Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a0/b60373-818e-40a9-9319-addf0e1849eb/1/WPiBhM-qmXw7kCLlIqNvgIf7Xww.roa
File:                     WPiBhM-qmXw7kCLlIqNvgIf7Xww.roa (raw, json)
Hash identifier:          zfrcLIK3f+w7enlTL1bhx8vNgA1/h9MJcl16s7QD9r0=
Subject key identifier:   58:F8:81:84:CF:AA:99:7C:3B:90:22:E5:22:A3:6F:80:87:FB:5F:0C
Certificate issuer:       /CN=a254a9f3a266513ddc6935d8be022e7e5230ea10
Certificate serial:       018CC94D872F7C2896AF06737B268D484870
Authority key identifier: A2:54:A9:F3:A2:66:51:3D:DC:69:35:D8:BE:02:2E:7E:52:30:EA:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/olSp86JmUT3caTXYvgIuflIw6hA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a0/b60373-818e-40a9-9319-addf0e1849eb/1/WPiBhM-qmXw7kCLlIqNvgIf7Xww.roa
Signing time:             Tue 02 Jan 2024 08:32:30 +0000
ROA not before:           Tue 02 Jan 2024 08:32:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42549
IP address blocks:        45.82.34.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a0/b60373-818e-40a9-9319-addf0e1849eb/1/olSp86JmUT3caTXYvgIuflIw6hA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a0/b60373-818e-40a9-9319-addf0e1849eb/1/olSp86JmUT3caTXYvgIuflIw6hA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/olSp86JmUT3caTXYvgIuflIw6hA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 01:00:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:87:2f:7c:28:96:af:06:73:7b:26:8d:48:48:70
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a254a9f3a266513ddc6935d8be022e7e5230ea10
        Validity
            Not Before: Jan  2 08:32:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=58f88184cfaa997c3b9022e522a36f8087fb5f0c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:23:7b:cd:42:dc:00:27:d6:d7:f6:76:36:84:
                    70:cc:5c:ae:ed:79:43:1c:7b:59:c9:e4:e3:84:9f:
                    a4:0d:4c:a9:31:c7:a9:86:2e:08:13:e1:e0:67:85:
                    8f:8e:cd:c5:3e:1e:69:ee:10:3d:b6:e1:c8:be:cd:
                    bc:35:f2:a8:2e:ca:f9:f9:27:dd:92:75:10:64:93:
                    f1:fa:30:50:32:01:ea:31:3e:a1:bb:ef:87:f0:2b:
                    b7:c7:5f:1f:54:a0:8c:b8:32:6b:2d:1f:dc:c0:3f:
                    63:8e:e3:01:ea:cc:49:41:3f:1a:fc:ee:74:a4:cf:
                    21:dd:3a:e3:63:d9:a0:ff:0c:eb:d7:22:fc:80:f6:
                    36:db:cc:7b:d3:63:71:66:a3:9b:d9:38:76:69:11:
                    94:58:65:c2:3d:b8:be:8f:4a:c5:1f:62:43:e7:15:
                    65:a0:50:a8:24:f0:50:58:d3:86:34:ca:65:8c:f0:
                    80:f6:c1:f4:e7:6f:3c:5c:e6:ec:ce:72:55:a7:8e:
                    f8:ba:6e:d5:49:ab:40:73:c7:fa:6e:84:01:c5:12:
                    53:01:31:a6:8e:b3:0c:eb:18:d2:d4:37:da:0a:71:
                    78:fa:6c:62:c5:10:ee:73:e4:e7:79:3e:9a:f1:39:
                    f3:a6:2b:ae:3b:2d:dd:17:69:63:78:f9:8e:1e:fc:
                    15:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:F8:81:84:CF:AA:99:7C:3B:90:22:E5:22:A3:6F:80:87:FB:5F:0C
            X509v3 Authority Key Identifier:
