Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/f8ab48-05d0-4f9c-8b0f-98c875ae35c9/1/wJDRK32lB5LW0NYdA-0BMXDkTmQ.roa
File:                     wJDRK32lB5LW0NYdA-0BMXDkTmQ.roa (raw, json)
Hash identifier:          5KCUkLPS/IZxQSW1wdCDmiriNWaMq50KNrDeTbU9NZQ=
Subject key identifier:   C0:90:D1:2B:7D:A5:07:92:D6:D0:D6:1D:03:ED:01:31:70:E4:4E:64
Certificate issuer:       /CN=22423839f210721627641ae6b6cceacee8d9067b
Certificate serial:       018D5993DFDE4996A3BC8C699DC4B13511D8
Authority key identifier: 22:42:38:39:F2:10:72:16:27:64:1A:E6:B6:CC:EA:CE:E8:D9:06:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IkI4OfIQchYnZBrmtszqzujZBns.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/be/f8ab48-05d0-4f9c-8b0f-98c875ae35c9/1/wJDRK32lB5LW0NYdA-0BMXDkTmQ.roa
Signing time:             Tue 30 Jan 2024 08:54:39 +0000
ROA not before:           Tue 30 Jan 2024 08:54:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202179
IP address blocks:        185.50.180.0/22 maxlen: 24
                          2a01:a960::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/be/f8ab48-05d0-4f9c-8b0f-98c875ae35c9/1/IkI4OfIQchYnZBrmtszqzujZBns.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/be/f8ab48-05d0-4f9c-8b0f-98c875ae35c9/1/IkI4OfIQchYnZBrmtszqzujZBns.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IkI4OfIQchYnZBrmtszqzujZBns.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 04:53:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:59:93:df:de:49:96:a3:bc:8c:69:9d:c4:b1:35:11:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22423839f210721627641ae6b6cceacee8d9067b
        Validity
            Not Before: Jan 30 08:54:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c090d12b7da50792d6d0d61d03ed013170e44e64
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:d4:85:aa:bd:28:76:b7:9e:ae:43:89:b8:7b:
                    75:e6:2a:6e:f4:fe:a8:a8:9f:98:b0:ce:52:1e:1a:
                    f1:e6:5e:e9:3c:23:15:c1:d6:5a:38:03:10:4b:14:
                    e3:0e:96:c3:fd:62:0a:5d:4b:8c:8b:80:3f:33:c0:
                    22:83:96:0e:14:6c:10:3b:0c:60:ba:f3:87:48:66:
                    e1:d1:6c:1b:25:46:45:27:12:b2:41:df:d7:4f:83:
                    a7:47:e3:d7:52:67:9d:7e:d1:30:35:29:e4:ba:a6:
                    9c:df:d9:95:89:94:d0:61:e1:ea:3d:a9:5b:74:7b:
                    56:f2:a8:e0:a2:ab:8d:37:9e:f2:e4:7d:79:98:e5:
                    ef:c6:63:12:3b:2b:ca:a5:b0:b6:27:c4:d1:54:56:
                    9b:50:8c:51:9d:5f:36:0b:88:11:bb:92:92:a3:99:
                    b3:cc:d4:8c:9d:2c:45:3b:d4:37:35:2b:36:1b:aa:
                    3c:0f:d1:cb:dd:a1:25:f1:6f:d8:55:d8:78:f1:58:
                    f5:1c:13:5e:3c:59:11:ce:20:c5:3a:5e:eb:c5:8b:
                    6d:21:c7:8c:9e:f1:2d:c1:f1:54:b1:23:68:30:d1:
                    0f:cb:eb:f9:a6:86:88:05:1f:27:89:2e:55:78:31:
                    ed:b1:58:85:bf:0a:8e:69:c6:a3:6e:1d:4a:77:51:
                    d3:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C0:90:D1:2B:7D:A5:07:92:D6:D0:D6:1D:03:ED:01:31:70:E4:4E:64
            X509v3 Authority Key Identifier:
