Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/82/3770f8-62fe-40a5-94b5-548e7e4b102b/1/WI-pnCYU8gCoMkuBzDphhrNWFEs.roa
File:                     WI-pnCYU8gCoMkuBzDphhrNWFEs.roa (raw, json)
Hash identifier:          9OuU6JPJRXBcPRD/5bW++ukRHMd7C9O9p88+S9HUifE=
Subject key identifier:   58:8F:A9:9C:26:14:F2:00:A8:32:4B:81:CC:3A:61:86:B3:56:14:4B
Certificate issuer:       /CN=3a3c63cbd934825e55bbe359cb7306869ed451cd
Certificate serial:       018CC8DEA1D4899FA683DBE719349AF58BE9
Authority key identifier: 3A:3C:63:CB:D9:34:82:5E:55:BB:E3:59:CB:73:06:86:9E:D4:51:CD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ojxjy9k0gl5Vu-NZy3MGhp7UUc0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/82/3770f8-62fe-40a5-94b5-548e7e4b102b/1/WI-pnCYU8gCoMkuBzDphhrNWFEs.roa
Signing time:             Tue 02 Jan 2024 06:31:22 +0000
ROA not before:           Tue 02 Jan 2024 06:31:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     25264
IP address blocks:        109.206.253.0/24 maxlen: 24
                          109.206.252.0/24 maxlen: 24
                          109.206.252.0/22 maxlen: 22
                          109.206.255.0/24 maxlen: 24
                          109.206.254.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/82/3770f8-62fe-40a5-94b5-548e7e4b102b/1/Ojxjy9k0gl5Vu-NZy3MGhp7UUc0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/82/3770f8-62fe-40a5-94b5-548e7e4b102b/1/Ojxjy9k0gl5Vu-NZy3MGhp7UUc0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ojxjy9k0gl5Vu-NZy3MGhp7UUc0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:a1:d4:89:9f:a6:83:db:e7:19:34:9a:f5:8b:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3a3c63cbd934825e55bbe359cb7306869ed451cd
        Validity
            Not Before: Jan  2 06:31:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=588fa99c2614f200a8324b81cc3a6186b356144b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:cc:49:70:a1:c2:78:96:e5:5e:82:1d:14:33:
                    11:a4:8b:dd:d5:0b:d0:1f:58:55:54:66:0e:4f:e0:
                    cf:54:04:5e:50:61:c7:5d:92:7f:1a:7e:0d:37:e7:
                    a9:bf:3e:d8:79:a7:c9:f5:65:d0:64:38:47:90:6d:
                    94:58:54:38:dc:5a:cb:8b:eb:32:46:d2:91:ce:48:
                    b3:87:5b:0a:7a:03:00:f9:2e:7b:ab:c3:c5:f9:cb:
                    82:af:11:7b:f4:e1:3d:1c:06:33:a1:4a:f5:12:85:
                    43:db:a5:59:47:5a:53:67:67:1a:80:e4:e2:a2:9c:
                    47:dc:84:de:bb:84:9d:6b:63:5e:15:82:fc:56:09:
                    1e:9f:d6:2e:0d:bb:e3:59:4a:57:bd:c2:c8:80:aa:
                    09:6e:14:15:a1:ef:42:41:f1:6c:b4:cf:ef:70:06:
                    4f:27:dc:5a:36:d6:34:ad:10:1d:e0:ec:cb:ba:9c:
                    c6:00:56:0b:05:44:63:db:d5:99:a3:b8:c7:3b:83:
                    67:d1:a1:a0:83:c6:e3:8c:41:41:f6:2d:f7:c4:4d:
                    cb:79:c7:2f:bc:aa:c2:3f:bd:af:a8:b8:00:3c:3e:
                    a2:fd:21:cb:0b:42:3f:1f:8e:04:2c:b8:84:a9:41:
                    5e:da:32:a3:90:39:d9:09:75:52:e4:01:5d:fb:9c:
                    03:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:8F:A9:9C:26:14:F2:00:A8:32:4B:81:CC:3A:61:86:B3:56:14:4B
