Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f3/981fb1-904d-499a-b93a-607ca025b94f/1/wcccpGaeYTilF5ncbceAk7mBvqQ.roa
File:                     wcccpGaeYTilF5ncbceAk7mBvqQ.roa (raw, json)
Hash identifier:          gOA2BhosHOf6qCEMFAHb8yTCso/K7yQdwGzJmIy7AF4=
Subject key identifier:   C1:C7:1C:A4:66:9E:61:38:A5:17:99:DC:6D:C7:80:93:B9:81:BE:A4
Certificate issuer:       /CN=aa41c939ea95a21f3b742901dfe05f26a5777581
Certificate serial:       0194221FF8FE13C30F9B6011C3BC4D22EBF7
Authority key identifier: AA:41:C9:39:EA:95:A2:1F:3B:74:29:01:DF:E0:5F:26:A5:77:75:81
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qkHJOeqVoh87dCkB3-BfJqV3dYE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f3/981fb1-904d-499a-b93a-607ca025b94f/1/wcccpGaeYTilF5ncbceAk7mBvqQ.roa
Signing time:             Wed 01 Jan 2025 13:48:28 +0000
ROA not before:           Wed 01 Jan 2025 13:48:28 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     51270
IP address blocks:        194.149.94.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f3/981fb1-904d-499a-b93a-607ca025b94f/1/qkHJOeqVoh87dCkB3-BfJqV3dYE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f3/981fb1-904d-499a-b93a-607ca025b94f/1/qkHJOeqVoh87dCkB3-BfJqV3dYE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qkHJOeqVoh87dCkB3-BfJqV3dYE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:f8:fe:13:c3:0f:9b:60:11:c3:bc:4d:22:eb:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aa41c939ea95a21f3b742901dfe05f26a5777581
        Validity
            Not Before: Jan  1 13:48:28 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c1c71ca4669e6138a51799dc6dc78093b981bea4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:d7:fa:38:a3:f2:8c:70:32:b8:41:9e:6a:f4:
                    18:a6:9d:88:4c:e6:6b:30:5f:50:f7:ac:5c:98:9e:
                    cb:52:3c:2f:98:5f:c0:63:8c:28:2b:ac:c1:be:9a:
                    a9:4f:80:00:d3:ee:7f:ce:c7:54:3a:29:89:a2:1d:
                    b4:2f:6d:42:d9:d0:f8:0b:4c:04:da:fc:f3:47:06:
                    8e:ee:58:5d:c8:e2:5a:48:2d:59:d5:89:ae:77:d8:
                    a5:7b:0d:3a:08:9b:c6:60:78:81:54:50:d5:e4:fc:
                    5a:7c:ba:01:4d:28:c5:ae:cc:fa:1c:75:15:eb:da:
                    fa:4c:57:2b:4a:ff:c1:c8:44:8d:a2:0a:2d:e7:2a:
                    19:68:f5:19:2c:e8:5b:8d:5a:2f:16:6f:63:43:06:
                    38:6f:c4:63:a5:aa:8d:6a:64:7c:6e:a1:64:3e:87:
                    e0:96:82:55:a6:40:95:8d:f1:80:fd:0f:0c:b9:22:
                    bd:21:9d:4d:7d:96:a0:e9:4b:67:1b:8c:86:bc:cc:
                    81:69:e9:3c:0e:c0:a8:9e:e1:c2:41:f5:3d:05:90:
                    8c:9f:d4:ca:ee:e5:d1:3d:c8:b3:de:fc:51:f3:b9:
                    1c:b3:77:91:17:0a:9a:c0:a0:c5:87:ff:ce:e9:45:
                    2d:28:98:91:7a:3c:d9:ae:5f:f6:c6:b7:c3:51:43:
                    71:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:C7:1C:A4:66:9E:61:38:A5:17:99:DC:6D:C7:80:93:B9:81:BE:A4
            X509v3 Authority Key Identifier:
                keyid:AA:41:C9:39:EA:95:A2:1F:3B:74:29:01:DF:E0:5F:26:A5:77:75:81

