Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8d/971311-f47f-46db-8c57-e9782041cc24/1/WP4D9KtPmztv7ZG4oC1dMBHn9Jg.roa
File:                     WP4D9KtPmztv7ZG4oC1dMBHn9Jg.roa (raw, json)
Hash identifier:          b9wx1v/w4fbSuhrSPvQp7o4+4UKqyXF4Uu0drVJhp6s=
Subject key identifier:   58:FE:03:F4:AB:4F:9B:3B:6F:ED:91:B8:A0:2D:5D:30:11:E7:F4:98
Certificate issuer:       /CN=816d220b2b5a46fbeb27ef2d969fa21dd338c5b3
Certificate serial:       01917F9B3185E98BE1DC12261F91D68A1B47
Authority key identifier: 81:6D:22:0B:2B:5A:46:FB:EB:27:EF:2D:96:9F:A2:1D:D3:38:C5:B3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gW0iCytaRvvrJ-8tlp-iHdM4xbM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8d/971311-f47f-46db-8c57-e9782041cc24/1/WP4D9KtPmztv7ZG4oC1dMBHn9Jg.roa
Signing time:             Fri 23 Aug 2024 14:19:22 +0000
ROA not before:           Fri 23 Aug 2024 14:19:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215324
IP address blocks:        185.140.53.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8d/971311-f47f-46db-8c57-e9782041cc24/1/gW0iCytaRvvrJ-8tlp-iHdM4xbM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8d/971311-f47f-46db-8c57-e9782041cc24/1/gW0iCytaRvvrJ-8tlp-iHdM4xbM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gW0iCytaRvvrJ-8tlp-iHdM4xbM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 08:00:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:7f:9b:31:85:e9:8b:e1:dc:12:26:1f:91:d6:8a:1b:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=816d220b2b5a46fbeb27ef2d969fa21dd338c5b3
        Validity
            Not Before: Aug 23 14:19:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=58fe03f4ab4f9b3b6fed91b8a02d5d3011e7f498
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:7b:c5:77:9d:e6:c6:52:01:59:2d:cf:6e:01:
                    92:96:0d:7a:08:4b:ed:42:27:8a:88:79:f5:8f:22:
                    96:67:68:4a:31:e0:4f:1e:73:b6:8b:a6:1a:b2:12:
                    87:ef:59:59:50:5f:1e:77:13:97:da:2f:2f:06:21:
                    14:96:83:7e:35:28:fb:0c:42:d9:86:06:bc:24:f9:
                    f3:4a:81:50:86:33:97:cd:19:b5:a0:23:aa:16:e7:
                    9c:80:cb:52:0e:34:57:0a:d3:d6:d7:0f:bd:cc:3c:
                    30:1b:66:54:66:92:c2:f0:cc:5d:2f:b8:ae:f6:9f:
                    39:fb:43:d1:e8:c5:23:c1:8f:ee:1f:f7:8d:c2:e5:
                    84:e0:2d:68:99:84:bd:45:b9:6f:d4:a0:ff:aa:e6:
                    1a:80:a1:98:d0:e7:7d:02:d2:b7:a7:63:88:3b:31:
                    61:f9:7e:3d:c7:0e:cb:48:5e:81:66:f0:5e:0b:98:
                    bf:28:12:77:76:49:aa:c3:c3:00:aa:cf:ff:c4:b2:
                    ca:5e:af:cf:1d:35:a0:00:b1:a3:e8:40:c3:7b:43:
                    a2:69:aa:48:10:fe:44:fc:7e:80:2e:73:3a:be:2f:
                    f4:c5:31:e1:78:67:85:1a:41:ca:f0:d9:71:eb:ae:
                    ac:84:f9:a1:19:25:ec:ae:55:49:05:e7:e2:24:7e:
                    57:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:FE:03:F4:AB:4F:9B:3B:6F:ED:91:B8:A0:2D:5D:30:11:E7:F4:98
            X509v3 Authority Key Identifier:
