Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/89/de8d82-8e0a-4452-b89a-6508c1f4a445/1/Wpfv-9aZsXfjtrGmtWpNzpImJbA.roa
File:                     Wpfv-9aZsXfjtrGmtWpNzpImJbA.roa (raw, json)
Hash identifier:          iu7VPmqnXR1YEzU3JKPtTosm2uoW3FTzpwlayEI3CTQ=
Subject key identifier:   5A:97:EF:FB:D6:99:B1:77:E3:B6:B1:A6:B5:6A:4D:CE:92:26:25:B0
Certificate issuer:       /CN=116538dffd77cf238c4eaeb95ca05487c5671ab5
Certificate serial:       018CC50085B0D45AB5E7E904DB28E17509BE
Authority key identifier: 11:65:38:DF:FD:77:CF:23:8C:4E:AE:B9:5C:A0:54:87:C5:67:1A:B5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EWU43_13zyOMTq65XKBUh8VnGrU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/89/de8d82-8e0a-4452-b89a-6508c1f4a445/1/Wpfv-9aZsXfjtrGmtWpNzpImJbA.roa
Signing time:             Mon 01 Jan 2024 12:29:54 +0000
ROA not before:           Mon 01 Jan 2024 12:29:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200797
IP address blocks:        217.148.128.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/89/de8d82-8e0a-4452-b89a-6508c1f4a445/1/EWU43_13zyOMTq65XKBUh8VnGrU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/89/de8d82-8e0a-4452-b89a-6508c1f4a445/1/EWU43_13zyOMTq65XKBUh8VnGrU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EWU43_13zyOMTq65XKBUh8VnGrU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 16 May 2024 12:00:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:85:b0:d4:5a:b5:e7:e9:04:db:28:e1:75:09:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=116538dffd77cf238c4eaeb95ca05487c5671ab5
        Validity
            Not Before: Jan  1 12:29:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5a97effbd699b177e3b6b1a6b56a4dce922625b0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:61:30:59:99:d6:94:94:06:bc:06:22:42:21:
                    84:1a:85:34:e4:e0:5b:c1:1a:24:cd:6e:1a:ce:df:
                    e1:fb:f6:4a:49:61:42:53:c2:f2:af:0d:85:bb:32:
                    a2:56:9d:9f:90:62:ef:80:7c:26:04:b9:99:7f:cf:
                    ba:4b:b1:a1:3b:2e:ce:08:7a:09:99:32:d5:83:c3:
                    e5:9d:a4:bf:21:41:b2:f8:4b:b0:a9:4c:38:23:2a:
                    26:a0:45:c7:6e:a5:01:3a:7a:bf:60:51:fe:16:83:
                    d7:db:ce:ba:48:d3:42:cf:1f:58:a5:9d:4f:c3:82:
                    cc:85:e6:98:a9:78:a0:e5:0c:37:65:54:8a:86:8d:
                    e7:ad:a4:62:6a:76:8f:12:7c:37:d2:80:1b:81:34:
                    bb:4f:b4:5e:07:5e:a8:72:bf:d7:4a:c0:3c:d0:c1:
                    81:6b:d7:c9:8c:76:33:8d:ed:fa:50:1b:65:60:1c:
                    bd:52:e0:41:63:78:dd:2a:e9:af:66:22:64:8f:3c:
                    cd:cc:6f:4d:2d:8f:e9:5e:bf:2b:aa:82:ed:09:90:
                    90:64:03:28:e7:2a:14:e3:a1:49:37:97:9e:6d:f8:
                    96:75:8e:ba:3b:00:70:3e:6a:cf:49:6f:78:09:16:
                    aa:65:10:d0:a8:b9:14:80:06:25:a4:13:29:bd:fe:
                    3f:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5A:97:EF:FB:D6:99:B1:77:E3:B6:B1:A6:B5:6A:4D:CE:92:26:25:B0
            X509v3 Authority Key Identifier:
                keyid:11:65:38:DF:FD:77:CF:23:8C:4E:AE:B9:5C:A0:54:87:C5:67:1A:B5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EWU43_13zyOMTq65XKBUh8VnGrU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/89/de8d82-8e0a-4452-b89a-6508c1f4a445/1/Wpfv-9aZsXfjtrGmtWpNzpImJbA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/89/de8d82-8e0a-4452-b89a-6508c1f4a445/1/EWU43_13zyOMTq65XKBUh8VnGrU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.148.128.0/22

    Signature Algorithm: sha256WithRSAEncryption
         3b:85:b4:f0:ea:d7:d6:f1:23:51:ef:b0:12:ea:33:ec:f3:37:
         91:7e:f3:3e:fb:fc:62:e9:a7:c7:ce:f8:11:a0:2f:13:60:2d:
         c4:73:38:79:98:3d:14:61:e8:68:cf:2c:39:81:0b:8e:03:5d:
         7f:02:80:dc:84:3b:ed:e9:7e:43:48:a9:97:36:4b:c1:47:c8:
         f3:1e:68:57:c7:88:12:bc:87:c1:32:a1:be:00:37:d7:9a:96:
         fe:e8:fa:d3:63:d8:9d:50:0c:62:4c:96:f4:21:63:d8:f5:3c:
         be:c7:c6:cf:ee:c3:ab:98:78:fc:0b:1d:3c:53:a9:4a:39:eb:
         a6:39:6f:c4:32:7b:de:31:31:a9:40:67:f7:fc:bf:d5:f9:b7:
         eb:b3:e7:40:68:31:ec:26:2e:1e:d6:d8:7a:d9:2d:d1:ea:9c:
         9c:ff:a2:bf:72:81:09:ff:21:c9:6c:1c:89:0b:37:08:9d:0b:
         37:53:6a:ff:bb:0f:e2:52:c8:9a:20:7d:e6:df:e9:04:7d:29:
         52:ef:38:fb:bd:d7:c5:f8:81:f1:de:fa:42:85:ee:bb:2f:44:
         3d:b6:80:5f:9b:af:9f:6a:e4:06:e0:97:84:3c:ca:ea:65:02:
         02:fc:bb:23:b7:52:1d:7b:f1:07:63:29:bf:dd:cd:e3:60:6c:
         16:36:e0:79
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAIWw1Fq15+kE2yjhdQm+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDExNjUzOGRmZmQ3N2NmMjM4YzRlYWViOTVjYTA1NDg3YzU2
NzFhYjUwHhcNMjQwMTAxMTIyOTU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YTk3ZWZmYmQ2OTliMTc3ZTNiNmIxYTZiNTZhNGRjZTkyMjYyNWIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhGEwWZnWlJQGvAYiQiGEGoU05OBb
wRokzW4azt/h+/ZKSWFCU8Lyrw2FuzKiVp2fkGLvgHwmBLmZf8+6S7GhOy7OCHoJ
mTLVg8PlnaS/IUGy+EuwqUw4IyomoEXHbqUBOnq/YFH+FoPX2866SNNCzx9YpZ1P
w4LMheaYqXig5Qw3ZVSKho3nraRianaPEnw30oAbgTS7T7ReB16ocr/XSsA80MGB
a9fJjHYzje36UBtlYBy9UuBBY3jdKumvZiJkjzzNzG9NLY/pXr8rqoLtCZCQZAMo
5yoU46FJN5eebfiWdY66OwBwPmrPSW94CRaqZRDQqLkUgAYlpBMpvf4/DQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFqX7/vWmbF347axprVqTc6SJiWwMB8GA1UdIwQY
MBaAFBFlON/9d88jjE6uuVygVIfFZxq1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRVdVNDNfMTN6eU9NVHE2NVhLQlVoOFZuR3JVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OS9kZThkODItOGUwYS00NDUyLWI4OWEt
NjUwOGMxZjRhNDQ1LzEvV3Bmdi05YVpzWGZqdHJHbXRXcE56cEltSmJBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OS9kZThkODItOGUwYS00NDUyLWI4OWEtNjUwOGMxZjRhNDQ1
LzEvRVdVNDNfMTN6eU9NVHE2NVhLQlVoOFZuR3JVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQC2ZSAMA0G
CSqGSIb3DQEBCwUAA4IBAQA7hbTw6tfW8SNR77AS6jPs8zeRfvM++/xi6afHzvgR
oC8TYC3Eczh5mD0UYehozyw5gQuOA11/AoDchDvt6X5DSKmXNkvBR8jzHmhXx4gS
vIfBMqG+ADfXmpb+6PrTY9idUAxiTJb0IWPY9Ty+x8bP7sOrmHj8Cx08U6lKOeum
OW/EMnveMTGpQGf3/L/V+bfrs+dAaDHsJi4e1th62S3R6pyc/6K/coEJ/yHJbByJ
CzcInQs3U2r/uw/iUsiaIH3m3+kEfSlS7zj7vdfF+IHx3vpChe67L0Q9toBfm6+f
auQG4JeEPMrqZQIC/Lsjt1Ide/EHYym/3c3jYGwWNuB5
-----END CERTIFICATE-----