Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b2/6256b6-36a1-4f2f-a0b9-411f5837fefa/1/wIMaul9hBG7ig-nqFFlk3jjHLGw.roa
File:                     wIMaul9hBG7ig-nqFFlk3jjHLGw.roa (raw, json)
Hash identifier:          B2MZbuA78Bm24pJMwb+ebY71joVAztTJJsUNqM/HyGc=
Subject key identifier:   C0:83:1A:BA:5F:61:04:6E:E2:83:E9:EA:14:59:64:DE:38:C7:2C:6C
Certificate issuer:       /CN=a8e75802e7efb8653e3af59cbf1bc06538bca671
Certificate serial:       018CCA2BE7E98E575AE6FF4B00C70B0B4855
Authority key identifier: A8:E7:58:02:E7:EF:B8:65:3E:3A:F5:9C:BF:1B:C0:65:38:BC:A6:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qOdYAufvuGU-OvWcvxvAZTi8pnE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b2/6256b6-36a1-4f2f-a0b9-411f5837fefa/1/wIMaul9hBG7ig-nqFFlk3jjHLGw.roa
Signing time:             Tue 02 Jan 2024 12:35:24 +0000
ROA not before:           Tue 02 Jan 2024 12:35:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212866
IP address blocks:        185.111.252.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b2/6256b6-36a1-4f2f-a0b9-411f5837fefa/1/qOdYAufvuGU-OvWcvxvAZTi8pnE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b2/6256b6-36a1-4f2f-a0b9-411f5837fefa/1/qOdYAufvuGU-OvWcvxvAZTi8pnE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qOdYAufvuGU-OvWcvxvAZTi8pnE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:e7:e9:8e:57:5a:e6:ff:4b:00:c7:0b:0b:48:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a8e75802e7efb8653e3af59cbf1bc06538bca671
        Validity
            Not Before: Jan  2 12:35:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c0831aba5f61046ee283e9ea145964de38c72c6c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:0a:82:56:e6:a2:cc:7f:e5:da:4a:86:42:88:
                    30:43:9f:ce:de:e7:04:ab:4c:66:78:3e:6e:c4:2c:
                    af:b6:48:f6:13:2c:00:60:14:04:df:bb:d6:f2:f2:
                    9f:b5:d8:0f:cd:9e:e7:f7:9d:8a:b2:7e:47:b8:85:
                    a9:18:3e:95:25:18:8e:35:e7:a5:09:69:88:97:a6:
                    5a:ca:7a:97:01:fc:24:38:f7:7b:3a:56:f4:13:b2:
                    1b:f0:03:3b:cd:23:db:87:a7:0f:a6:48:d8:79:fd:
                    46:9d:72:9d:00:73:3d:37:6f:00:1f:c3:6c:35:b1:
                    e4:dc:31:ca:06:40:68:ab:7f:59:21:05:e8:a0:0a:
                    0d:f7:20:de:dd:2c:71:83:c8:25:4e:37:be:9b:09:
                    2a:c9:42:48:20:6e:48:aa:2f:0c:45:17:74:4b:14:
                    66:6e:66:bf:28:55:08:f7:ba:22:64:76:68:ee:d2:
                    9b:c4:6a:c9:18:4a:49:94:3e:0d:c4:5f:fe:1e:73:
                    58:cb:5d:92:5f:9d:d7:1e:40:fa:85:e3:f6:e6:3d:
                    80:28:d7:ef:d1:e3:01:5c:20:5e:00:4f:be:97:f8:
                    cd:d1:56:b0:d8:e9:04:2f:39:a0:61:c3:0e:19:70:
                    69:c1:2e:c6:15:09:5f:30:06:c7:ea:d3:00:db:99:
                    6b:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C0:83:1A:BA:5F:61:04:6E:E2:83:E9:EA:14:59:64:DE:38:C7:2C:6C
            X509v3 Authority Key Identifier:
