Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/94/c94c65-ea02-405a-bba7-ca0474adf373/1/WLfD3f_wPcSu5gqD9860-DOJE9M.roa
File:                     WLfD3f_wPcSu5gqD9860-DOJE9M.roa (raw, json)
Hash identifier:          TxPuFOeC1aZvErBpm37eJjERV3eUo0+Dw/jP0MXbvn4=
Subject key identifier:   58:B7:C3:DD:FF:F0:3D:C4:AE:E6:0A:83:F7:CE:B4:F8:33:89:13:D3
Certificate issuer:       /CN=7826b604f6f8c03fe9df6c98e61f39eaed7555a5
Certificate serial:       018CE50D60A1BB3EF68848EE720F2948525D
Authority key identifier: 78:26:B6:04:F6:F8:C0:3F:E9:DF:6C:98:E6:1F:39:EA:ED:75:55:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eCa2BPb4wD_p32yY5h856u11VaU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/94/c94c65-ea02-405a-bba7-ca0474adf373/1/WLfD3f_wPcSu5gqD9860-DOJE9M.roa
Signing time:             Sun 07 Jan 2024 17:51:48 +0000
ROA not before:           Sun 07 Jan 2024 17:51:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     19905
IP address blocks:        185.89.98.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/94/c94c65-ea02-405a-bba7-ca0474adf373/1/eCa2BPb4wD_p32yY5h856u11VaU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/94/c94c65-ea02-405a-bba7-ca0474adf373/1/eCa2BPb4wD_p32yY5h856u11VaU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eCa2BPb4wD_p32yY5h856u11VaU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 15:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:e5:0d:60:a1:bb:3e:f6:88:48:ee:72:0f:29:48:52:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7826b604f6f8c03fe9df6c98e61f39eaed7555a5
        Validity
            Not Before: Jan  7 17:51:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=58b7c3ddfff03dc4aee60a83f7ceb4f8338913d3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:38:66:32:11:91:68:4a:9f:0a:70:d5:a4:34:
                    e1:3f:ab:a2:e5:73:9a:b3:f4:9b:c8:66:7f:63:70:
                    c8:65:6d:f1:9d:2a:40:12:81:d6:51:e6:2b:dd:b7:
                    83:5e:65:ff:33:25:4d:39:16:27:56:65:f7:40:b0:
                    b1:f9:49:b2:a0:26:74:a7:da:4c:9c:f2:3b:92:e9:
                    28:41:a1:56:2f:26:40:a0:e8:e8:0c:09:6c:61:93:
                    d6:3c:ae:c8:40:c8:31:30:8e:af:5d:48:c7:00:bc:
                    3f:ee:19:76:6c:52:38:e6:7f:b6:df:50:99:c1:28:
                    b3:e5:bc:a4:b2:ae:38:58:be:88:50:89:e5:61:78:
                    a3:10:0f:58:42:b3:eb:7a:08:b3:42:2f:bb:70:b2:
                    89:ac:ab:7f:09:94:d0:60:67:ee:8c:02:30:e1:be:
                    d5:15:82:bb:aa:a5:15:f9:36:86:a6:04:a8:5a:b6:
                    01:0e:f8:32:7a:86:8c:6d:41:e6:d8:de:ba:48:0e:
                    19:d7:b1:25:06:cd:ce:bb:1e:ba:d9:1f:27:6c:fc:
                    2a:c8:bd:b4:df:61:73:50:20:59:8e:51:f8:ea:72:
                    01:c5:3e:e2:f5:4c:e4:ad:4e:2b:c3:cf:ad:23:a2:
                    2c:1c:70:e5:0c:b4:9e:0a:75:70:a2:d4:47:1c:4a:
                    f1:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:B7:C3:DD:FF:F0:3D:C4:AE:E6:0A:83:F7:CE:B4:F8:33:89:13:D3
            X509v3 Authority Key Identifier:
