Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a6/82c6fb-0931-442c-abe5-aa898138994c/1/wGg0J5Z28xFGgoF0T-AWE9a8nD0.roa
File:                     wGg0J5Z28xFGgoF0T-AWE9a8nD0.roa (raw, json)
Hash identifier:          kGXsD5CJ+k4dwjP4TcCf3ci1gDFHD1TYaxVZBZkFLBQ=
Subject key identifier:   C0:68:34:27:96:76:F3:11:46:82:81:74:4F:E0:16:13:D6:BC:9C:3D
Certificate issuer:       /CN=3af9ea8bdc371b5a6604200c51717897d60c7d3d
Certificate serial:       0194274839C94A62089BD8CFE9EBFD5E572B
Authority key identifier: 3A:F9:EA:8B:DC:37:1B:5A:66:04:20:0C:51:71:78:97:D6:0C:7D:3D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ovnqi9w3G1pmBCAMUXF4l9YMfT0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a6/82c6fb-0931-442c-abe5-aa898138994c/1/wGg0J5Z28xFGgoF0T-AWE9a8nD0.roa
Signing time:             Thu 02 Jan 2025 13:50:32 +0000
ROA not before:           Thu 02 Jan 2025 13:50:32 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49451
IP address blocks:        185.1.177.0/24 maxlen: 24
                          2001:7f8:fa::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a6/82c6fb-0931-442c-abe5-aa898138994c/1/Ovnqi9w3G1pmBCAMUXF4l9YMfT0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a6/82c6fb-0931-442c-abe5-aa898138994c/1/Ovnqi9w3G1pmBCAMUXF4l9YMfT0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ovnqi9w3G1pmBCAMUXF4l9YMfT0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:48:39:c9:4a:62:08:9b:d8:cf:e9:eb:fd:5e:57:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3af9ea8bdc371b5a6604200c51717897d60c7d3d
        Validity
            Not Before: Jan  2 13:50:32 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c06834279676f311468281744fe01613d6bc9c3d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:94:2d:e5:1d:3c:27:c9:99:8a:9f:ad:03:68:
                    b1:ba:86:d3:47:72:4a:3d:ce:6a:ff:ce:48:53:72:
                    44:51:7a:3c:fa:f4:5f:77:cc:4b:ca:4d:9b:fa:1a:
                    66:d9:9b:8b:30:a4:90:d0:51:57:60:66:f4:53:5a:
                    35:52:de:3d:3c:d3:16:fb:ed:dd:49:fe:d6:3c:ee:
                    eb:23:d5:4c:10:ae:cf:8e:11:7d:91:70:be:98:e1:
                    05:2b:0b:85:30:57:81:9d:ca:ce:65:fd:39:a9:56:
                    0a:4d:22:00:1b:88:b2:8d:9e:98:71:75:22:f7:3f:
                    32:42:d6:ba:8e:24:47:10:8a:35:0b:6e:35:40:70:
                    ac:e8:4d:80:62:5f:fa:21:ef:4e:75:63:33:5e:08:
                    ce:6b:b2:5c:0d:68:53:30:2f:6e:66:51:a1:4a:1f:
                    95:2c:b2:05:61:01:ee:11:b6:98:20:61:fa:4e:90:
                    5d:1d:cb:05:fd:a5:6d:c5:9f:c7:d9:bf:03:03:09:
                    d7:e8:fa:67:49:c1:4c:86:8d:7a:f1:b4:0d:20:f1:
                    bb:50:6f:8e:8b:45:56:16:e7:6e:4f:ac:6e:25:1d:
                    f6:eb:7f:d1:a7:bc:62:e6:ae:e2:5e:ac:60:b4:d8:
                    e7:86:3f:b2:a5:0e:e6:5b:be:d5:c7:ea:e7:23:82:
                    d6:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C0:68:34:27:96:76:F3:11:46:82:81:74:4F:E0:16:13:D6:BC:9C:3D
            X509v3 Authority Key Identifier:
                keyid:3A:F9:EA:8B:DC:37:1B:5A:66:04:20:0C:51:71:78:97:D6:0C:7D:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ovnqi9w3G1pmBCAMUXF4l9YMfT0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/82c6fb-0931-442c-abe5-aa898138994c/1/wGg0J5Z28xFGgoF0T-AWE9a8nD0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/82c6fb-0931-442c-abe5-aa898138994c/1/Ovnqi9w3G1pmBCAMUXF4l9YMfT0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.1.177.0/24
                IPv6:
                  2001:7f8:fa::/48

    Signature Algorithm: sha256WithRSAEncryption
         ba:27:05:f8:67:4f:a4:ab:41:b0:be:81:c8:b6:c9:70:35:05:
         a9:58:e0:a0:38:ba:06:f5:90:c3:9c:03:97:c8:3a:73:9d:e9:
         74:17:f5:d0:a3:fd:75:a8:06:7a:0f:4f:c7:b5:3a:47:e1:79:
         c3:14:8a:12:36:84:e3:20:c3:e4:b5:75:44:97:be:0d:8a:ee:
         0b:50:c5:7e:db:7a:74:ef:35:a5:fa:06:27:db:43:b8:0b:94:
         8a:59:ca:ad:87:6e:4f:d5:65:2b:b6:36:84:16:3f:2b:d3:21:
         0f:4b:ad:7e:8f:07:08:4d:1d:01:b1:46:1f:33:5d:51:72:6e:
         02:ae:e6:c3:ec:b8:e5:80:6f:97:11:76:d0:f4:79:ed:6f:ed:
         95:21:55:45:49:cd:3d:42:19:77:ad:df:0c:3b:be:68:19:e7:
         43:fe:9a:3f:54:83:24:54:c0:25:32:90:e9:6f:90:da:bc:09:
         23:b7:eb:85:43:61:30:5c:7f:4b:ff:1c:29:85:7d:d9:09:f5:
         ed:7f:48:b9:5b:6e:f0:b7:8e:90:8b:20:cb:1f:28:68:8f:8c:
         cb:07:40:b8:bc:9e:00:0a:08:6c:e5:5c:14:7d:4e:50:db:af:
         44:91:07:79:1f:02:3c:88:71:80:5b:74:12:8d:77:e4:da:8a:
         f2:89:c4:bb
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZQnSDnJSmIIm9jP6ev9XlcrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhZjllYThiZGMzNzFiNWE2NjA0MjAwYzUxNzE3ODk3ZDYw
YzdkM2QwHhcNMjUwMTAyMTM1MDMyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMDY4MzQyNzk2NzZmMzExNDY4MjgxNzQ0ZmUwMTYxM2Q2YmM5YzNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuZQt5R08J8mZip+tA2ixuobTR3JK
Pc5q/85IU3JEUXo8+vRfd8xLyk2b+hpm2ZuLMKSQ0FFXYGb0U1o1Ut49PNMW++3d
Sf7WPO7rI9VMEK7PjhF9kXC+mOEFKwuFMFeBncrOZf05qVYKTSIAG4iyjZ6YcXUi
9z8yQta6jiRHEIo1C241QHCs6E2AYl/6Ie9OdWMzXgjOa7JcDWhTMC9uZlGhSh+V
LLIFYQHuEbaYIGH6TpBdHcsF/aVtxZ/H2b8DAwnX6PpnScFMho168bQNIPG7UG+O
i0VWFuduT6xuJR3263/Rp7xi5q7iXqxgtNjnhj+ypQ7mW77Vx+rnI4LWYQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFMBoNCeWdvMRRoKBdE/gFhPWvJw9MB8GA1UdIwQY
MBaAFDr56ovcNxtaZgQgDFFxeJfWDH09MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3ZucWk5dzNHMXBtQkNBTVVYRjRsOVlNZlQwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNi84MmM2ZmItMDkzMS00NDJjLWFiZTUt
YWE4OTgxMzg5OTRjLzEvd0dnMEo1WjI4eEZHZ29GMFQtQVdFOWE4bkQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNi84MmM2ZmItMDkzMS00NDJjLWFiZTUtYWE4OTgxMzg5OTRj
LzEvT3ZucWk5dzNHMXBtQkNBTVVYRjRsOVlNZlQwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAuQGxMA8E
AgACMAkDBwAgAQf4APowDQYJKoZIhvcNAQELBQADggEBALonBfhnT6SrQbC+gci2
yXA1BalY4KA4ugb1kMOcA5fIOnOd6XQX9dCj/XWoBnoPT8e1OkfhecMUihI2hOMg
w+S1dUSXvg2K7gtQxX7benTvNaX6BifbQ7gLlIpZyq2Hbk/VZSu2NoQWPyvTIQ9L
rX6PBwhNHQGxRh8zXVFybgKu5sPsuOWAb5cRdtD0ee1v7ZUhVUVJzT1CGXet3ww7
vmgZ50P+mj9UgyRUwCUykOlvkNq8CSO364VDYTBcf0v/HCmFfdkJ9e1/SLlbbvC3
jpCLIMsfKGiPjMsHQLi8ngAKCGzlXBR9TlDbr0SRB3kfAjyIcYBbdBKNd+TaivKJ
xLs=
-----END CERTIFICATE-----