Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/22/d7d296-16b5-491d-958f-0f387a081db0/1/WPGyrWoC235yzU45vyz-bc6W1AQ.roa
File:                     WPGyrWoC235yzU45vyz-bc6W1AQ.roa (raw, json)
Hash identifier:          XehBAyjvCR8siiSvlhE/rO89Jr0BX5XW2XDv42Nv08E=
Subject key identifier:   58:F1:B2:AD:6A:02:DB:7E:72:CD:4E:39:BF:2C:FE:6D:CE:96:D4:04
Certificate issuer:       /CN=d4e4f402f77a9d68a2ff4d15458a24a03dcd07c7
Certificate serial:       018CC8DF1FA5FE0788CFE4DCDA86394DF04B
Authority key identifier: D4:E4:F4:02:F7:7A:9D:68:A2:FF:4D:15:45:8A:24:A0:3D:CD:07:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1OT0Avd6nWii_00VRYokoD3NB8c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/22/d7d296-16b5-491d-958f-0f387a081db0/1/WPGyrWoC235yzU45vyz-bc6W1AQ.roa
Signing time:             Tue 02 Jan 2024 06:31:54 +0000
ROA not before:           Tue 02 Jan 2024 06:31:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203939
IP address blocks:        185.204.14.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/22/d7d296-16b5-491d-958f-0f387a081db0/1/1OT0Avd6nWii_00VRYokoD3NB8c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/22/d7d296-16b5-491d-958f-0f387a081db0/1/1OT0Avd6nWii_00VRYokoD3NB8c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1OT0Avd6nWii_00VRYokoD3NB8c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 16:46:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:1f:a5:fe:07:88:cf:e4:dc:da:86:39:4d:f0:4b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d4e4f402f77a9d68a2ff4d15458a24a03dcd07c7
        Validity
            Not Before: Jan  2 06:31:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=58f1b2ad6a02db7e72cd4e39bf2cfe6dce96d404
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:26:39:0e:fd:f1:0b:e0:a4:d0:ab:cd:5a:ef:
                    8e:f8:fd:e5:d9:ed:68:9b:c5:b1:07:3e:32:3a:ea:
                    59:74:ef:33:77:1e:2d:0d:88:08:66:1b:87:89:be:
                    2e:4e:a7:46:93:c5:7f:86:26:b7:8c:72:a6:64:0d:
                    dc:bc:9c:b6:51:9a:12:9b:4e:a8:81:7a:a4:1f:1c:
                    9f:19:31:ea:f9:2d:b4:b9:a3:8e:b2:76:34:44:2d:
                    b9:b4:24:dc:46:cb:fa:d4:3c:30:6a:5d:b6:b2:4a:
                    db:9a:94:ce:cc:78:bf:0e:ac:78:8a:1f:f9:ce:66:
                    4e:2a:c5:ec:2e:44:9b:bc:75:6b:c9:7a:4d:a4:c8:
                    9f:64:8c:9a:b9:79:eb:1e:a0:24:61:71:3f:64:be:
                    b2:b7:ec:d0:28:99:48:da:f0:e5:91:26:4b:3f:2b:
                    1b:66:0a:44:6b:67:bb:d1:2b:e1:1c:97:23:be:c6:
                    33:2d:a8:ba:a4:de:8f:ec:2d:1a:86:28:d7:ef:cf:
                    48:a5:ed:e7:d2:55:fd:fa:8d:73:5c:8a:61:c1:75:
                    95:a2:b4:58:ea:0e:b4:2a:8e:ad:e6:ad:b3:e5:15:
                    be:07:79:74:12:3f:68:60:e7:b9:fc:ad:d5:49:19:
                    36:f1:5d:13:22:78:84:e4:d6:df:9a:27:43:41:91:
                    95:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:F1:B2:AD:6A:02:DB:7E:72:CD:4E:39:BF:2C:FE:6D:CE:96:D4:04
            X509v3 Authority Key Identifier:
