Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e7/262f40-48c7-43c6-9d83-1548ac1356be/1/w_0HE8pbhu_WRm9oVLX4HeTT3BM.roa
File:                     w_0HE8pbhu_WRm9oVLX4HeTT3BM.roa (raw, json)
Hash identifier:          hTcihDITcw/V7jlf+/tHVIitSDsgGIxGrqls4vcYAv4=
Subject key identifier:   C3:FD:07:13:CA:5B:86:EF:D6:46:6F:68:54:B5:F8:1D:E4:D3:DC:13
Certificate issuer:       /CN=b43aa2adbe9d404137339f20fd58623c8a39f130
Certificate serial:       018D788592D866A76086122D83458501F1C5
Authority key identifier: B4:3A:A2:AD:BE:9D:40:41:37:33:9F:20:FD:58:62:3C:8A:39:F1:30
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tDqirb6dQEE3M58g_VhiPIo58TA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e7/262f40-48c7-43c6-9d83-1548ac1356be/1/w_0HE8pbhu_WRm9oVLX4HeTT3BM.roa
Signing time:             Mon 05 Feb 2024 09:07:16 +0000
ROA not before:           Mon 05 Feb 2024 09:07:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49651
IP address blocks:        194.180.56.0/22 maxlen: 22
                          194.180.56.0/24 maxlen: 24
                          194.180.57.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e7/262f40-48c7-43c6-9d83-1548ac1356be/1/tDqirb6dQEE3M58g_VhiPIo58TA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e7/262f40-48c7-43c6-9d83-1548ac1356be/1/tDqirb6dQEE3M58g_VhiPIo58TA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tDqirb6dQEE3M58g_VhiPIo58TA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 09:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:78:85:92:d8:66:a7:60:86:12:2d:83:45:85:01:f1:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b43aa2adbe9d404137339f20fd58623c8a39f130
        Validity
            Not Before: Feb  5 09:07:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c3fd0713ca5b86efd6466f6854b5f81de4d3dc13
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:05:66:c5:a4:db:37:7a:ce:22:f2:c4:86:4d:
                    36:52:b1:5c:be:ce:d5:2a:88:f9:31:e7:ec:83:1d:
                    25:6c:6a:c6:18:de:16:5f:6b:8c:2f:03:a2:40:d1:
                    da:93:2e:d7:1c:7f:16:11:93:38:8b:1d:8e:06:37:
                    e9:68:67:1c:9c:a7:93:43:b0:06:cb:e5:b0:2f:bf:
                    78:00:e8:38:26:c0:69:89:90:7e:c2:4c:71:21:41:
                    f3:bc:93:1f:cd:33:6e:e8:64:5d:dd:01:32:4e:b2:
                    68:2a:f4:a2:88:67:d4:c5:22:ef:96:87:d2:77:fc:
                    33:8f:05:02:1f:0f:3e:d4:b5:08:6c:08:92:3d:97:
                    71:82:70:ca:06:cd:e1:82:44:bc:53:66:82:0c:c2:
                    6e:23:5a:5f:53:1e:08:36:19:c3:ac:c4:5b:72:4c:
                    82:7a:f6:6a:6a:0b:b2:f3:72:bc:94:7b:78:e7:24:
                    0d:46:4e:7b:62:e5:1c:da:e7:c6:5b:60:3f:2c:7f:
                    cd:0d:b1:9f:23:d8:06:7e:fe:e9:0b:97:5a:de:08:
                    6d:12:bf:79:0b:64:82:cc:20:c4:26:5e:6b:f5:1c:
                    7d:3e:19:ea:c0:21:77:d7:1e:25:0c:da:4f:06:cf:
                    03:1b:9d:a9:fb:11:98:e7:b4:a5:d2:d6:67:58:0d:
                    dc:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C3:FD:07:13:CA:5B:86:EF:D6:46:6F:68:54:B5:F8:1D:E4:D3:DC:13
            X509v3 Authority Key Identifier:
                keyid:B4:3A:A2:AD:BE:9D:40:41:37:33:9F:20:FD:58:62:3C:8A:39:F1:30

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tDqirb6dQEE3M58g_VhiPIo58TA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/262f40-48c7-43c6-9d83-1548ac1356be/1/w_0HE8pbhu_WRm9oVLX4HeTT3BM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/262f40-48c7-43c6-9d83-1548ac1356be/1/tDqirb6dQEE3M58g_VhiPIo58TA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.180.56.0/22

    Signature Algorithm: sha256WithRSAEncryption
         9b:d5:33:88:34:ae:35:09:a7:77:b3:8a:9e:c1:4a:c0:aa:7f:
         66:d5:a6:37:8d:e3:9f:1b:78:04:8e:5d:02:24:ad:17:a1:3a:
         7b:63:ae:1d:bf:92:2a:8f:d9:8e:7e:60:18:5f:10:d9:82:e8:
         67:24:52:6a:2d:e6:c2:dc:40:3b:e7:4f:fd:79:28:89:eb:1f:
         b6:29:f8:f9:3e:25:c9:ad:74:b8:3b:3d:8e:22:3d:f7:d7:84:
         ff:05:4b:63:50:a5:15:88:c0:d9:95:9c:ac:05:de:cb:44:06:
         71:5c:5a:83:70:24:22:b3:04:2d:9c:13:2c:16:61:77:a4:f0:
         ac:fd:ec:85:17:86:4f:f2:43:99:2b:43:f1:e1:9c:c3:c7:25:
         b2:d2:6c:23:9c:db:8c:1b:3c:93:68:7e:d3:17:2b:aa:33:86:
         6b:e0:70:61:28:2e:c8:ca:a9:c3:06:02:03:52:15:04:64:e3:
         ca:3a:bc:5d:c6:22:8e:bc:78:67:eb:97:5b:a1:52:f5:0b:95:
         7e:2a:c6:e6:68:4e:27:89:c2:8b:ea:ae:f4:28:cc:a1:69:6d:
         76:12:73:54:76:79:52:c8:0c:22:a9:10:7a:18:e8:07:45:6d:
         d4:63:b6:27:93:dc:79:fc:1a:d3:89:e1:67:46:b5:dc:c3:61:
         b3:cb:9d:8d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY14hZLYZqdghhItg0WFAfHFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0M2FhMmFkYmU5ZDQwNDEzNzMzOWYyMGZkNTg2MjNjOGEz
OWYxMzAwHhcNMjQwMjA1MDkwNzE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjM2ZkMDcxM2NhNWI4NmVmZDY0NjZmNjg1NGI1ZjgxZGU0ZDNkYzEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAogVmxaTbN3rOIvLEhk02UrFcvs7V
Koj5Mefsgx0lbGrGGN4WX2uMLwOiQNHaky7XHH8WEZM4ix2OBjfpaGccnKeTQ7AG
y+WwL794AOg4JsBpiZB+wkxxIUHzvJMfzTNu6GRd3QEyTrJoKvSiiGfUxSLvlofS
d/wzjwUCHw8+1LUIbAiSPZdxgnDKBs3hgkS8U2aCDMJuI1pfUx4INhnDrMRbckyC
evZqaguy83K8lHt45yQNRk57YuUc2ufGW2A/LH/NDbGfI9gGfv7pC5da3ghtEr95
C2SCzCDEJl5r9Rx9PhnqwCF31x4lDNpPBs8DG52p+xGY57Sl0tZnWA3crwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMP9BxPKW4bv1kZvaFS1+B3k09wTMB8GA1UdIwQY
MBaAFLQ6oq2+nUBBNzOfIP1YYjyKOfEwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdERxaXJiNmRRRUUzTTU4Z19WaGlQSW81OFRBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNy8yNjJmNDAtNDhjNy00M2M2LTlkODMt
MTU0OGFjMTM1NmJlLzEvd18wSEU4cGJodV9XUm05b1ZMWDRIZVRUM0JNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNy8yNjJmNDAtNDhjNy00M2M2LTlkODMtMTU0OGFjMTM1NmJl
LzEvdERxaXJiNmRRRUUzTTU4Z19WaGlQSW81OFRBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwrQ4MA0G
CSqGSIb3DQEBCwUAA4IBAQCb1TOINK41Cad3s4qewUrAqn9m1aY3jeOfG3gEjl0C
JK0XoTp7Y64dv5Iqj9mOfmAYXxDZguhnJFJqLebC3EA750/9eSiJ6x+2Kfj5PiXJ
rXS4Oz2OIj3314T/BUtjUKUViMDZlZysBd7LRAZxXFqDcCQiswQtnBMsFmF3pPCs
/eyFF4ZP8kOZK0Px4ZzDxyWy0mwjnNuMGzyTaH7TFyuqM4Zr4HBhKC7IyqnDBgID
UhUEZOPKOrxdxiKOvHhn65dboVL1C5V+KsbmaE4nicKL6q70KMyhaW12EnNUdnlS
yAwiqRB6GOgHRW3UY7Ynk9x5/BrTieFnRrXcw2Gzy52N
-----END CERTIFICATE-----