                keyid:22:42:38:39:F2:10:72:16:27:64:1A:E6:B6:CC:EA:CE:E8:D9:06:7B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IkI4OfIQchYnZBrmtszqzujZBns.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/f8ab48-05d0-4f9c-8b0f-98c875ae35c9/1/wJDRK32lB5LW0NYdA-0BMXDkTmQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/be/f8ab48-05d0-4f9c-8b0f-98c875ae35c9/1/IkI4OfIQchYnZBrmtszqzujZBns.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.50.180.0/22
                IPv6:
                  2a01:a960::/32

    Signature Algorithm: sha256WithRSAEncryption
         0f:81:8a:73:b4:25:fb:20:79:f1:4a:e4:0f:07:f9:8e:ef:d1:
         bc:4e:92:f1:37:4d:66:74:93:52:e4:14:90:25:ac:15:08:21:
         fa:9e:0c:f9:e0:7b:0f:bc:9e:2e:c4:94:3b:47:82:96:2e:9c:
         a4:19:51:57:8a:72:d1:03:77:d4:91:8b:cb:82:d0:cb:db:ac:
         4a:1c:09:e8:89:21:38:6c:41:3a:39:f4:5a:c5:e9:e4:13:63:
         c6:cb:12:69:29:14:6d:b4:08:57:ca:1d:c7:d7:d0:72:c2:61:
         4a:f1:86:8b:df:8f:3c:0e:12:44:d2:ee:9e:80:55:65:30:0a:
         f6:aa:33:81:72:c1:fa:d6:4f:1f:4f:bf:19:af:19:1a:de:18:
         5d:ca:b5:6f:73:db:86:24:84:e3:b4:59:31:16:4f:db:77:89:
         53:0d:4c:e8:e6:e4:3d:d1:b1:35:43:1f:96:98:ae:74:9a:b3:
         a8:9b:23:7c:64:bf:ea:d9:83:f9:35:31:33:52:24:bb:61:0e:
         b2:83:09:72:11:bf:ea:2b:61:6a:3e:2b:00:22:bf:9e:d9:11:
         bf:ac:14:12:36:f0:6e:d6:0a:ae:5c:d0:ea:29:cf:cb:c1:4c:
         b7:5e:ef:1f:06:bc:be:01:7c:6c:f6:81:0c:84:b3:b0:12:d0:
         9f:90:b7:68
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAY1Zk9/eSZajvIxpncSxNRHYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyNDIzODM5ZjIxMDcyMTYyNzY0MWFlNmI2Y2NlYWNlZThk
OTA2N2IwHhcNMjQwMTMwMDg1NDM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMDkwZDEyYjdkYTUwNzkyZDZkMGQ2MWQwM2VkMDEzMTcwZTQ0ZTY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk9SFqr0odreerkOJuHt15ipu9P6o
qJ+YsM5SHhrx5l7pPCMVwdZaOAMQSxTjDpbD/WIKXUuMi4A/M8Aig5YOFGwQOwxg
uvOHSGbh0WwbJUZFJxKyQd/XT4OnR+PXUmedftEwNSnkuqac39mViZTQYeHqPalb
dHtW8qjgoquNN57y5H15mOXvxmMSOyvKpbC2J8TRVFabUIxRnV82C4gRu5KSo5mz
zNSMnSxFO9Q3NSs2G6o8D9HL3aEl8W/YVdh48Vj1HBNePFkRziDFOl7rxYttIceM
nvEtwfFUsSNoMNEPy+v5poaIBR8niS5VeDHtsViFvwqOacajbh1Kd1HTmwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFMCQ0St9pQeS1tDWHQPtATFw5E5kMB8GA1UdIwQY
MBaAFCJCODnyEHIWJ2Qa5rbM6s7o2QZ7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSWtJNE9mSVFjaFluWkJybXRzenF6dWpaQm5zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS9mOGFiNDgtMDVkMC00ZjljLThiMGYt
OThjODc1YWUzNWM5LzEvd0pEUkszMmxCNUxXME5ZZEEtMEJNWERrVG1RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS9mOGFiNDgtMDVkMC00ZjljLThiMGYtOThjODc1YWUzNWM5
LzEvSWtJNE9mSVFjaFluWkJybXRzenF6dWpaQm5zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuTK0MA0E
AgACMAcDBQAqAalgMA0GCSqGSIb3DQEBCwUAA4IBAQAPgYpztCX7IHnxSuQPB/mO
79G8TpLxN01mdJNS5BSQJawVCCH6ngz54HsPvJ4uxJQ7R4KWLpykGVFXinLRA3fU
kYvLgtDL26xKHAnoiSE4bEE6OfRaxenkE2PGyxJpKRRttAhXyh3H19BywmFK8YaL
3488DhJE0u6egFVlMAr2qjOBcsH61k8fT78Zrxka3hhdyrVvc9uGJITjtFkxFk/b
d4lTDUzo5uQ90bE1Qx+WmK50mrOomyN8ZL/q2YP5NTEzUiS7YQ6ygwlyEb/qK2Fq
PisAIr+e2RG/rBQSNvBu1gquXNDqKc/LwUy3Xu8fBry+AXxs9oEMhLOwEtCfkLdo
-----END CERTIFICATE-----