                keyid:D4:E4:F4:02:F7:7A:9D:68:A2:FF:4D:15:45:8A:24:A0:3D:CD:07:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1OT0Avd6nWii_00VRYokoD3NB8c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/22/d7d296-16b5-491d-958f-0f387a081db0/1/WPGyrWoC235yzU45vyz-bc6W1AQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/22/d7d296-16b5-491d-958f-0f387a081db0/1/1OT0Avd6nWii_00VRYokoD3NB8c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.204.14.0/23

    Signature Algorithm: sha256WithRSAEncryption
         21:1d:a9:24:bf:2a:fb:a7:11:f6:fc:3d:a6:ee:b2:40:eb:96:
         08:41:41:7e:70:ac:fe:63:8e:b9:51:da:11:dc:7e:f3:57:07:
         33:26:b2:ec:e5:05:ea:ab:44:47:0c:e4:95:87:11:1e:00:51:
         13:29:51:2e:35:d4:2b:e3:95:d1:10:78:b9:bf:5c:40:c6:ed:
         fb:c7:9b:57:29:2a:db:d4:61:27:cb:ce:38:3e:00:b8:64:8b:
         fe:a6:61:74:59:9f:b1:86:44:5e:3b:94:a8:87:ce:e6:8e:7e:
         b2:81:4b:55:c0:da:f4:10:90:b6:21:81:2b:02:bc:b0:6e:76:
         09:bc:a1:c2:74:5f:27:49:a1:cc:7e:a6:d0:f1:a2:19:d2:de:
         93:0f:ba:9e:55:43:a6:49:ed:98:7d:79:5b:ba:a1:2d:ee:c0:
         cc:10:e7:e5:f8:4c:40:b0:bf:bd:80:30:10:5a:9b:17:53:7b:
         06:be:39:78:09:fb:57:9e:93:10:c4:bd:ed:9b:04:f4:99:d2:
         f8:ac:04:f6:55:d9:d4:73:7a:1e:f5:a0:6d:58:67:eb:53:1a:
         d5:20:3b:c9:4f:ce:3f:8d:ce:94:be:91:c8:b3:0d:44:cc:22:
         40:0d:c5:dc:e1:61:99:0c:5d:e2:71:b9:6d:d0:79:44:ec:de:
         e4:89:c6:dc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3x+l/geIz+Tc2oY5TfBLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0ZTRmNDAyZjc3YTlkNjhhMmZmNGQxNTQ1OGEyNGEwM2Rj
ZDA3YzcwHhcNMjQwMTAyMDYzMTU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OGYxYjJhZDZhMDJkYjdlNzJjZDRlMzliZjJjZmU2ZGNlOTZkNDA0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlCY5Dv3xC+Ck0KvNWu+O+P3l2e1o
m8WxBz4yOupZdO8zdx4tDYgIZhuHib4uTqdGk8V/hia3jHKmZA3cvJy2UZoSm06o
gXqkHxyfGTHq+S20uaOOsnY0RC25tCTcRsv61Dwwal22skrbmpTOzHi/Dqx4ih/5
zmZOKsXsLkSbvHVryXpNpMifZIyauXnrHqAkYXE/ZL6yt+zQKJlI2vDlkSZLPysb
ZgpEa2e70SvhHJcjvsYzLai6pN6P7C0ahijX789Ipe3n0lX9+o1zXIphwXWVorRY
6g60Ko6t5q2z5RW+B3l0Ej9oYOe5/K3VSRk28V0TIniE5NbfmidDQZGVWQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFjxsq1qAtt+cs1OOb8s/m3OltQEMB8GA1UdIwQY
MBaAFNTk9AL3ep1oov9NFUWKJKA9zQfHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMU9UMEF2ZDZuV2lpXzAwVlJZb2tvRDNOQjhjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMi9kN2QyOTYtMTZiNS00OTFkLTk1OGYt
MGYzODdhMDgxZGIwLzEvV1BHeXJXb0MyMzV5elU0NXZ5ei1iYzZXMUFRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMi9kN2QyOTYtMTZiNS00OTFkLTk1OGYtMGYzODdhMDgxZGIw
LzEvMU9UMEF2ZDZuV2lpXzAwVlJZb2tvRDNOQjhjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBucwOMA0G
CSqGSIb3DQEBCwUAA4IBAQAhHakkvyr7pxH2/D2m7rJA65YIQUF+cKz+Y465UdoR
3H7zVwczJrLs5QXqq0RHDOSVhxEeAFETKVEuNdQr45XREHi5v1xAxu37x5tXKSrb
1GEny844PgC4ZIv+pmF0WZ+xhkReO5Soh87mjn6ygUtVwNr0EJC2IYErArywbnYJ
vKHCdF8nSaHMfqbQ8aIZ0t6TD7qeVUOmSe2YfXlbuqEt7sDMEOfl+ExAsL+9gDAQ
WpsXU3sGvjl4CftXnpMQxL3tmwT0mdL4rAT2VdnUc3oe9aBtWGfrUxrVIDvJT84/
jc6UvpHIsw1EzCJADcXc4WGZDF3icblt0HlE7N7kicbc
-----END CERTIFICATE-----