Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/28/52ebae-e006-4778-ac3c-496f8ebb2d61/1/WSCQA0Y3pCUJ_5bceNuC3gEIEPE.roa
File:                     WSCQA0Y3pCUJ_5bceNuC3gEIEPE.roa (raw, json)
Hash identifier:          it6NFAfi4cSW7ITlNEmWjq4Jy+DwQESxb3017kQ8n2o=
Subject key identifier:   59:20:90:03:46:37:A4:25:09:FF:96:DC:78:DB:82:DE:01:08:10:F1
Certificate issuer:       /CN=d60475ebe7f07d74153cb1cca338c16d801f45f7
Certificate serial:       0196ED50044479AC2CE32E2752E7F1782CA1
Authority key identifier: D6:04:75:EB:E7:F0:7D:74:15:3C:B1:CC:A3:38:C1:6D:80:1F:45:F7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1gR16-fwfXQVPLHMozjBbYAfRfc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/28/52ebae-e006-4778-ac3c-496f8ebb2d61/1/WSCQA0Y3pCUJ_5bceNuC3gEIEPE.roa
Signing time:             Tue 20 May 2025 10:49:26 +0000
ROA not before:           Tue 20 May 2025 10:49:26 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215310
IP address blocks:        176.46.157.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/28/52ebae-e006-4778-ac3c-496f8ebb2d61/1/1gR16-fwfXQVPLHMozjBbYAfRfc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/28/52ebae-e006-4778-ac3c-496f8ebb2d61/1/1gR16-fwfXQVPLHMozjBbYAfRfc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1gR16-fwfXQVPLHMozjBbYAfRfc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Jun 2025 06:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:ed:50:04:44:79:ac:2c:e3:2e:27:52:e7:f1:78:2c:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d60475ebe7f07d74153cb1cca338c16d801f45f7
        Validity
            Not Before: May 20 10:49:26 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=592090034637a42509ff96dc78db82de010810f1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:58:7c:af:7b:53:07:fa:0d:35:ac:fb:51:5c:
                    1e:fe:45:b1:58:a3:7d:04:3c:f3:72:55:cc:1f:83:
                    89:7c:f2:76:f8:c7:1d:7c:38:c6:3d:94:59:f3:d4:
                    ab:0d:59:f3:71:cf:56:8d:4e:68:41:41:b7:24:b8:
                    c6:6b:47:dd:62:81:8f:0b:73:a6:06:11:d0:7e:69:
                    6a:a2:0e:f8:96:aa:97:a4:0d:23:05:fb:a2:d7:62:
                    f8:8f:9a:af:c3:c6:44:b9:bc:97:eb:4e:89:d0:f5:
                    2e:57:44:c1:06:df:94:f1:90:21:ac:06:12:f5:12:
                    d7:6d:03:a4:1c:b4:15:9e:19:74:ad:b8:a8:a7:59:
                    4d:83:99:7e:aa:88:3e:fe:45:bb:d6:da:2c:14:11:
                    c3:e8:b3:f7:92:d9:e0:91:f5:c8:6f:3c:93:ea:08:
                    44:b0:50:34:2f:40:af:86:aa:d6:7d:24:5b:45:8a:
                    7f:8f:47:7f:2d:b4:ab:74:08:ec:a8:96:36:47:26:
                    0a:cb:50:e2:0a:66:9d:11:7a:bd:ad:00:86:29:83:
                    52:3b:fd:de:ce:c4:07:69:c1:b2:a2:50:ff:c1:ac:
                    ad:3e:7c:76:f9:64:af:39:99:c0:bb:6c:05:e0:4d:
                    30:2d:bd:dd:18:04:90:90:bd:39:08:75:a7:02:6e:
                    8d:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:20:90:03:46:37:A4:25:09:FF:96:DC:78:DB:82:DE:01:08:10:F1
            X509v3 Authority Key Identifier:
                keyid:D6:04:75:EB:E7:F0:7D:74:15:3C:B1:CC:A3:38:C1:6D:80:1F:45:F7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1gR16-fwfXQVPLHMozjBbYAfRfc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/28/52ebae-e006-4778-ac3c-496f8ebb2d61/1/WSCQA0Y3pCUJ_5bceNuC3gEIEPE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/28/52ebae-e006-4778-ac3c-496f8ebb2d61/1/1gR16-fwfXQVPLHMozjBbYAfRfc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.46.157.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a1:c0:41:9d:6c:de:ed:50:f6:36:7f:97:f2:32:d0:36:c8:b6:
         3b:b5:2d:5e:5b:9b:b7:01:87:83:24:51:4e:9c:3a:76:46:c7:
         b0:8c:24:e0:1f:dc:cb:f0:32:0a:b1:6c:91:d0:8a:bb:cc:be:
         c5:54:d6:48:bb:e0:61:00:12:e8:7b:72:78:1c:a0:18:9a:c8:
         52:42:30:dc:d3:c8:8d:22:a1:e4:10:b0:07:a8:a2:db:0a:d5:
         01:a9:23:63:20:4a:e2:8d:2c:de:c5:e5:ca:ed:f6:e3:3b:dc:
         68:e5:5f:86:1a:d2:6c:d0:03:1e:c8:66:15:7c:8a:b7:62:f2:
         65:85:46:f1:6e:e8:33:2f:e8:07:31:b9:7f:ac:f5:8a:2d:eb:
         a5:f7:10:44:df:fc:63:ef:b4:0c:4b:5a:80:ed:76:a5:c4:45:
         73:4d:fe:5a:c6:5f:bb:84:a7:d9:ed:26:39:96:d6:9b:90:b9:
         11:99:f7:97:56:d8:91:3b:e9:ef:d2:8b:58:f4:86:a2:35:7d:
         86:67:0c:4e:ce:eb:ee:31:3a:32:2f:54:94:c6:c2:03:50:5a:
         23:45:bd:54:d3:11:03:f1:97:ec:38:43:fe:d0:2e:24:71:7f:
         67:82:d7:95:19:80:66:f5:07:e9:54:96:b8:82:ca:de:c4:dd:
         48:8b:4f:ea
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZbtUAREeaws4y4nUufxeCyhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ2MDQ3NWViZTdmMDdkNzQxNTNjYjFjY2EzMzhjMTZkODAx
ZjQ1ZjcwHhcNMjUwNTIwMTA0OTI2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OTIwOTAwMzQ2MzdhNDI1MDlmZjk2ZGM3OGRiODJkZTAxMDgxMGYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA51h8r3tTB/oNNaz7UVwe/kWxWKN9
BDzzclXMH4OJfPJ2+McdfDjGPZRZ89SrDVnzcc9WjU5oQUG3JLjGa0fdYoGPC3Om
BhHQfmlqog74lqqXpA0jBfui12L4j5qvw8ZEubyX606J0PUuV0TBBt+U8ZAhrAYS
9RLXbQOkHLQVnhl0rbiop1lNg5l+qog+/kW71tosFBHD6LP3ktngkfXIbzyT6ghE
sFA0L0CvhqrWfSRbRYp/j0d/LbSrdAjsqJY2RyYKy1DiCmadEXq9rQCGKYNSO/3e
zsQHacGyolD/waytPnx2+WSvOZnAu2wF4E0wLb3dGASQkL05CHWnAm6NiwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFkgkANGN6QlCf+W3Hjbgt4BCBDxMB8GA1UdIwQY
MBaAFNYEdevn8H10FTyxzKM4wW2AH0X3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMWdSMTYtZndmWFFWUExITW96akJiWUFmUmZjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOC81MmViYWUtZTAwNi00Nzc4LWFjM2Mt
NDk2ZjhlYmIyZDYxLzEvV1NDUUEwWTNwQ1VKXzViY2VOdUMzZ0VJRVBFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOC81MmViYWUtZTAwNi00Nzc4LWFjM2MtNDk2ZjhlYmIyZDYx
LzEvMWdSMTYtZndmWFFWUExITW96akJiWUFmUmZjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsC6dMA0G
CSqGSIb3DQEBCwUAA4IBAQChwEGdbN7tUPY2f5fyMtA2yLY7tS1eW5u3AYeDJFFO
nDp2RsewjCTgH9zL8DIKsWyR0Iq7zL7FVNZIu+BhABLoe3J4HKAYmshSQjDc08iN
IqHkELAHqKLbCtUBqSNjIErijSzexeXK7fbjO9xo5V+GGtJs0AMeyGYVfIq3YvJl
hUbxbugzL+gHMbl/rPWKLeul9xBE3/xj77QMS1qA7XalxEVzTf5axl+7hKfZ7SY5
ltabkLkRmfeXVtiRO+nv0otY9IaiNX2GZwxOzuvuMToyL1SUxsIDUFojRb1U0xED
8ZfsOEP+0C4kcX9ngteVGYBm9QfpVJa4gsrexN1Ii0/q
-----END CERTIFICATE-----