Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e8/471aa5-c3f7-4afd-b122-9c8e59c2771c/1/WA6YQzDc6pMLz5iK3NzVlALfLDY.roa
File:                     WA6YQzDc6pMLz5iK3NzVlALfLDY.roa (raw, json)
Hash identifier:          BsMEs0NNvNbUhiHmX7GftlUb7RA8YuPDtiCbHjp9+CY=
Subject key identifier:   58:0E:98:43:30:DC:EA:93:0B:CF:98:8A:DC:DC:D5:94:02:DF:2C:36
Certificate issuer:       /CN=dc86e3e928c7f0c9db69515ff3aa1f678cee43c0
Certificate serial:       018CC2DAFC192E3B7D54FB27BDE0F16187DE
Authority key identifier: DC:86:E3:E9:28:C7:F0:C9:DB:69:51:5F:F3:AA:1F:67:8C:EE:43:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3Ibj6SjH8MnbaVFf86ofZ4zuQ8A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e8/471aa5-c3f7-4afd-b122-9c8e59c2771c/1/WA6YQzDc6pMLz5iK3NzVlALfLDY.roa
Signing time:             Mon 01 Jan 2024 02:29:40 +0000
ROA not before:           Mon 01 Jan 2024 02:29:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202611
IP address blocks:        188.72.103.0/24 maxlen: 24
                          188.72.104.0/24 maxlen: 24
                          188.72.105.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e8/471aa5-c3f7-4afd-b122-9c8e59c2771c/1/3Ibj6SjH8MnbaVFf86ofZ4zuQ8A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e8/471aa5-c3f7-4afd-b122-9c8e59c2771c/1/3Ibj6SjH8MnbaVFf86ofZ4zuQ8A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3Ibj6SjH8MnbaVFf86ofZ4zuQ8A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 24 Jun 2024 08:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:fc:19:2e:3b:7d:54:fb:27:bd:e0:f1:61:87:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dc86e3e928c7f0c9db69515ff3aa1f678cee43c0
        Validity
            Not Before: Jan  1 02:29:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=580e984330dcea930bcf988adcdcd59402df2c36
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:58:bd:13:d7:b2:10:8d:22:38:94:34:3b:7e:
                    83:7b:17:9e:fd:35:4f:79:40:4d:2a:47:1b:9c:30:
                    26:11:0b:88:6a:f9:d8:04:7e:32:50:81:77:1d:f7:
                    0d:22:53:9b:9d:52:2a:34:8f:c9:9f:46:13:a3:1b:
                    d6:2f:30:d9:3f:15:8a:b9:b8:6c:cc:a0:e6:07:35:
                    20:6b:cf:2e:5c:95:82:2b:63:4a:40:f9:7e:b8:f8:
                    43:e0:ef:22:aa:a9:71:62:2f:a5:8d:98:69:c1:fd:
                    ce:1f:c9:2b:c8:e8:04:7d:03:78:52:d2:66:e5:b1:
                    61:b5:ac:eb:71:c3:3a:c9:ba:2f:be:c5:8f:b0:50:
                    46:b6:99:90:f9:4e:13:0e:60:c5:2a:f9:5b:32:3d:
                    a9:70:02:fd:54:6b:1d:c2:26:66:94:bf:63:dd:47:
                    a1:92:24:86:23:12:3e:2a:52:ea:b3:13:78:0a:f5:
                    53:e4:14:d7:a1:01:7b:55:76:cf:7d:26:a2:9b:a0:
                    73:c3:c1:db:56:fd:c6:4e:18:4c:60:20:aa:20:43:
                    d4:82:42:27:5d:30:03:b3:e2:cd:02:3a:be:b4:b7:
                    e4:1b:c8:e7:ed:8c:88:b3:11:36:88:8a:e0:6f:dc:
                    f1:af:59:3e:61:ab:07:07:d7:8f:52:9d:b2:85:48:
                    9d:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:0E:98:43:30:DC:EA:93:0B:CF:98:8A:DC:DC:D5:94:02:DF:2C:36
            X509v3 Authority Key Identifier:
                keyid:DC:86:E3:E9:28:C7:F0:C9:DB:69:51:5F:F3:AA:1F:67:8C:EE:43:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3Ibj6SjH8MnbaVFf86ofZ4zuQ8A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/471aa5-c3f7-4afd-b122-9c8e59c2771c/1/WA6YQzDc6pMLz5iK3NzVlALfLDY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/471aa5-c3f7-4afd-b122-9c8e59c2771c/1/3Ibj6SjH8MnbaVFf86ofZ4zuQ8A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.72.103.0-188.72.105.255

    Signature Algorithm: sha256WithRSAEncryption
         93:fc:f1:af:69:e4:9e:65:1f:d5:e7:58:eb:03:3f:64:fa:49:
         71:f6:79:69:f0:50:06:1a:55:97:82:1d:30:88:18:8d:54:73:
         a1:0e:f0:d1:3c:06:b2:a4:5e:72:ff:24:60:3f:c7:1f:bf:53:
         82:87:c5:9f:3e:f4:d2:0b:60:d1:bb:86:5f:8d:49:3f:99:85:
         1b:aa:c6:bd:01:82:a0:18:f2:ec:c6:3a:c2:5d:69:9a:4a:2a:
         e2:74:62:5d:50:a7:24:9c:93:8f:52:d9:56:e3:c0:2e:4a:29:
         5a:3b:ed:9a:f1:92:d7:f5:91:ff:86:a8:d5:c5:0e:55:53:25:
         5c:44:ed:c0:1a:05:ee:c0:86:90:d7:97:7b:84:ba:f1:b6:5e:
         41:b3:01:7a:57:48:45:34:03:b0:18:0e:0b:49:12:39:b8:10:
         7a:cd:15:b7:15:d6:95:97:4a:68:c9:4f:49:15:95:75:cd:95:
         e6:75:6a:65:bf:ae:ed:3e:8e:df:1e:86:1e:b0:49:40:77:48:
         45:57:ac:fa:a5:91:4a:a3:52:70:fd:14:ac:a0:60:ee:d8:be:
         af:0b:99:02:8a:69:75:23:a4:a6:eb:bc:a2:85:b9:27:86:23:
         8a:3b:51:a8:df:ec:86:ba:2f:ea:19:45:17:8f:ae:fa:cb:5d:
         48:96:04:08
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzC2vwZLjt9VPsnveDxYYfeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRjODZlM2U5MjhjN2YwYzlkYjY5NTE1ZmYzYWExZjY3OGNl
ZTQzYzAwHhcNMjQwMTAxMDIyOTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ODBlOTg0MzMwZGNlYTkzMGJjZjk4OGFkY2RjZDU5NDAyZGYyYzM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtVi9E9eyEI0iOJQ0O36Dexee/TVP
eUBNKkcbnDAmEQuIavnYBH4yUIF3HfcNIlObnVIqNI/Jn0YToxvWLzDZPxWKubhs
zKDmBzUga88uXJWCK2NKQPl+uPhD4O8iqqlxYi+ljZhpwf3OH8kryOgEfQN4UtJm
5bFhtazrccM6ybovvsWPsFBGtpmQ+U4TDmDFKvlbMj2pcAL9VGsdwiZmlL9j3Ueh
kiSGIxI+KlLqsxN4CvVT5BTXoQF7VXbPfSaim6Bzw8HbVv3GThhMYCCqIEPUgkIn
XTADs+LNAjq+tLfkG8jn7YyIsxE2iIrgb9zxr1k+YasHB9ePUp2yhUiduQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFFgOmEMw3OqTC8+Yitzc1ZQC3yw2MB8GA1UdIwQY
MBaAFNyG4+kox/DJ22lRX/OqH2eM7kPAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM0liajZTakg4TW5iYVZGZjg2b2ZaNHp1UThBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOC80NzFhYTUtYzNmNy00YWZkLWIxMjIt
OWM4ZTU5YzI3NzFjLzEvV0E2WVF6RGM2cE1MejVpSzNOelZsQUxmTERZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOC80NzFhYTUtYzNmNy00YWZkLWIxMjItOWM4ZTU5YzI3NzFj
LzEvM0liajZTakg4TW5iYVZGZjg2b2ZaNHp1UThBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAC8SGcD
BAG8SGgwDQYJKoZIhvcNAQELBQADggEBAJP88a9p5J5lH9XnWOsDP2T6SXH2eWnw
UAYaVZeCHTCIGI1Uc6EO8NE8BrKkXnL/JGA/xx+/U4KHxZ8+9NILYNG7hl+NST+Z
hRuqxr0BgqAY8uzGOsJdaZpKKuJ0Yl1QpySck49S2VbjwC5KKVo77Zrxktf1kf+G
qNXFDlVTJVxE7cAaBe7AhpDXl3uEuvG2XkGzAXpXSEU0A7AYDgtJEjm4EHrNFbcV
1pWXSmjJT0kVlXXNleZ1amW/ru0+jt8ehh6wSUB3SEVXrPqlkUqjUnD9FKygYO7Y
vq8LmQKKaXUjpKbrvKKFuSeGI4o7Uajf7Ia6L+oZRRePrvrLXUiWBAg=
-----END CERTIFICATE-----