                keyid:A8:E7:58:02:E7:EF:B8:65:3E:3A:F5:9C:BF:1B:C0:65:38:BC:A6:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qOdYAufvuGU-OvWcvxvAZTi8pnE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/6256b6-36a1-4f2f-a0b9-411f5837fefa/1/wIMaul9hBG7ig-nqFFlk3jjHLGw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/6256b6-36a1-4f2f-a0b9-411f5837fefa/1/qOdYAufvuGU-OvWcvxvAZTi8pnE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.111.252.0/22

    Signature Algorithm: sha256WithRSAEncryption
         8a:67:cf:0b:06:84:b5:d0:c1:67:71:cd:48:37:be:e5:78:48:
         cb:46:ff:a6:54:64:20:ea:f7:98:02:fa:14:93:5d:bd:ee:39:
         af:52:cb:14:a8:4b:fb:bf:ca:67:3e:78:34:07:f7:5f:72:90:
         bb:e3:09:0e:9b:fd:8e:07:14:60:b3:15:67:ca:3a:76:6e:76:
         a4:01:f8:96:c5:70:4c:35:fb:50:5a:3c:75:df:f2:00:09:5b:
         62:7d:b0:ee:7e:de:0a:66:22:e6:d0:d8:03:2a:4f:00:6a:24:
         81:2b:d2:2b:05:15:53:45:9a:96:bb:ff:d2:8e:c0:73:1a:04:
         d1:cc:b1:0d:12:9d:52:67:a4:49:75:c2:79:ff:1c:9e:0e:f5:
         67:b1:a1:00:db:79:28:89:94:46:04:38:fc:b1:69:43:a0:91:
         b2:d5:68:7a:de:19:e0:b5:a6:25:07:03:e5:80:a1:cd:0c:20:
         29:e6:88:a7:ed:9c:53:46:0b:cb:31:9e:9b:4b:fb:fe:de:fc:
         29:53:ee:21:38:d6:2d:fe:9e:c0:c8:7d:68:23:85:b0:70:98:
         de:17:3c:cb:4c:44:c5:5e:15:c1:c5:98:b7:16:dd:fc:01:d6:
         39:85:8c:82:ee:db:83:b7:a5:80:e5:38:eb:9e:67:68:31:a2:
         ee:90:99:4a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKK+fpjlda5v9LAMcLC0hVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE4ZTc1ODAyZTdlZmI4NjUzZTNhZjU5Y2JmMWJjMDY1Mzhi
Y2E2NzEwHhcNMjQwMTAyMTIzNTI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMDgzMWFiYTVmNjEwNDZlZTI4M2U5ZWExNDU5NjRkZTM4YzcyYzZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsgqCVuaizH/l2kqGQogwQ5/O3ucE
q0xmeD5uxCyvtkj2EywAYBQE37vW8vKftdgPzZ7n952Ksn5HuIWpGD6VJRiONeel
CWmIl6ZaynqXAfwkOPd7Olb0E7Ib8AM7zSPbh6cPpkjYef1GnXKdAHM9N28AH8Ns
NbHk3DHKBkBoq39ZIQXooAoN9yDe3Sxxg8glTje+mwkqyUJIIG5Iqi8MRRd0SxRm
bma/KFUI97oiZHZo7tKbxGrJGEpJlD4NxF/+HnNYy12SX53XHkD6heP25j2AKNfv
0eMBXCBeAE++l/jN0Vaw2OkELzmgYcMOGXBpwS7GFQlfMAbH6tMA25lrxQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMCDGrpfYQRu4oPp6hRZZN44xyxsMB8GA1UdIwQY
MBaAFKjnWALn77hlPjr1nL8bwGU4vKZxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcU9kWUF1ZnZ1R1UtT3ZXY3Z4dkFaVGk4cG5FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMi82MjU2YjYtMzZhMS00ZjJmLWEwYjkt
NDExZjU4MzdmZWZhLzEvd0lNYXVsOWhCRzdpZy1ucUZGbGszampITEd3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMi82MjU2YjYtMzZhMS00ZjJmLWEwYjktNDExZjU4MzdmZWZh
LzEvcU9kWUF1ZnZ1R1UtT3ZXY3Z4dkFaVGk4cG5FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuW/8MA0G
CSqGSIb3DQEBCwUAA4IBAQCKZ88LBoS10MFncc1IN77leEjLRv+mVGQg6veYAvoU
k1297jmvUssUqEv7v8pnPng0B/dfcpC74wkOm/2OBxRgsxVnyjp2bnakAfiWxXBM
NftQWjx13/IACVtifbDuft4KZiLm0NgDKk8AaiSBK9IrBRVTRZqWu//SjsBzGgTR
zLENEp1SZ6RJdcJ5/xyeDvVnsaEA23koiZRGBDj8sWlDoJGy1Wh63hngtaYlBwPl
gKHNDCAp5oin7ZxTRgvLMZ6bS/v+3vwpU+4hONYt/p7AyH1oI4WwcJjeFzzLTETF
XhXBxZi3Ft38AdY5hYyC7tuDt6WA5TjrnmdoMaLukJlK
-----END CERTIFICATE-----