Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5d/1433ea-1080-46e5-b612-297e282d66a8/1/wwkTxtvy8y_gre1LyntK82_wg2o.roa
File:                     wwkTxtvy8y_gre1LyntK82_wg2o.roa (raw, json)
Hash identifier:          06SNxlJKLopu/TY42bvthXJuhwNZOlr+SWZ0JQeMj5o=
Subject key identifier:   C3:09:13:C6:DB:F2:F3:2F:E0:AD:ED:4B:CA:7B:4A:F3:6F:F0:83:6A
Certificate issuer:       /CN=26a5aa918cbfeb3e12997f33890feb258907b343
Certificate serial:       019424B3A68B3F56150FA1D9506360D1B0E9
Authority key identifier: 26:A5:AA:91:8C:BF:EB:3E:12:99:7F:33:89:0F:EB:25:89:07:B3:43
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JqWqkYy_6z4SmX8ziQ_rJYkHs0M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5d/1433ea-1080-46e5-b612-297e282d66a8/1/wwkTxtvy8y_gre1LyntK82_wg2o.roa
Signing time:             Thu 02 Jan 2025 01:49:00 +0000
ROA not before:           Thu 02 Jan 2025 01:49:00 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     34360
IP address blocks:        93.157.96.0/21 maxlen: 24
                          213.108.56.0/21 maxlen: 24
                          2a01:4660::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5d/1433ea-1080-46e5-b612-297e282d66a8/1/JqWqkYy_6z4SmX8ziQ_rJYkHs0M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5d/1433ea-1080-46e5-b612-297e282d66a8/1/JqWqkYy_6z4SmX8ziQ_rJYkHs0M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JqWqkYy_6z4SmX8ziQ_rJYkHs0M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 28 Apr 2025 23:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:a6:8b:3f:56:15:0f:a1:d9:50:63:60:d1:b0:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=26a5aa918cbfeb3e12997f33890feb258907b343
        Validity
            Not Before: Jan  2 01:49:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c30913c6dbf2f32fe0aded4bca7b4af36ff0836a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:79:b0:04:46:b7:86:a3:23:c0:65:c1:05:97:
                    77:08:92:d6:8a:35:d9:b8:37:4f:b3:f0:e0:07:17:
                    1f:8d:eb:95:3a:d0:55:e5:03:23:30:00:ee:51:56:
                    2f:b7:dc:25:8c:8f:8b:55:97:d4:55:82:c1:80:e0:
                    5e:4e:1a:5d:d0:e0:77:ca:00:d3:86:b8:50:87:40:
                    21:42:47:b3:fc:25:27:13:b0:c6:dc:c7:c2:3f:c8:
                    65:dd:bc:e6:13:b6:9f:4a:93:50:69:34:ca:59:c9:
                    40:f5:d2:83:4a:c1:bc:fe:7f:fe:5f:ea:a5:c6:89:
                    61:26:d6:2a:99:4c:11:94:ab:32:52:38:95:4c:fb:
                    2c:b7:e4:b5:f8:2e:78:9d:9a:1b:af:64:a4:c4:b8:
                    6c:1a:c0:af:3a:26:d9:25:49:0b:de:64:57:3c:ad:
                    09:2f:60:72:6a:90:05:f0:22:80:0a:ac:bd:9d:87:
                    e4:ee:67:70:93:6d:63:85:c6:28:1d:2b:8f:a5:6d:
                    d2:79:82:f4:6b:c0:35:a0:f2:7d:c8:a7:21:99:84:
                    c7:25:dd:29:7b:bd:8f:45:d9:fb:30:75:40:d4:2f:
                    41:89:7a:73:33:db:db:94:73:1e:1d:d9:b1:99:3c:
                    c0:c1:7f:64:af:bd:62:90:5b:ca:17:28:fc:9d:0e:
                    c4:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C3:09:13:C6:DB:F2:F3:2F:E0:AD:ED:4B:CA:7B:4A:F3:6F:F0:83:6A
            X509v3 Authority Key Identifier:
                keyid:26:A5:AA:91:8C:BF:EB:3E:12:99:7F:33:89:0F:EB:25:89:07:B3:43

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JqWqkYy_6z4SmX8ziQ_rJYkHs0M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/1433ea-1080-46e5-b612-297e282d66a8/1/wwkTxtvy8y_gre1LyntK82_wg2o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/1433ea-1080-46e5-b612-297e282d66a8/1/JqWqkYy_6z4SmX8ziQ_rJYkHs0M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.157.96.0/21
                  213.108.56.0/21
                IPv6:
                  2a01:4660::/32

    Signature Algorithm: sha256WithRSAEncryption
         88:f1:82:c9:8b:a8:a7:b2:04:77:79:e3:d0:8d:dd:2e:ae:13:
         e9:e2:88:42:fc:35:08:5c:5d:3f:53:48:92:93:3f:8c:db:ba:
         12:d7:32:42:12:1f:1b:e6:44:e7:26:b6:9e:6c:d3:91:d1:38:
         af:5e:9d:fd:6d:fc:b9:6b:90:6f:0f:da:c8:5b:76:ab:eb:b2:
         4f:98:d1:4e:23:3b:4c:c9:07:b3:86:00:e5:8e:b0:0c:58:85:
         05:b6:6d:0d:ba:24:5b:4f:48:d3:06:2a:f8:03:57:65:9b:e5:
         ce:17:36:4b:50:e7:9f:7b:92:3b:f9:02:86:2f:e6:10:40:d3:
         48:82:d3:c7:a4:15:82:8f:7c:71:1c:23:2d:09:fa:84:74:d9:
         85:35:51:35:34:cf:96:ca:4e:28:68:b0:b7:b2:af:c4:77:cf:
         2a:6a:03:46:4d:67:a2:05:60:46:6e:2d:83:2f:6b:3b:ec:cb:
         45:ed:1e:0a:0b:f1:e2:93:ea:72:37:34:c0:3f:32:d5:8e:a8:
         6b:6a:37:0f:cd:3e:2e:62:74:ef:95:a8:c0:94:15:12:01:cc:
         a6:9d:8c:ba:f6:f6:91:9b:d8:bd:54:e1:d4:f5:34:1f:12:56:
         34:ea:0f:a3:eb:e8:39:a5:c8:9f:2e:39:e1:79:2b:ed:e6:dc:
         5c:2f:d6:28
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZQks6aLP1YVD6HZUGNg0bDpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI2YTVhYTkxOGNiZmViM2UxMjk5N2YzMzg5MGZlYjI1ODkw
N2IzNDMwHhcNMjUwMTAyMDE0OTAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMzA5MTNjNmRiZjJmMzJmZTBhZGVkNGJjYTdiNGFmMzZmZjA4MzZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs3mwBEa3hqMjwGXBBZd3CJLWijXZ
uDdPs/DgBxcfjeuVOtBV5QMjMADuUVYvt9wljI+LVZfUVYLBgOBeThpd0OB3ygDT
hrhQh0AhQkez/CUnE7DG3MfCP8hl3bzmE7afSpNQaTTKWclA9dKDSsG8/n/+X+ql
xolhJtYqmUwRlKsyUjiVTPsst+S1+C54nZobr2SkxLhsGsCvOibZJUkL3mRXPK0J
L2ByapAF8CKACqy9nYfk7mdwk21jhcYoHSuPpW3SeYL0a8A1oPJ9yKchmYTHJd0p
e72PRdn7MHVA1C9BiXpzM9vblHMeHdmxmTzAwX9kr71ikFvKFyj8nQ7ErwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFMMJE8bb8vMv4K3tS8p7SvNv8INqMB8GA1UdIwQY
MBaAFCalqpGMv+s+Epl/M4kP6yWJB7NDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSnFXcWtZeV82ejRTbVg4emlRX3JKWWtIczBNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZC8xNDMzZWEtMTA4MC00NmU1LWI2MTIt
Mjk3ZTI4MmQ2NmE4LzEvd3drVHh0dnk4eV9ncmUxTHludEs4Ml93ZzJvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZC8xNDMzZWEtMTA4MC00NmU1LWI2MTItMjk3ZTI4MmQ2NmE4
LzEvSnFXcWtZeV82ejRTbVg4emlRX3JKWWtIczBNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQDXZ1gAwQD
1Ww4MA0EAgACMAcDBQAqAUZgMA0GCSqGSIb3DQEBCwUAA4IBAQCI8YLJi6insgR3
eePQjd0urhPp4ohC/DUIXF0/U0iSkz+M27oS1zJCEh8b5kTnJraebNOR0TivXp39
bfy5a5BvD9rIW3ar67JPmNFOIztMyQezhgDljrAMWIUFtm0NuiRbT0jTBir4A1dl
m+XOFzZLUOefe5I7+QKGL+YQQNNIgtPHpBWCj3xxHCMtCfqEdNmFNVE1NM+Wyk4o
aLC3sq/Ed88qagNGTWeiBWBGbi2DL2s77MtF7R4KC/Hik+pyNzTAPzLVjqhrajcP
zT4uYnTvlajAlBUSAcymnYy69vaRm9i9VOHU9TQfElY06g+j6+g5pcifLjnheSvt
5txcL9Yo
-----END CERTIFICATE-----