Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/ac5a56-163a-497a-9547-e3799ade9dfe/1/wz4Rxi2T5RISNbtekZKZj5gg7co.roa
File:                     wz4Rxi2T5RISNbtekZKZj5gg7co.roa (raw, json)
Hash identifier:          ZkBZlEwEIE4xANMo9oJsaqTSQA+2tjjnLN93XVxIic4=
Subject key identifier:   C3:3E:11:C6:2D:93:E5:12:12:35:BB:5E:91:92:99:8F:98:20:ED:CA
Certificate issuer:       /CN=0c90c356e2864f43894857443555d8b5c0352819
Certificate serial:       0194228DE16286AF532538C2AD79DFD215C1
Authority key identifier: 0C:90:C3:56:E2:86:4F:43:89:48:57:44:35:55:D8:B5:C0:35:28:19
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DJDDVuKGT0OJSFdENVXYtcA1KBk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/ac5a56-163a-497a-9547-e3799ade9dfe/1/wz4Rxi2T5RISNbtekZKZj5gg7co.roa
Signing time:             Wed 01 Jan 2025 15:48:31 +0000
ROA not before:           Wed 01 Jan 2025 15:48:31 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     201639
IP address blocks:        185.86.192.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/ac5a56-163a-497a-9547-e3799ade9dfe/1/DJDDVuKGT0OJSFdENVXYtcA1KBk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/ac5a56-163a-497a-9547-e3799ade9dfe/1/DJDDVuKGT0OJSFdENVXYtcA1KBk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DJDDVuKGT0OJSFdENVXYtcA1KBk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 18:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:e1:62:86:af:53:25:38:c2:ad:79:df:d2:15:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0c90c356e2864f43894857443555d8b5c0352819
        Validity
            Not Before: Jan  1 15:48:31 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c33e11c62d93e5121235bb5e9192998f9820edca
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:81:ff:2b:20:0b:9b:0e:58:6d:bc:cd:6a:f2:
                    1d:bf:04:d8:6d:9e:1b:82:69:a0:3f:0c:1e:71:76:
                    ee:64:3a:a9:bb:6d:c8:a9:dd:08:77:d5:34:e3:57:
                    ea:56:12:56:df:1d:5c:e6:d0:1f:0d:e0:27:56:b4:
                    31:36:ef:63:95:b7:b0:22:76:0b:9d:d2:58:48:cb:
                    69:5c:c6:77:ab:c0:84:0d:eb:b6:23:a7:ef:d2:2a:
                    43:37:40:da:e3:b5:28:a7:ad:04:74:8c:af:a2:5b:
                    27:03:6b:0d:38:9d:ce:dd:34:57:a4:d1:51:75:76:
                    d5:2b:2c:81:b4:45:93:75:16:55:ab:5e:f3:d4:88:
                    f0:2b:5b:97:d4:d1:ba:da:63:f8:ed:61:43:29:04:
                    7c:22:7b:1c:53:d6:da:92:88:f5:4a:9b:48:83:72:
                    70:94:98:d1:72:59:6b:65:ef:03:b1:6f:7a:1c:3b:
                    a2:d6:b0:3b:c9:dc:1e:77:90:73:0a:b2:e8:64:bb:
                    df:57:79:fe:92:ab:5b:04:5f:75:d7:49:9a:51:ea:
                    71:dc:0d:38:45:4a:70:02:6a:f0:3e:e1:3f:c6:70:
                    2d:dd:1d:e8:7e:52:58:91:f5:d2:9a:4c:7f:69:d2:
                    48:4d:ea:71:04:3b:25:06:69:aa:73:ff:cd:08:de:
                    31:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C3:3E:11:C6:2D:93:E5:12:12:35:BB:5E:91:92:99:8F:98:20:ED:CA
            X509v3 Authority Key Identifier:
