Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/71/739716-9af2-47f5-a6f1-a3b74f9641ac/1/WH-u_Lbb4qq1ki69Q6CH45I7tuk.roa
File:                     WH-u_Lbb4qq1ki69Q6CH45I7tuk.roa (raw, json)
Hash identifier:          bn630h7Plu6LOc7DTwB6XBtAsX4ZbAAKOsi+znYEmWg=
Subject key identifier:   58:7F:AE:FC:B6:DB:E2:AA:B5:92:2E:BD:43:A0:87:E3:92:3B:B6:E9
Certificate issuer:       /CN=cdb83cfe5489835f294d0af4dd4db6e3dc25f1f3
Certificate serial:       018CC80152913D1FBEBE4FA6F130A0A5331A
Authority key identifier: CD:B8:3C:FE:54:89:83:5F:29:4D:0A:F4:DD:4D:B6:E3:DC:25:F1:F3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zbg8_lSJg18pTQr03U2249wl8fM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/71/739716-9af2-47f5-a6f1-a3b74f9641ac/1/WH-u_Lbb4qq1ki69Q6CH45I7tuk.roa
Signing time:             Tue 02 Jan 2024 02:29:39 +0000
ROA not before:           Tue 02 Jan 2024 02:29:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     4862
IP address blocks:        57.72.0.0/24 maxlen: 24
                          57.72.0.0/15 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/71/739716-9af2-47f5-a6f1-a3b74f9641ac/1/zbg8_lSJg18pTQr03U2249wl8fM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/71/739716-9af2-47f5-a6f1-a3b74f9641ac/1/zbg8_lSJg18pTQr03U2249wl8fM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zbg8_lSJg18pTQr03U2249wl8fM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:52:91:3d:1f:be:be:4f:a6:f1:30:a0:a5:33:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cdb83cfe5489835f294d0af4dd4db6e3dc25f1f3
        Validity
            Not Before: Jan  2 02:29:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=587faefcb6dbe2aab5922ebd43a087e3923bb6e9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:d7:09:d0:8f:60:29:d3:3d:e9:71:4b:4a:7d:
                    00:05:22:2a:6e:69:e8:5e:e3:71:fb:1c:a0:48:fa:
                    29:da:70:4a:2d:56:17:f6:cd:7e:33:cb:28:84:f9:
                    02:b8:fa:4b:28:4c:36:ad:59:11:e1:1a:b1:75:3a:
                    71:31:52:43:4d:da:6d:aa:15:5c:af:0c:ae:cd:1d:
                    4b:a5:25:51:65:be:69:93:59:79:56:ed:4f:05:af:
                    fb:31:cb:6d:c6:ba:78:99:5c:a3:db:74:2d:dc:87:
                    42:89:c2:64:c7:5d:f6:be:7e:87:4c:4b:8d:e2:66:
                    da:dd:d1:05:9f:f4:99:32:d4:fb:7a:d6:a5:8d:36:
                    43:a0:a5:2d:e6:98:9e:55:f3:23:e7:f5:01:4e:66:
                    14:9a:f5:b5:fe:ac:49:99:6d:eb:92:26:5e:47:36:
                    1d:59:f2:be:b3:35:f8:f5:f3:b3:e4:b6:ad:4c:4c:
                    16:69:67:89:91:05:61:bd:a2:f6:f3:bf:3d:d2:88:
                    d9:01:bb:2c:b9:4c:41:4c:20:ac:fe:68:e8:8e:85:
                    4b:ae:ab:93:38:60:a9:47:8c:61:2c:d3:1f:fc:10:
                    0e:34:f5:f3:33:75:04:08:31:f0:90:e6:d0:f2:ed:
                    3c:2c:8a:d5:fa:8e:b4:34:99:cf:56:15:fb:51:8d:
                    37:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:7F:AE:FC:B6:DB:E2:AA:B5:92:2E:BD:43:A0:87:E3:92:3B:B6:E9
            X509v3 Authority Key Identifier:
