Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f7/9428c6-b576-41c3-985d-234e0d176325/1/WV5sxYOT_2xZGV6d5cq__8Cn_3E.roa
File:                     WV5sxYOT_2xZGV6d5cq__8Cn_3E.roa (raw, json)
Hash identifier:          hE8IUBPB2DZKwoVTyIgYHhgu80x43ZKEKab23ceM224=
Subject key identifier:   59:5E:6C:C5:83:93:FF:6C:59:19:5E:9D:E5:CA:BF:FF:C0:A7:FF:71
Certificate issuer:       /CN=67cf3ba3002ed7e23a4bd2e978b3abac327fd0d8
Certificate serial:       018EAF06114595AF253A39588E266F219341
Authority key identifier: 67:CF:3B:A3:00:2E:D7:E2:3A:4B:D2:E9:78:B3:AB:AC:32:7F:D0:D8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Z887owAu1-I6S9LpeLOrrDJ_0Ng.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f7/9428c6-b576-41c3-985d-234e0d176325/1/WV5sxYOT_2xZGV6d5cq__8Cn_3E.roa
Signing time:             Fri 05 Apr 2024 16:09:54 +0000
ROA not before:           Fri 05 Apr 2024 16:09:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39704
IP address blocks:        194.69.204.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f7/9428c6-b576-41c3-985d-234e0d176325/1/Z887owAu1-I6S9LpeLOrrDJ_0Ng.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f7/9428c6-b576-41c3-985d-234e0d176325/1/Z887owAu1-I6S9LpeLOrrDJ_0Ng.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Z887owAu1-I6S9LpeLOrrDJ_0Ng.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 20 Sep 2024 13:02:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:af:06:11:45:95:af:25:3a:39:58:8e:26:6f:21:93:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=67cf3ba3002ed7e23a4bd2e978b3abac327fd0d8
        Validity
            Not Before: Apr  5 16:09:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=595e6cc58393ff6c59195e9de5cabfffc0a7ff71
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:f1:19:f3:da:0c:3a:fc:50:e3:43:4d:6a:2c:
                    08:14:3f:65:cc:ac:9a:4f:77:5e:56:1b:b9:56:6d:
                    de:cd:ba:33:ac:27:b8:01:0a:d3:72:5c:30:cc:81:
                    9b:8f:cb:1b:03:2c:91:c6:63:1b:b8:3f:c5:51:d2:
                    5f:5d:f4:a7:f8:ee:3e:08:29:02:98:17:e1:b9:c6:
                    6b:ba:1c:69:79:0c:83:c9:55:88:cf:25:87:d5:c3:
                    68:7a:ee:d5:51:49:26:4d:ca:64:37:ce:ef:90:12:
                    e4:1d:16:f6:d8:da:8d:ca:89:14:36:dd:e0:28:8b:
                    02:d6:f6:71:63:ef:5a:ca:60:a6:b8:ef:f8:93:84:
                    79:48:21:c9:02:73:f2:d8:80:73:9a:60:39:7f:6a:
                    cb:53:41:2e:da:cc:13:1c:e0:f6:94:f7:78:2b:7e:
                    79:e6:33:10:3c:f9:10:c9:69:6b:c9:20:a7:2a:44:
                    5d:d2:9b:f5:41:70:6a:94:60:71:0d:05:44:35:fe:
                    ab:7d:10:04:9e:e1:68:1b:61:58:fa:88:93:29:5c:
                    66:7b:04:bc:e4:41:b9:4f:80:27:3d:f2:cf:01:75:
                    da:84:d8:6c:0f:32:fd:60:2d:5c:09:68:c9:26:97:
                    db:be:42:c9:e4:ff:16:39:f1:b5:5b:93:28:b7:86:
                    17:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:5E:6C:C5:83:93:FF:6C:59:19:5E:9D:E5:CA:BF:FF:C0:A7:FF:71
            X509v3 Authority Key Identifier:
