Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a6/aa037c-32ce-4406-b0bc-89949fcc7afb/1/woGpwO2CoGl0NbymJgYJREYWz94.roa
File:                     woGpwO2CoGl0NbymJgYJREYWz94.roa (raw, json)
Hash identifier:          MQU34Fd2wYlYih6TW0DUj+Mq4I7yBnMn7zmYEOx4TN8=
Subject key identifier:   C2:81:A9:C0:ED:82:A0:69:74:35:BC:A6:26:06:09:44:46:16:CF:DE
Certificate issuer:       /CN=7832d060932d4785a10ca47de8002f65c1ef33ae
Certificate serial:       018CC42473D2583EB40099C88B17C6BAB677
Authority key identifier: 78:32:D0:60:93:2D:47:85:A1:0C:A4:7D:E8:00:2F:65:C1:EF:33:AE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eDLQYJMtR4WhDKR96AAvZcHvM64.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a6/aa037c-32ce-4406-b0bc-89949fcc7afb/1/woGpwO2CoGl0NbymJgYJREYWz94.roa
Signing time:             Mon 01 Jan 2024 08:29:32 +0000
ROA not before:           Mon 01 Jan 2024 08:29:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50107
IP address blocks:        45.66.24.0/22 maxlen: 22
                          45.66.25.0/24 maxlen: 24
                          2a09:6140::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a6/aa037c-32ce-4406-b0bc-89949fcc7afb/1/eDLQYJMtR4WhDKR96AAvZcHvM64.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a6/aa037c-32ce-4406-b0bc-89949fcc7afb/1/eDLQYJMtR4WhDKR96AAvZcHvM64.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eDLQYJMtR4WhDKR96AAvZcHvM64.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:73:d2:58:3e:b4:00:99:c8:8b:17:c6:ba:b6:77
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7832d060932d4785a10ca47de8002f65c1ef33ae
        Validity
            Not Before: Jan  1 08:29:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c281a9c0ed82a0697435bca6260609444616cfde
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:06:f1:9b:bd:6a:e0:f9:f8:c8:62:48:73:ea:
                    98:b1:ee:ad:8a:2a:c7:81:88:bc:7b:b0:4b:57:88:
                    8e:4b:6d:75:14:97:0d:aa:00:ad:3f:a3:63:25:d6:
                    e8:63:27:6d:3d:07:ea:82:df:ca:39:24:43:a6:32:
                    84:f4:c7:72:07:ca:e9:58:ad:0d:ac:a9:ac:a6:a8:
                    e9:bd:ca:f5:0a:55:90:7a:98:35:77:f2:fb:03:78:
                    88:07:4b:3f:8b:d0:e0:62:8b:04:45:8e:cb:ca:8a:
                    98:b3:2c:6a:84:a0:ef:ef:89:65:7e:ec:e8:e1:0e:
                    b9:fb:9e:9e:6f:0e:c0:d7:8e:b1:82:a0:9e:c8:e2:
                    cf:9f:64:19:cd:11:0e:24:95:ed:3b:9a:cf:69:f4:
                    95:08:ef:df:8f:5c:cc:9b:e9:05:58:00:06:fc:27:
                    7c:e7:57:53:e6:58:7f:3f:ed:b0:66:8a:cc:4a:22:
                    f5:5b:d5:33:d1:62:31:74:01:f8:d0:03:61:00:94:
                    1d:72:8a:d3:f6:5c:56:92:a6:8f:e2:95:d4:1b:cd:
                    fa:d5:70:96:26:99:ee:fa:ec:a6:a2:da:29:1b:a2:
                    93:1e:d5:5d:ff:44:27:ed:32:d6:9c:83:e3:d1:b2:
                    e5:75:af:7a:8d:ba:17:4e:e2:56:f3:d9:26:7b:49:
                    78:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C2:81:A9:C0:ED:82:A0:69:74:35:BC:A6:26:06:09:44:46:16:CF:DE
            X509v3 Authority Key Identifier:
