Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/32/ba4da6-1d1e-4878-876e-a85399db60bf/1/WY_MWcpyMeByMoY3rkatVfrUP00.roa
File:                     WY_MWcpyMeByMoY3rkatVfrUP00.roa (raw, json)
Hash identifier:          QwA8zuji5U1gwA0L5TMbXzv+PpNAvuZeSeBT7YHz5Rw=
Subject key identifier:   59:8F:CC:59:CA:72:31:E0:72:32:86:37:AE:46:AD:55:FA:D4:3F:4D
Certificate issuer:       /CN=8e9b1fe312f009f208ea8a2b7320cea765dd518b
Certificate serial:       018CC8DF7D0E8793A9B72804CFD2BCC82D1D
Authority key identifier: 8E:9B:1F:E3:12:F0:09:F2:08:EA:8A:2B:73:20:CE:A7:65:DD:51:8B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jpsf4xLwCfII6oorcyDOp2XdUYs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/32/ba4da6-1d1e-4878-876e-a85399db60bf/1/WY_MWcpyMeByMoY3rkatVfrUP00.roa
Signing time:             Tue 02 Jan 2024 06:32:18 +0000
ROA not before:           Tue 02 Jan 2024 06:32:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198968
IP address blocks:        164.138.212.0/23 maxlen: 23
                          164.138.208.0/22 maxlen: 22
                          164.138.215.0/24 maxlen: 24
                          164.138.214.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/32/ba4da6-1d1e-4878-876e-a85399db60bf/1/jpsf4xLwCfII6oorcyDOp2XdUYs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/32/ba4da6-1d1e-4878-876e-a85399db60bf/1/jpsf4xLwCfII6oorcyDOp2XdUYs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jpsf4xLwCfII6oorcyDOp2XdUYs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 24 Jun 2024 12:01:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:7d:0e:87:93:a9:b7:28:04:cf:d2:bc:c8:2d:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8e9b1fe312f009f208ea8a2b7320cea765dd518b
        Validity
            Not Before: Jan  2 06:32:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=598fcc59ca7231e072328637ae46ad55fad43f4d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:f6:67:39:3f:c9:f4:c2:a2:06:8f:2e:d6:a0:
                    f3:8e:ec:4e:f2:e5:d0:a2:47:82:e9:ab:d5:c3:46:
                    8e:d1:25:5f:9d:ff:4c:0a:2f:23:bd:a3:cc:12:52:
                    76:e6:52:dc:8b:dd:3b:69:03:a8:c9:7f:11:75:9e:
                    43:44:e8:6f:00:2e:de:55:24:ae:20:69:15:e2:c8:
                    5d:2f:52:e6:e8:e3:0b:39:b6:48:7a:0c:bd:8f:92:
                    7a:71:b3:1b:fa:af:5f:79:dc:e2:36:47:ea:e1:5f:
                    54:31:51:dd:b9:c2:65:f1:53:c4:43:89:e3:dd:6e:
                    b7:55:30:39:51:f2:c9:03:de:b3:d2:61:e6:9d:77:
                    84:e1:89:04:36:1e:72:01:7e:02:8f:fc:36:a1:0f:
                    74:e4:49:e3:a4:11:b8:09:76:de:50:bd:f2:2e:60:
                    a1:d3:e2:14:a6:10:7a:9e:12:2a:37:51:95:a2:38:
                    25:32:e7:d8:d0:95:8d:70:82:9e:5a:65:54:f5:38:
                    0f:90:46:06:5f:02:7b:c6:d6:cf:40:6a:18:81:b8:
                    a5:87:3a:34:b3:dd:32:29:0f:fb:0b:4f:79:fc:43:
                    46:b0:ca:07:71:ff:19:81:fc:b3:c7:94:3f:b3:b2:
                    10:d5:2c:6a:c0:f9:71:bf:29:55:8e:3a:3d:32:ba:
                    fb:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:8F:CC:59:CA:72:31:E0:72:32:86:37:AE:46:AD:55:FA:D4:3F:4D