                keyid:A2:54:A9:F3:A2:66:51:3D:DC:69:35:D8:BE:02:2E:7E:52:30:EA:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/olSp86JmUT3caTXYvgIuflIw6hA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/b60373-818e-40a9-9319-addf0e1849eb/1/WPiBhM-qmXw7kCLlIqNvgIf7Xww.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/b60373-818e-40a9-9319-addf0e1849eb/1/olSp86JmUT3caTXYvgIuflIw6hA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.82.34.0/24

    Signature Algorithm: sha256WithRSAEncryption
         25:45:10:01:29:12:c7:cd:63:69:e4:58:a0:3f:f9:a4:cf:ae:
         70:d4:b0:19:59:d8:d1:7e:6b:4a:b6:d8:30:41:33:7a:6a:df:
         18:9d:75:74:fa:11:a9:f8:15:7f:1e:5b:ec:d4:1e:71:50:47:
         b2:57:3c:3c:35:83:61:94:c4:f6:cc:0a:b2:cb:0b:09:9f:54:
         c0:b0:7a:50:f7:82:0e:40:89:eb:42:d6:f1:92:d2:29:d8:a0:
         b6:8b:eb:05:2f:9d:bf:9e:49:6d:8e:92:c4:ff:02:1e:a6:0b:
         81:6a:c5:ea:30:4d:ce:22:93:a4:a0:7e:82:eb:d5:e6:51:27:
         52:53:f7:01:f3:63:84:a4:e1:75:70:38:af:b5:73:d5:1c:8b:
         e0:b1:c7:50:fe:a5:e0:7b:bb:35:08:d5:03:d0:24:ca:14:b7:
         6d:f6:22:1d:6c:1c:3a:6d:6a:d1:0c:98:84:00:8c:ad:48:bc:
         06:dd:ce:0e:49:a0:e1:4c:ac:ae:2b:f0:6e:40:55:b3:64:3c:
         e0:38:82:3b:28:b1:cf:53:a2:04:dd:da:a9:f2:8d:0a:6d:03:
         b8:72:d7:47:46:f1:9b:c9:61:0c:2a:17:0c:9c:ec:26:69:67:
         c6:31:8d:c0:03:08:fa:68:6d:db:95:72:a2:48:50:7a:9a:36:
         61:0a:ed:c4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTYcvfCiWrwZzeyaNSEhwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEyNTRhOWYzYTI2NjUxM2RkYzY5MzVkOGJlMDIyZTdlNTIz
MGVhMTAwHhcNMjQwMTAyMDgzMjMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OGY4ODE4NGNmYWE5OTdjM2I5MDIyZTUyMmEzNmY4MDg3ZmI1ZjBjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxSN7zULcACfW1/Z2NoRwzFyu7XlD
HHtZyeTjhJ+kDUypMcephi4IE+HgZ4WPjs3FPh5p7hA9tuHIvs28NfKoLsr5+Sfd
knUQZJPx+jBQMgHqMT6hu++H8Cu3x18fVKCMuDJrLR/cwD9jjuMB6sxJQT8a/O50
pM8h3TrjY9mg/wzr1yL8gPY228x702NxZqOb2Th2aRGUWGXCPbi+j0rFH2JD5xVl
oFCoJPBQWNOGNMpljPCA9sH05288XObsznJVp474um7VSatAc8f6boQBxRJTATGm
jrMM6xjS1DfaCnF4+mxixRDuc+TneT6a8TnzpiuuOy3dF2ljePmOHvwVmwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFj4gYTPqpl8O5Ai5SKjb4CH+18MMB8GA1UdIwQY
MBaAFKJUqfOiZlE93Gk12L4CLn5SMOoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb2xTcDg2Sm1VVDNjYVRYWXZnSXVmbEl3NmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMC9iNjAzNzMtODE4ZS00MGE5LTkzMTkt
YWRkZjBlMTg0OWViLzEvV1BpQmhNLXFtWHc3a0NMbElxTnZnSWY3WHd3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMC9iNjAzNzMtODE4ZS00MGE5LTkzMTktYWRkZjBlMTg0OWVi
LzEvb2xTcDg2Sm1VVDNjYVRYWXZnSXVmbEl3NmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALVIiMA0G
CSqGSIb3DQEBCwUAA4IBAQAlRRABKRLHzWNp5FigP/mkz65w1LAZWdjRfmtKttgw
QTN6at8YnXV0+hGp+BV/Hlvs1B5xUEeyVzw8NYNhlMT2zAqyywsJn1TAsHpQ94IO
QInrQtbxktIp2KC2i+sFL52/nkltjpLE/wIepguBasXqME3OIpOkoH6C69XmUSdS
U/cB82OEpOF1cDivtXPVHIvgscdQ/qXge7s1CNUD0CTKFLdt9iIdbBw6bWrRDJiE
AIytSLwG3c4OSaDhTKyuK/BuQFWzZDzgOII7KLHPU6IE3dqp8o0KbQO4ctdHRvGb
yWEMKhcMnOwmaWfGMY3AAwj6aG3blXKiSFB6mjZhCu3E
-----END CERTIFICATE-----