Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/3aba7e-1d50-472f-8db7-6912192134e9/1/WCNsbudSM-FgF4pWP-RWGloRfPE.roa
File:                     WCNsbudSM-FgF4pWP-RWGloRfPE.roa (raw, json)
Hash identifier:          8D1juBP8awBYoDS64OjaQbOVqYTZc/cAscDZyLW8jJA=
Subject key identifier:   58:23:6C:6E:E7:52:33:E1:60:17:8A:56:3F:E4:56:1A:5A:11:7C:F1
Certificate issuer:       /CN=752b0d72bf0743bf2cdc78ba1f53e9a988f9af1e
Certificate serial:       018CC349498EC0AB5B26DF2E164A5081E903
Authority key identifier: 75:2B:0D:72:BF:07:43:BF:2C:DC:78:BA:1F:53:E9:A9:88:F9:AF:1E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dSsNcr8HQ78s3Hi6H1PpqYj5rx4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/3aba7e-1d50-472f-8db7-6912192134e9/1/WCNsbudSM-FgF4pWP-RWGloRfPE.roa
Signing time:             Mon 01 Jan 2024 04:30:09 +0000
ROA not before:           Mon 01 Jan 2024 04:30:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205913
IP address blocks:        185.202.76.0/24 maxlen: 24
                          185.202.77.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/3aba7e-1d50-472f-8db7-6912192134e9/1/dSsNcr8HQ78s3Hi6H1PpqYj5rx4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/3aba7e-1d50-472f-8db7-6912192134e9/1/dSsNcr8HQ78s3Hi6H1PpqYj5rx4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dSsNcr8HQ78s3Hi6H1PpqYj5rx4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 21 Jun 2024 03:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:49:8e:c0:ab:5b:26:df:2e:16:4a:50:81:e9:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=752b0d72bf0743bf2cdc78ba1f53e9a988f9af1e
        Validity
            Not Before: Jan  1 04:30:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=58236c6ee75233e160178a563fe4561a5a117cf1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:09:4a:d2:8a:64:75:39:97:dd:2e:58:4d:ae:
                    cb:27:7c:15:36:a3:8c:8f:81:f1:9c:b1:46:06:f3:
                    30:a3:4a:05:e1:fa:56:a9:b4:b4:0d:7a:7b:44:94:
                    75:23:e3:03:d1:b9:2e:ac:51:3c:5f:f6:4e:9b:19:
                    04:fb:72:36:bd:f0:26:f6:ed:01:41:e7:b7:a5:c4:
                    26:25:55:da:56:45:7b:94:81:64:b8:05:10:72:df:
                    e7:6b:69:68:28:69:39:1f:87:c4:88:78:f9:e8:7a:
                    5b:e2:95:f9:2a:36:49:a7:b6:26:37:59:9c:f2:6c:
                    30:c6:06:32:2c:64:04:b4:3e:a2:ff:32:01:ca:15:
                    e8:50:d7:f6:4d:39:d8:a7:47:a4:b4:8d:02:f4:3f:
                    c8:fa:88:72:9f:fd:f5:87:eb:0c:f0:68:06:da:2b:
                    83:80:0a:18:08:42:2f:ee:8b:ec:68:ca:d2:c7:3c:
                    ae:2e:b6:de:c5:46:7e:3c:05:06:25:a7:12:71:67:
                    93:5b:20:5d:bc:be:39:01:c1:99:e1:25:f7:82:5d:
                    b3:e2:fb:33:3e:48:f7:ac:0d:cb:c0:88:09:71:7e:
                    87:5a:0e:73:1e:aa:91:c9:8b:96:93:1c:61:09:4a:
                    9b:a2:b2:c8:eb:f7:a0:22:83:05:19:ee:91:ce:ac:
                    fa:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:23:6C:6E:E7:52:33:E1:60:17:8A:56:3F:E4:56:1A:5A:11:7C:F1
            X509v3 Authority Key Identifier:
                keyid:75:2B:0D:72:BF:07:43:BF:2C:DC:78:BA:1F:53:E9:A9:88:F9:AF:1E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dSsNcr8HQ78s3Hi6H1PpqYj5rx4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/3aba7e-1d50-472f-8db7-6912192134e9/1/WCNsbudSM-FgF4pWP-RWGloRfPE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/3aba7e-1d50-472f-8db7-6912192134e9/1/dSsNcr8HQ78s3Hi6H1PpqYj5rx4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.202.76.0/23

    Signature Algorithm: sha256WithRSAEncryption
         58:1f:35:1f:ab:66:f0:ff:99:d2:f0:8c:49:43:80:25:21:5d:
         da:9b:46:1e:cf:41:47:cf:d4:e9:36:50:be:c9:a9:d3:60:76:
         37:c1:c4:ad:49:4a:d5:de:28:f4:ac:3b:f5:34:98:07:a2:c7:
         27:3f:ba:34:1e:bc:47:a8:2b:5c:e1:c0:fe:f1:a1:58:fa:7d:
         7d:ea:6f:10:4e:fc:05:af:26:41:c8:45:f5:bb:c2:97:83:2c:
         9a:56:de:9b:b7:c3:61:e6:d7:26:d2:03:23:b6:4d:af:de:3c:
         51:03:05:4b:ef:b3:5a:5a:c9:0c:be:e8:11:ee:23:51:a8:6f:
         1b:a9:eb:f1:e8:2f:30:7b:55:43:68:b5:08:f4:49:3e:40:28:
         04:59:48:07:75:d5:2a:b0:c9:ae:b6:09:fd:c8:9b:e2:42:39:
         7d:ba:12:b0:bb:c6:4f:d0:fb:e6:c4:29:54:1e:66:1c:28:20:
         42:a7:f0:c0:b1:a8:83:71:53:df:a6:ee:23:22:de:a4:5e:69:
         ec:a6:85:11:43:2a:cb:71:9f:13:f7:4b:0e:77:e3:f7:3f:ea:
         12:69:ac:1a:45:f6:9a:5d:95:53:26:6d:db:87:60:98:e5:0d:
         71:23:e0:22:63:71:01:ec:ea:e0:21:f6:3b:e6:f2:69:41:e5:
         e3:2a:24:7f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSUmOwKtbJt8uFkpQgekDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc1MmIwZDcyYmYwNzQzYmYyY2RjNzhiYTFmNTNlOWE5ODhm
OWFmMWUwHhcNMjQwMTAxMDQzMDA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ODIzNmM2ZWU3NTIzM2UxNjAxNzhhNTYzZmU0NTYxYTVhMTE3Y2YxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtQlK0opkdTmX3S5YTa7LJ3wVNqOM
j4HxnLFGBvMwo0oF4fpWqbS0DXp7RJR1I+MD0bkurFE8X/ZOmxkE+3I2vfAm9u0B
Qee3pcQmJVXaVkV7lIFkuAUQct/na2loKGk5H4fEiHj56Hpb4pX5KjZJp7YmN1mc
8mwwxgYyLGQEtD6i/zIByhXoUNf2TTnYp0ektI0C9D/I+ohyn/31h+sM8GgG2iuD
gAoYCEIv7ovsaMrSxzyuLrbexUZ+PAUGJacScWeTWyBdvL45AcGZ4SX3gl2z4vsz
Pkj3rA3LwIgJcX6HWg5zHqqRyYuWkxxhCUqborLI6/egIoMFGe6Rzqz6TQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFgjbG7nUjPhYBeKVj/kVhpaEXzxMB8GA1UdIwQY
MBaAFHUrDXK/B0O/LNx4uh9T6amI+a8eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZFNzTmNyOEhRNzhzM0hpNkgxUHBxWWo1cng0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC8zYWJhN2UtMWQ1MC00NzJmLThkYjct
NjkxMjE5MjEzNGU5LzEvV0NOc2J1ZFNNLUZnRjRwV1AtUldHbG9SZlBFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC8zYWJhN2UtMWQ1MC00NzJmLThkYjctNjkxMjE5MjEzNGU5
LzEvZFNzTmNyOEhRNzhzM0hpNkgxUHBxWWo1cng0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBucpMMA0G
CSqGSIb3DQEBCwUAA4IBAQBYHzUfq2bw/5nS8IxJQ4AlIV3am0Yez0FHz9TpNlC+
yanTYHY3wcStSUrV3ij0rDv1NJgHoscnP7o0HrxHqCtc4cD+8aFY+n196m8QTvwF
ryZByEX1u8KXgyyaVt6bt8Nh5tcm0gMjtk2v3jxRAwVL77NaWskMvugR7iNRqG8b
qevx6C8we1VDaLUI9Ek+QCgEWUgHddUqsMmutgn9yJviQjl9uhKwu8ZP0PvmxClU
HmYcKCBCp/DAsaiDcVPfpu4jIt6kXmnspoURQyrLcZ8T90sOd+P3P+oSaawaRfaa
XZVTJm3bh2CY5Q1xI+AiY3EB7OrgIfY75vJpQeXjKiR/
-----END CERTIFICATE-----