                keyid:67:CF:3B:A3:00:2E:D7:E2:3A:4B:D2:E9:78:B3:AB:AC:32:7F:D0:D8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z887owAu1-I6S9LpeLOrrDJ_0Ng.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/9428c6-b576-41c3-985d-234e0d176325/1/WV5sxYOT_2xZGV6d5cq__8Cn_3E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/9428c6-b576-41c3-985d-234e0d176325/1/Z887owAu1-I6S9LpeLOrrDJ_0Ng.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.69.204.0/24

    Signature Algorithm: sha256WithRSAEncryption
         09:7c:ed:fa:25:1c:0c:ac:c6:38:e4:97:d1:b8:4b:3d:8c:38:
         f6:36:12:50:ce:ce:47:81:e8:da:4a:4d:25:af:42:0f:1f:10:
         29:63:46:36:8b:84:f2:bf:cd:2b:8b:aa:3c:26:74:00:bc:2b:
         f2:81:99:0e:b3:cf:cc:2b:85:ad:45:f0:a6:fe:ed:a6:6f:a8:
         e3:01:9c:d5:97:d8:ad:c7:4e:fd:8c:8f:52:d5:b1:1a:fe:d5:
         e4:95:d5:96:1a:b7:81:c4:7f:33:e5:0c:56:95:50:38:cf:27:
         a7:51:f9:04:7a:38:06:2f:80:c9:a6:ba:2a:ac:63:d6:bd:55:
         a6:fc:54:14:d7:8b:3d:b8:17:3c:4b:31:54:c4:31:2b:85:f8:
         81:64:d1:5f:21:7b:9e:d4:cb:13:e6:0f:c5:16:ae:7e:eb:2a:
         be:f3:06:8e:6f:1e:12:bd:b8:ea:da:7d:1e:2e:4c:16:cc:dc:
         d1:b5:1d:a7:6a:e4:9f:7e:ba:8c:01:35:37:b7:2d:ea:52:90:
         5d:34:4d:02:71:a8:f1:91:9d:b4:a1:fc:40:49:43:1e:c1:b6:
         55:96:2b:f2:ab:38:9f:90:bf:86:59:8d:05:b0:88:7f:6f:09:
         10:16:21:f0:8c:2f:fe:4b:7d:06:6f:57:56:b4:17:6c:ad:1c:
         73:77:cb:26
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY6vBhFFla8lOjlYjiZvIZNBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3Y2YzYmEzMDAyZWQ3ZTIzYTRiZDJlOTc4YjNhYmFjMzI3
ZmQwZDgwHhcNMjQwNDA1MTYwOTU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OTVlNmNjNTgzOTNmZjZjNTkxOTVlOWRlNWNhYmZmZmMwYTdmZjcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkfEZ89oMOvxQ40NNaiwIFD9lzKya
T3deVhu5Vm3ezbozrCe4AQrTclwwzIGbj8sbAyyRxmMbuD/FUdJfXfSn+O4+CCkC
mBfhucZruhxpeQyDyVWIzyWH1cNoeu7VUUkmTcpkN87vkBLkHRb22NqNyokUNt3g
KIsC1vZxY+9aymCmuO/4k4R5SCHJAnPy2IBzmmA5f2rLU0Eu2swTHOD2lPd4K355
5jMQPPkQyWlrySCnKkRd0pv1QXBqlGBxDQVENf6rfRAEnuFoG2FY+oiTKVxmewS8
5EG5T4AnPfLPAXXahNhsDzL9YC1cCWjJJpfbvkLJ5P8WOfG1W5Mot4YX0wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFlebMWDk/9sWRleneXKv//Ap/9xMB8GA1UdIwQY
MBaAFGfPO6MALtfiOkvS6Xizq6wyf9DYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWjg4N293QXUxLUk2UzlMcGVMT3JyREpfME5nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNy85NDI4YzYtYjU3Ni00MWMzLTk4NWQt
MjM0ZTBkMTc2MzI1LzEvV1Y1c3hZT1RfMnhaR1Y2ZDVjcV9fOENuXzNFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNy85NDI4YzYtYjU3Ni00MWMzLTk4NWQtMjM0ZTBkMTc2MzI1
LzEvWjg4N293QXUxLUk2UzlMcGVMT3JyREpfME5nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwkXMMA0G
CSqGSIb3DQEBCwUAA4IBAQAJfO36JRwMrMY45JfRuEs9jDj2NhJQzs5HgejaSk0l
r0IPHxApY0Y2i4Tyv80ri6o8JnQAvCvygZkOs8/MK4WtRfCm/u2mb6jjAZzVl9it
x079jI9S1bEa/tXkldWWGreBxH8z5QxWlVA4zyenUfkEejgGL4DJproqrGPWvVWm
/FQU14s9uBc8SzFUxDErhfiBZNFfIXue1MsT5g/FFq5+6yq+8waObx4Svbjq2n0e
LkwWzNzRtR2nauSffrqMATU3ty3qUpBdNE0CcajxkZ20ofxASUMewbZVlivyqzif
kL+GWY0FsIh/bwkQFiHwjC/+S30Gb1dWtBdsrRxzd8sm
-----END CERTIFICATE-----