Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c2/363586-9b80-457b-bdf0-6ca52e029cbe/1/wIY_dvatExTHxCY_kuzX-QET3Ok.roa
File:                     wIY_dvatExTHxCY_kuzX-QET3Ok.roa (raw, json)
Hash identifier:          kjV0Ojugy4LwLs+YAfKt1FqrpFMJ2uDqQ/zPE3W7Ris=
Subject key identifier:   C0:86:3F:76:F6:AD:13:14:C7:C4:26:3F:92:EC:D7:F9:01:13:DC:E9
Certificate issuer:       /CN=776405e0283743cf52180d5b13812dfba3ded7fc
Certificate serial:       019421B221B702D9D026EAA02C2259CB76FB
Authority key identifier: 77:64:05:E0:28:37:43:CF:52:18:0D:5B:13:81:2D:FB:A3:DE:D7:FC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/d2QF4Cg3Q89SGA1bE4Et-6Pe1_w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c2/363586-9b80-457b-bdf0-6ca52e029cbe/1/wIY_dvatExTHxCY_kuzX-QET3Ok.roa
Signing time:             Wed 01 Jan 2025 11:48:29 +0000
ROA not before:           Wed 01 Jan 2025 11:48:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     57127
IP address blocks:        146.247.24.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c2/363586-9b80-457b-bdf0-6ca52e029cbe/1/d2QF4Cg3Q89SGA1bE4Et-6Pe1_w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c2/363586-9b80-457b-bdf0-6ca52e029cbe/1/d2QF4Cg3Q89SGA1bE4Et-6Pe1_w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/d2QF4Cg3Q89SGA1bE4Et-6Pe1_w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 23:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b2:21:b7:02:d9:d0:26:ea:a0:2c:22:59:cb:76:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=776405e0283743cf52180d5b13812dfba3ded7fc
        Validity
            Not Before: Jan  1 11:48:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c0863f76f6ad1314c7c4263f92ecd7f90113dce9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:14:44:29:d3:22:a9:04:1b:d6:c9:c8:06:2b:
                    da:a9:d3:23:15:99:ca:64:4c:d0:0e:95:a7:27:e8:
                    2b:52:f3:24:2a:8a:47:df:1f:f0:84:5e:fa:c5:58:
                    5e:8e:df:80:d0:c2:e5:7a:9e:7a:ed:6e:b6:67:7b:
                    87:a7:50:fc:79:64:45:7b:57:c5:aa:c3:bc:9e:83:
                    17:a2:ed:62:5e:85:48:58:4f:86:52:bb:29:76:57:
                    6d:23:8b:5a:ce:70:18:03:58:d6:39:27:2d:74:b9:
                    1e:7c:51:c5:dd:cb:99:d4:8b:98:7e:70:c4:3a:52:
                    98:e2:40:45:7a:31:f2:96:c4:07:44:a9:7d:2c:b4:
                    d6:d6:47:c9:5f:a6:11:e7:4a:01:b9:c0:46:c3:5c:
                    15:d3:dd:8b:af:ce:2d:44:8b:36:b8:78:03:41:e7:
                    13:18:d2:60:17:a6:ff:d9:71:68:d5:23:df:62:15:
                    b8:a2:dd:a2:7c:2a:d8:4e:e6:67:b9:a0:34:0f:7d:
                    a3:b8:4a:ad:27:3c:7f:4f:70:4e:48:56:23:09:af:
                    29:5e:3a:52:7c:7b:fb:0e:2c:d2:3e:02:d9:50:04:
                    bf:59:15:3a:a9:16:9f:b1:fa:57:2f:6a:90:bc:dc:
                    3f:cc:94:c5:a4:01:df:70:89:2a:7b:04:f8:d6:78:
                    b4:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C0:86:3F:76:F6:AD:13:14:C7:C4:26:3F:92:EC:D7:F9:01:13:DC:E9
            X509v3 Authority Key Identifier:
                keyid:77:64:05:E0:28:37:43:CF:52:18:0D:5B:13:81:2D:FB:A3:DE:D7:FC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/d2QF4Cg3Q89SGA1bE4Et-6Pe1_w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/363586-9b80-457b-bdf0-6ca52e029cbe/1/wIY_dvatExTHxCY_kuzX-QET3Ok.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/363586-9b80-457b-bdf0-6ca52e029cbe/1/d2QF4Cg3Q89SGA1bE4Et-6Pe1_w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.247.24.0/22

    Signature Algorithm: sha256WithRSAEncryption
         51:c9:5f:30:ba:06:a3:aa:0b:e3:9d:2b:62:1c:30:5d:cc:9a:
         c1:9c:05:68:35:fe:a2:f2:5a:08:17:1d:51:7c:98:e9:5e:42:
         78:ff:66:91:ff:ee:25:74:c4:08:84:43:0d:25:c4:cf:58:74:
         86:89:c3:10:f8:d1:60:68:75:39:17:7e:53:54:d7:92:82:e4:
         61:5e:e1:db:68:e7:b9:91:ed:e5:c3:11:35:00:00:d6:f1:db:
         94:36:f8:1b:a8:f8:03:6a:7c:1f:7a:fe:6d:80:e2:63:59:c0:
         b3:34:19:a8:21:b8:aa:9e:61:96:ce:38:05:5b:d0:26:bc:2c:
         32:82:ad:ed:f0:61:a6:aa:90:52:88:35:be:7f:3c:0a:f6:96:
         61:94:cb:d9:de:4f:92:2f:65:9f:6c:67:4d:40:89:60:24:46:
         dd:e4:14:d9:21:1b:de:92:df:68:e0:17:3d:24:f9:74:b2:01:
         86:c8:81:04:e7:6b:7a:2c:c1:2b:63:73:cd:b8:28:fc:30:cb:
         da:bf:97:87:28:39:1a:76:5d:7d:af:be:ec:8b:c4:f3:27:b2:
         8a:6b:d4:51:82:45:16:2a:e1:5b:1e:22:55:c5:84:ee:ec:59:
         89:d6:3d:fe:82:66:51:66:49:c4:b0:7e:65:8d:a5:27:97:2b:
         6a:44:33:41
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhsiG3AtnQJuqgLCJZy3b7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc3NjQwNWUwMjgzNzQzY2Y1MjE4MGQ1YjEzODEyZGZiYTNk
ZWQ3ZmMwHhcNMjUwMTAxMTE0ODI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMDg2M2Y3NmY2YWQxMzE0YzdjNDI2M2Y5MmVjZDdmOTAxMTNkY2U5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmBREKdMiqQQb1snIBivaqdMjFZnK
ZEzQDpWnJ+grUvMkKopH3x/whF76xVhejt+A0MLlep567W62Z3uHp1D8eWRFe1fF
qsO8noMXou1iXoVIWE+GUrspdldtI4taznAYA1jWOSctdLkefFHF3cuZ1IuYfnDE
OlKY4kBFejHylsQHRKl9LLTW1kfJX6YR50oBucBGw1wV092Lr84tRIs2uHgDQecT
GNJgF6b/2XFo1SPfYhW4ot2ifCrYTuZnuaA0D32juEqtJzx/T3BOSFYjCa8pXjpS
fHv7DizSPgLZUAS/WRU6qRafsfpXL2qQvNw/zJTFpAHfcIkqewT41ni0nQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMCGP3b2rRMUx8QmP5Ls1/kBE9zpMB8GA1UdIwQY
MBaAFHdkBeAoN0PPUhgNWxOBLfuj3tf8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZDJRRjRDZzNRODlTR0ExYkU0RXQtNlBlMV93LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMi8zNjM1ODYtOWI4MC00NTdiLWJkZjAt
NmNhNTJlMDI5Y2JlLzEvd0lZX2R2YXRFeFRIeENZX2t1elgtUUVUM09rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMi8zNjM1ODYtOWI4MC00NTdiLWJkZjAtNmNhNTJlMDI5Y2Jl
LzEvZDJRRjRDZzNRODlTR0ExYkU0RXQtNlBlMV93LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCkvcYMA0G
CSqGSIb3DQEBCwUAA4IBAQBRyV8wugajqgvjnStiHDBdzJrBnAVoNf6i8loIFx1R
fJjpXkJ4/2aR/+4ldMQIhEMNJcTPWHSGicMQ+NFgaHU5F35TVNeSguRhXuHbaOe5
ke3lwxE1AADW8duUNvgbqPgDanwfev5tgOJjWcCzNBmoIbiqnmGWzjgFW9AmvCwy
gq3t8GGmqpBSiDW+fzwK9pZhlMvZ3k+SL2WfbGdNQIlgJEbd5BTZIRvekt9o4Bc9
JPl0sgGGyIEE52t6LMErY3PNuCj8MMvav5eHKDkadl19r77si8TzJ7KKa9RRgkUW
KuFbHiJVxYTu7FmJ1j3+gmZRZknEsH5ljaUnlytqRDNB
-----END CERTIFICATE-----