                keyid:81:6D:22:0B:2B:5A:46:FB:EB:27:EF:2D:96:9F:A2:1D:D3:38:C5:B3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gW0iCytaRvvrJ-8tlp-iHdM4xbM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/971311-f47f-46db-8c57-e9782041cc24/1/WP4D9KtPmztv7ZG4oC1dMBHn9Jg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/971311-f47f-46db-8c57-e9782041cc24/1/gW0iCytaRvvrJ-8tlp-iHdM4xbM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.140.53.0/24

    Signature Algorithm: sha256WithRSAEncryption
         51:29:0a:35:4b:25:5c:f7:96:9e:f8:18:77:d5:56:d6:bc:60:
         4a:55:61:5b:fd:2f:a7:58:16:4d:75:a4:38:0f:31:82:a1:ed:
         b1:3f:07:87:17:37:00:a3:e5:21:62:a2:ab:09:ac:87:cf:7b:
         46:ce:f9:bf:39:8a:00:7f:92:76:51:c4:cd:ea:b8:a5:3e:a3:
         26:28:4e:65:9d:7b:d4:f0:f9:49:e9:42:e2:c5:8c:8a:a4:19:
         5c:15:9f:50:f5:d1:6f:28:59:10:8d:d9:2e:a6:c4:71:03:9f:
         82:db:e3:0f:b9:57:18:5a:e9:7c:ab:8c:c6:a9:98:1b:db:db:
         1a:ad:f8:76:10:5e:36:ae:43:ae:04:78:b7:d7:5c:1b:d6:19:
         f5:8d:60:7a:7f:db:7a:6b:4a:2f:55:44:84:30:75:c6:f1:6f:
         85:1c:b7:12:54:e1:45:4e:af:8c:06:12:5d:d5:84:2a:bb:73:
         25:ba:21:0d:0c:45:fe:66:61:84:f2:13:db:e1:c7:63:05:e9:
         0c:6f:6a:a0:0e:04:3a:3c:ec:dd:8e:d3:ed:96:1f:1e:d5:52:
         de:d6:32:45:a8:94:4d:d1:3c:7e:2c:18:6a:03:5c:cd:e3:16:
         94:4b:14:ba:b1:44:67:a4:27:ea:be:03:49:d7:ab:3a:4a:b1:
         ab:2f:d1:b3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZF/mzGF6Yvh3BImH5HWihtHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgxNmQyMjBiMmI1YTQ2ZmJlYjI3ZWYyZDk2OWZhMjFkZDMz
OGM1YjMwHhcNMjQwODIzMTQxOTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OGZlMDNmNGFiNGY5YjNiNmZlZDkxYjhhMDJkNWQzMDExZTdmNDk4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtHvFd53mxlIBWS3PbgGSlg16CEvt
QieKiHn1jyKWZ2hKMeBPHnO2i6YashKH71lZUF8edxOX2i8vBiEUloN+NSj7DELZ
hga8JPnzSoFQhjOXzRm1oCOqFuecgMtSDjRXCtPW1w+9zDwwG2ZUZpLC8MxdL7iu
9p85+0PR6MUjwY/uH/eNwuWE4C1omYS9Rblv1KD/quYagKGY0Od9AtK3p2OIOzFh
+X49xw7LSF6BZvBeC5i/KBJ3dkmqw8MAqs//xLLKXq/PHTWgALGj6EDDe0OiaapI
EP5E/H6ALnM6vi/0xTHheGeFGkHK8Nlx666shPmhGSXsrlVJBefiJH5XWQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFj+A/SrT5s7b+2RuKAtXTAR5/SYMB8GA1UdIwQY
MBaAFIFtIgsrWkb76yfvLZafoh3TOMWzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ1cwaUN5dGFSdnZySi04dGxwLWlIZE00eGJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZC85NzEzMTEtZjQ3Zi00NmRiLThjNTct
ZTk3ODIwNDFjYzI0LzEvV1A0RDlLdFBtenR2N1pHNG9DMWRNQkhuOUpnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZC85NzEzMTEtZjQ3Zi00NmRiLThjNTctZTk3ODIwNDFjYzI0
LzEvZ1cwaUN5dGFSdnZySi04dGxwLWlIZE00eGJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuYw1MA0G
CSqGSIb3DQEBCwUAA4IBAQBRKQo1SyVc95ae+Bh31VbWvGBKVWFb/S+nWBZNdaQ4
DzGCoe2xPweHFzcAo+UhYqKrCayHz3tGzvm/OYoAf5J2UcTN6rilPqMmKE5lnXvU
8PlJ6ULixYyKpBlcFZ9Q9dFvKFkQjdkupsRxA5+C2+MPuVcYWul8q4zGqZgb29sa
rfh2EF42rkOuBHi311wb1hn1jWB6f9t6a0ovVUSEMHXG8W+FHLcSVOFFTq+MBhJd
1YQqu3MluiENDEX+ZmGE8hPb4cdjBekMb2qgDgQ6POzdjtPtlh8e1VLe1jJFqJRN
0Tx+LBhqA1zN4xaUSxS6sURnpCfqvgNJ16s6SrGrL9Gz
-----END CERTIFICATE-----