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qkHJOeqVoh87dCkB3-BfJqV3dYE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/981fb1-904d-499a-b93a-607ca025b94f/1/wcccpGaeYTilF5ncbceAk7mBvqQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/981fb1-904d-499a-b93a-607ca025b94f/1/qkHJOeqVoh87dCkB3-BfJqV3dYE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.149.94.0/24

    Signature Algorithm: sha256WithRSAEncryption
         12:89:9a:35:a6:a2:85:ec:93:18:da:e5:cc:84:6d:1e:82:ca:
         4b:67:41:99:4b:37:6f:8c:5a:ca:01:8a:9e:46:05:7e:34:04:
         be:21:f5:ae:f4:72:73:32:36:58:2d:da:0d:53:7b:13:49:5e:
         19:23:f7:81:00:4d:18:da:af:9a:78:f9:d4:70:ab:53:13:0e:
         93:3c:bd:01:52:3d:d7:6e:f2:52:07:10:71:e2:c5:12:90:dc:
         f5:1a:41:7f:8a:05:97:bb:b1:ef:37:d2:c3:60:35:2d:55:e2:
         75:f4:d7:90:9c:75:e1:b3:52:3b:2a:17:1a:54:fc:10:b3:0a:
         ff:ea:9c:6f:fc:31:f5:5d:30:65:9f:47:e8:00:c7:82:b1:52:
         a0:6d:42:01:c8:da:21:68:e2:6c:cb:fa:40:47:c3:34:17:55:
         a9:cb:fa:4e:49:64:a0:4d:5a:57:2e:3e:6d:d9:49:6a:49:61:
         17:d6:f0:ea:a5:c7:ec:2c:ea:76:89:13:3a:23:81:17:2d:2b:
         81:80:ce:f3:dc:dc:68:05:56:ad:aa:4c:a1:2b:c6:ee:32:62:
         02:d8:50:4e:5d:6e:eb:88:f5:58:4d:ec:c7:24:01:d7:42:53:
         91:29:11:26:e6:2f:81:dd:97:6d:36:9f:02:1e:16:f7:57:f6:
         9a:6b:aa:42
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiH/j+E8MPm2ARw7xNIuv3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFhNDFjOTM5ZWE5NWEyMWYzYjc0MjkwMWRmZTA1ZjI2YTU3
Nzc1ODEwHhcNMjUwMTAxMTM0ODI4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMWM3MWNhNDY2OWU2MTM4YTUxNzk5ZGM2ZGM3ODA5M2I5ODFiZWE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp9f6OKPyjHAyuEGeavQYpp2ITOZr
MF9Q96xcmJ7LUjwvmF/AY4woK6zBvpqpT4AA0+5/zsdUOimJoh20L21C2dD4C0wE
2vzzRwaO7lhdyOJaSC1Z1Ymud9ilew06CJvGYHiBVFDV5PxafLoBTSjFrsz6HHUV
69r6TFcrSv/ByESNogot5yoZaPUZLOhbjVovFm9jQwY4b8RjpaqNamR8bqFkPofg
loJVpkCVjfGA/Q8MuSK9IZ1NfZag6UtnG4yGvMyBaek8DsConuHCQfU9BZCMn9TK
7uXRPciz3vxR87kcs3eRFwqawKDFh//O6UUtKJiRejzZrl/2xrfDUUNxKwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMHHHKRmnmE4pReZ3G3HgJO5gb6kMB8GA1UdIwQY
MBaAFKpByTnqlaIfO3QpAd/gXyald3WBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcWtISk9lcVZvaDg3ZENrQjMtQmZKcVYzZFlFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMy85ODFmYjEtOTA0ZC00OTlhLWI5M2Et
NjA3Y2EwMjViOTRmLzEvd2NjY3BHYWVZVGlsRjVuY2JjZUFrN21CdnFRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMy85ODFmYjEtOTA0ZC00OTlhLWI5M2EtNjA3Y2EwMjViOTRm
LzEvcWtISk9lcVZvaDg3ZENrQjMtQmZKcVYzZFlFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwpVeMA0G
CSqGSIb3DQEBCwUAA4IBAQASiZo1pqKF7JMY2uXMhG0egspLZ0GZSzdvjFrKAYqe
RgV+NAS+IfWu9HJzMjZYLdoNU3sTSV4ZI/eBAE0Y2q+aePnUcKtTEw6TPL0BUj3X
bvJSBxBx4sUSkNz1GkF/igWXu7HvN9LDYDUtVeJ19NeQnHXhs1I7KhcaVPwQswr/
6pxv/DH1XTBln0foAMeCsVKgbUIByNohaOJsy/pAR8M0F1Wpy/pOSWSgTVpXLj5t
2UlqSWEX1vDqpcfsLOp2iRM6I4EXLSuBgM7z3NxoBVatqkyhK8buMmIC2FBOXW7r
iPVYTezHJAHXQlORKREm5i+B3ZdtNp8CHhb3V/aaa6pC
-----END CERTIFICATE-----