                keyid:78:26:B6:04:F6:F8:C0:3F:E9:DF:6C:98:E6:1F:39:EA:ED:75:55:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eCa2BPb4wD_p32yY5h856u11VaU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/94/c94c65-ea02-405a-bba7-ca0474adf373/1/WLfD3f_wPcSu5gqD9860-DOJE9M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/94/c94c65-ea02-405a-bba7-ca0474adf373/1/eCa2BPb4wD_p32yY5h856u11VaU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.89.98.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a0:7b:54:46:37:7b:aa:3d:98:7b:c3:4a:9e:1d:a0:25:7a:bc:
         19:59:ca:b4:29:d9:b3:ad:40:28:d1:b1:54:03:ea:e2:51:99:
         48:9f:a7:e4:ea:07:54:2e:16:bd:ae:f5:7c:3a:e3:03:fb:2d:
         5b:b2:69:f8:2d:e3:d9:0c:8b:a1:b2:e1:97:d5:0c:b7:15:99:
         07:bd:9d:60:06:4e:e5:b9:4d:12:ab:38:a1:26:6c:87:ad:c5:
         68:d8:a0:29:30:93:57:a2:cf:fc:78:23:88:0f:db:0f:8d:5c:
         37:db:73:96:e5:54:a3:b2:19:80:72:ee:22:ff:00:65:a5:6b:
         81:5e:c0:82:57:4b:06:ae:f4:b4:a4:8b:68:46:60:a5:fe:87:
         52:f3:42:36:c9:44:be:ae:22:34:b4:c4:ef:cb:5e:6e:14:be:
         89:57:91:20:3d:b0:d0:99:7c:1c:0a:39:9b:55:c5:e6:a0:f8:
         de:c2:db:ce:dc:4e:92:68:aa:93:c7:76:2e:e4:f0:1c:d4:8f:
         1c:20:dd:3c:e5:35:fb:47:13:98:3a:f9:a3:b8:67:bd:a2:e4:
         08:f0:d8:85:4f:76:bc:f2:f1:b0:39:92:dd:b3:8a:68:3b:d5:
         0b:cc:1e:32:55:0e:b7:4d:5f:b3:8f:49:28:f4:20:fc:c9:62:
         58:d9:ce:c0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzlDWChuz72iEjucg8pSFJdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc4MjZiNjA0ZjZmOGMwM2ZlOWRmNmM5OGU2MWYzOWVhZWQ3
NTU1YTUwHhcNMjQwMTA3MTc1MTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OGI3YzNkZGZmZjAzZGM0YWVlNjBhODNmN2NlYjRmODMzODkxM2QzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqDhmMhGRaEqfCnDVpDThP6ui5XOa
s/SbyGZ/Y3DIZW3xnSpAEoHWUeYr3beDXmX/MyVNORYnVmX3QLCx+UmyoCZ0p9pM
nPI7kukoQaFWLyZAoOjoDAlsYZPWPK7IQMgxMI6vXUjHALw/7hl2bFI45n+231CZ
wSiz5byksq44WL6IUInlYXijEA9YQrPregizQi+7cLKJrKt/CZTQYGfujAIw4b7V
FYK7qqUV+TaGpgSoWrYBDvgyeoaMbUHm2N66SA4Z17ElBs3Oux662R8nbPwqyL20
32FzUCBZjlH46nIBxT7i9UzkrU4rw8+tI6IsHHDlDLSeCnVwotRHHErxhwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFi3w93/8D3EruYKg/fOtPgziRPTMB8GA1UdIwQY
MBaAFHgmtgT2+MA/6d9smOYfOertdVWlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZUNhMkJQYjR3RF9wMzJ5WTVoODU2dTExVmFVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85NC9jOTRjNjUtZWEwMi00MDVhLWJiYTct
Y2EwNDc0YWRmMzczLzEvV0xmRDNmX3dQY1N1NWdxRDk4NjAtRE9KRTlNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85NC9jOTRjNjUtZWEwMi00MDVhLWJiYTctY2EwNDc0YWRmMzcz
LzEvZUNhMkJQYjR3RF9wMzJ5WTVoODU2dTExVmFVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuVliMA0G
CSqGSIb3DQEBCwUAA4IBAQCge1RGN3uqPZh7w0qeHaAlerwZWcq0KdmzrUAo0bFU
A+riUZlIn6fk6gdULha9rvV8OuMD+y1bsmn4LePZDIuhsuGX1Qy3FZkHvZ1gBk7l
uU0SqzihJmyHrcVo2KApMJNXos/8eCOID9sPjVw323OW5VSjshmAcu4i/wBlpWuB
XsCCV0sGrvS0pItoRmCl/odS80I2yUS+riI0tMTvy15uFL6JV5EgPbDQmXwcCjmb
VcXmoPjewtvO3E6SaKqTx3Yu5PAc1I8cIN085TX7RxOYOvmjuGe9ouQI8NiFT3a8
8vGwOZLds4poO9ULzB4yVQ63TV+zj0ko9CD8yWJY2c7A
-----END CERTIFICATE-----