Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b6/63760c-e21b-4baf-a9a4-76b33e4ce821/1/wjn_g8Ud_phf8VtDr4NFD_T6V2E.roa
File:                     wjn_g8Ud_phf8VtDr4NFD_T6V2E.roa (raw, json)
Hash identifier:          b7py8XpSo/z3meAMsSMoNSuWPElstGPGRA7+z5qylZ8=
Subject key identifier:   C2:39:FF:83:C5:1D:FE:98:5F:F1:5B:43:AF:83:45:0F:F4:FA:57:61
Certificate issuer:       /CN=00775d9471b85d963fef6d283590e2d942dd5c21
Certificate serial:       01941FFA58E9D84928503A1750808E361517
Authority key identifier: 00:77:5D:94:71:B8:5D:96:3F:EF:6D:28:35:90:E2:D9:42:DD:5C:21
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AHddlHG4XZY_720oNZDi2ULdXCE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b6/63760c-e21b-4baf-a9a4-76b33e4ce821/1/wjn_g8Ud_phf8VtDr4NFD_T6V2E.roa
Signing time:             Wed 01 Jan 2025 03:48:07 +0000
ROA not before:           Wed 01 Jan 2025 03:48:07 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     204393
IP address blocks:        81.12.78.0/24 maxlen: 24
                          87.107.36.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b6/63760c-e21b-4baf-a9a4-76b33e4ce821/1/AHddlHG4XZY_720oNZDi2ULdXCE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b6/63760c-e21b-4baf-a9a4-76b33e4ce821/1/AHddlHG4XZY_720oNZDi2ULdXCE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/AHddlHG4XZY_720oNZDi2ULdXCE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 11:00:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:58:e9:d8:49:28:50:3a:17:50:80:8e:36:15:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=00775d9471b85d963fef6d283590e2d942dd5c21
        Validity
            Not Before: Jan  1 03:48:07 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c239ff83c51dfe985ff15b43af83450ff4fa5761
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:50:41:da:78:6d:b5:6f:16:82:73:10:93:c7:
                    79:a2:8c:ce:a7:4e:4f:9e:13:dd:bd:13:d1:59:41:
                    49:81:4d:78:32:76:8e:a0:98:6c:81:96:76:e3:b7:
                    d1:a2:0e:b5:51:3b:6d:dc:78:d9:0e:c7:ad:58:3b:
                    3a:c2:6a:8f:a2:4a:cd:97:bf:63:70:1d:e7:a5:36:
                    42:97:ad:2a:d5:92:86:61:2d:6f:fb:a5:c1:36:3c:
                    ab:94:1e:62:87:4a:e7:02:c5:b4:9f:73:16:c3:c1:
                    d0:9f:fa:a4:70:29:4d:97:5c:74:1c:6b:97:0a:a3:
                    25:06:30:92:b0:2f:fa:53:84:e1:b2:66:19:c2:cf:
                    f8:44:7b:8e:63:5a:b8:cf:2e:d7:b7:1c:3d:dc:52:
                    95:d7:4e:e8:fd:a6:9f:d6:c3:75:5b:f1:41:22:94:
                    c1:47:93:22:4a:3f:76:f6:fd:d2:df:c3:8d:3a:14:
                    66:80:d3:33:cf:4d:4f:9c:b9:c5:ad:ab:62:86:c1:
                    3c:4f:02:bf:0d:3e:14:15:a4:a4:87:79:62:f6:bd:
                    62:38:a5:fa:8e:ae:ea:b4:12:30:9d:62:3c:81:44:
                    7f:54:8a:1e:f5:cc:b5:da:e6:89:93:a5:e4:a2:93:
                    55:29:1b:77:c0:04:c7:eb:21:b7:ae:fc:76:b4:e1:
                    f3:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C2:39:FF:83:C5:1D:FE:98:5F:F1:5B:43:AF:83:45:0F:F4:FA:57:61
            X509v3 Authority Key Identifier:
