Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/73/77a699-055b-407c-b12b-ad9542ad4f43/1/WPHiMng5h6h4NP3wZQr0F1jbZjQ.roa
File:                     WPHiMng5h6h4NP3wZQr0F1jbZjQ.roa (raw, json)
Hash identifier:          3z0NoT9AeiuEuU+RksCSl23dxlWUUDuMPI0ejfrj8bs=
Subject key identifier:   58:F1:E2:32:78:39:87:A8:78:34:FD:F0:65:0A:F4:17:58:DB:66:34
Certificate issuer:       /CN=046e52810740a6ec134993dbc9ad11b6454d9a7a
Certificate serial:       018CCF7CBE73C0FFA388045D30E86BC343FC
Authority key identifier: 04:6E:52:81:07:40:A6:EC:13:49:93:DB:C9:AD:11:B6:45:4D:9A:7A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BG5SgQdApuwTSZPbya0RtkVNmno.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/73/77a699-055b-407c-b12b-ad9542ad4f43/1/WPHiMng5h6h4NP3wZQr0F1jbZjQ.roa
Signing time:             Wed 03 Jan 2024 13:21:48 +0000
ROA not before:           Wed 03 Jan 2024 13:21:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203460
IP address blocks:        185.115.60.0/22 maxlen: 22
                          2a06:7580::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/73/77a699-055b-407c-b12b-ad9542ad4f43/1/BG5SgQdApuwTSZPbya0RtkVNmno.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/73/77a699-055b-407c-b12b-ad9542ad4f43/1/BG5SgQdApuwTSZPbya0RtkVNmno.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BG5SgQdApuwTSZPbya0RtkVNmno.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:cf:7c:be:73:c0:ff:a3:88:04:5d:30:e8:6b:c3:43:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=046e52810740a6ec134993dbc9ad11b6454d9a7a
        Validity
            Not Before: Jan  3 13:21:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=58f1e232783987a87834fdf0650af41758db6634
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:7f:d5:f1:ec:83:e1:e2:4d:31:d7:10:82:4f:
                    a6:7b:b5:a9:51:d6:8b:b6:25:b3:ef:1d:8d:36:11:
                    04:d5:84:83:1c:86:c3:19:63:b3:21:64:c6:ee:b5:
                    bf:f4:bc:10:30:6a:9b:6b:29:cb:4c:d8:44:21:5f:
                    ae:94:a6:3e:8b:f9:72:96:1a:07:09:99:c8:14:4f:
                    31:b0:5d:e2:eb:b0:d5:9a:06:5d:86:a3:3f:4f:d1:
                    cd:eb:0c:f3:a7:f4:56:7a:e5:09:75:42:4c:69:f7:
                    a5:54:3e:c5:fd:78:93:17:2a:a4:12:78:de:e2:34:
                    57:6f:79:db:f8:6b:96:be:6e:07:10:6e:2a:fb:f6:
                    98:e2:44:85:89:5f:a8:30:9f:66:ea:ba:77:49:e7:
                    84:43:14:fa:ff:36:43:13:9a:60:d1:12:10:07:5e:
                    c6:98:1f:ed:df:50:2d:9a:45:f4:70:52:d9:55:42:
                    9d:9d:89:b9:ea:f8:00:40:62:a7:a4:6b:18:18:13:
                    f6:41:ac:97:4c:8b:15:28:72:cf:93:60:e9:f2:20:
                    d7:fb:31:c7:91:e1:ba:d1:e0:2a:89:b0:52:de:2b:
                    be:6c:51:5e:29:cb:e1:fc:04:b1:67:38:ee:63:36:
                    f8:1e:d7:a7:93:19:c2:c0:f4:41:14:c8:8d:ac:a8:
                    81:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:F1:E2:32:78:39:87:A8:78:34:FD:F0:65:0A:F4:17:58:DB:66:34
            X509v3 Authority Key Identifier:
                keyid:04:6E:52:81:07:40:A6:EC:13:49:93:DB:C9:AD:11:B6:45:4D:9A:7A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BG5SgQdApuwTSZPbya0RtkVNmno.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/73/77a699-055b-407c-b12b-ad9542ad4f43/1/WPHiMng5h6h4NP3wZQr0F1jbZjQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/73/77a699-055b-407c-b12b-ad9542ad4f43/1/BG5SgQdApuwTSZPbya0RtkVNmno.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.115.60.0/22
                IPv6:
                  2a06:7580::/29

    Signature Algorithm: sha256WithRSAEncryption
         8a:46:0c:19:ad:be:65:cd:0d:ec:3e:8d:05:d1:e2:0e:6d:82:
         ea:02:17:75:94:ce:e3:b3:82:96:04:ee:23:cc:d9:71:f6:f6:
         9f:12:73:c7:bf:19:d8:68:f8:4f:24:d2:5d:29:50:c2:46:fe:
         f5:20:74:4c:02:20:86:56:60:b5:a8:99:4f:86:2a:0d:2e:3f:
         bb:b8:f6:79:0c:f9:ea:14:ff:c9:69:17:1e:45:f8:fd:28:1e:
         16:4e:15:46:83:49:02:71:70:88:db:27:dd:13:c4:0d:c8:96:
         9c:a0:1b:0c:ce:1d:e4:cf:1e:a7:3e:05:f6:3b:7e:c6:b0:75:
         9b:da:c3:44:35:aa:59:61:0a:1b:8a:25:5a:68:90:34:2f:d0:
         c3:bb:33:25:5b:30:29:89:df:ba:8f:18:bf:09:ec:4d:59:fc:
         7d:de:11:43:18:09:96:22:c6:e9:a4:a1:ba:a1:a1:6c:3b:79:
         e4:0d:f5:b2:9d:59:a5:ba:0c:85:e3:14:3a:ec:eb:66:fb:79:
         8b:0e:dc:c6:3e:51:3f:26:de:2f:df:00:14:3e:81:1e:55:f0:
         57:42:e6:ed:d5:2d:c1:9e:9d:e4:17:72:2c:b1:14:8b:32:ef:
         7e:ae:00:34:d3:b8:0b:c4:5f:6a:d8:f0:c6:ec:04:27:d7:e4:
         99:17:98:2e
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzPfL5zwP+jiARdMOhrw0P8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA0NmU1MjgxMDc0MGE2ZWMxMzQ5OTNkYmM5YWQxMWI2NDU0
ZDlhN2EwHhcNMjQwMTAzMTMyMTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OGYxZTIzMjc4Mzk4N2E4NzgzNGZkZjA2NTBhZjQxNzU4ZGI2NjM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoH/V8eyD4eJNMdcQgk+me7WpUdaL
tiWz7x2NNhEE1YSDHIbDGWOzIWTG7rW/9LwQMGqbaynLTNhEIV+ulKY+i/lylhoH
CZnIFE8xsF3i67DVmgZdhqM/T9HN6wzzp/RWeuUJdUJMafelVD7F/XiTFyqkEnje
4jRXb3nb+GuWvm4HEG4q+/aY4kSFiV+oMJ9m6rp3SeeEQxT6/zZDE5pg0RIQB17G
mB/t31AtmkX0cFLZVUKdnYm56vgAQGKnpGsYGBP2QayXTIsVKHLPk2Dp8iDX+zHH
keG60eAqibBS3iu+bFFeKcvh/ASxZzjuYzb4HtenkxnCwPRBFMiNrKiBbQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFFjx4jJ4OYeoeDT98GUK9BdY22Y0MB8GA1UdIwQY
MBaAFARuUoEHQKbsE0mT28mtEbZFTZp6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQkc1U2dRZEFwdXdUU1pQYnlhMFJ0a1ZObW5vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83My83N2E2OTktMDU1Yi00MDdjLWIxMmIt
YWQ5NTQyYWQ0ZjQzLzEvV1BIaU1uZzVoNmg0TlAzd1pRcjBGMWpiWmpRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83My83N2E2OTktMDU1Yi00MDdjLWIxMmItYWQ5NTQyYWQ0ZjQz
LzEvQkc1U2dRZEFwdXdUU1pQYnlhMFJ0a1ZObW5vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuXM8MA0E
AgACMAcDBQMqBnWAMA0GCSqGSIb3DQEBCwUAA4IBAQCKRgwZrb5lzQ3sPo0F0eIO
bYLqAhd1lM7js4KWBO4jzNlx9vafEnPHvxnYaPhPJNJdKVDCRv71IHRMAiCGVmC1
qJlPhioNLj+7uPZ5DPnqFP/JaRceRfj9KB4WThVGg0kCcXCI2yfdE8QNyJacoBsM
zh3kzx6nPgX2O37GsHWb2sNENapZYQobiiVaaJA0L9DDuzMlWzApid+6jxi/CexN
Wfx93hFDGAmWIsbppKG6oaFsO3nkDfWynVmlugyF4xQ67Otm+3mLDtzGPlE/Jt4v
3wAUPoEeVfBXQubt1S3Bnp3kF3IssRSLMu9+rgA007gLxF9q2PDG7AQn1+SZF5gu
-----END CERTIFICATE-----