Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a2/c852b5-acc4-4d70-aeeb-24515a14c456/1/WbjFo-ltxvF-7ZrjyQy1FqeRLns.roa
File:                     WbjFo-ltxvF-7ZrjyQy1FqeRLns.roa (raw, json)
Hash identifier:          V+1LDHomAKK5fbX6O5ZL1HAUnZGkvTtj4L1E7oUU45k=
Subject key identifier:   59:B8:C5:A3:E9:6D:C6:F1:7E:ED:9A:E3:C9:0C:B5:16:A7:91:2E:7B
Certificate issuer:       /CN=dac633a14cac7c7a0922ffd980de5f278a3be267
Certificate serial:       01942143AE27B6664F26B8B3E8D4F8724255
Authority key identifier: DA:C6:33:A1:4C:AC:7C:7A:09:22:FF:D9:80:DE:5F:27:8A:3B:E2:67
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2sYzoUysfHoJIv_ZgN5fJ4o74mc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a2/c852b5-acc4-4d70-aeeb-24515a14c456/1/WbjFo-ltxvF-7ZrjyQy1FqeRLns.roa
Signing time:             Wed 01 Jan 2025 09:47:51 +0000
ROA not before:           Wed 01 Jan 2025 09:47:51 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16509
IP address blocks:        91.233.61.0/24 maxlen: 24
                          213.5.226.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a2/c852b5-acc4-4d70-aeeb-24515a14c456/1/2sYzoUysfHoJIv_ZgN5fJ4o74mc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a2/c852b5-acc4-4d70-aeeb-24515a14c456/1/2sYzoUysfHoJIv_ZgN5fJ4o74mc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2sYzoUysfHoJIv_ZgN5fJ4o74mc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 13 Mar 2025 07:43:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:43:ae:27:b6:66:4f:26:b8:b3:e8:d4:f8:72:42:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dac633a14cac7c7a0922ffd980de5f278a3be267
        Validity
            Not Before: Jan  1 09:47:51 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=59b8c5a3e96dc6f17eed9ae3c90cb516a7912e7b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:76:6d:9f:0b:d7:d6:5a:d4:d4:d4:61:9f:51:
                    91:8c:15:5f:42:82:ed:1d:fe:eb:d5:7e:1d:d3:6e:
                    f1:c1:82:06:6b:a8:ee:c2:34:65:80:98:8e:08:49:
                    9e:a8:a1:5e:53:b9:03:f6:14:97:b9:71:08:48:ce:
                    e6:d6:14:0b:a7:4a:11:0b:aa:b9:28:58:c4:fe:90:
                    33:19:4e:ee:12:5f:f2:6a:20:6c:1f:7e:83:40:67:
                    65:34:c3:e4:17:e1:9c:7d:9d:3c:d0:11:37:86:a1:
                    ca:81:9d:41:94:5b:8c:89:7e:f3:47:36:42:41:bc:
                    8a:3d:b0:33:22:d4:5a:38:55:4b:93:33:05:78:d8:
                    89:7a:b9:86:af:83:26:29:5c:63:1d:fc:e0:91:8e:
                    3c:eb:72:8e:ab:49:c1:7f:7e:ee:af:e2:38:e6:a7:
                    42:73:f9:3a:ac:b5:2c:f9:a8:59:c0:c1:fb:6b:f5:
                    99:a2:99:3b:a0:f4:f6:25:85:92:77:e0:6c:96:2e:
                    3b:59:a3:62:4b:72:48:38:de:cd:cb:a3:15:b2:b3:
                    e9:93:75:d1:6a:7f:ed:a7:5d:20:d6:e6:b3:db:0d:
                    c8:34:81:fb:76:db:aa:31:57:df:b0:8f:5a:01:8f:
                    5f:61:ba:2f:8c:31:76:af:bd:03:bb:4c:53:11:ea:
                    a8:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:B8:C5:A3:E9:6D:C6:F1:7E:ED:9A:E3:C9:0C:B5:16:A7:91:2E:7B
            X509v3 Authority Key Identifier:
                keyid:DA:C6:33:A1:4C:AC:7C:7A:09:22:FF:D9:80:DE:5F:27:8A:3B:E2:67

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2sYzoUysfHoJIv_ZgN5fJ4o74mc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/c852b5-acc4-4d70-aeeb-24515a14c456/1/WbjFo-ltxvF-7ZrjyQy1FqeRLns.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/c852b5-acc4-4d70-aeeb-24515a14c456/1/2sYzoUysfHoJIv_ZgN5fJ4o74mc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.233.61.0/24
                  213.5.226.0/24

    Signature Algorithm: sha256WithRSAEncryption
         16:7a:0d:d4:6a:08:2b:98:be:5c:6a:27:26:82:59:b4:6d:b8:
         5e:0c:25:8e:94:56:40:28:8f:f1:d5:c5:22:7b:4f:9b:40:d9:
         3b:4c:25:6a:15:a1:3b:fa:0b:24:a4:e5:32:72:43:c6:af:5f:
         24:db:d0:5e:4e:2c:5a:d0:2a:ec:3a:71:28:51:df:fa:cb:c6:
         9e:b5:e4:04:50:d9:51:8b:40:52:76:fc:f9:f7:63:d2:ab:3d:
         60:b0:64:f3:ab:db:20:46:3f:51:13:6c:54:53:e1:90:db:43:
         1e:09:4c:c9:f9:fe:52:ef:f8:c1:48:4f:4f:c3:c2:53:f0:ab:
         49:15:42:7e:19:fa:ab:8a:9c:ac:ba:1a:b0:a2:0f:b1:25:a7:
         b9:6a:e3:db:a4:e9:35:17:69:62:0a:8b:aa:b8:74:9b:e0:fb:
         d4:e1:19:cf:04:a8:31:ae:51:c3:be:e7:c0:2a:7e:8f:e8:b2:
         df:1b:37:62:9c:20:75:96:5c:e9:9b:7a:23:98:fa:7c:f8:40:
         3e:3b:ed:64:90:45:a5:6e:8b:04:03:cf:c2:35:7f:06:34:6d:
         4d:33:d9:8d:c0:1f:77:6a:07:d4:95:4e:72:03:1d:c4:41:14:
         56:5b:4a:04:8e:ae:ea:6b:99:c9:25:f0:00:e7:eb:28:65:ab:
         32:da:71:c3
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQhQ64ntmZPJriz6NT4ckJVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhYzYzM2ExNGNhYzdjN2EwOTIyZmZkOTgwZGU1ZjI3OGEz
YmUyNjcwHhcNMjUwMTAxMDk0NzUxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OWI4YzVhM2U5NmRjNmYxN2VlZDlhZTNjOTBjYjUxNmE3OTEyZTdiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqHZtnwvX1lrU1NRhn1GRjBVfQoLt
Hf7r1X4d027xwYIGa6juwjRlgJiOCEmeqKFeU7kD9hSXuXEISM7m1hQLp0oRC6q5
KFjE/pAzGU7uEl/yaiBsH36DQGdlNMPkF+GcfZ080BE3hqHKgZ1BlFuMiX7zRzZC
QbyKPbAzItRaOFVLkzMFeNiJermGr4MmKVxjHfzgkY4863KOq0nBf37ur+I45qdC
c/k6rLUs+ahZwMH7a/WZopk7oPT2JYWSd+Bsli47WaNiS3JION7Ny6MVsrPpk3XR
an/tp10g1uaz2w3INIH7dtuqMVffsI9aAY9fYbovjDF2r70Du0xTEeqoSwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFFm4xaPpbcbxfu2a48kMtRankS57MB8GA1UdIwQY
MBaAFNrGM6FMrHx6CSL/2YDeXyeKO+JnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMnNZem9VeXNmSG9KSXZfWmdONWZKNG83NG1jLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMi9jODUyYjUtYWNjNC00ZDcwLWFlZWIt
MjQ1MTVhMTRjNDU2LzEvV2JqRm8tbHR4dkYtN1pyanlReTFGcWVSTG5zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMi9jODUyYjUtYWNjNC00ZDcwLWFlZWItMjQ1MTVhMTRjNDU2
LzEvMnNZem9VeXNmSG9KSXZfWmdONWZKNG83NG1jLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAW+k9AwQA
1QXiMA0GCSqGSIb3DQEBCwUAA4IBAQAWeg3UaggrmL5caicmglm0bbheDCWOlFZA
KI/x1cUie0+bQNk7TCVqFaE7+gskpOUyckPGr18k29BeTixa0CrsOnEoUd/6y8ae
teQEUNlRi0BSdvz592PSqz1gsGTzq9sgRj9RE2xUU+GQ20MeCUzJ+f5S7/jBSE9P
w8JT8KtJFUJ+Gfqripysuhqwog+xJae5auPbpOk1F2liCouquHSb4PvU4RnPBKgx
rlHDvufAKn6P6LLfGzdinCB1llzpm3ojmPp8+EA+O+1kkEWlbosEA8/CNX8GNG1N
M9mNwB93agfUlU5yAx3EQRRWW0oEjq7qa5nJJfAA5+soZasy2nHD
-----END CERTIFICATE-----