Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/961939-ac8e-4d12-b12f-da5cb0fb19e7/1/WOzsO22-1I8cbckb7pi6OSEBKNo.roa
File:                     WOzsO22-1I8cbckb7pi6OSEBKNo.roa (raw, json)
Hash identifier:          lPF5GapQ+duXiznZbuEBVkeTx53YRUQd6NY25rSNC4I=
Subject key identifier:   58:EC:EC:3B:6D:BE:D4:8F:1C:6D:C9:1B:EE:98:BA:39:21:01:28:DA
Certificate issuer:       /CN=857f4c122e4f8c601f21c5c868716d46089d85e1
Certificate serial:       018CC3B684E5EDC49A959D32CAD04701258B
Authority key identifier: 85:7F:4C:12:2E:4F:8C:60:1F:21:C5:C8:68:71:6D:46:08:9D:85:E1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hX9MEi5PjGAfIcXIaHFtRgidheE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/961939-ac8e-4d12-b12f-da5cb0fb19e7/1/WOzsO22-1I8cbckb7pi6OSEBKNo.roa
Signing time:             Mon 01 Jan 2024 06:29:27 +0000
ROA not before:           Mon 01 Jan 2024 06:29:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50320
IP address blocks:        193.104.206.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ab/961939-ac8e-4d12-b12f-da5cb0fb19e7/1/hX9MEi5PjGAfIcXIaHFtRgidheE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ab/961939-ac8e-4d12-b12f-da5cb0fb19e7/1/hX9MEi5PjGAfIcXIaHFtRgidheE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hX9MEi5PjGAfIcXIaHFtRgidheE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:84:e5:ed:c4:9a:95:9d:32:ca:d0:47:01:25:8b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=857f4c122e4f8c601f21c5c868716d46089d85e1
        Validity
            Not Before: Jan  1 06:29:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=58ecec3b6dbed48f1c6dc91bee98ba39210128da
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:fc:82:0d:8f:1b:4f:b8:76:b3:a1:e6:83:63:
                    da:65:8a:1e:4e:c1:60:df:9b:bc:ba:bc:ab:05:1a:
                    cf:f3:ef:e6:06:ef:ea:a4:95:20:6d:37:02:ec:82:
                    22:f3:74:d8:4f:a2:86:45:86:0f:43:6e:cd:65:64:
                    2c:1c:97:97:5a:86:e3:e1:7d:a3:5b:b5:3c:7d:c5:
                    ed:ec:e9:a7:28:84:6a:d7:75:e5:d5:de:89:c2:61:
                    8a:05:6e:7f:16:62:94:a7:70:a8:32:dc:ae:b2:1f:
                    3c:0c:21:d4:b3:91:93:0c:e0:57:1d:54:46:1d:58:
                    ea:43:6c:f0:0e:bb:b8:ce:ba:18:f8:eb:a5:20:3d:
                    90:08:9f:64:e3:7e:62:8f:7e:e3:82:cb:2c:a8:ca:
                    2f:61:0e:e7:b1:5b:bc:8f:c5:21:dc:e9:a8:3a:72:
                    84:70:41:05:6d:d0:9f:8f:62:95:0b:f8:46:1a:01:
                    34:82:d4:25:82:73:95:8d:56:c8:7f:df:17:48:30:
                    12:02:22:01:77:90:a0:df:f4:39:a5:0c:4a:4a:31:
                    53:66:32:2c:29:64:ac:85:03:f4:99:8b:50:b8:71:
                    1c:5f:e0:b8:54:24:a1:bc:fe:b4:e3:96:78:f8:89:
                    54:94:4c:0a:93:21:9c:62:06:32:ac:7e:ae:8a:25:
                    bd:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:EC:EC:3B:6D:BE:D4:8F:1C:6D:C9:1B:EE:98:BA:39:21:01:28:DA
            X509v3 Authority Key Identifier:
                keyid:85:7F:4C:12:2E:4F:8C:60:1F:21:C5:C8:68:71:6D:46:08:9D:85:E1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hX9MEi5PjGAfIcXIaHFtRgidheE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/961939-ac8e-4d12-b12f-da5cb0fb19e7/1/WOzsO22-1I8cbckb7pi6OSEBKNo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/961939-ac8e-4d12-b12f-da5cb0fb19e7/1/hX9MEi5PjGAfIcXIaHFtRgidheE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.104.206.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4e:e9:9d:1b:c4:df:1f:4e:41:f9:cb:22:ee:9a:16:b2:7d:3c:
         e3:14:ac:02:5c:b6:21:aa:e9:3a:b4:1e:63:ba:b3:ee:e8:68:
         30:94:07:fd:00:8b:07:b8:ad:9c:df:ba:69:3e:12:f5:cf:17:
         dc:4b:59:62:6c:ba:0c:f9:ed:38:d7:9a:46:16:68:b6:e7:e4:
         d2:75:34:4a:21:14:e7:73:1c:6a:6d:d4:5d:93:08:bb:7b:77:
         ea:af:20:84:a1:7f:d6:4b:70:ed:da:87:84:7a:a7:fd:cd:96:
         85:c6:d4:1e:a6:6a:16:36:e3:16:74:be:68:be:b9:0c:4b:0e:
         29:f3:bc:15:8d:4c:84:f4:56:1f:b1:9f:70:93:6a:cf:4e:cd:
         2e:80:ab:2d:55:8b:db:4c:ff:d8:ca:2b:73:da:e5:2c:fa:bb:
         2f:20:76:3e:7e:e0:50:52:36:0b:b2:cc:a4:cb:16:45:74:f8:
         95:85:e2:58:b5:7a:31:1d:fc:8a:f2:de:01:bc:41:0e:39:ff:
         50:cb:33:69:c5:dc:65:3a:90:00:88:2b:38:c0:39:4c:88:a9:
         5b:bc:49:ca:04:cf:91:d6:e6:05:d2:ac:be:94:51:ec:8b:5a:
         46:a6:e5:22:26:d6:b2:f3:b5:52:80:80:c8:de:d1:48:73:3b:
         4f:c9:f8:e4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtoTl7cSalZ0yytBHASWLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg1N2Y0YzEyMmU0ZjhjNjAxZjIxYzVjODY4NzE2ZDQ2MDg5
ZDg1ZTEwHhcNMjQwMTAxMDYyOTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OGVjZWMzYjZkYmVkNDhmMWM2ZGM5MWJlZTk4YmEzOTIxMDEyOGRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz/yCDY8bT7h2s6Hmg2PaZYoeTsFg
35u8uryrBRrP8+/mBu/qpJUgbTcC7IIi83TYT6KGRYYPQ27NZWQsHJeXWobj4X2j
W7U8fcXt7OmnKIRq13Xl1d6JwmGKBW5/FmKUp3CoMtyush88DCHUs5GTDOBXHVRG
HVjqQ2zwDru4zroY+OulID2QCJ9k435ij37jgsssqMovYQ7nsVu8j8Uh3OmoOnKE
cEEFbdCfj2KVC/hGGgE0gtQlgnOVjVbIf98XSDASAiIBd5Cg3/Q5pQxKSjFTZjIs
KWSshQP0mYtQuHEcX+C4VCShvP6045Z4+IlUlEwKkyGcYgYyrH6uiiW9CQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFjs7DttvtSPHG3JG+6YujkhASjaMB8GA1UdIwQY
MBaAFIV/TBIuT4xgHyHFyGhxbUYInYXhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaFg5TUVpNVBqR0FmSWNYSWFIRnRSZ2lkaGVFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi85NjE5MzktYWM4ZS00ZDEyLWIxMmYt
ZGE1Y2IwZmIxOWU3LzEvV096c08yMi0xSThjYmNrYjdwaTZPU0VCS05vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi85NjE5MzktYWM4ZS00ZDEyLWIxMmYtZGE1Y2IwZmIxOWU3
LzEvaFg5TUVpNVBqR0FmSWNYSWFIRnRSZ2lkaGVFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwWjOMA0G
CSqGSIb3DQEBCwUAA4IBAQBO6Z0bxN8fTkH5yyLumhayfTzjFKwCXLYhquk6tB5j
urPu6GgwlAf9AIsHuK2c37ppPhL1zxfcS1libLoM+e0415pGFmi25+TSdTRKIRTn
cxxqbdRdkwi7e3fqryCEoX/WS3Dt2oeEeqf9zZaFxtQepmoWNuMWdL5ovrkMSw4p
87wVjUyE9FYfsZ9wk2rPTs0ugKstVYvbTP/Yyitz2uUs+rsvIHY+fuBQUjYLssyk
yxZFdPiVheJYtXoxHfyK8t4BvEEOOf9QyzNpxdxlOpAAiCs4wDlMiKlbvEnKBM+R
1uYF0qy+lFHsi1pGpuUiJtay87VSgIDI3tFIcztPyfjk
-----END CERTIFICATE-----