Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a3/1f9e6c-e6b8-4ad4-9941-f46f9d674f6c/1/WJQggQ73aWPivOiQTJesSQOQt4g.roa
File:                     WJQggQ73aWPivOiQTJesSQOQt4g.roa (raw, json)
Hash identifier:          lI0UKr+yC2HTxDOZaaYbAHgpcaXFjkHbR66Ckf6j7M8=
Subject key identifier:   58:94:20:81:0E:F7:69:63:E2:BC:E8:90:4C:97:AC:49:03:90:B7:88
Certificate issuer:       /CN=719e59b5017bfe634411949eff2d70ba0a07c540
Certificate serial:       018CC2DAF1A7342BC85047194F387072ABB6
Authority key identifier: 71:9E:59:B5:01:7B:FE:63:44:11:94:9E:FF:2D:70:BA:0A:07:C5:40
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cZ5ZtQF7_mNEEZSe_y1wugoHxUA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a3/1f9e6c-e6b8-4ad4-9941-f46f9d674f6c/1/WJQggQ73aWPivOiQTJesSQOQt4g.roa
Signing time:             Mon 01 Jan 2024 02:29:37 +0000
ROA not before:           Mon 01 Jan 2024 02:29:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        46.28.58.0/24 maxlen: 24
                          46.28.59.0/24 maxlen: 24
                          46.28.63.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a3/1f9e6c-e6b8-4ad4-9941-f46f9d674f6c/1/cZ5ZtQF7_mNEEZSe_y1wugoHxUA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a3/1f9e6c-e6b8-4ad4-9941-f46f9d674f6c/1/cZ5ZtQF7_mNEEZSe_y1wugoHxUA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cZ5ZtQF7_mNEEZSe_y1wugoHxUA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 20:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:f1:a7:34:2b:c8:50:47:19:4f:38:70:72:ab:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=719e59b5017bfe634411949eff2d70ba0a07c540
        Validity
            Not Before: Jan  1 02:29:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=589420810ef76963e2bce8904c97ac490390b788
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:3a:09:bb:d9:ad:98:e5:53:3a:56:89:d0:12:
                    a6:c9:5d:b2:bd:30:6e:7b:bd:68:0c:cd:c0:90:39:
                    bf:92:87:de:9d:88:52:38:a0:8b:0d:fe:37:65:1d:
                    2d:4e:5c:48:74:e0:69:07:fd:43:2a:09:6a:c6:26:
                    df:5c:cc:10:6b:50:b4:06:cf:94:9f:7c:c0:3f:ab:
                    a9:5b:cf:cc:51:8e:2e:bd:82:a7:a3:e3:f0:70:63:
                    2a:36:55:89:bf:aa:c8:67:cf:44:83:66:3a:73:89:
                    b2:d5:b2:51:83:e8:87:41:e7:eb:aa:20:76:e2:b2:
                    3f:11:e1:83:1f:ba:fe:5d:e0:08:8e:e5:26:78:cd:
                    98:b0:43:13:26:45:fd:fa:43:75:8a:fe:b1:a0:22:
                    f4:48:55:e6:83:94:91:eb:2d:70:f4:ce:93:4a:bc:
                    7d:ea:02:85:4f:74:98:f4:1e:e0:83:fe:58:6c:24:
                    bc:6a:06:5e:0a:36:a4:a0:04:10:64:5e:cc:39:17:
                    87:2e:67:f4:63:c5:07:29:db:8d:15:c5:30:39:e2:
                    06:d0:bf:67:5b:90:1f:cc:7b:63:1e:7a:7b:da:6b:
                    46:eb:f6:1c:42:f0:91:d9:25:85:b9:46:23:50:8b:
                    2a:6c:5f:8c:2d:14:1d:b2:17:e9:aa:c4:93:28:ae:
                    de:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:94:20:81:0E:F7:69:63:E2:BC:E8:90:4C:97:AC:49:03:90:B7:88
            X509v3 Authority Key Identifier:
                keyid:71:9E:59:B5:01:7B:FE:63:44:11:94:9E:FF:2D:70:BA:0A:07:C5:40

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cZ5ZtQF7_mNEEZSe_y1wugoHxUA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/1f9e6c-e6b8-4ad4-9941-f46f9d674f6c/1/WJQggQ73aWPivOiQTJesSQOQt4g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/1f9e6c-e6b8-4ad4-9941-f46f9d674f6c/1/cZ5ZtQF7_mNEEZSe_y1wugoHxUA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.28.58.0/23
                  46.28.63.0/24

    Signature Algorithm: sha256WithRSAEncryption
         80:2c:37:c4:6e:c1:81:46:78:b8:77:8d:73:14:eb:5b:44:ad:
         55:ba:78:40:8d:b6:1d:18:03:5c:f7:52:6e:6b:fc:d6:45:4b:
         a6:db:8c:e4:db:73:2f:5e:fc:7e:c7:80:70:18:32:94:8e:f9:
         5b:c0:63:8b:20:2d:05:c2:44:fc:89:bc:45:4e:83:b2:ac:63:
         2d:c1:a8:79:80:ec:8e:f4:2b:fe:84:c2:ef:0f:e2:5d:27:01:
         92:b1:f0:19:62:77:59:c9:a1:cc:79:c3:f9:a5:87:fe:ae:61:
         54:a6:8c:ba:01:4f:f6:39:0e:ae:7e:43:4e:1b:40:88:9c:4a:
         3c:cb:4d:1c:59:eb:06:16:9c:49:c2:fa:79:7d:b6:b9:b6:a3:
         93:a2:db:81:0b:c5:00:7d:d1:d1:a4:0f:81:50:37:42:d9:b4:
         d9:e9:71:a9:2b:d8:18:7f:b0:48:96:4a:a7:58:59:82:40:e3:
         55:b1:7d:6b:43:f2:c6:dc:f4:8b:7a:25:8f:5f:cf:8b:92:82:
         02:55:fe:8f:c5:88:c7:3c:d4:17:3f:91:5e:d2:65:e3:a6:56:
         d9:12:20:f4:25:4a:de:5f:2d:70:2a:aa:46:06:bb:69:13:0c:
         5e:bf:69:2b:cd:33:33:20:5b:18:58:06:3a:d4:28:5c:b0:d9:
         1e:59:ad:12
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzC2vGnNCvIUEcZTzhwcqu2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcxOWU1OWI1MDE3YmZlNjM0NDExOTQ5ZWZmMmQ3MGJhMGEw
N2M1NDAwHhcNMjQwMTAxMDIyOTM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ODk0MjA4MTBlZjc2OTYzZTJiY2U4OTA0Yzk3YWM0OTAzOTBiNzg4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtDoJu9mtmOVTOlaJ0BKmyV2yvTBu
e71oDM3AkDm/kofenYhSOKCLDf43ZR0tTlxIdOBpB/1DKglqxibfXMwQa1C0Bs+U
n3zAP6upW8/MUY4uvYKno+PwcGMqNlWJv6rIZ89Eg2Y6c4my1bJRg+iHQefrqiB2
4rI/EeGDH7r+XeAIjuUmeM2YsEMTJkX9+kN1iv6xoCL0SFXmg5SR6y1w9M6TSrx9
6gKFT3SY9B7gg/5YbCS8agZeCjakoAQQZF7MOReHLmf0Y8UHKduNFcUwOeIG0L9n
W5AfzHtjHnp72mtG6/YcQvCR2SWFuUYjUIsqbF+MLRQdshfpqsSTKK7eawIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFFiUIIEO92lj4rzokEyXrEkDkLeIMB8GA1UdIwQY
MBaAFHGeWbUBe/5jRBGUnv8tcLoKB8VAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY1o1WnRRRjdfbU5FRVpTZV95MXd1Z29IeFVBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMy8xZjllNmMtZTZiOC00YWQ0LTk5NDEt
ZjQ2ZjlkNjc0ZjZjLzEvV0pRZ2dRNzNhV1Bpdk9pUVRKZXNTUU9RdDRnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMy8xZjllNmMtZTZiOC00YWQ0LTk5NDEtZjQ2ZjlkNjc0ZjZj
LzEvY1o1WnRRRjdfbU5FRVpTZV95MXd1Z29IeFVBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBLhw6AwQA
Lhw/MA0GCSqGSIb3DQEBCwUAA4IBAQCALDfEbsGBRni4d41zFOtbRK1VunhAjbYd
GANc91Jua/zWRUum24zk23MvXvx+x4BwGDKUjvlbwGOLIC0FwkT8ibxFToOyrGMt
wah5gOyO9Cv+hMLvD+JdJwGSsfAZYndZyaHMecP5pYf+rmFUpoy6AU/2OQ6ufkNO
G0CInEo8y00cWesGFpxJwvp5fba5tqOTotuBC8UAfdHRpA+BUDdC2bTZ6XGpK9gY
f7BIlkqnWFmCQONVsX1rQ/LG3PSLeiWPX8+LkoICVf6PxYjHPNQXP5Fe0mXjplbZ
EiD0JUreXy1wKqpGBrtpEwxev2krzTMzIFsYWAY61ChcsNkeWa0S
-----END CERTIFICATE-----