Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/57/dda98e-8646-4d07-80ac-a35eaf005af5/1/WNKQPl5TY5RiDSDHnkjTQI8PvPI.roa
File:                     WNKQPl5TY5RiDSDHnkjTQI8PvPI.roa (raw, json)
Hash identifier:          7Fb1iyCYYwvtk+ftGp3igxKkC/lSPReZSqAU461T1nQ=
Subject key identifier:   58:D2:90:3E:5E:53:63:94:62:0D:20:C7:9E:48:D3:40:8F:0F:BC:F2
Certificate issuer:       /CN=bd175e878d33b47d806f2cf3e04628220935123d
Certificate serial:       018CC7273B59D3C5B1CADFD9733B5DCED40D
Authority key identifier: BD:17:5E:87:8D:33:B4:7D:80:6F:2C:F3:E0:46:28:22:09:35:12:3D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vRdeh40ztH2Abyzz4EYoIgk1Ej0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/57/dda98e-8646-4d07-80ac-a35eaf005af5/1/WNKQPl5TY5RiDSDHnkjTQI8PvPI.roa
Signing time:             Mon 01 Jan 2024 22:31:26 +0000
ROA not before:           Mon 01 Jan 2024 22:31:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206423
IP address blocks:        91.199.8.0/24 maxlen: 32
                          2001:67c:2f84::/48 maxlen: 128

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/57/dda98e-8646-4d07-80ac-a35eaf005af5/1/vRdeh40ztH2Abyzz4EYoIgk1Ej0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/57/dda98e-8646-4d07-80ac-a35eaf005af5/1/vRdeh40ztH2Abyzz4EYoIgk1Ej0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vRdeh40ztH2Abyzz4EYoIgk1Ej0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 09 Jun 2024 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:3b:59:d3:c5:b1:ca:df:d9:73:3b:5d:ce:d4:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bd175e878d33b47d806f2cf3e04628220935123d
        Validity
            Not Before: Jan  1 22:31:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=58d2903e5e536394620d20c79e48d3408f0fbcf2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:38:10:46:ae:75:5b:c2:c8:c1:fc:78:42:9a:
                    de:e9:7a:2a:4c:2f:05:0a:25:f1:50:be:b9:25:9f:
                    5d:5f:d0:50:7f:ef:28:aa:94:63:28:dc:69:0e:e6:
                    80:43:81:1f:21:00:a2:cc:b7:61:2a:ab:26:51:0d:
                    68:a6:af:45:f5:97:ec:de:22:69:a3:9a:1c:a0:fd:
                    84:26:b5:d8:aa:f8:36:dd:8c:d7:f0:d7:e1:c0:b9:
                    6a:b3:1b:7f:2b:1a:fa:3e:d4:67:31:50:30:e9:b7:
                    bf:c1:f2:b7:95:0c:8b:8d:47:ce:50:08:df:90:90:
                    9a:ce:9b:93:92:0d:91:d2:6d:57:54:f2:0b:83:10:
                    99:3e:1a:da:c4:f0:c6:c5:6e:16:cb:eb:46:db:4b:
                    8a:50:69:31:80:05:cc:3a:36:18:eb:a5:6b:d7:c4:
                    7d:80:03:fb:76:f8:2d:b2:2b:11:e6:c1:04:74:45:
                    d0:91:da:e5:d7:0d:f5:21:b3:d1:5a:82:ec:9e:a3:
                    58:f9:53:3e:2b:bc:07:8a:7b:fc:35:c9:fe:82:d9:
                    8f:3e:c7:3e:8f:36:38:45:93:a1:c8:18:73:36:24:
                    33:ee:16:49:73:f4:95:ad:71:59:9a:8a:08:9e:32:
                    dd:7c:a9:16:f8:a5:37:ba:e3:5a:33:8e:a5:72:6e:
                    b3:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:D2:90:3E:5E:53:63:94:62:0D:20:C7:9E:48:D3:40:8F:0F:BC:F2
            X509v3 Authority Key Identifier:
                keyid:BD:17:5E:87:8D:33:B4:7D:80:6F:2C:F3:E0:46:28:22:09:35:12:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vRdeh40ztH2Abyzz4EYoIgk1Ej0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/57/dda98e-8646-4d07-80ac-a35eaf005af5/1/WNKQPl5TY5RiDSDHnkjTQI8PvPI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/57/dda98e-8646-4d07-80ac-a35eaf005af5/1/vRdeh40ztH2Abyzz4EYoIgk1Ej0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.199.8.0/24
                IPv6:
                  2001:67c:2f84::/48

    Signature Algorithm: sha256WithRSAEncryption
         0d:6f:f4:d0:d0:b4:10:ec:c2:e2:6c:56:24:c7:87:7a:1a:03:
         31:27:25:83:ab:d1:1b:33:a3:5a:ef:2f:a9:e5:e1:fc:f3:c3:
         e0:81:eb:95:17:c9:82:d6:80:3e:95:8d:cb:fa:ca:09:d8:3d:
         6f:62:a9:13:ff:9a:0c:76:e6:74:d0:5b:c4:ec:66:14:60:bf:
         ae:e8:0c:1e:7a:46:d8:7b:8e:8e:54:6f:2b:00:86:a2:0b:fb:
         9a:d0:6a:ef:a6:70:70:b7:69:e8:9d:01:06:19:31:bc:20:1b:
         9d:20:8f:93:d3:0c:7c:4f:b2:b7:ab:64:8a:4a:7c:62:6e:d1:
         63:63:96:e9:f8:7c:3c:09:b4:ef:21:ac:5f:49:61:2a:d8:15:
         52:68:10:fb:78:a3:98:55:84:dc:4f:f8:92:ea:7b:bc:94:6d:
         ee:d1:b6:0d:15:ab:d0:e7:a5:63:99:b5:b2:65:28:88:12:50:
         8e:71:15:64:3f:1b:9c:a1:64:8d:15:63:07:3a:0f:d7:3d:71:
         6f:d3:4c:24:a4:08:8b:79:76:13:ad:fb:c9:8f:0f:51:0e:5e:
         4c:79:5c:d6:5e:9b:fd:a0:e0:fa:4c:72:2b:4e:70:a9:ec:b7:
         1a:60:fe:c4:c7:9a:7f:c9:a1:c3:e9:39:0f:33:fc:24:8a:03:
         8b:b0:d5:64
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzHJztZ08Wxyt/ZcztdztQNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJkMTc1ZTg3OGQzM2I0N2Q4MDZmMmNmM2UwNDYyODIyMDkz
NTEyM2QwHhcNMjQwMTAxMjIzMTI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OGQyOTAzZTVlNTM2Mzk0NjIwZDIwYzc5ZTQ4ZDM0MDhmMGZiY2YyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAojgQRq51W8LIwfx4Qpre6XoqTC8F
CiXxUL65JZ9dX9BQf+8oqpRjKNxpDuaAQ4EfIQCizLdhKqsmUQ1opq9F9Zfs3iJp
o5ocoP2EJrXYqvg23YzX8NfhwLlqsxt/Kxr6PtRnMVAw6be/wfK3lQyLjUfOUAjf
kJCazpuTkg2R0m1XVPILgxCZPhraxPDGxW4Wy+tG20uKUGkxgAXMOjYY66Vr18R9
gAP7dvgtsisR5sEEdEXQkdrl1w31IbPRWoLsnqNY+VM+K7wHinv8Ncn+gtmPPsc+
jzY4RZOhyBhzNiQz7hZJc/SVrXFZmooInjLdfKkW+KU3uuNaM46lcm6zVQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFFjSkD5eU2OUYg0gx55I00CPD7zyMB8GA1UdIwQY
MBaAFL0XXoeNM7R9gG8s8+BGKCIJNRI9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdlJkZWg0MHp0SDJBYnl6ejRFWW9JZ2sxRWowLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ny9kZGE5OGUtODY0Ni00ZDA3LTgwYWMt
YTM1ZWFmMDA1YWY1LzEvV05LUVBsNVRZNVJpRFNESG5ralRRSThQdlBJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ny9kZGE5OGUtODY0Ni00ZDA3LTgwYWMtYTM1ZWFmMDA1YWY1
LzEvdlJkZWg0MHp0SDJBYnl6ejRFWW9JZ2sxRWowLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAW8cIMA8E
AgACMAkDBwAgAQZ8L4QwDQYJKoZIhvcNAQELBQADggEBAA1v9NDQtBDswuJsViTH
h3oaAzEnJYOr0Rszo1rvL6nl4fzzw+CB65UXyYLWgD6Vjcv6ygnYPW9iqRP/mgx2
5nTQW8TsZhRgv67oDB56Rth7jo5UbysAhqIL+5rQau+mcHC3aeidAQYZMbwgG50g
j5PTDHxPsrerZIpKfGJu0WNjlun4fDwJtO8hrF9JYSrYFVJoEPt4o5hVhNxP+JLq
e7yUbe7Rtg0Vq9DnpWOZtbJlKIgSUI5xFWQ/G5yhZI0VYwc6D9c9cW/TTCSkCIt5
dhOt+8mPD1EOXkx5XNZem/2g4PpMcitOcKnstxpg/sTHmn/JocPpOQ8z/CSKA4uw
1WQ=
-----END CERTIFICATE-----