            X509v3 Authority Key Identifier:
                keyid:3A:3C:63:CB:D9:34:82:5E:55:BB:E3:59:CB:73:06:86:9E:D4:51:CD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ojxjy9k0gl5Vu-NZy3MGhp7UUc0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/82/3770f8-62fe-40a5-94b5-548e7e4b102b/1/WI-pnCYU8gCoMkuBzDphhrNWFEs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/82/3770f8-62fe-40a5-94b5-548e7e4b102b/1/Ojxjy9k0gl5Vu-NZy3MGhp7UUc0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.206.252.0/22

    Signature Algorithm: sha256WithRSAEncryption
         01:fb:e7:7c:ef:ff:4c:c3:49:cf:87:7b:a1:ee:9c:57:51:50:
         1d:c5:99:2a:8d:05:7d:c2:df:77:05:74:ac:71:c0:34:6e:e2:
         3d:8e:88:a7:6b:63:44:83:f3:00:27:6b:32:62:b7:a6:b9:0e:
         92:1c:30:6c:53:ad:6f:16:ae:3e:6f:7c:6a:da:d3:81:e9:a2:
         66:33:43:89:62:0c:28:00:9f:60:ea:9a:8b:52:a1:7c:32:12:
         45:9b:fe:7f:10:30:da:ff:1d:9c:d0:97:97:48:15:80:46:46:
         e5:14:81:31:a1:05:61:57:5f:e1:a5:1a:d1:94:a8:99:b3:06:
         56:a6:b2:af:cb:26:95:34:49:12:7f:e5:33:97:89:c8:81:cc:
         e0:28:86:c9:64:13:f4:5b:c8:f4:48:60:75:d7:24:35:90:8d:
         70:50:0b:1c:73:a8:2e:1f:18:68:4b:b1:fc:c2:d7:8f:58:e3:
         26:ee:05:31:98:15:d6:f9:3d:a2:f9:d8:0b:c8:01:39:f6:be:
         05:a7:c1:36:23:3d:d5:b9:ef:58:1b:ce:31:97:d7:94:87:88:
         32:a6:56:1f:9a:da:42:8d:10:80:b9:49:5b:f4:9d:28:bf:55:
         34:cc:1c:b4:d8:d2:57:07:ae:6a:ef:d5:8c:b8:06:4d:29:01:
         1e:53:c6:83
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3qHUiZ+mg9vnGTSa9YvpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhM2M2M2NiZDkzNDgyNWU1NWJiZTM1OWNiNzMwNjg2OWVk
NDUxY2QwHhcNMjQwMTAyMDYzMTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ODhmYTk5YzI2MTRmMjAwYTgzMjRiODFjYzNhNjE4NmIzNTYxNDRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAksxJcKHCeJblXoIdFDMRpIvd1QvQ
H1hVVGYOT+DPVAReUGHHXZJ/Gn4NN+epvz7YeafJ9WXQZDhHkG2UWFQ43FrLi+sy
RtKRzkizh1sKegMA+S57q8PF+cuCrxF79OE9HAYzoUr1EoVD26VZR1pTZ2cagOTi
opxH3ITeu4Sda2NeFYL8Vgken9YuDbvjWUpXvcLIgKoJbhQVoe9CQfFstM/vcAZP
J9xaNtY0rRAd4OzLupzGAFYLBURj29WZo7jHO4Nn0aGgg8bjjEFB9i33xE3Leccv
vKrCP72vqLgAPD6i/SHLC0I/H44ELLiEqUFe2jKjkDnZCXVS5AFd+5wDtwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFiPqZwmFPIAqDJLgcw6YYazVhRLMB8GA1UdIwQY
MBaAFDo8Y8vZNIJeVbvjWctzBoae1FHNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT2p4ank5azBnbDVWdS1OWnkzTUdocDdVVWMwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Mi8zNzcwZjgtNjJmZS00MGE1LTk0YjUt
NTQ4ZTdlNGIxMDJiLzEvV0ktcG5DWVU4Z0NvTWt1QnpEcGhock5XRkVzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Mi8zNzcwZjgtNjJmZS00MGE1LTk0YjUtNTQ4ZTdlNGIxMDJi
LzEvT2p4ank5azBnbDVWdS1OWnkzTUdocDdVVWMwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCbc78MA0G
CSqGSIb3DQEBCwUAA4IBAQAB++d87/9Mw0nPh3uh7pxXUVAdxZkqjQV9wt93BXSs
ccA0buI9joina2NEg/MAJ2syYremuQ6SHDBsU61vFq4+b3xq2tOB6aJmM0OJYgwo
AJ9g6pqLUqF8MhJFm/5/EDDa/x2c0JeXSBWARkblFIExoQVhV1/hpRrRlKiZswZW
prKvyyaVNEkSf+Uzl4nIgczgKIbJZBP0W8j0SGB11yQ1kI1wUAscc6guHxhoS7H8
wtePWOMm7gUxmBXW+T2i+dgLyAE59r4Fp8E2Iz3Vue9YG84xl9eUh4gyplYfmtpC
jRCAuUlb9J0ov1U0zBy02NJXB65q79WMuAZNKQEeU8aD
-----END CERTIFICATE-----