Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/WXD_3snSvM_g_DVvjZcsqd69hA0.roa
File:                     WXD_3snSvM_g_DVvjZcsqd69hA0.roa (raw, json)
Hash identifier:          dqmhxI3tKSBMWBKnLc2xRFRAioXGVqztp67j9IvPsmo=
Subject key identifier:   59:70:FF:DE:C9:D2:BC:CF:E0:FC:35:6F:8D:97:2C:A9:DE:BD:84:0D
Certificate issuer:       /CN=4459ec2a5fd53909c5239f4cc8d6d329a2779bb1
Certificate serial:       0192C214349C235009E41A64F77FE571E510
Authority key identifier: 44:59:EC:2A:5F:D5:39:09:C5:23:9F:4C:C8:D6:D3:29:A2:77:9B:B1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RFnsKl_VOQnFI59MyNbTKaJ3m7E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/WXD_3snSvM_g_DVvjZcsqd69hA0.roa
Signing time:             Fri 25 Oct 2024 05:09:17 +0000
ROA not before:           Fri 25 Oct 2024 05:09:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49755
IP address blocks:        185.177.112.0/24 maxlen: 24
                          2a0a:c3c5:f000::/36 maxlen: 36

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/RFnsKl_VOQnFI59MyNbTKaJ3m7E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/RFnsKl_VOQnFI59MyNbTKaJ3m7E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RFnsKl_VOQnFI59MyNbTKaJ3m7E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:c2:14:34:9c:23:50:09:e4:1a:64:f7:7f:e5:71:e5:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4459ec2a5fd53909c5239f4cc8d6d329a2779bb1
        Validity
            Not Before: Oct 25 05:09:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5970ffdec9d2bccfe0fc356f8d972ca9debd840d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:4c:a1:3b:60:8a:07:fa:b8:c0:39:a6:c4:2f:
                    f0:32:19:9d:2c:cb:27:1b:24:6d:1b:fa:01:d4:ba:
                    d3:3f:19:b3:c8:ac:f0:df:50:8b:18:0e:19:af:69:
                    1c:a5:dc:7c:36:8b:52:53:ff:0c:cb:56:c2:3a:c0:
                    9c:6d:0a:e5:a9:e4:1f:f5:2d:49:b0:24:d8:84:2b:
                    5a:0c:ca:eb:1b:c4:0c:12:da:31:e0:9b:83:67:6c:
                    9f:92:39:94:29:38:54:34:51:ea:cf:b5:1f:52:a3:
                    43:93:82:3d:23:e4:a4:4f:01:f5:ab:9d:dd:af:f5:
                    ce:03:22:0c:0e:8e:72:82:51:45:62:8d:c5:83:94:
                    7d:8e:d2:fd:94:e3:28:78:b5:d9:2b:29:48:04:e5:
                    b3:46:13:d6:29:4b:20:2a:90:3b:04:58:3f:36:18:
                    42:2a:10:1b:be:72:0c:ff:bd:0e:a1:8c:9a:09:f6:
                    57:07:1c:8b:14:bf:6f:cd:af:3d:d2:c1:7b:b7:5c:
                    cc:1e:df:8e:c7:9a:f9:09:20:0d:7c:c6:5c:95:65:
                    91:23:ed:d4:68:82:3f:ee:0a:d8:db:b3:22:86:b8:
                    31:d1:ce:dc:d1:3d:2d:20:18:01:e6:3e:41:36:e0:
                    b2:fc:a2:93:02:a9:82:35:68:0d:88:ac:3e:b8:db:
                    e8:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:70:FF:DE:C9:D2:BC:CF:E0:FC:35:6F:8D:97:2C:A9:DE:BD:84:0D
            X509v3 Authority Key Identifier:
                keyid:44:59:EC:2A:5F:D5:39:09:C5:23:9F:4C:C8:D6:D3:29:A2:77:9B:B1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RFnsKl_VOQnFI59MyNbTKaJ3m7E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/WXD_3snSvM_g_DVvjZcsqd69hA0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/RFnsKl_VOQnFI59MyNbTKaJ3m7E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.177.112.0/24
                IPv6:
                  2a0a:c3c5:f000::/36

    Signature Algorithm: sha256WithRSAEncryption
         11:e1:dc:48:fc:48:02:dd:10:b6:a8:67:9c:ad:88:ee:fe:1c:
         a8:18:b2:1f:92:f5:ac:73:cb:15:a5:65:31:ac:60:06:50:f9:
         ad:b5:a6:ca:f5:a4:60:50:13:1b:28:ad:83:4b:1f:3b:97:ac:
         a5:f3:27:61:78:d8:5b:19:3b:08:56:b1:aa:82:b5:f4:d3:24:
         02:8e:45:86:f8:bf:f2:d8:c1:52:88:c2:02:90:7b:0a:e5:d3:
         e6:08:2d:8f:69:69:21:68:f8:aa:d9:9f:bc:af:71:51:be:e1:
         a5:96:8b:0c:c3:06:2d:2a:16:54:cb:e8:02:07:31:51:aa:95:
         8c:fd:0c:69:d0:93:c0:47:46:18:c8:88:5a:d2:e4:52:06:06:
         c8:1c:22:a7:21:27:49:2a:1a:c1:f3:d5:0f:29:34:6c:4c:bc:
         b5:04:8b:db:6b:5b:22:6a:8f:f8:02:a1:a2:09:a4:27:ca:57:
         d3:b9:c6:14:5a:e3:9b:f5:09:8f:fe:d9:83:67:62:d7:94:a0:
         7c:05:64:54:14:f5:ee:62:65:9f:a9:fb:b0:62:90:d7:42:58:
         71:39:68:18:21:a4:aa:d7:1b:a6:de:fc:72:b8:2a:5f:4e:2d:
         63:f4:e9:ba:55:19:db:0b:e2:a9:39:4d:28:52:7d:b9:d4:f9:
         e9:ca:ce:74
-----BEGIN CERTIFICATE-----
MIIFDTCCA/WgAwIBAgISAZLCFDScI1AJ5Bpk93/lceUQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ0NTllYzJhNWZkNTM5MDljNTIzOWY0Y2M4ZDZkMzI5YTI3
NzliYjEwHhcNMjQxMDI1MDUwOTE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OTcwZmZkZWM5ZDJiY2NmZTBmYzM1NmY4ZDk3MmNhOWRlYmQ4NDBkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzEyhO2CKB/q4wDmmxC/wMhmdLMsn
GyRtG/oB1LrTPxmzyKzw31CLGA4Zr2kcpdx8NotSU/8My1bCOsCcbQrlqeQf9S1J
sCTYhCtaDMrrG8QMEtox4JuDZ2yfkjmUKThUNFHqz7UfUqNDk4I9I+SkTwH1q53d
r/XOAyIMDo5yglFFYo3Fg5R9jtL9lOMoeLXZKylIBOWzRhPWKUsgKpA7BFg/NhhC
KhAbvnIM/70OoYyaCfZXBxyLFL9vza890sF7t1zMHt+Ox5r5CSANfMZclWWRI+3U
aII/7grY27Mihrgx0c7c0T0tIBgB5j5BNuCy/KKTAqmCNWgNiKw+uNvotQIDAQAB
o4ICGTCCAhUwHQYDVR0OBBYEFFlw/97J0rzP4Pw1b42XLKnevYQNMB8GA1UdIwQY
MBaAFERZ7Cpf1TkJxSOfTMjW0ymid5uxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUkZuc0tsX1ZPUW5GSTU5TXlOYlRLYUozbTdFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Ny9mMGFlNjItYzEwNy00M2NlLWE4YTkt
NmI0MzcyNjAyMDk2LzEvV1hEXzNzblN2TV9nX0RWdmpaY3NxZDY5aEEwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Ny9mMGFlNjItYzEwNy00M2NlLWE4YTktNmI0MzcyNjAyMDk2
LzEvUkZuc0tsX1ZPUW5GSTU5TXlOYlRLYUozbTdFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC8GCCsGAQUFBwEHAQH/BCAwHjAMBAIAATAGAwQAubFwMA4E
AgACMAgDBgQqCsPF8DANBgkqhkiG9w0BAQsFAAOCAQEAEeHcSPxIAt0QtqhnnK2I
7v4cqBiyH5L1rHPLFaVlMaxgBlD5rbWmyvWkYFATGyitg0sfO5espfMnYXjYWxk7
CFaxqoK19NMkAo5Fhvi/8tjBUojCApB7CuXT5ggtj2lpIWj4qtmfvK9xUb7hpZaL
DMMGLSoWVMvoAgcxUaqVjP0MadCTwEdGGMiIWtLkUgYGyBwipyEnSSoawfPVDyk0
bEy8tQSL22tbImqP+AKhogmkJ8pX07nGFFrjm/UJj/7Zg2di15SgfAVkVBT17mJl
n6n7sGKQ10JYcTloGCGkqtcbpt78crgqX04tY/TpulUZ2wviqTlNKFJ9udT56crO
dA==
-----END CERTIFICATE-----