                keyid:0C:90:C3:56:E2:86:4F:43:89:48:57:44:35:55:D8:B5:C0:35:28:19

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DJDDVuKGT0OJSFdENVXYtcA1KBk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/ac5a56-163a-497a-9547-e3799ade9dfe/1/wz4Rxi2T5RISNbtekZKZj5gg7co.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/ac5a56-163a-497a-9547-e3799ade9dfe/1/DJDDVuKGT0OJSFdENVXYtcA1KBk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.86.192.0/24

    Signature Algorithm: sha256WithRSAEncryption
         66:60:0e:e6:28:2f:aa:fc:00:97:24:7b:fc:14:d2:21:79:18:
         4d:06:f0:ef:fd:67:6b:6a:57:b2:d1:5e:f2:47:2c:cd:61:30:
         29:5c:80:5e:30:53:2f:20:be:dc:da:31:f5:a9:68:3d:ac:4a:
         45:b3:b4:19:c9:b1:5e:1f:ab:ac:8f:60:a1:fa:c4:67:02:41:
         ae:67:e4:ab:df:28:61:10:64:12:d3:bc:7e:91:c3:3d:44:62:
         fb:e9:1d:da:34:b6:9d:17:ee:11:14:57:c8:c3:d3:a9:cf:62:
         33:27:a0:cf:a8:17:71:15:c0:c2:d7:af:e2:e9:db:18:7a:65:
         d7:3e:6b:01:58:89:df:af:03:b0:86:cf:70:53:81:46:a2:21:
         11:c9:e5:f7:2b:ef:ac:ed:56:77:24:4a:9a:a2:a8:f8:0b:b1:
         4b:46:58:68:a3:9c:22:e2:f6:db:97:ed:54:ad:7c:44:49:b0:
         9f:2c:fa:bf:1d:ba:5b:a3:5c:24:5e:12:de:e5:d8:62:24:59:
         21:e9:0a:e9:a0:42:3f:25:8c:3c:83:a5:27:de:bc:7a:f0:f8:
         eb:46:3e:28:d7:9f:45:ae:5c:78:af:df:28:99:da:62:03:38:
         47:e8:01:07:5c:b2:12:16:db:88:96:92:4e:da:96:e7:5f:73:
         f2:42:71:3a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQijeFihq9TJTjCrXnf0hXBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjOTBjMzU2ZTI4NjRmNDM4OTQ4NTc0NDM1NTVkOGI1YzAz
NTI4MTkwHhcNMjUwMTAxMTU0ODMxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMzNlMTFjNjJkOTNlNTEyMTIzNWJiNWU5MTkyOTk4Zjk4MjBlZGNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxoH/KyALmw5YbbzNavIdvwTYbZ4b
gmmgPwwecXbuZDqpu23Iqd0Id9U041fqVhJW3x1c5tAfDeAnVrQxNu9jlbewInYL
ndJYSMtpXMZ3q8CEDeu2I6fv0ipDN0Da47Uop60EdIyvolsnA2sNOJ3O3TRXpNFR
dXbVKyyBtEWTdRZVq17z1IjwK1uX1NG62mP47WFDKQR8InscU9bakoj1SptIg3Jw
lJjRcllrZe8DsW96HDui1rA7ydwed5BzCrLoZLvfV3n+kqtbBF9110maUepx3A04
RUpwAmrwPuE/xnAt3R3oflJYkfXSmkx/adJITepxBDslBmmqc//NCN4xXQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMM+EcYtk+USEjW7XpGSmY+YIO3KMB8GA1UdIwQY
MBaAFAyQw1bihk9DiUhXRDVV2LXANSgZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvREpERFZ1S0dUME9KU0ZkRU5WWFl0Y0ExS0JrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9hYzVhNTYtMTYzYS00OTdhLTk1NDct
ZTM3OTlhZGU5ZGZlLzEvd3o0UnhpMlQ1UklTTmJ0ZWtaS1pqNWdnN2NvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9hYzVhNTYtMTYzYS00OTdhLTk1NDctZTM3OTlhZGU5ZGZl
LzEvREpERFZ1S0dUME9KU0ZkRU5WWFl0Y0ExS0JrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuVbAMA0G
CSqGSIb3DQEBCwUAA4IBAQBmYA7mKC+q/ACXJHv8FNIheRhNBvDv/Wdraley0V7y
RyzNYTApXIBeMFMvIL7c2jH1qWg9rEpFs7QZybFeH6usj2Ch+sRnAkGuZ+Sr3yhh
EGQS07x+kcM9RGL76R3aNLadF+4RFFfIw9Opz2IzJ6DPqBdxFcDC16/i6dsYemXX
PmsBWInfrwOwhs9wU4FGoiERyeX3K++s7VZ3JEqaoqj4C7FLRlhoo5wi4vbbl+1U
rXxESbCfLPq/Hbpbo1wkXhLe5dhiJFkh6QrpoEI/JYw8g6Un3rx68PjrRj4o159F
rlx4r98omdpiAzhH6AEHXLISFtuIlpJO2pbnX3PyQnE6
-----END CERTIFICATE-----