                keyid:00:77:5D:94:71:B8:5D:96:3F:EF:6D:28:35:90:E2:D9:42:DD:5C:21

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AHddlHG4XZY_720oNZDi2ULdXCE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/63760c-e21b-4baf-a9a4-76b33e4ce821/1/wjn_g8Ud_phf8VtDr4NFD_T6V2E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/63760c-e21b-4baf-a9a4-76b33e4ce821/1/AHddlHG4XZY_720oNZDi2ULdXCE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.12.78.0/24
                  87.107.36.0/24

    Signature Algorithm: sha256WithRSAEncryption
         14:a3:5f:6e:58:81:87:e0:c4:de:9b:40:28:20:f3:40:a1:12:
         4b:bf:4e:ce:4b:e2:0f:e0:3e:76:9c:e4:a8:9a:dc:28:fc:b9:
         13:ce:9a:1f:04:9e:6c:d4:f3:79:c5:e3:89:b9:bc:30:8a:47:
         45:cd:c7:2e:fc:25:ea:7f:24:a8:f5:4c:f1:80:7d:3e:5e:d7:
         87:43:25:91:c8:d2:b3:5f:51:52:55:c2:c9:f0:02:9d:18:d7:
         28:62:0e:0b:60:9f:cf:ca:a2:14:f5:94:ba:9b:ef:32:eb:d0:
         1c:d0:bf:0f:3a:0d:4a:39:fb:19:a9:ab:4b:18:8e:3e:3d:8a:
         f1:12:eb:58:e7:47:91:67:ba:b3:69:31:c6:d2:d9:fd:18:da:
         4e:ee:e6:03:be:fa:27:d9:52:0f:b6:f6:03:88:a5:9f:fd:4e:
         25:2c:69:06:9f:74:32:23:34:29:25:ea:6d:27:57:22:8d:33:
         48:01:e6:42:23:4b:13:10:3a:57:22:87:24:9f:7d:0a:33:25:
         48:15:36:54:0e:6c:3f:11:af:9a:cd:de:96:d2:37:52:25:99:
         d1:c9:d3:17:eb:eb:8b:07:6e:d9:c1:44:db:e0:7c:40:43:f3:
         9c:32:41:d7:9f:a8:6d:63:1b:4e:fd:c2:a9:b8:83:55:4d:51:
         d9:63:6d:35
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQf+ljp2EkoUDoXUICONhUXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAwNzc1ZDk0NzFiODVkOTYzZmVmNmQyODM1OTBlMmQ5NDJk
ZDVjMjEwHhcNMjUwMTAxMDM0ODA3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMjM5ZmY4M2M1MWRmZTk4NWZmMTViNDNhZjgzNDUwZmY0ZmE1NzYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxVBB2nhttW8WgnMQk8d5oozOp05P
nhPdvRPRWUFJgU14MnaOoJhsgZZ247fRog61UTtt3HjZDsetWDs6wmqPokrNl79j
cB3npTZCl60q1ZKGYS1v+6XBNjyrlB5ih0rnAsW0n3MWw8HQn/qkcClNl1x0HGuX
CqMlBjCSsC/6U4ThsmYZws/4RHuOY1q4zy7Xtxw93FKV107o/aaf1sN1W/FBIpTB
R5MiSj929v3S38ONOhRmgNMzz01PnLnFratihsE8TwK/DT4UFaSkh3li9r1iOKX6
jq7qtBIwnWI8gUR/VIoe9cy12uaJk6XkopNVKRt3wATH6yG3rvx2tOHzZwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFMI5/4PFHf6YX/FbQ6+DRQ/0+ldhMB8GA1UdIwQY
MBaAFAB3XZRxuF2WP+9tKDWQ4tlC3VwhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQUhkZGxIRzRYWllfNzIwb05aRGkyVUxkWENFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNi82Mzc2MGMtZTIxYi00YmFmLWE5YTQt
NzZiMzNlNGNlODIxLzEvd2puX2c4VWRfcGhmOFZ0RHI0TkZEX1Q2VjJFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNi82Mzc2MGMtZTIxYi00YmFmLWE5YTQtNzZiMzNlNGNlODIx
LzEvQUhkZGxIRzRYWllfNzIwb05aRGkyVUxkWENFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAUQxOAwQA
V2skMA0GCSqGSIb3DQEBCwUAA4IBAQAUo19uWIGH4MTem0AoIPNAoRJLv07OS+IP
4D52nOSomtwo/LkTzpofBJ5s1PN5xeOJubwwikdFzccu/CXqfySo9UzxgH0+XteH
QyWRyNKzX1FSVcLJ8AKdGNcoYg4LYJ/PyqIU9ZS6m+8y69Ac0L8POg1KOfsZqatL
GI4+PYrxEutY50eRZ7qzaTHG0tn9GNpO7uYDvvon2VIPtvYDiKWf/U4lLGkGn3Qy
IzQpJeptJ1cijTNIAeZCI0sTEDpXIockn30KMyVIFTZUDmw/Ea+azd6W0jdSJZnR
ydMX6+uLB27ZwUTb4HxAQ/OcMkHXn6htYxtO/cKpuINVTVHZY201
-----END CERTIFICATE-----