            X509v3 Authority Key Identifier:
                keyid:8E:9B:1F:E3:12:F0:09:F2:08:EA:8A:2B:73:20:CE:A7:65:DD:51:8B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jpsf4xLwCfII6oorcyDOp2XdUYs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/32/ba4da6-1d1e-4878-876e-a85399db60bf/1/WY_MWcpyMeByMoY3rkatVfrUP00.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/32/ba4da6-1d1e-4878-876e-a85399db60bf/1/jpsf4xLwCfII6oorcyDOp2XdUYs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  164.138.208.0/21

    Signature Algorithm: sha256WithRSAEncryption
         2f:15:c9:28:f2:2d:29:ae:89:dd:80:28:42:22:73:c4:a8:8c:
         42:65:ea:39:04:35:22:df:61:37:33:fa:ce:12:94:29:d2:f9:
         eb:81:10:c4:31:08:c7:8c:af:6f:33:17:82:91:44:f2:db:a3:
         44:00:26:98:f7:6a:18:6a:d3:24:0a:e3:6a:b1:16:d5:db:88:
         b3:31:29:c8:e5:dd:b9:d6:c1:ed:b0:c7:00:13:96:1f:7a:49:
         c5:ab:24:6a:b5:26:74:ab:d9:9f:1c:fb:ab:d2:9d:3e:39:b1:
         51:ef:fb:d0:fa:52:e3:ac:9c:3c:6c:cf:f0:ef:96:68:c2:e5:
         23:1d:5c:a4:07:c4:07:b6:cb:9e:4d:9b:08:15:af:d5:15:29:
         ee:22:ef:ed:ee:b1:4d:17:68:dc:db:e0:97:1a:83:49:31:19:
         3b:1a:b6:7a:cf:6c:e7:c1:9d:a2:3e:06:60:46:f2:df:7f:31:
         49:d3:e3:b7:c3:d7:93:1d:90:a3:2b:12:5a:e8:7f:11:12:f2:
         e0:41:ec:94:9a:ff:ab:04:2d:64:bd:25:70:61:e3:77:c1:78:
         92:77:e4:9b:9e:7b:a2:1d:7f:fb:ef:70:5f:fd:4b:c4:02:5f:
         ed:28:a5:f3:3c:2f:1e:91:e7:5f:7c:c1:a8:17:a0:ab:31:b3:
         9b:8b:54:c5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI330Oh5OptygEz9K8yC0dMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhlOWIxZmUzMTJmMDA5ZjIwOGVhOGEyYjczMjBjZWE3NjVk
ZDUxOGIwHhcNMjQwMTAyMDYzMjE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OThmY2M1OWNhNzIzMWUwNzIzMjg2MzdhZTQ2YWQ1NWZhZDQzZjRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnfZnOT/J9MKiBo8u1qDzjuxO8uXQ
okeC6avVw0aO0SVfnf9MCi8jvaPMElJ25lLci907aQOoyX8RdZ5DROhvAC7eVSSu
IGkV4shdL1Lm6OMLObZIegy9j5J6cbMb+q9fedziNkfq4V9UMVHducJl8VPEQ4nj
3W63VTA5UfLJA96z0mHmnXeE4YkENh5yAX4Cj/w2oQ905EnjpBG4CXbeUL3yLmCh
0+IUphB6nhIqN1GVojglMufY0JWNcIKeWmVU9TgPkEYGXwJ7xtbPQGoYgbilhzo0
s90yKQ/7C095/ENGsMoHcf8Zgfyzx5Q/s7IQ1SxqwPlxvylVjjo9Mrr7SQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFmPzFnKcjHgcjKGN65GrVX61D9NMB8GA1UdIwQY
MBaAFI6bH+MS8AnyCOqKK3Mgzqdl3VGLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvanBzZjR4THdDZklJNm9vcmN5RE9wMlhkVVlzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMi9iYTRkYTYtMWQxZS00ODc4LTg3NmUt
YTg1Mzk5ZGI2MGJmLzEvV1lfTVdjcHlNZUJ5TW9ZM3JrYXRWZnJVUDAwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMi9iYTRkYTYtMWQxZS00ODc4LTg3NmUtYTg1Mzk5ZGI2MGJm
LzEvanBzZjR4THdDZklJNm9vcmN5RE9wMlhkVVlzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDpIrQMA0G
CSqGSIb3DQEBCwUAA4IBAQAvFcko8i0prondgChCInPEqIxCZeo5BDUi32E3M/rO
EpQp0vnrgRDEMQjHjK9vMxeCkUTy26NEACaY92oYatMkCuNqsRbV24izMSnI5d25
1sHtsMcAE5YfeknFqyRqtSZ0q9mfHPur0p0+ObFR7/vQ+lLjrJw8bM/w75ZowuUj
HVykB8QHtsueTZsIFa/VFSnuIu/t7rFNF2jc2+CXGoNJMRk7GrZ6z2znwZ2iPgZg
RvLffzFJ0+O3w9eTHZCjKxJa6H8REvLgQeyUmv+rBC1kvSVwYeN3wXiSd+Sbnnui
HX/773Bf/UvEAl/tKKXzPC8ekedffMGoF6CrMbObi1TF
-----END CERTIFICATE-----