Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a9/3c02f6-7c41-49bb-b9de-b69dce7547a1/1/WNLOS95A11G_MgTn9hjPe2hFNqc.roa
File:                     WNLOS95A11G_MgTn9hjPe2hFNqc.roa (raw, json)
Hash identifier:          aUqYeJWG2HAts87QDuxPvy3sgBgWWm69OK3NDZNrt3k=
Subject key identifier:   58:D2:CE:4B:DE:40:D7:51:BF:32:04:E7:F6:18:CF:7B:68:45:36:A7
Certificate issuer:       /CN=16cde139ae0573b0a4dda93e77b57ff27f9beba1
Certificate serial:       018CC6B8B0B681A0C485AC04131A8FC66196
Authority key identifier: 16:CD:E1:39:AE:05:73:B0:A4:DD:A9:3E:77:B5:7F:F2:7F:9B:EB:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Fs3hOa4Fc7Ck3ak-d7V_8n-b66E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a9/3c02f6-7c41-49bb-b9de-b69dce7547a1/1/WNLOS95A11G_MgTn9hjPe2hFNqc.roa
Signing time:             Mon 01 Jan 2024 20:30:41 +0000
ROA not before:           Mon 01 Jan 2024 20:30:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20594
IP address blocks:        185.62.144.0/23 maxlen: 23
                          185.62.146.0/24 maxlen: 24
                          217.194.32.0/20 maxlen: 20

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a9/3c02f6-7c41-49bb-b9de-b69dce7547a1/1/Fs3hOa4Fc7Ck3ak-d7V_8n-b66E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a9/3c02f6-7c41-49bb-b9de-b69dce7547a1/1/Fs3hOa4Fc7Ck3ak-d7V_8n-b66E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Fs3hOa4Fc7Ck3ak-d7V_8n-b66E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 07:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:b0:b6:81:a0:c4:85:ac:04:13:1a:8f:c6:61:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=16cde139ae0573b0a4dda93e77b57ff27f9beba1
        Validity
            Not Before: Jan  1 20:30:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=58d2ce4bde40d751bf3204e7f618cf7b684536a7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:db:c6:fa:d9:a6:57:4e:4e:76:d8:80:d8:f1:
                    cc:a5:9c:50:a6:c4:05:4e:41:1b:39:59:0e:ea:8a:
                    8e:42:6d:41:a4:4f:ca:b7:32:41:c5:ff:23:23:af:
                    41:f2:f8:43:17:ca:bf:af:40:a1:3f:64:36:60:c0:
                    15:32:ab:32:76:a9:56:cb:0a:fa:6f:3a:ce:3f:7c:
                    70:78:3d:c7:41:de:0b:91:c0:b8:25:86:aa:46:b9:
                    b7:a0:8a:4e:85:03:3f:86:91:47:8d:b8:a8:f5:b8:
                    f3:1a:3d:e5:b3:ce:fe:fe:29:69:07:ab:f1:9f:03:
                    c4:1e:76:ae:cf:77:61:69:c4:e4:26:ea:e1:a6:61:
                    3d:8b:57:07:54:d5:0a:3c:81:4d:ff:95:8d:66:1f:
                    3b:d0:bd:d0:9a:0f:d1:4f:1f:be:8d:59:6f:14:1d:
                    15:64:3c:ca:95:3e:ba:e5:f4:79:d8:ab:81:27:8b:
                    66:17:74:8f:a8:78:07:db:6e:85:57:49:04:c7:c2:
                    22:6c:65:83:72:14:60:ea:bc:2c:23:d2:16:a4:b9:
                    1a:0f:e3:c7:d8:2f:78:05:5d:e9:f1:d1:53:5e:5c:
                    9b:a5:a8:a5:ff:dc:9c:9f:0b:78:cd:26:e3:c2:24:
                    05:68:2c:2b:55:29:47:9b:fd:7b:56:ba:d6:f1:1c:
                    79:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:D2:CE:4B:DE:40:D7:51:BF:32:04:E7:F6:18:CF:7B:68:45:36:A7
            X509v3 Authority Key Identifier:
                keyid:16:CD:E1:39:AE:05:73:B0:A4:DD:A9:3E:77:B5:7F:F2:7F:9B:EB:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Fs3hOa4Fc7Ck3ak-d7V_8n-b66E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/3c02f6-7c41-49bb-b9de-b69dce7547a1/1/WNLOS95A11G_MgTn9hjPe2hFNqc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/3c02f6-7c41-49bb-b9de-b69dce7547a1/1/Fs3hOa4Fc7Ck3ak-d7V_8n-b66E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.62.144.0-185.62.146.255
                  217.194.32.0/20

    Signature Algorithm: sha256WithRSAEncryption
         51:75:87:bf:9e:86:64:c4:e6:a7:bf:d2:4d:b4:f3:eb:97:a4:
         fe:91:de:73:f1:82:34:51:63:f5:00:0c:fc:de:e4:ae:71:f1:
         fd:af:61:03:3e:a8:a1:72:e5:2f:f5:04:f0:e8:07:03:23:87:
         e1:b4:53:34:95:9e:17:37:cc:c2:99:bb:c7:37:cf:de:23:94:
         40:e1:34:8a:51:e0:66:4f:09:81:fb:27:3b:2f:24:10:46:e0:
         c9:a2:cc:3d:fe:3b:32:e8:f5:a0:82:37:f6:d7:1d:6d:8d:28:
         53:fd:14:45:16:90:b5:0d:a6:4c:d6:08:36:51:01:a6:fe:29:
         4c:19:6b:c8:fb:6b:3d:05:e0:d4:ae:9f:33:d8:af:3f:e9:f2:
         69:14:37:6d:74:eb:0e:2a:49:eb:52:f2:98:19:d9:3a:22:87:
         f2:f3:76:8b:87:d4:85:fc:5c:30:e6:08:ce:42:f6:f5:2e:5f:
         40:73:b7:fe:df:bc:a0:29:2c:e0:92:ba:29:9e:1f:0a:91:38:
         47:3f:0d:df:09:47:04:dc:92:37:12:08:c7:67:41:72:bd:1f:
         e4:df:65:fe:91:ce:78:68:52:08:e4:bb:59:70:5d:3b:69:6c:
         e2:90:5f:d7:0d:b7:50:71:c9:6f:27:19:27:9d:65:ca:0e:1b:
         0d:0c:c1:2a
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAYzGuLC2gaDEhawEExqPxmGWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE2Y2RlMTM5YWUwNTczYjBhNGRkYTkzZTc3YjU3ZmYyN2Y5
YmViYTEwHhcNMjQwMTAxMjAzMDQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OGQyY2U0YmRlNDBkNzUxYmYzMjA0ZTdmNjE4Y2Y3YjY4NDUzNmE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAodvG+tmmV05OdtiA2PHMpZxQpsQF
TkEbOVkO6oqOQm1BpE/KtzJBxf8jI69B8vhDF8q/r0ChP2Q2YMAVMqsydqlWywr6
bzrOP3xweD3HQd4LkcC4JYaqRrm3oIpOhQM/hpFHjbio9bjzGj3ls87+/ilpB6vx
nwPEHnauz3dhacTkJurhpmE9i1cHVNUKPIFN/5WNZh870L3Qmg/RTx++jVlvFB0V
ZDzKlT665fR52KuBJ4tmF3SPqHgH226FV0kEx8IibGWDchRg6rwsI9IWpLkaD+PH
2C94BV3p8dFTXlybpail/9ycnwt4zSbjwiQFaCwrVSlHm/17VrrW8Rx5yQIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFFjSzkveQNdRvzIE5/YYz3toRTanMB8GA1UdIwQY
MBaAFBbN4TmuBXOwpN2pPne1f/J/m+uhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRnMzaE9hNEZjN0NrM2FrLWQ3Vl84bi1iNjZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOS8zYzAyZjYtN2M0MS00OWJiLWI5ZGUt
YjY5ZGNlNzU0N2ExLzEvV05MT1M5NUExMUdfTWdUbjloalBlMmhGTnFjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOS8zYzAyZjYtN2M0MS00OWJiLWI5ZGUtYjY5ZGNlNzU0N2Ex
LzEvRnMzaE9hNEZjN0NrM2FrLWQ3Vl84bi1iNjZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUMAwDBAS5PpAD
BAC5PpIDBATZwiAwDQYJKoZIhvcNAQELBQADggEBAFF1h7+ehmTE5qe/0k208+uX
pP6R3nPxgjRRY/UADPze5K5x8f2vYQM+qKFy5S/1BPDoBwMjh+G0UzSVnhc3zMKZ
u8c3z94jlEDhNIpR4GZPCYH7JzsvJBBG4MmizD3+OzLo9aCCN/bXHW2NKFP9FEUW
kLUNpkzWCDZRAab+KUwZa8j7az0F4NSunzPYrz/p8mkUN2106w4qSetS8pgZ2Toi
h/LzdouH1IX8XDDmCM5C9vUuX0Bzt/7fvKApLOCSuimeHwqROEc/Dd8JRwTckjcS
CMdnQXK9H+TfZf6RznhoUgjku1lwXTtpbOKQX9cNt1BxyW8nGSedZcoOGw0MwSo=
-----END CERTIFICATE-----