Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/863ba0-0476-43d7-8be7-66eda228fec7/1/WLco2E_B6E18GgYSy9FdVpDSqaA.roa
File:                     WLco2E_B6E18GgYSy9FdVpDSqaA.roa (raw, json)
Hash identifier:          hfi7lZCnbLgtdk3LmDsKbowurPcXdJAeRK6k3Zk8qAU=
Subject key identifier:   58:B7:28:D8:4F:C1:E8:4D:7C:1A:06:12:CB:D1:5D:56:90:D2:A9:A0
Certificate issuer:       /CN=bc4703e08ca0d6a310cbc643ffcb307ff6cdc65c
Certificate serial:       018CC86EFCD1C5047D219AC1F29CA4406C9A
Authority key identifier: BC:47:03:E0:8C:A0:D6:A3:10:CB:C6:43:FF:CB:30:7F:F6:CD:C6:5C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vEcD4Iyg1qMQy8ZD_8swf_bNxlw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/33/863ba0-0476-43d7-8be7-66eda228fec7/1/WLco2E_B6E18GgYSy9FdVpDSqaA.roa
Signing time:             Tue 02 Jan 2024 04:29:26 +0000
ROA not before:           Tue 02 Jan 2024 04:29:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205879
IP address blocks:        213.156.101.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/33/863ba0-0476-43d7-8be7-66eda228fec7/1/vEcD4Iyg1qMQy8ZD_8swf_bNxlw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/33/863ba0-0476-43d7-8be7-66eda228fec7/1/vEcD4Iyg1qMQy8ZD_8swf_bNxlw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vEcD4Iyg1qMQy8ZD_8swf_bNxlw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 14 Nov 2024 17:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6e:fc:d1:c5:04:7d:21:9a:c1:f2:9c:a4:40:6c:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bc4703e08ca0d6a310cbc643ffcb307ff6cdc65c
        Validity
            Not Before: Jan  2 04:29:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=58b728d84fc1e84d7c1a0612cbd15d5690d2a9a0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:bb:be:85:10:c4:e4:f3:25:1c:4c:31:6c:6c:
                    15:7b:20:d3:a5:f4:1f:07:dc:f0:90:87:78:dd:1c:
                    be:ad:b5:12:8a:bc:66:fd:18:5e:a7:9f:5f:e2:cc:
                    a1:5a:5f:82:7c:54:c8:5d:0b:a6:e4:14:19:32:4a:
                    96:3c:b9:45:86:07:f0:0a:eb:9f:b2:5b:a8:48:73:
                    bf:85:02:7e:d1:0d:64:d4:9c:4b:20:38:ec:7a:1d:
                    52:5b:4d:36:b2:a6:08:ee:cc:5b:5c:86:16:d3:d2:
                    f1:24:e2:03:e6:ff:a8:83:a5:59:78:2f:a2:3d:7f:
                    e3:a5:37:7b:7b:5c:57:6c:f8:a4:de:4f:3a:c5:b9:
                    9e:a2:c4:70:36:ce:ab:18:38:d1:84:8a:44:b3:00:
                    92:4a:07:12:d7:a7:4b:b8:cf:83:f9:88:59:7e:d7:
                    c3:b7:94:eb:aa:92:86:30:cc:7e:9a:88:8c:54:3a:
                    37:9d:58:eb:b8:10:64:6d:2b:a4:26:b2:5f:f3:1c:
                    1e:3e:5b:16:af:2a:a6:d3:5c:02:43:41:7e:5e:4d:
                    f4:2d:d7:45:31:d9:b6:1d:1b:25:3a:01:51:4b:62:
                    6e:34:35:55:d3:13:69:e0:4f:ee:44:18:80:89:35:
                    77:e5:e3:a2:5c:80:21:57:ec:92:19:08:95:aa:d5:
                    15:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:B7:28:D8:4F:C1:E8:4D:7C:1A:06:12:CB:D1:5D:56:90:D2:A9:A0
            X509v3 Authority Key Identifier:
                keyid:BC:47:03:E0:8C:A0:D6:A3:10:CB:C6:43:FF:CB:30:7F:F6:CD:C6:5C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vEcD4Iyg1qMQy8ZD_8swf_bNxlw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/863ba0-0476-43d7-8be7-66eda228fec7/1/WLco2E_B6E18GgYSy9FdVpDSqaA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/33/863ba0-0476-43d7-8be7-66eda228fec7/1/vEcD4Iyg1qMQy8ZD_8swf_bNxlw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.156.101.0/24

    Signature Algorithm: sha256WithRSAEncryption
         14:17:9a:a6:8d:35:6a:09:db:10:e9:bd:5b:be:fa:dd:16:ac:
         81:49:9c:6e:af:b7:b5:3a:65:81:69:bd:8b:0c:0c:0d:54:5b:
         fc:50:6e:b7:1a:17:dc:9f:a5:c2:26:74:89:30:b6:2f:20:5f:
         eb:de:e6:4c:94:71:ab:c9:b1:8b:0c:74:2e:79:1d:2c:a5:f5:
         dc:ee:4d:91:aa:33:51:e5:38:cd:1e:2b:f5:89:37:56:56:1e:
         a7:ef:3b:e1:88:b2:ec:01:06:93:5b:0e:16:4d:ef:3c:67:4d:
         57:92:60:0b:c3:60:65:1f:93:4c:d9:0d:d1:93:71:0a:f1:cf:
         0c:c5:3f:0b:7d:b1:0a:0e:34:f4:bd:86:d6:af:50:8b:30:70:
         dd:d2:35:ed:26:58:e3:de:da:c2:59:d5:77:43:88:a0:36:fb:
         45:6d:77:c9:4f:8e:9a:bb:7c:c3:9a:de:10:37:10:df:c6:fd:
         07:b5:38:96:c1:0d:fc:ea:cc:d7:7b:74:5b:5b:9a:0c:9e:a5:
         18:3f:95:a8:c8:c6:4e:40:0e:b8:d7:50:fb:e9:2d:54:b6:71:
         25:15:d2:32:22:49:b8:43:71:c7:ea:bc:8a:4e:c8:49:76:2d:
         34:08:d5:88:2f:23:2d:68:e0:57:f4:9e:c8:e9:30:13:3c:05:
         f4:94:3f:57
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIbvzRxQR9IZrB8pykQGyaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJjNDcwM2UwOGNhMGQ2YTMxMGNiYzY0M2ZmY2IzMDdmZjZj
ZGM2NWMwHhcNMjQwMTAyMDQyOTI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OGI3MjhkODRmYzFlODRkN2MxYTA2MTJjYmQxNWQ1NjkwZDJhOWEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkru+hRDE5PMlHEwxbGwVeyDTpfQf
B9zwkId43Ry+rbUSirxm/Rhep59f4syhWl+CfFTIXQum5BQZMkqWPLlFhgfwCuuf
sluoSHO/hQJ+0Q1k1JxLIDjseh1SW002sqYI7sxbXIYW09LxJOID5v+og6VZeC+i
PX/jpTd7e1xXbPik3k86xbmeosRwNs6rGDjRhIpEswCSSgcS16dLuM+D+YhZftfD
t5TrqpKGMMx+moiMVDo3nVjruBBkbSukJrJf8xwePlsWryqm01wCQ0F+Xk30LddF
Mdm2HRslOgFRS2JuNDVV0xNp4E/uRBiAiTV35eOiXIAhV+ySGQiVqtUV/QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFi3KNhPwehNfBoGEsvRXVaQ0qmgMB8GA1UdIwQY
MBaAFLxHA+CMoNajEMvGQ//LMH/2zcZcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdkVjRDRJeWcxcU1ReThaRF84c3dmX2JOeGx3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy84NjNiYTAtMDQ3Ni00M2Q3LThiZTct
NjZlZGEyMjhmZWM3LzEvV0xjbzJFX0I2RTE4R2dZU3k5RmRWcERTcWFBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy84NjNiYTAtMDQ3Ni00M2Q3LThiZTctNjZlZGEyMjhmZWM3
LzEvdkVjRDRJeWcxcU1ReThaRF84c3dmX2JOeGx3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1ZxlMA0G
CSqGSIb3DQEBCwUAA4IBAQAUF5qmjTVqCdsQ6b1bvvrdFqyBSZxur7e1OmWBab2L
DAwNVFv8UG63Ghfcn6XCJnSJMLYvIF/r3uZMlHGrybGLDHQueR0spfXc7k2RqjNR
5TjNHiv1iTdWVh6n7zvhiLLsAQaTWw4WTe88Z01XkmALw2BlH5NM2Q3Rk3EK8c8M
xT8LfbEKDjT0vYbWr1CLMHDd0jXtJljj3trCWdV3Q4igNvtFbXfJT46au3zDmt4Q
NxDfxv0HtTiWwQ386szXe3RbW5oMnqUYP5WoyMZOQA6411D76S1UtnElFdIyIkm4
Q3HH6ryKTshJdi00CNWILyMtaOBX9J7I6TATPAX0lD9X
-----END CERTIFICATE-----