Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/55b9d7-f703-45fe-8b63-10534c67bbb8/1/WGUFrSx9WB8S-_D01ht7ZSYqa0Y.roa
File:                     WGUFrSx9WB8S-_D01ht7ZSYqa0Y.roa (raw, json)
Hash identifier:          Fgpmy26rEgOQqww+LNV5DEr203Z6fAzU0iOx2gYJP00=
Subject key identifier:   58:65:05:AD:2C:7D:58:1F:12:FB:F0:F4:D6:1B:7B:65:26:2A:6B:46
Certificate issuer:       /CN=e5de0de73e73874bbc66738805d373cab833b7a5
Certificate serial:       018F760711AB7D5F947CB5F5DAEB9F8254DA
Authority key identifier: E5:DE:0D:E7:3E:73:87:4B:BC:66:73:88:05:D3:73:CA:B8:33:B7:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5d4N5z5zh0u8ZnOIBdNzyrgzt6U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/55b9d7-f703-45fe-8b63-10534c67bbb8/1/WGUFrSx9WB8S-_D01ht7ZSYqa0Y.roa
Signing time:             Tue 14 May 2024 07:35:25 +0000
ROA not before:           Tue 14 May 2024 07:35:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        185.137.156.0/24 maxlen: 24
                          2a10:a100::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ab/55b9d7-f703-45fe-8b63-10534c67bbb8/1/5d4N5z5zh0u8ZnOIBdNzyrgzt6U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ab/55b9d7-f703-45fe-8b63-10534c67bbb8/1/5d4N5z5zh0u8ZnOIBdNzyrgzt6U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5d4N5z5zh0u8ZnOIBdNzyrgzt6U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Jun 2024 01:01:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:76:07:11:ab:7d:5f:94:7c:b5:f5:da:eb:9f:82:54:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e5de0de73e73874bbc66738805d373cab833b7a5
        Validity
            Not Before: May 14 07:35:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=586505ad2c7d581f12fbf0f4d61b7b65262a6b46
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:17:25:03:71:27:2a:4f:fe:6d:eb:a1:7a:a9:
                    a3:fc:46:ea:d5:3d:97:8a:aa:ae:bc:57:68:cb:21:
                    4a:2b:b8:f0:81:9c:68:da:dd:cf:96:56:d7:89:12:
                    b8:76:c9:af:55:ef:fd:37:35:91:12:9d:dc:42:bd:
                    e0:4f:0a:7b:ce:f2:af:7f:9e:6d:df:57:e4:c6:c3:
                    ff:ba:ae:88:9a:a4:2e:27:f1:5a:4d:9a:2e:6d:9e:
                    a1:67:71:48:0b:c8:ca:6a:02:7e:d3:a1:41:02:19:
                    03:c6:0f:4b:4a:ba:a2:81:58:ea:79:b4:51:52:5e:
                    5e:69:fb:d5:08:8b:fe:a1:3c:f1:c6:f8:d9:d3:37:
                    3f:3e:3b:6e:79:a2:98:65:fd:29:d9:61:5a:dd:fd:
                    dc:c8:cf:87:c7:53:44:f7:b2:26:37:33:07:04:70:
                    a5:43:82:95:80:e1:8e:5d:94:6f:fd:c2:2d:28:08:
                    e2:fe:e8:63:2c:cb:ab:4f:62:42:4b:51:9e:ae:51:
                    93:e9:f6:9b:23:83:6b:83:a3:ba:d2:e6:b1:39:13:
                    65:b6:ca:26:11:58:d8:26:88:88:c3:ab:72:dc:e6:
                    10:3d:10:05:a1:06:cf:00:34:af:98:3b:6c:f2:a3:
                    c4:cc:2c:cb:d7:c2:88:e1:1c:a8:d3:5e:26:20:60:
                    a2:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:65:05:AD:2C:7D:58:1F:12:FB:F0:F4:D6:1B:7B:65:26:2A:6B:46
            X509v3 Authority Key Identifier:
                keyid:E5:DE:0D:E7:3E:73:87:4B:BC:66:73:88:05:D3:73:CA:B8:33:B7:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5d4N5z5zh0u8ZnOIBdNzyrgzt6U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/55b9d7-f703-45fe-8b63-10534c67bbb8/1/WGUFrSx9WB8S-_D01ht7ZSYqa0Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/55b9d7-f703-45fe-8b63-10534c67bbb8/1/5d4N5z5zh0u8ZnOIBdNzyrgzt6U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.137.156.0/24
                IPv6:
                  2a10:a100::/48

    Signature Algorithm: sha256WithRSAEncryption
         3c:ce:4c:6e:29:11:dd:b8:08:de:23:ad:b7:45:21:f1:98:fa:
         78:96:0e:25:81:3e:37:9a:11:84:9f:ca:24:6c:b2:3c:1f:cc:
         20:00:05:20:c7:bc:36:6f:d4:24:bb:45:76:94:25:bf:09:17:
         8a:57:26:ff:3a:a5:f8:9b:f9:1e:11:46:cd:8b:68:f8:fe:76:
         27:ef:77:d5:ff:25:53:61:e7:fa:ea:3f:84:08:be:a4:bf:e3:
         9d:60:51:0c:33:3b:3a:07:78:01:9e:94:51:85:b1:b2:fa:66:
         6b:f5:03:e1:4f:39:3d:96:23:67:cb:8f:22:c8:8f:f5:08:87:
         8e:3b:5f:05:fa:cc:2a:0d:69:95:fb:a1:bd:48:d2:93:c9:fc:
         1f:3d:2c:7e:2e:d1:35:33:d1:19:7e:d5:04:96:2f:a3:bd:30:
         f9:9c:c5:04:d1:20:f1:3f:70:21:3c:ed:c2:ef:85:1b:e7:4e:
         22:2c:16:39:11:f2:cc:a6:81:f0:05:24:de:70:ea:33:3f:35:
         9e:23:33:d4:f9:51:c0:86:4d:0b:42:b8:fa:39:e1:47:13:30:
         cb:7b:c9:3b:2d:86:72:91:44:a3:f2:44:5f:8e:58:37:b9:0b:
         be:6d:be:4c:01:00:e0:d6:85:8b:c8:24:75:ee:4a:38:f6:90:
         1e:d4:bf:26
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAY92BxGrfV+UfLX12uufglTaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU1ZGUwZGU3M2U3Mzg3NGJiYzY2NzM4ODA1ZDM3M2NhYjgz
M2I3YTUwHhcNMjQwNTE0MDczNTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ODY1MDVhZDJjN2Q1ODFmMTJmYmYwZjRkNjFiN2I2NTI2MmE2YjQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzRclA3EnKk/+beuheqmj/Ebq1T2X
iqquvFdoyyFKK7jwgZxo2t3PllbXiRK4dsmvVe/9NzWREp3cQr3gTwp7zvKvf55t
31fkxsP/uq6ImqQuJ/FaTZoubZ6hZ3FIC8jKagJ+06FBAhkDxg9LSrqigVjqebRR
Ul5eafvVCIv+oTzxxvjZ0zc/PjtueaKYZf0p2WFa3f3cyM+Hx1NE97ImNzMHBHCl
Q4KVgOGOXZRv/cItKAji/uhjLMurT2JCS1GerlGT6fabI4Nrg6O60uaxORNltsom
EVjYJoiIw6ty3OYQPRAFoQbPADSvmDts8qPEzCzL18KI4Ryo014mIGCiswIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFFhlBa0sfVgfEvvw9NYbe2UmKmtGMB8GA1UdIwQY
MBaAFOXeDec+c4dLvGZziAXTc8q4M7elMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNWQ0TjV6NXpoMHU4Wm5PSUJkTnp5cmd6dDZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi81NWI5ZDctZjcwMy00NWZlLThiNjMt
MTA1MzRjNjdiYmI4LzEvV0dVRnJTeDlXQjhTLV9EMDFodDdaU1lxYTBZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi81NWI5ZDctZjcwMy00NWZlLThiNjMtMTA1MzRjNjdiYmI4
LzEvNWQ0TjV6NXpoMHU4Wm5PSUJkTnp5cmd6dDZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAuYmcMA8E
AgACMAkDBwAqEKEAAAAwDQYJKoZIhvcNAQELBQADggEBADzOTG4pEd24CN4jrbdF
IfGY+niWDiWBPjeaEYSfyiRssjwfzCAABSDHvDZv1CS7RXaUJb8JF4pXJv86pfib
+R4RRs2LaPj+difvd9X/JVNh5/rqP4QIvqS/451gUQwzOzoHeAGelFGFsbL6Zmv1
A+FPOT2WI2fLjyLIj/UIh447XwX6zCoNaZX7ob1I0pPJ/B89LH4u0TUz0Rl+1QSW
L6O9MPmcxQTRIPE/cCE87cLvhRvnTiIsFjkR8symgfAFJN5w6jM/NZ4jM9T5UcCG
TQtCuPo54UcTMMt7yTsthnKRRKPyRF+OWDe5C75tvkwBAODWhYvIJHXuSjj2kB7U
vyY=
-----END CERTIFICATE-----