Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/f1b3da-bebf-44b0-ab12-d32e27fb7e59/1/WDGEckzxkzltVfFsmXZkHS-ogLQ.roa
File:                     WDGEckzxkzltVfFsmXZkHS-ogLQ.roa (raw, json)
Hash identifier:          +F2r1+xUWcFflE2MbWBKA3irA1qm536TR+acgBfwAUo=
Subject key identifier:   58:31:84:72:4C:F1:93:39:6D:55:F1:6C:99:76:64:1D:2F:A8:80:B4
Certificate issuer:       /CN=b62d4cec783305923e3497ed884f1c445b4e78fb
Certificate serial:       018D7596D8A0F406B3E8EC1B1050D71B9FA6
Authority key identifier: B6:2D:4C:EC:78:33:05:92:3E:34:97:ED:88:4F:1C:44:5B:4E:78:FB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ti1M7HgzBZI-NJftiE8cRFtOePs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/f1b3da-bebf-44b0-ab12-d32e27fb7e59/1/WDGEckzxkzltVfFsmXZkHS-ogLQ.roa
Signing time:             Sun 04 Feb 2024 19:27:16 +0000
ROA not before:           Sun 04 Feb 2024 19:27:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216145
IP address blocks:        46.253.6.0/24 maxlen: 24
                          46.253.7.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/f1b3da-bebf-44b0-ab12-d32e27fb7e59/1/ti1M7HgzBZI-NJftiE8cRFtOePs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/f1b3da-bebf-44b0-ab12-d32e27fb7e59/1/ti1M7HgzBZI-NJftiE8cRFtOePs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ti1M7HgzBZI-NJftiE8cRFtOePs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 07:03:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:75:96:d8:a0:f4:06:b3:e8:ec:1b:10:50:d7:1b:9f:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b62d4cec783305923e3497ed884f1c445b4e78fb
        Validity
            Not Before: Feb  4 19:27:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=583184724cf193396d55f16c9976641d2fa880b4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:f1:34:6c:f9:94:69:bb:1c:fe:00:71:8f:50:
                    25:9f:57:ce:91:6d:dc:48:b9:2b:53:0a:65:a1:35:
                    fb:89:e6:6c:15:5e:f4:e8:6f:59:8f:85:7f:a8:80:
                    c1:ef:4e:e5:30:af:d0:e3:e4:07:01:97:9f:e5:2e:
                    cf:4d:b4:77:ce:be:e0:8c:98:bc:2d:3b:a9:1b:b7:
                    3b:da:7a:a2:f0:11:89:06:6e:2e:c4:8b:13:22:fc:
                    af:fa:a2:02:09:a6:92:bd:93:5c:ee:ab:60:4c:01:
                    58:77:44:e1:d4:a9:c7:d5:3a:ca:d9:73:13:81:8c:
                    c2:27:d3:ba:ca:d2:1b:61:f0:e7:6b:7b:54:62:2f:
                    5d:10:3e:2a:b0:f5:33:9b:a6:53:40:e1:5b:f6:63:
                    3b:2f:66:99:c3:de:b1:e0:cb:83:48:5b:5b:b7:6a:
                    2e:35:ac:73:98:77:de:a2:9d:da:de:dd:fe:4b:80:
                    94:5b:0d:d7:b1:a2:a0:59:12:c8:ff:5b:da:c3:6b:
                    91:0e:1e:40:35:a1:5c:c4:51:07:e8:fd:97:a0:d9:
                    74:c3:51:22:fa:62:ae:bb:3a:6c:f8:b5:2b:28:7d:
                    9d:14:b1:5f:5c:4c:52:96:b6:c5:32:2e:cc:bf:9e:
                    a2:d5:56:50:12:20:fa:66:55:64:cc:3f:b6:ec:65:
                    ad:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:31:84:72:4C:F1:93:39:6D:55:F1:6C:99:76:64:1D:2F:A8:80:B4
            X509v3 Authority Key Identifier:
                keyid:B6:2D:4C:EC:78:33:05:92:3E:34:97:ED:88:4F:1C:44:5B:4E:78:FB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ti1M7HgzBZI-NJftiE8cRFtOePs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/f1b3da-bebf-44b0-ab12-d32e27fb7e59/1/WDGEckzxkzltVfFsmXZkHS-ogLQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/f1b3da-bebf-44b0-ab12-d32e27fb7e59/1/ti1M7HgzBZI-NJftiE8cRFtOePs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.253.6.0/23

    Signature Algorithm: sha256WithRSAEncryption
         16:23:c7:93:73:08:fc:8c:d4:64:2a:a5:8b:1c:21:08:20:93:
         d4:5c:3e:2f:cd:c7:cf:96:5b:bd:9d:4c:11:49:f0:11:f3:80:
         93:cc:27:9c:5d:b4:ba:2c:d7:9f:12:8e:7d:4f:67:b0:fa:a6:
         1e:6c:77:c9:53:b1:9a:6e:2d:77:cc:61:a4:54:a9:84:27:d7:
         60:d9:70:2e:a9:37:4b:a9:54:80:86:c5:20:33:02:e2:be:0e:
         c0:b6:a1:c5:77:33:60:8e:1a:16:5c:e4:e2:f9:87:aa:ef:30:
         15:ab:bc:27:58:f5:8f:c9:2c:7d:ef:35:8e:54:1b:9a:41:71:
         c2:85:28:dc:75:eb:61:55:99:13:11:94:41:bd:d4:aa:e9:bf:
         06:93:9e:e9:ec:f3:c8:75:c2:54:68:e6:07:c4:4b:07:2e:95:
         28:f7:1a:0b:bf:8d:69:46:fc:64:e5:86:0b:06:0c:3b:1d:c4:
         fd:8b:ae:7d:f5:fe:3d:65:81:f3:19:4c:59:b4:f3:c5:f5:ed:
         4e:09:ea:3a:9c:5f:d6:26:7f:4b:63:50:e8:f4:a0:3b:18:3f:
         e0:83:79:69:60:7a:c1:4b:08:7c:82:5b:5a:f3:b3:b2:ee:62:
         60:15:88:6c:d4:12:32:5f:3a:5c:fe:c7:83:95:8c:63:ab:01:
         40:0d:20:21
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY11ltig9Aaz6OwbEFDXG5+mMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI2MmQ0Y2VjNzgzMzA1OTIzZTM0OTdlZDg4NGYxYzQ0NWI0
ZTc4ZmIwHhcNMjQwMjA0MTkyNzE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ODMxODQ3MjRjZjE5MzM5NmQ1NWYxNmM5OTc2NjQxZDJmYTg4MGI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAofE0bPmUabsc/gBxj1Aln1fOkW3c
SLkrUwploTX7ieZsFV706G9Zj4V/qIDB707lMK/Q4+QHAZef5S7PTbR3zr7gjJi8
LTupG7c72nqi8BGJBm4uxIsTIvyv+qICCaaSvZNc7qtgTAFYd0Th1KnH1TrK2XMT
gYzCJ9O6ytIbYfDna3tUYi9dED4qsPUzm6ZTQOFb9mM7L2aZw96x4MuDSFtbt2ou
NaxzmHfeop3a3t3+S4CUWw3XsaKgWRLI/1vaw2uRDh5ANaFcxFEH6P2XoNl0w1Ei
+mKuuzps+LUrKH2dFLFfXExSlrbFMi7Mv56i1VZQEiD6ZlVkzD+27GWtOwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFgxhHJM8ZM5bVXxbJl2ZB0vqIC0MB8GA1UdIwQY
MBaAFLYtTOx4MwWSPjSX7YhPHERbTnj7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdGkxTTdIZ3pCWkktTkpmdGlFOGNSRnRPZVBzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS9mMWIzZGEtYmViZi00NGIwLWFiMTIt
ZDMyZTI3ZmI3ZTU5LzEvV0RHRWNrenhremx0VmZGc21YWmtIUy1vZ0xRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS9mMWIzZGEtYmViZi00NGIwLWFiMTItZDMyZTI3ZmI3ZTU5
LzEvdGkxTTdIZ3pCWkktTkpmdGlFOGNSRnRPZVBzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLv0GMA0G
CSqGSIb3DQEBCwUAA4IBAQAWI8eTcwj8jNRkKqWLHCEIIJPUXD4vzcfPllu9nUwR
SfAR84CTzCecXbS6LNefEo59T2ew+qYebHfJU7Gabi13zGGkVKmEJ9dg2XAuqTdL
qVSAhsUgMwLivg7AtqHFdzNgjhoWXOTi+Yeq7zAVq7wnWPWPySx97zWOVBuaQXHC
hSjcdethVZkTEZRBvdSq6b8Gk57p7PPIdcJUaOYHxEsHLpUo9xoLv41pRvxk5YYL
Bgw7HcT9i6599f49ZYHzGUxZtPPF9e1OCeo6nF/WJn9LY1Do9KA7GD/gg3lpYHrB
Swh8glta87Oy7mJgFYhs1BIyXzpc/seDlYxjqwFADSAh
-----END CERTIFICATE-----