                keyid:CD:B8:3C:FE:54:89:83:5F:29:4D:0A:F4:DD:4D:B6:E3:DC:25:F1:F3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zbg8_lSJg18pTQr03U2249wl8fM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/71/739716-9af2-47f5-a6f1-a3b74f9641ac/1/WH-u_Lbb4qq1ki69Q6CH45I7tuk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/71/739716-9af2-47f5-a6f1-a3b74f9641ac/1/zbg8_lSJg18pTQr03U2249wl8fM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  57.72.0.0/15

    Signature Algorithm: sha256WithRSAEncryption
         2f:95:e1:29:9c:de:b0:29:08:5c:61:d2:e6:d4:71:f7:d1:b9:
         f2:2d:54:25:81:05:9c:46:29:b0:89:09:c0:47:0b:0a:28:9a:
         cc:05:da:65:c0:38:08:f9:70:69:c4:21:d3:e0:6d:b2:25:9d:
         09:65:92:2a:28:a8:3e:6b:f0:f3:54:a3:43:76:1d:a9:51:41:
         c5:45:02:3f:1d:cb:2e:b4:0f:04:8a:dc:a5:41:06:75:8d:d5:
         d2:17:34:0e:0f:b8:1c:53:f2:8e:b8:91:6e:8b:04:3b:c1:a8:
         03:1d:a7:ef:ef:6d:3b:38:d3:80:16:1d:77:cd:3b:96:56:27:
         7a:26:fd:09:7e:6f:5e:d7:4b:82:1e:d4:c1:ed:91:b5:60:52:
         7f:14:99:25:2a:7f:a0:09:7c:d4:8f:be:65:89:2f:d0:fe:40:
         77:12:4e:2c:e3:54:22:23:9c:9a:64:a8:07:92:26:cd:cc:5c:
         c0:27:c3:31:ae:6d:a0:4e:74:4f:c8:4b:04:a3:7e:d5:f4:f2:
         6b:c9:2b:f2:54:29:20:b9:b5:78:13:5c:d8:86:74:73:f0:ed:
         bf:77:15:cf:ba:67:92:9d:d5:a2:f2:c0:d9:cb:27:24:97:df:
         68:16:c1:a6:3d:b5:70:e3:39:22:24:32:3d:e3:63:d3:bc:0a:
         7d:2a:a7:0a
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAYzIAVKRPR++vk+m8TCgpTMaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYjgzY2ZlNTQ4OTgzNWYyOTRkMGFmNGRkNGRiNmUzZGMy
NWYxZjMwHhcNMjQwMTAyMDIyOTM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ODdmYWVmY2I2ZGJlMmFhYjU5MjJlYmQ0M2EwODdlMzkyM2JiNmU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi9cJ0I9gKdM96XFLSn0ABSIqbmno
XuNx+xygSPop2nBKLVYX9s1+M8sohPkCuPpLKEw2rVkR4RqxdTpxMVJDTdptqhVc
rwyuzR1LpSVRZb5pk1l5Vu1PBa/7Mcttxrp4mVyj23Qt3IdCicJkx132vn6HTEuN
4mba3dEFn/SZMtT7etaljTZDoKUt5pieVfMj5/UBTmYUmvW1/qxJmW3rkiZeRzYd
WfK+szX49fOz5LatTEwWaWeJkQVhvaL287890ojZAbssuUxBTCCs/mjojoVLrquT
OGCpR4xhLNMf/BAONPXzM3UECDHwkObQ8u08LIrV+o60NJnPVhX7UY032wIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFFh/rvy22+KqtZIuvUOgh+OSO7bpMB8GA1UdIwQY
MBaAFM24PP5UiYNfKU0K9N1NtuPcJfHzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemJnOF9sU0pnMThwVFFyMDNVMjI0OXdsOGZNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MS83Mzk3MTYtOWFmMi00N2Y1LWE2ZjEt
YTNiNzRmOTY0MWFjLzEvV0gtdV9MYmI0cXExa2k2OVE2Q0g0NUk3dHVrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MS83Mzk3MTYtOWFmMi00N2Y1LWE2ZjEtYTNiNzRmOTY0MWFj
LzEvemJnOF9sU0pnMThwVFFyMDNVMjI0OXdsOGZNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMBOUgwDQYJ
KoZIhvcNAQELBQADggEBAC+V4Smc3rApCFxh0ubUcffRufItVCWBBZxGKbCJCcBH
CwoomswF2mXAOAj5cGnEIdPgbbIlnQllkiooqD5r8PNUo0N2HalRQcVFAj8dyy60
DwSK3KVBBnWN1dIXNA4PuBxT8o64kW6LBDvBqAMdp+/vbTs404AWHXfNO5ZWJ3om
/Ql+b17XS4Ie1MHtkbVgUn8UmSUqf6AJfNSPvmWJL9D+QHcSTizjVCIjnJpkqAeS
Js3MXMAnwzGubaBOdE/ISwSjftX08mvJK/JUKSC5tXgTXNiGdHPw7b93Fc+6Z5Kd
1aLywNnLJySX32gWwaY9tXDjOSIkMj3jY9O8Cn0qpwo=
-----END CERTIFICATE-----