Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/WM_cyVmgYIeVjzAwdGJ26oEMnHQ.roa
File:                     WM_cyVmgYIeVjzAwdGJ26oEMnHQ.roa (raw, json)
Hash identifier:          YqJFnSK0x/rKolO1WSaZ4NBujYTdGtg/TAe1G5NS0M8=
Subject key identifier:   58:CF:DC:C9:59:A0:60:87:95:8F:30:30:74:62:76:EA:81:0C:9C:74
Certificate issuer:       /CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
Certificate serial:       018CC56E18E23EBF9772825865F08F939156
Authority key identifier: 05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/WM_cyVmgYIeVjzAwdGJ26oEMnHQ.roa
Signing time:             Mon 01 Jan 2024 14:29:35 +0000
ROA not before:           Mon 01 Jan 2024 14:29:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206602
IP address blocks:        185.71.28.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:18:e2:3e:bf:97:72:82:58:65:f0:8f:93:91:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
        Validity
            Not Before: Jan  1 14:29:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=58cfdcc959a06087958f3030746276ea810c9c74
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:ac:4b:ea:c7:f6:22:ab:a0:38:08:1f:9a:2e:
                    0c:0e:13:9f:e8:be:07:d3:a9:ee:e9:80:65:ae:46:
                    1b:6f:5b:99:12:4d:5b:ec:be:10:f9:d6:6e:85:aa:
                    f5:69:25:eb:48:fe:f0:d7:7b:61:e4:fa:cf:db:68:
                    3f:9c:50:a0:3d:59:54:23:a3:c3:5f:52:9d:09:52:
                    bb:e5:be:bf:7c:54:1b:3d:8e:11:ec:a9:18:14:7a:
                    33:38:72:49:99:2d:b6:f8:c8:0a:07:5e:74:ec:b3:
                    64:92:ed:d4:a8:3e:9f:50:37:76:ca:e7:3e:fa:be:
                    7a:b7:6c:20:41:39:cd:85:fe:e1:ad:cb:40:7b:fb:
                    84:ff:0d:0c:5a:a8:c0:50:84:35:93:9b:99:5f:f3:
                    75:5d:ee:00:32:9b:19:bd:2b:77:e4:6a:1e:c1:7b:
                    1a:00:d7:1c:a0:eb:b2:17:35:88:e8:03:e0:74:ed:
                    03:83:17:9d:02:35:0e:8d:c1:b5:ef:cb:45:0e:d7:
                    32:80:54:2c:be:c5:28:b0:d7:a6:34:48:aa:20:cd:
                    07:44:7f:f8:16:ff:af:f8:80:77:9d:69:18:19:83:
                    37:4f:5a:83:a6:d6:78:d7:99:ae:d2:ef:fc:74:f8:
                    d7:a6:19:53:b4:6c:42:ff:d8:19:26:13:6a:41:03:
                    ac:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:CF:DC:C9:59:A0:60:87:95:8F:30:30:74:62:76:EA:81:0C:9C:74
            X509v3 Authority Key Identifier:
                keyid:05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/WM_cyVmgYIeVjzAwdGJ26oEMnHQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.71.28.0/24

    Signature Algorithm: sha256WithRSAEncryption
         32:a7:72:51:8d:36:5a:cb:47:f9:51:29:b3:69:23:f3:fe:61:
         e3:25:75:6e:66:52:56:ef:17:7e:32:4e:ef:f0:92:7c:8f:35:
         92:e8:1b:48:1a:c1:c9:65:bc:f8:7f:ab:56:86:29:7c:96:7f:
         9c:ba:54:9f:b3:5c:bb:9c:fd:4e:28:69:6d:29:f4:66:8a:cf:
         b1:d5:4d:fc:e4:e6:e4:73:9c:95:a7:f1:ab:c7:37:7e:e7:13:
         a3:87:7d:b4:1c:cd:af:13:f8:2a:cb:e1:86:55:0b:45:16:8a:
         e3:6e:92:2c:7e:5a:85:e3:bd:98:5a:d9:74:ca:1b:7a:b2:06:
         cd:91:61:37:88:82:e0:5f:92:cf:24:22:74:ed:e7:57:8f:87:
         d5:a4:9c:e7:94:cc:3d:3d:0c:fb:02:8f:a3:b1:29:cb:c7:f9:
         c0:c2:78:aa:03:aa:91:c6:96:52:89:56:0d:f3:d7:46:f3:a2:
         b2:c9:e1:17:c5:5f:32:61:bc:58:12:75:76:b3:ec:13:60:9b:
         fc:3a:07:49:51:50:6a:3b:e3:2a:c6:60:d4:0b:d1:ff:3b:ff:
         9d:d7:be:4e:e0:a8:85:4f:bc:25:66:d1:f7:9d:64:3d:e8:34:
         6d:8a:63:5d:3b:33:69:ba:4e:ed:e5:8e:7a:19:fd:b7:aa:fe:
         54:8e:ac:fa
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbhjiPr+XcoJYZfCPk5FWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1MzRjNDlmY2ZhOGE0NTA0MWQ5NWVkNGQ4ZDRmYzY5Yzcy
N2E0NjcwHhcNMjQwMTAxMTQyOTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OGNmZGNjOTU5YTA2MDg3OTU4ZjMwMzA3NDYyNzZlYTgxMGM5Yzc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq6xL6sf2IqugOAgfmi4MDhOf6L4H
06nu6YBlrkYbb1uZEk1b7L4Q+dZuhar1aSXrSP7w13th5PrP22g/nFCgPVlUI6PD
X1KdCVK75b6/fFQbPY4R7KkYFHozOHJJmS22+MgKB1507LNkku3UqD6fUDd2yuc+
+r56t2wgQTnNhf7hrctAe/uE/w0MWqjAUIQ1k5uZX/N1Xe4AMpsZvSt35GoewXsa
ANccoOuyFzWI6APgdO0DgxedAjUOjcG178tFDtcygFQsvsUosNemNEiqIM0HRH/4
Fv+v+IB3nWkYGYM3T1qDptZ415mu0u/8dPjXphlTtGxC/9gZJhNqQQOsZwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFjP3MlZoGCHlY8wMHRiduqBDJx0MB8GA1UdIwQY
MBaAFAU0xJ/PqKRQQdle1NjU/GnHJ6RnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYt
Y2Q3ZTA2Y2JiNTMxLzEvV01fY3lWbWdZSWVWanpBd2RHSjI2b0VNbkhRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYtY2Q3ZTA2Y2JiNTMx
LzEvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuUccMA0G
CSqGSIb3DQEBCwUAA4IBAQAyp3JRjTZay0f5USmzaSPz/mHjJXVuZlJW7xd+Mk7v
8JJ8jzWS6BtIGsHJZbz4f6tWhil8ln+culSfs1y7nP1OKGltKfRmis+x1U385Obk
c5yVp/Grxzd+5xOjh320HM2vE/gqy+GGVQtFForjbpIsflqF472YWtl0yht6sgbN
kWE3iILgX5LPJCJ07edXj4fVpJznlMw9PQz7Ao+jsSnLx/nAwniqA6qRxpZSiVYN
89dG86KyyeEXxV8yYbxYEnV2s+wTYJv8OgdJUVBqO+MqxmDUC9H/O/+d175O4KiF
T7wlZtH3nWQ96DRtimNdOzNpuk7t5Y56Gf23qv5Ujqz6
-----END CERTIFICATE-----