Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e5/4690c0-0b91-4322-94b9-706782cfa03b/1/WWsWrGhHJPhxsXXJtUhA3vzECwE.roa
File:                     WWsWrGhHJPhxsXXJtUhA3vzECwE.roa (raw, json)
Hash identifier:          LLPjYgAmQluoQLBe3s0wxjIyXNJ82uAq8ra1WEAoLDQ=
Subject key identifier:   59:6B:16:AC:68:47:24:F8:71:B1:75:C9:B5:48:40:DE:FC:C4:0B:01
Certificate issuer:       /CN=2330e26060913c758137488bfd7ab1bfe9e10ae2
Certificate serial:       0194228E010406A5324872AF5817E7FB27F3
Authority key identifier: 23:30:E2:60:60:91:3C:75:81:37:48:8B:FD:7A:B1:BF:E9:E1:0A:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IzDiYGCRPHWBN0iL_Xqxv-nhCuI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e5/4690c0-0b91-4322-94b9-706782cfa03b/1/WWsWrGhHJPhxsXXJtUhA3vzECwE.roa
Signing time:             Wed 01 Jan 2025 15:48:39 +0000
ROA not before:           Wed 01 Jan 2025 15:48:39 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     31027
IP address blocks:        185.203.233.0/24 maxlen: 24
                          185.203.234.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e5/4690c0-0b91-4322-94b9-706782cfa03b/1/IzDiYGCRPHWBN0iL_Xqxv-nhCuI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e5/4690c0-0b91-4322-94b9-706782cfa03b/1/IzDiYGCRPHWBN0iL_Xqxv-nhCuI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IzDiYGCRPHWBN0iL_Xqxv-nhCuI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 13:43:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8e:01:04:06:a5:32:48:72:af:58:17:e7:fb:27:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2330e26060913c758137488bfd7ab1bfe9e10ae2
        Validity
            Not Before: Jan  1 15:48:39 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=596b16ac684724f871b175c9b54840defcc40b01
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:18:75:c5:b4:bb:80:d2:2c:b9:a5:55:35:c6:
                    aa:e9:fe:b0:99:bf:b8:77:50:72:25:e2:bb:24:a7:
                    fd:d2:c4:52:01:12:67:72:6d:5c:8f:bb:f5:6e:49:
                    18:e1:90:dd:0b:d4:b9:0b:e4:01:f5:a6:30:04:e6:
                    64:e6:f9:ef:a2:ce:23:43:f8:88:fd:1e:88:97:57:
                    8c:11:d5:c8:3d:a1:96:27:63:a9:1b:eb:38:ca:4c:
                    72:33:dd:00:2e:58:a2:e9:71:64:c4:8c:5c:47:9b:
                    a9:57:b0:66:ff:01:e9:0f:59:26:a1:5b:d1:24:16:
                    f5:1b:fb:3d:2c:a1:40:37:29:58:0b:c0:27:65:4d:
                    2e:eb:ec:2c:39:7f:34:62:bf:40:07:70:cd:a9:d8:
                    17:a3:16:1a:8c:d8:7f:25:10:03:fa:e8:6f:c6:1e:
                    9d:07:d4:23:50:91:c4:9b:fd:cd:d2:40:c4:73:ba:
                    ab:dd:4a:3a:e8:8c:3a:89:2f:df:7a:30:4d:a5:94:
                    ec:a0:0c:ce:7e:44:17:49:52:dd:52:c5:20:fe:70:
                    81:c4:aa:10:ff:cb:97:d8:bd:28:33:9a:9f:af:0f:
                    1c:96:b2:48:04:11:97:64:e6:5b:56:23:cb:77:12:
                    1b:41:53:1d:fb:68:4b:7c:05:86:b9:db:80:7e:d1:
                    f7:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:6B:16:AC:68:47:24:F8:71:B1:75:C9:B5:48:40:DE:FC:C4:0B:01
            X509v3 Authority Key Identifier:
                keyid:23:30:E2:60:60:91:3C:75:81:37:48:8B:FD:7A:B1:BF:E9:E1:0A:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IzDiYGCRPHWBN0iL_Xqxv-nhCuI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/4690c0-0b91-4322-94b9-706782cfa03b/1/WWsWrGhHJPhxsXXJtUhA3vzECwE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/4690c0-0b91-4322-94b9-706782cfa03b/1/IzDiYGCRPHWBN0iL_Xqxv-nhCuI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.203.233.0-185.203.234.255

    Signature Algorithm: sha256WithRSAEncryption
         5b:ce:23:08:92:27:6e:06:99:1e:18:db:1c:96:2f:19:af:c7:
         fc:44:a0:7b:83:ba:1f:7c:9e:a5:c0:09:38:93:0b:74:66:01:
         81:49:29:f0:b4:26:c1:2b:1b:ca:01:ac:a4:90:2e:16:cb:44:
         f6:a9:05:d3:e1:e8:94:ee:07:02:4b:79:c7:0a:82:c9:64:5d:
         a7:87:4b:a2:7c:65:bb:b7:8c:91:1e:55:9d:a9:a3:67:4f:1f:
         09:bf:57:65:46:e0:d9:93:16:1f:8f:32:22:61:c9:4f:24:3c:
         2d:c6:df:e7:8d:5e:dc:5e:ea:d1:ca:ea:a5:8c:ab:d5:77:be:
         34:8d:6a:db:45:89:39:52:a0:56:aa:2e:08:97:82:60:f1:21:
         eb:f3:ce:8f:de:de:7c:de:cd:74:b3:e9:d7:0e:62:74:8c:c9:
         0c:82:0d:20:f1:ab:83:48:eb:a3:90:c5:d7:3a:25:ad:aa:14:
         5e:cc:e2:6b:32:97:a1:f5:95:d0:18:1f:a9:da:4a:30:33:b7:
         75:41:ff:d0:f3:2e:92:39:35:7d:4b:07:d8:05:73:8d:75:cc:
         01:b6:88:97:de:ce:3a:3a:32:8c:3a:28:63:b5:40:21:7d:0a:
         cc:6b:dc:d0:33:16:b4:65:99:26:d8:e0:5d:95:49:60:7b:40:
         6d:9b:f0:ce
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZQijgEEBqUySHKvWBfn+yfzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIzMzBlMjYwNjA5MTNjNzU4MTM3NDg4YmZkN2FiMWJmZTll
MTBhZTIwHhcNMjUwMTAxMTU0ODM5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OTZiMTZhYzY4NDcyNGY4NzFiMTc1YzliNTQ4NDBkZWZjYzQwYjAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0Rh1xbS7gNIsuaVVNcaq6f6wmb+4
d1ByJeK7JKf90sRSARJncm1cj7v1bkkY4ZDdC9S5C+QB9aYwBOZk5vnvos4jQ/iI
/R6Il1eMEdXIPaGWJ2OpG+s4ykxyM90ALlii6XFkxIxcR5upV7Bm/wHpD1kmoVvR
JBb1G/s9LKFANylYC8AnZU0u6+wsOX80Yr9AB3DNqdgXoxYajNh/JRAD+uhvxh6d
B9QjUJHEm/3N0kDEc7qr3Uo66Iw6iS/fejBNpZTsoAzOfkQXSVLdUsUg/nCBxKoQ
/8uX2L0oM5qfrw8clrJIBBGXZOZbViPLdxIbQVMd+2hLfAWGuduAftH3SwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFFlrFqxoRyT4cbF1ybVIQN78xAsBMB8GA1UdIwQY
MBaAFCMw4mBgkTx1gTdIi/16sb/p4QriMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXpEaVlHQ1JQSFdCTjBpTF9YcXh2LW5oQ3VJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNS80NjkwYzAtMGI5MS00MzIyLTk0Yjkt
NzA2NzgyY2ZhMDNiLzEvV1dzV3JHaEhKUGh4c1hYSnRVaEEzdnpFQ3dFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNS80NjkwYzAtMGI5MS00MzIyLTk0YjktNzA2NzgyY2ZhMDNi
LzEvSXpEaVlHQ1JQSFdCTjBpTF9YcXh2LW5oQ3VJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAC5y+kD
BAC5y+owDQYJKoZIhvcNAQELBQADggEBAFvOIwiSJ24GmR4Y2xyWLxmvx/xEoHuD
uh98nqXACTiTC3RmAYFJKfC0JsErG8oBrKSQLhbLRPapBdPh6JTuBwJLeccKgslk
XaeHS6J8Zbu3jJEeVZ2po2dPHwm/V2VG4NmTFh+PMiJhyU8kPC3G3+eNXtxe6tHK
6qWMq9V3vjSNattFiTlSoFaqLgiXgmDxIevzzo/e3nzezXSz6dcOYnSMyQyCDSDx
q4NI66OQxdc6Ja2qFF7M4msyl6H1ldAYH6naSjAzt3VB/9DzLpI5NX1LB9gFc411
zAG2iJfezjo6Mow6KGO1QCF9Csxr3NAzFrRlmSbY4F2VSWB7QG2b8M4=
-----END CERTIFICATE-----