00N2YxLWJjZmEtOTg5MTY2ODgxOTY5
LzEvOFRVek9aOVY2MUxtc2lBTWZLNUNjcmROWkdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQABTkhAwQB
uRogMA0GCSqGSIb3DQEBCwUAA4IBAQAqv+0mypL7dZ6dA8YNbER7bWmY/pViSpBH
hIe02Rq8uxpnLX3ilr5J1o496vj2anYt6jWtFJGfV/Bg/bv9nxzVXut3eE6gEzA4
lPZkMo5ZwE/vvfv3a/6/wQzn10BQ8TEXaPu4Md8Y16A6EYqyeLVLndTgLiyISpuH
5RRmqNo8n7hbC9ZRUys3LA8FJeXwlrIr88Gm+nsMwLNOpSWeDecNqKb29FHeB12b
B/AVAW8onVSqOXr4fqeHloM2n0/NNlT2pNOrCOvvNHYUZcfm8+JlMyQ0MrJ7pdQQ
T8y9NaPBteTFB0RtVJJx4m52iLUQ/b3p/zQCHU3gPBgOPvlU7usc
-----END CERTIFICATE-----