Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/5e5c30-8aa4-47e8-bd8f-fbe1a0d0aa98/1/wdtE_3D6FbAFHOP--1DXG-ZWJC8.roa
File:                     wdtE_3D6FbAFHOP--1DXG-ZWJC8.roa (raw, json)
Hash identifier:          J1WwYWMorgPFnCHZe01D/31oPYzRXvtwLXf7IpXryQ4=
Subject key identifier:   C1:DB:44:FF:70:FA:15:B0:05:1C:E3:FE:FB:50:D7:1B:E6:56:24:2F
Certificate issuer:       /CN=557b0ac10b8642a27dd3d74ed6cb5ee045e67b97
Certificate serial:       018CC492C1B61ECD99F04D7E25BDA333249B
Authority key identifier: 55:7B:0A:C1:0B:86:42:A2:7D:D3:D7:4E:D6:CB:5E:E0:45:E6:7B:97
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VXsKwQuGQqJ909dO1ste4EXme5c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/5e5c30-8aa4-47e8-bd8f-fbe1a0d0aa98/1/wdtE_3D6FbAFHOP--1DXG-ZWJC8.roa
Signing time:             Mon 01 Jan 2024 10:30:01 +0000
ROA not before:           Mon 01 Jan 2024 10:30:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39251
IP address blocks:        95.169.199.0/24 maxlen: 24
                          95.169.200.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/5e5c30-8aa4-47e8-bd8f-fbe1a0d0aa98/1/VXsKwQuGQqJ909dO1ste4EXme5c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/5e5c30-8aa4-47e8-bd8f-fbe1a0d0aa98/1/VXsKwQuGQqJ909dO1ste4EXme5c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VXsKwQuGQqJ909dO1ste4EXme5c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 10:01:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:92:c1:b6:1e:cd:99:f0:4d:7e:25:bd:a3:33:24:9b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=557b0ac10b8642a27dd3d74ed6cb5ee045e67b97
        Validity
            Not Before: Jan  1 10:30:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c1db44ff70fa15b0051ce3fefb50d71be656242f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:d0:c9:6d:64:0e:00:fb:18:e2:db:c6:af:96:
                    f4:85:d5:54:ed:3a:a4:b1:12:d7:21:d3:47:69:e1:
                    8f:16:4e:04:d7:67:59:86:9d:34:1b:52:d0:8c:13:
                    7d:e0:31:c8:14:17:ee:9c:f9:fb:63:68:05:fc:9d:
                    eb:27:d9:bc:17:59:b3:5b:8c:79:09:7e:b1:35:c6:
                    cf:aa:6d:2a:af:b1:59:5c:ce:9a:df:df:0d:d7:4b:
                    e9:0e:7b:c7:76:40:ea:9a:90:8f:6c:bb:5e:65:4c:
                    a4:87:52:5e:5d:1c:35:7e:45:ab:11:84:d4:ca:6b:
                    56:33:1b:5b:7f:57:3e:4f:f9:78:a7:0b:ff:cc:59:
                    44:1c:92:f7:69:ef:2a:5d:20:ea:e7:e8:91:b6:ff:
                    3b:ec:80:65:69:a2:f5:0f:17:b5:f9:8a:67:74:f0:
                    fb:a2:09:d9:40:ba:78:c1:44:7f:2b:68:42:4b:7d:
                    5e:2a:48:2b:b8:b0:f1:b0:11:ea:9c:23:63:3f:63:
                    d6:3b:d6:da:c3:ae:b0:e2:d2:3b:46:dd:01:89:20:
                    3f:a9:8f:76:97:7e:85:7b:74:f8:6b:29:10:f4:c2:
                    04:ec:3e:57:bb:37:70:0f:3b:28:02:e3:71:d0:36:
                    1d:e5:8f:42:44:2a:93:43:bd:d6:a1:9b:43:57:01:
                    b4:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:DB:44:FF:70:FA:15:B0:05:1C:E3:FE:FB:50:D7:1B:E6:56:24:2F
            X509v3 Authority Key Identifier:
                keyid:55:7B:0A:C1:0B:86:42:A2:7D:D3:D7:4E:D6:CB:5E:E0:45:E6:7B:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VXsKwQuGQqJ909dO1ste4EXme5c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/5e5c30-8aa4-47e8-bd8f-fbe1a0d0aa98/1/wdtE_3D6FbAFHOP--1DXG-ZWJC8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/5e5c30-8aa4-47e8-bd8f-fbe1a0d0aa98/1/VXsKwQuGQqJ909dO1ste4EXme5c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.169.199.0-95.169.200.255

    Signature Algorithm: sha256WithRSAEncryption
         69:05:17:81:d1:59:63:b4:dc:5f:74:29:02:e1:89:cf:ee:f9:
         03:72:20:0e:63:d5:87:da:4f:e5:e9:7a:82:41:79:e6:e1:e8:
         9d:78:3e:79:05:49:09:6d:94:7a:32:cd:09:93:66:d9:8d:07:
         24:bb:37:1c:c2:b4:77:5b:71:e7:d9:17:ff:e1:c6:82:e4:c0:
         8a:24:3d:ce:e2:e6:aa:06:da:ac:60:e7:31:8c:e6:5c:12:98:
         2d:f5:26:46:84:ec:8d:e1:c4:cb:f9:cf:b0:74:a9:91:1e:52:
         d0:35:2e:f0:df:95:0a:6d:6e:0f:87:d6:94:74:6c:8d:3e:63:
         ec:1c:d2:01:f1:c3:29:c4:fb:0d:29:9a:cb:ad:85:27:bc:09:
         6f:12:d4:83:c2:00:ce:87:a9:f7:64:71:3b:2f:81:6b:7d:0a:
         cd:47:af:5a:b8:a1:cb:f6:4d:bf:0b:7a:77:18:89:15:dc:41:
         74:16:8b:45:83:cc:69:81:cd:bb:cb:a9:aa:7d:bd:f1:f2:52:
         c4:8b:e6:c1:6b:7d:36:4c:a8:fc:d3:64:4e:9c:bd:a6:ae:45:
         94:27:2c:28:47:cb:79:6b:b7:5f:72:c5:77:7f:9a:05:a0:8b:
         fb:16:70:a2:71:7e:e7:3e:9a:93:cb:92:88:14:6f:1a:7e:ce:
         8b:b3:97:46
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzEksG2Hs2Z8E1+Jb2jMySbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU1N2IwYWMxMGI4NjQyYTI3ZGQzZDc0ZWQ2Y2I1ZWUwNDVl
NjdiOTcwHhcNMjQwMTAxMTAzMDAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMWRiNDRmZjcwZmExNWIwMDUxY2UzZmVmYjUwZDcxYmU2NTYyNDJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo9DJbWQOAPsY4tvGr5b0hdVU7Tqk
sRLXIdNHaeGPFk4E12dZhp00G1LQjBN94DHIFBfunPn7Y2gF/J3rJ9m8F1mzW4x5
CX6xNcbPqm0qr7FZXM6a398N10vpDnvHdkDqmpCPbLteZUykh1JeXRw1fkWrEYTU
ymtWMxtbf1c+T/l4pwv/zFlEHJL3ae8qXSDq5+iRtv877IBlaaL1Dxe1+YpndPD7
ognZQLp4wUR/K2hCS31eKkgruLDxsBHqnCNjP2PWO9baw66w4tI7Rt0BiSA/qY92
l36Fe3T4aykQ9MIE7D5XuzdwDzsoAuNx0DYd5Y9CRCqTQ73WoZtDVwG0hQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFMHbRP9w+hWwBRzj/vtQ1xvmViQvMB8GA1UdIwQY
MBaAFFV7CsELhkKifdPXTtbLXuBF5nuXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVlhzS3dRdUdRcUo5MDlkTzFzdGU0RVhtZTVjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi81ZTVjMzAtOGFhNC00N2U4LWJkOGYt
ZmJlMWEwZDBhYTk4LzEvd2R0RV8zRDZGYkFGSE9QLS0xRFhHLVpXSkM4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi81ZTVjMzAtOGFhNC00N2U4LWJkOGYtZmJlMWEwZDBhYTk4
LzEvVlhzS3dRdUdRcUo5MDlkTzFzdGU0RVhtZTVjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBABfqccD
BABfqcgwDQYJKoZIhvcNAQELBQADggEBAGkFF4HRWWO03F90KQLhic/u+QNyIA5j
1YfaT+XpeoJBeebh6J14PnkFSQltlHoyzQmTZtmNByS7NxzCtHdbcefZF//hxoLk
wIokPc7i5qoG2qxg5zGM5lwSmC31JkaE7I3hxMv5z7B0qZEeUtA1LvDflQptbg+H
1pR0bI0+Y+wc0gHxwynE+w0pmsuthSe8CW8S1IPCAM6HqfdkcTsvgWt9Cs1Hr1q4
ocv2Tb8LencYiRXcQXQWi0WDzGmBzbvLqap9vfHyUsSL5sFrfTZMqPzTZE6cvaau
RZQnLChHy3lrt19yxXd/mgWgi/sWcKJxfuc+mpPLkogUbxp+zouzl0Y=
-----END CERTIFICATE-----