                keyid:78:32:D0:60:93:2D:47:85:A1:0C:A4:7D:E8:00:2F:65:C1:EF:33:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eDLQYJMtR4WhDKR96AAvZcHvM64.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/aa037c-32ce-4406-b0bc-89949fcc7afb/1/woGpwO2CoGl0NbymJgYJREYWz94.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/aa037c-32ce-4406-b0bc-89949fcc7afb/1/eDLQYJMtR4WhDKR96AAvZcHvM64.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.66.24.0/22
                IPv6:
                  2a09:6140::/29

    Signature Algorithm: sha256WithRSAEncryption
         37:49:3b:70:c2:da:e9:73:1f:ca:ca:83:74:e9:6d:48:bf:d3:
         53:c3:57:5f:a1:0a:2a:8d:6d:c1:53:23:79:3c:47:b8:b7:27:
         24:e6:26:b7:71:a0:a1:20:e5:a9:34:23:55:84:ea:69:f7:d4:
         47:31:57:69:80:4e:a4:57:d5:43:7b:9d:9f:8c:57:07:5c:07:
         fc:ad:bb:f3:b5:8c:08:6e:4d:c6:94:b8:cb:93:e2:70:7c:06:
         17:82:4f:d8:c7:ed:45:e9:3e:1d:78:17:cc:aa:07:81:8a:b0:
         c0:33:15:ff:63:4b:31:70:74:02:6a:fe:11:9e:1b:e3:7e:8d:
         a2:10:25:53:b8:74:96:bc:fd:c0:5f:d1:aa:9e:df:97:4c:d7:
         74:cf:f6:0f:b6:a0:d5:15:21:0c:d5:b7:1d:c6:b2:6e:a2:15:
         00:db:7e:dd:6d:bb:bc:3b:bf:c9:47:e3:26:4a:8d:99:66:ce:
         30:48:99:77:2b:97:bf:25:03:71:ed:d2:d9:38:bd:ff:c9:62:
         fd:29:41:6e:d3:bf:74:cb:f6:08:76:5f:2b:03:95:93:bf:c4:
         7f:fb:c8:95:c1:a0:a9:d5:44:01:da:47:90:37:75:14:ca:88:
         32:bc:f6:9c:97:49:13:c5:aa:cb:42:60:1b:e6:f5:b7:d7:02:
         48:c5:75:fa
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzEJHPSWD60AJnIixfGurZ3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc4MzJkMDYwOTMyZDQ3ODVhMTBjYTQ3ZGU4MDAyZjY1YzFl
ZjMzYWUwHhcNMjQwMTAxMDgyOTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMjgxYTljMGVkODJhMDY5NzQzNWJjYTYyNjA2MDk0NDQ2MTZjZmRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5wbxm71q4Pn4yGJIc+qYse6tiirH
gYi8e7BLV4iOS211FJcNqgCtP6NjJdboYydtPQfqgt/KOSRDpjKE9MdyB8rpWK0N
rKmspqjpvcr1ClWQepg1d/L7A3iIB0s/i9DgYosERY7LyoqYsyxqhKDv74llfuzo
4Q65+56ebw7A146xgqCeyOLPn2QZzREOJJXtO5rPafSVCO/fj1zMm+kFWAAG/Cd8
51dT5lh/P+2wZorMSiL1W9Uz0WIxdAH40ANhAJQdcorT9lxWkqaP4pXUG8361XCW
Jpnu+uymotopG6KTHtVd/0Qn7TLWnIPj0bLlda96jboXTuJW89kme0l4OwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFMKBqcDtgqBpdDW8piYGCURGFs/eMB8GA1UdIwQY
MBaAFHgy0GCTLUeFoQykfegAL2XB7zOuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZURMUVlKTXRSNFdoREtSOTZBQXZaY0h2TTY0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNi9hYTAzN2MtMzJjZS00NDA2LWIwYmMt
ODk5NDlmY2M3YWZiLzEvd29HcHdPMkNvR2wwTmJ5bUpnWUpSRVlXejk0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNi9hYTAzN2MtMzJjZS00NDA2LWIwYmMtODk5NDlmY2M3YWZi
LzEvZURMUVlKTXRSNFdoREtSOTZBQXZaY0h2TTY0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCLUIYMA0E
AgACMAcDBQMqCWFAMA0GCSqGSIb3DQEBCwUAA4IBAQA3STtwwtrpcx/KyoN06W1I
v9NTw1dfoQoqjW3BUyN5PEe4tyck5ia3caChIOWpNCNVhOpp99RHMVdpgE6kV9VD
e52fjFcHXAf8rbvztYwIbk3GlLjLk+JwfAYXgk/Yx+1F6T4deBfMqgeBirDAMxX/
Y0sxcHQCav4Rnhvjfo2iECVTuHSWvP3AX9Gqnt+XTNd0z/YPtqDVFSEM1bcdxrJu
ohUA237dbbu8O7/JR+MmSo2ZZs4wSJl3K5e/JQNx7dLZOL3/yWL9KUFu0790y/YI
dl8rA5WTv8R/+8iVwaCp1UQB2keQN3UUyogyvPacl0kTxarLQmAb5vW31wJIxXX6
-----END CERTIFICATE-----