Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/97/16b8e4-1253-4d9e-bd49-fc37fb0cd43b/1/wgcQpLqP2CRIXvvYDcuGSZzIS98.roa
File:                     wgcQpLqP2CRIXvvYDcuGSZzIS98.roa (raw, json)
Hash identifier:          0aiFrn6CzhSQQgEeY1beZjbqST72X4y1zN20MZRj7NE=
Subject key identifier:   C2:07:10:A4:BA:8F:D8:24:48:5E:FB:D8:0D:CB:86:49:9C:C8:4B:DF
Certificate issuer:       /CN=6c03a2caf298019fbd668621516c8c6e1d10e83c
Certificate serial:       018CC6B8F15C16385C3710511A55522BA917
Authority key identifier: 6C:03:A2:CA:F2:98:01:9F:BD:66:86:21:51:6C:8C:6E:1D:10:E8:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bAOiyvKYAZ-9ZoYhUWyMbh0Q6Dw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/97/16b8e4-1253-4d9e-bd49-fc37fb0cd43b/1/wgcQpLqP2CRIXvvYDcuGSZzIS98.roa
Signing time:             Mon 01 Jan 2024 20:30:58 +0000
ROA not before:           Mon 01 Jan 2024 20:30:58 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     134450
IP address blocks:        103.240.180.0/22 maxlen: 32
                          45.114.8.0/22 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/97/16b8e4-1253-4d9e-bd49-fc37fb0cd43b/1/bAOiyvKYAZ-9ZoYhUWyMbh0Q6Dw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/97/16b8e4-1253-4d9e-bd49-fc37fb0cd43b/1/bAOiyvKYAZ-9ZoYhUWyMbh0Q6Dw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bAOiyvKYAZ-9ZoYhUWyMbh0Q6Dw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:f1:5c:16:38:5c:37:10:51:1a:55:52:2b:a9:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6c03a2caf298019fbd668621516c8c6e1d10e83c
        Validity
            Not Before: Jan  1 20:30:58 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c20710a4ba8fd824485efbd80dcb86499cc84bdf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:23:d3:9e:a8:b1:08:3b:6f:8c:46:bb:25:be:
                    9f:48:0f:36:7a:0d:db:5e:48:9d:77:f4:fc:1b:d6:
                    b6:d5:b7:dd:1f:65:68:2d:2b:a1:bd:09:aa:a3:66:
                    6d:4b:37:5c:ef:a2:5c:64:fa:04:13:3e:7c:c1:c1:
                    8c:9c:99:c3:de:c8:40:e7:84:4a:1b:a8:0a:6f:6f:
                    ca:b5:a7:20:0b:ca:cd:32:02:1a:2a:75:52:ca:cb:
                    b7:0b:2b:73:7a:e7:c7:f1:f7:13:43:96:d7:73:68:
                    21:72:4c:46:21:83:f4:57:13:c8:c1:40:af:4f:e7:
                    51:e7:26:81:e8:90:cd:95:74:ce:0b:2e:44:16:58:
                    5a:07:96:f2:d9:7f:61:cc:a3:68:cc:21:ee:ef:10:
                    01:fc:ff:77:84:2a:2e:f7:e1:aa:38:b4:21:72:64:
                    3a:27:b7:da:30:27:7c:89:e6:99:a0:6b:0e:9b:05:
                    b6:4f:f7:57:14:a2:28:91:27:9b:2d:52:7d:d7:00:
                    ed:62:ec:29:4a:df:5c:f7:4e:fb:5d:42:02:5b:55:
                    a5:dd:a3:1b:b3:02:b9:c1:49:55:79:bd:71:df:70:
                    37:54:56:9e:d9:70:27:be:c8:14:72:eb:7d:2d:91:
                    1b:fd:74:c8:89:7b:51:08:05:d7:39:54:69:8d:8d:
                    8c:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C2:07:10:A4:BA:8F:D8:24:48:5E:FB:D8:0D:CB:86:49:9C:C8:4B:DF
            X509v3 Authority Key Identifier:
                keyid:6C:03:A2:CA:F2:98:01:9F:BD:66:86:21:51:6C:8C:6E:1D:10:E8:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bAOiyvKYAZ-9ZoYhUWyMbh0Q6Dw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/97/16b8e4-1253-4d9e-bd49-fc37fb0cd43b/1/wgcQpLqP2CRIXvvYDcuGSZzIS98.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/97/16b8e4-1253-4d9e-bd49-fc37fb0cd43b/1/bAOiyvKYAZ-9ZoYhUWyMbh0Q6Dw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.114.8.0/22
                  103.240.180.0/22

    Signature Algorithm: sha256WithRSAEncryption
         a0:95:1f:2d:fb:d8:a3:d1:f1:5e:a1:28:b4:0a:80:68:70:8c:
         96:9e:6f:4f:92:0e:40:0e:ef:51:6d:18:48:d3:1a:c2:f8:da:
         e0:fc:b3:6a:72:31:a1:ec:98:50:5b:00:16:48:5f:99:4f:92:
         b7:a7:f9:09:32:c9:2d:63:bf:55:3c:91:a0:03:37:77:04:4f:
         2b:43:d8:77:43:28:4d:cd:9d:cf:09:bc:d2:bd:c2:ae:fe:1e:
         04:4b:74:68:d4:7b:20:48:3d:24:ec:8b:62:d6:9d:7b:00:0c:
         37:3f:02:98:27:19:2d:aa:ec:10:4d:30:a2:bb:6a:a7:11:aa:
         4c:77:6e:8d:1c:ca:0e:66:07:7a:ac:36:94:b5:15:22:b7:59:
         2d:e6:a0:fc:b3:e7:b9:f0:7b:a8:ea:71:cf:ec:a8:3d:85:0c:
         e0:3b:a6:75:a0:09:24:99:66:85:31:72:ab:a6:33:d0:2f:0e:
         1f:1a:57:2f:0b:30:4f:07:35:0f:0b:98:0b:a7:cc:82:60:13:
         6b:b6:f4:23:4b:14:16:7b:8d:01:4b:9c:04:f7:13:71:91:2d:
         36:e8:55:6f:11:42:c0:4d:30:50:df:e6:47:51:d1:27:e5:93:
         dc:28:9b:0c:cf:55:0b:2d:6c:a5:70:9f:ba:b1:cd:41:cf:41:
         a7:e0:7b:04
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzGuPFcFjhcNxBRGlVSK6kXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjMDNhMmNhZjI5ODAxOWZiZDY2ODYyMTUxNmM4YzZlMWQx
MGU4M2MwHhcNMjQwMTAxMjAzMDU4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMjA3MTBhNGJhOGZkODI0NDg1ZWZiZDgwZGNiODY0OTljYzg0YmRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqiPTnqixCDtvjEa7Jb6fSA82eg3b
Xkidd/T8G9a21bfdH2VoLSuhvQmqo2ZtSzdc76JcZPoEEz58wcGMnJnD3shA54RK
G6gKb2/KtacgC8rNMgIaKnVSysu3CytzeufH8fcTQ5bXc2ghckxGIYP0VxPIwUCv
T+dR5yaB6JDNlXTOCy5EFlhaB5by2X9hzKNozCHu7xAB/P93hCou9+GqOLQhcmQ6
J7faMCd8ieaZoGsOmwW2T/dXFKIokSebLVJ91wDtYuwpSt9c9077XUICW1Wl3aMb
swK5wUlVeb1x33A3VFae2XAnvsgUcut9LZEb/XTIiXtRCAXXOVRpjY2MEQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFMIHEKS6j9gkSF772A3LhkmcyEvfMB8GA1UdIwQY
MBaAFGwDosrymAGfvWaGIVFsjG4dEOg8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYkFPaXl2S1lBWi05Wm9ZaFVXeU1iaDBRNkR3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Ny8xNmI4ZTQtMTI1My00ZDllLWJkNDkt
ZmMzN2ZiMGNkNDNiLzEvd2djUXBMcVAyQ1JJWHZ2WURjdUdTWnpJUzk4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Ny8xNmI4ZTQtMTI1My00ZDllLWJkNDktZmMzN2ZiMGNkNDNi
LzEvYkFPaXl2S1lBWi05Wm9ZaFVXeU1iaDBRNkR3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCLXIIAwQC
Z/C0MA0GCSqGSIb3DQEBCwUAA4IBAQCglR8t+9ij0fFeoSi0CoBocIyWnm9Pkg5A
Du9RbRhI0xrC+Nrg/LNqcjGh7JhQWwAWSF+ZT5K3p/kJMsktY79VPJGgAzd3BE8r
Q9h3QyhNzZ3PCbzSvcKu/h4ES3Ro1HsgSD0k7Iti1p17AAw3PwKYJxktquwQTTCi
u2qnEapMd26NHMoOZgd6rDaUtRUit1kt5qD8s+e58Huo6nHP7Kg9hQzgO6Z1oAkk
mWaFMXKrpjPQLw4fGlcvCzBPBzUPC5gLp8yCYBNrtvQjSxQWe40BS5wE9xNxkS02
6FVvEULATTBQ3+ZHUdEn5ZPcKJsMz1ULLWylcJ+6sc1Bz0Gn4HsE
-----END CERTIFICATE-----