Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/WLCdkBN-qO96k9-oaBbhcWfN_-E.roa
File:                     WLCdkBN-qO96k9-oaBbhcWfN_-E.roa (raw, json)
Hash identifier:          msQUFhfBKTyd7ayQDiNSQaHIrhVyB8TFLcjZmH1L83g=
Subject key identifier:   58:B0:9D:90:13:7E:A8:EF:7A:93:DF:A8:68:16:E1:71:67:CD:FF:E1
Certificate issuer:       /CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
Certificate serial:       01942826AA2B046BE6C2EBA6D062334F61BC
Authority key identifier: 4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/WLCdkBN-qO96k9-oaBbhcWfN_-E.roa
Signing time:             Thu 02 Jan 2025 17:53:30 +0000
ROA not before:           Thu 02 Jan 2025 17:53:30 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     9087
IP address blocks:        84.32.208.0/23 maxlen: 23
                          88.216.182.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 10:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:26:aa:2b:04:6b:e6:c2:eb:a6:d0:62:33:4f:61:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
        Validity
            Not Before: Jan  2 17:53:30 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=58b09d90137ea8ef7a93dfa86816e17167cdffe1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:26:d7:91:72:ca:b5:6d:10:cb:18:06:cd:01:
                    d3:92:81:09:5a:a6:f5:b7:ed:a7:9a:15:30:92:4e:
                    6e:db:19:7e:1e:b2:9d:19:09:1a:87:67:ce:d8:6c:
                    f1:9b:d9:4a:49:4f:87:50:94:b4:aa:38:c0:d7:13:
                    ca:4c:cd:53:31:e1:c3:93:0a:76:f5:26:da:be:7d:
                    05:f7:8a:d8:66:10:8a:9b:11:95:44:5d:44:25:d8:
                    89:92:d9:57:21:48:42:53:82:ab:51:8e:f6:e5:1f:
                    bf:e0:55:c2:36:01:2b:ee:fc:05:c6:a5:1f:a5:ac:
                    2b:01:97:ca:f7:a4:dd:92:98:32:f8:2d:2e:59:67:
                    68:0c:9f:e5:54:3c:32:10:35:bc:4d:2a:e7:78:e9:
                    37:9c:72:13:f9:eb:5a:84:3b:f9:86:8b:ea:96:bb:
                    1d:26:22:54:ef:7a:02:9f:03:d0:36:e6:70:97:c0:
                    25:e8:eb:87:b6:11:5d:86:3f:c3:c6:16:08:6a:73:
                    21:43:09:e6:22:81:ad:71:08:fa:73:ae:5e:84:39:
                    e4:cb:6d:0b:f8:eb:f8:98:c7:8d:e4:d5:7e:a3:8f:
                    66:c6:07:43:41:b7:b4:b7:67:a3:f4:be:a2:bf:fd:
                    70:0d:8c:6d:55:a3:8a:e9:e5:98:89:1d:9d:64:65:
                    aa:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:B0:9D:90:13:7E:A8:EF:7A:93:DF:A8:68:16:E1:71:67:CD:FF:E1
            X509v3 Authority Key Identifier:
                keyid:4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/WLCdkBN-qO96k9-oaBbhcWfN_-E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.32.208.0/23
                  88.216.182.0/23

    Signature Algorithm: sha256WithRSAEncryption
         4c:29:bb:fa:f3:3f:72:a6:67:5c:d3:1b:f7:0a:5e:d1:7a:37:
         1a:5d:73:db:37:68:93:a4:d2:50:4b:77:c4:d5:e8:c8:7c:0b:
         ef:51:90:42:22:f7:5f:5b:f1:e9:24:06:32:d3:1c:99:d2:b8:
         a7:a5:6d:b2:72:2e:4c:b0:fc:ff:f4:1a:08:37:37:bb:26:2c:
         b3:e0:10:36:7b:4d:95:0a:b1:f7:39:4c:99:59:39:10:b1:73:
         ca:5c:15:cb:be:9a:03:fd:8e:98:4e:12:83:58:55:b3:44:59:
         2a:6e:b2:e3:6d:bd:ef:79:34:f8:49:1a:24:ed:ca:da:0d:d7:
         77:ef:5c:a6:a1:cf:b3:c7:39:f2:f3:2d:8a:c3:ea:60:2c:d9:
         de:31:ce:ee:5f:d8:cd:04:59:fb:60:10:e1:b9:67:38:33:02:
         d1:45:e0:72:eb:0c:f2:2f:38:3e:7e:0e:89:2e:3e:bc:00:f2:
         ff:74:b1:17:d5:3d:3f:22:06:c8:ce:94:b3:2c:d2:b1:aa:fd:
         b2:66:48:54:36:40:af:1a:d2:f4:14:b7:01:7a:00:ab:b1:5d:
         ca:51:70:89:84:dd:31:20:50:ad:f4:17:ad:5b:47:5f:b6:a5:
         c5:90:e9:11:a1:69:2c:bd:12:2b:a2:5c:33:1f:59:04:b7:c1:
         9f:86:90:4d
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQoJqorBGvmwuum0GIzT2G8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmYmQ0NWZjZTM1NmUyYTY1ZjFlNGQxZGFmNzgxNGI2ZDZi
ZGEzYzUwHhcNMjUwMTAyMTc1MzMwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OGIwOWQ5MDEzN2VhOGVmN2E5M2RmYTg2ODE2ZTE3MTY3Y2RmZmUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzSbXkXLKtW0QyxgGzQHTkoEJWqb1
t+2nmhUwkk5u2xl+HrKdGQkah2fO2Gzxm9lKSU+HUJS0qjjA1xPKTM1TMeHDkwp2
9Sbavn0F94rYZhCKmxGVRF1EJdiJktlXIUhCU4KrUY725R+/4FXCNgEr7vwFxqUf
pawrAZfK96Tdkpgy+C0uWWdoDJ/lVDwyEDW8TSrneOk3nHIT+etahDv5hovqlrsd
JiJU73oCnwPQNuZwl8Al6OuHthFdhj/DxhYIanMhQwnmIoGtcQj6c65ehDnky20L
+Ov4mMeN5NV+o49mxgdDQbe0t2ej9L6iv/1wDYxtVaOK6eWYiR2dZGWqsQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFFiwnZATfqjvepPfqGgW4XFnzf/hMB8GA1UdIwQY
MBaAFE+9RfzjVuKmXx5NHa94FLbWvaPFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWIt
MjM0ODFiZjA5MWMzLzEvV0xDZGtCTi1xTzk2azktb2FCYmhjV2ZOXy1FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWItMjM0ODFiZjA5MWMz
LzEvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBVCDQAwQB
WNi2MA0GCSqGSIb3DQEBCwUAA4IBAQBMKbv68z9ypmdc0xv3Cl7RejcaXXPbN2iT
pNJQS3fE1ejIfAvvUZBCIvdfW/HpJAYy0xyZ0rinpW2yci5MsPz/9BoINze7Jiyz
4BA2e02VCrH3OUyZWTkQsXPKXBXLvpoD/Y6YThKDWFWzRFkqbrLjbb3veTT4SRok
7craDdd371ymoc+zxzny8y2Kw+pgLNneMc7uX9jNBFn7YBDhuWc4MwLRReBy6wzy
Lzg+fg6JLj68APL/dLEX1T0/IgbIzpSzLNKxqv2yZkhUNkCvGtL0FLcBegCrsV3K
UXCJhN0xIFCt9BetW0dftqXFkOkRoWksvRIrolwzH1kEt8GfhpBN
-----END CERTIFICATE-----