Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a9/4ae4c7-f286-4c6e-9514-88e6816271f7/1/WCZSaewETaBj346OnIYW6EIC8E8.roa
File:                     WCZSaewETaBj346OnIYW6EIC8E8.roa (raw, json)
Hash identifier:          z1guzH1HjEfe/2KtaJ1AaKNTpkPltugRpJvdLVJ8O/g=
Subject key identifier:   58:26:52:69:EC:04:4D:A0:63:DF:8E:8E:9C:86:16:E8:42:02:F0:4F
Certificate issuer:       /CN=bc9c403ad007e2a242a6b09061a3c1a360a64d5a
Certificate serial:       018CC424A1D6D3BBC1260553E70D9D2CB4CA
Authority key identifier: BC:9C:40:3A:D0:07:E2:A2:42:A6:B0:90:61:A3:C1:A3:60:A6:4D:5A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vJxAOtAH4qJCprCQYaPBo2CmTVo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a9/4ae4c7-f286-4c6e-9514-88e6816271f7/1/WCZSaewETaBj346OnIYW6EIC8E8.roa
Signing time:             Mon 01 Jan 2024 08:29:44 +0000
ROA not before:           Mon 01 Jan 2024 08:29:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204149
IP address blocks:        185.112.190.0/24 maxlen: 24
                          185.112.189.0/24 maxlen: 24
                          185.112.191.0/24 maxlen: 24
                          185.112.188.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a9/4ae4c7-f286-4c6e-9514-88e6816271f7/1/vJxAOtAH4qJCprCQYaPBo2CmTVo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a9/4ae4c7-f286-4c6e-9514-88e6816271f7/1/vJxAOtAH4qJCprCQYaPBo2CmTVo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vJxAOtAH4qJCprCQYaPBo2CmTVo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:a1:d6:d3:bb:c1:26:05:53:e7:0d:9d:2c:b4:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bc9c403ad007e2a242a6b09061a3c1a360a64d5a
        Validity
            Not Before: Jan  1 08:29:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=58265269ec044da063df8e8e9c8616e84202f04f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:08:4b:17:93:11:6b:a2:f0:77:44:8d:55:37:
                    95:f9:d8:d1:09:20:be:ad:e6:00:2a:95:c8:70:02:
                    bd:28:da:76:d5:7d:43:d2:b2:84:37:16:9b:fc:f9:
                    36:fa:70:68:e0:41:f2:5f:ef:83:c9:45:67:9c:5d:
                    65:75:b0:54:72:c1:ee:e0:a8:37:50:6c:2e:4b:07:
                    5b:1f:82:6d:78:b1:c0:b5:d5:2a:6f:a3:a3:de:09:
                    3d:b3:d8:14:29:63:3c:97:57:a6:ea:11:f9:ab:8c:
                    f8:3e:1a:39:f1:06:58:20:66:38:35:71:38:24:e0:
                    6e:f6:f7:23:d8:c9:25:9e:71:be:bf:cd:98:d4:bd:
                    71:1e:7b:30:6a:c6:92:46:a3:d5:f3:3f:88:d1:2b:
                    f4:86:9c:8b:56:5b:a8:31:d1:ab:5f:be:87:92:a4:
                    30:b2:8a:30:c4:3d:d9:3c:8b:a4:48:1c:c6:ff:cd:
                    25:44:ab:ac:89:d3:b0:10:5c:64:55:66:78:2e:a5:
                    bf:a0:a7:27:4a:1d:6d:fa:ff:37:bd:cd:f5:5d:91:
                    f6:7e:50:4f:84:e0:06:e3:6a:9d:b1:d6:a1:28:6b:
                    23:bc:cf:00:ca:62:0d:5d:47:6c:1e:7c:cf:75:4d:
                    f8:23:0c:d3:8a:49:54:41:a4:11:3a:eb:15:77:cf:
                    1a:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:26:52:69:EC:04:4D:A0:63:DF:8E:8E:9C:86:16:E8:42:02:F0:4F
            X509v3 Authority Key Identifier:
                keyid:BC:9C:40:3A:D0:07:E2:A2:42:A6:B0:90:61:A3:C1:A3:60:A6:4D:5A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vJxAOtAH4qJCprCQYaPBo2CmTVo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/4ae4c7-f286-4c6e-9514-88e6816271f7/1/WCZSaewETaBj346OnIYW6EIC8E8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/4ae4c7-f286-4c6e-9514-88e6816271f7/1/vJxAOtAH4qJCprCQYaPBo2CmTVo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.112.188.0/22

    Signature Algorithm: sha256WithRSAEncryption
         5f:53:39:4b:2d:41:7d:ed:ef:cf:07:a2:de:63:24:af:dd:2d:
         b0:99:b1:bd:a6:09:03:f7:a0:e5:88:b6:23:34:b2:08:03:88:
         f4:f5:34:33:22:c9:0b:ee:03:a5:29:c9:bc:d1:06:63:ec:38:
         0d:3c:b8:f4:e5:fd:5b:28:0d:a3:2e:94:b3:df:d3:ef:ac:67:
         14:bd:0b:16:ac:6a:22:f2:22:6f:a5:c2:8d:3a:84:c3:f0:e9:
         5c:04:7c:39:cd:fb:8a:ad:a0:df:91:05:ac:1e:2d:a7:2a:e6:
         73:a2:c7:88:4a:8c:49:c3:b9:60:95:56:d2:f2:84:c9:88:ba:
         07:54:d5:c8:ac:e3:1d:11:15:fa:4c:55:c0:c1:9f:00:20:76:
         61:e9:90:f9:46:19:bb:6e:7b:1c:84:54:7a:10:b4:3f:01:77:
         a8:91:4a:5d:bf:eb:2f:e1:c4:eb:29:8d:34:36:55:96:80:ee:
         15:d1:e7:40:29:6f:b9:94:d4:2c:66:d7:3d:6c:f5:03:f5:4a:
         fd:05:ed:ee:a9:25:41:2a:ab:b4:11:cb:89:e0:dd:bf:81:6f:
         2e:77:70:3e:bb:1c:28:ae:1c:d1:29:57:eb:79:a3:24:85:06:
         5e:9b:aa:5f:c1:81:21:aa:db:ba:86:a7:80:d8:5e:cc:32:f5:
         3c:16:d5:7f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJKHW07vBJgVT5w2dLLTKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJjOWM0MDNhZDAwN2UyYTI0MmE2YjA5MDYxYTNjMWEzNjBh
NjRkNWEwHhcNMjQwMTAxMDgyOTQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ODI2NTI2OWVjMDQ0ZGEwNjNkZjhlOGU5Yzg2MTZlODQyMDJmMDRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhwhLF5MRa6Lwd0SNVTeV+djRCSC+
reYAKpXIcAK9KNp21X1D0rKENxab/Pk2+nBo4EHyX++DyUVnnF1ldbBUcsHu4Kg3
UGwuSwdbH4JteLHAtdUqb6Oj3gk9s9gUKWM8l1em6hH5q4z4Pho58QZYIGY4NXE4
JOBu9vcj2MklnnG+v82Y1L1xHnswasaSRqPV8z+I0Sv0hpyLVluoMdGrX76HkqQw
soowxD3ZPIukSBzG/80lRKusidOwEFxkVWZ4LqW/oKcnSh1t+v83vc31XZH2flBP
hOAG42qdsdahKGsjvM8AymINXUdsHnzPdU34IwzTiklUQaQROusVd88adwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFgmUmnsBE2gY9+OjpyGFuhCAvBPMB8GA1UdIwQY
MBaAFLycQDrQB+KiQqawkGGjwaNgpk1aMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdkp4QU90QUg0cUpDcHJDUVlhUEJvMkNtVFZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOS80YWU0YzctZjI4Ni00YzZlLTk1MTQt
ODhlNjgxNjI3MWY3LzEvV0NaU2Fld0VUYUJqMzQ2T25JWVc2RUlDOEU4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOS80YWU0YzctZjI4Ni00YzZlLTk1MTQtODhlNjgxNjI3MWY3
LzEvdkp4QU90QUg0cUpDcHJDUVlhUEJvMkNtVFZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuXC8MA0G
CSqGSIb3DQEBCwUAA4IBAQBfUzlLLUF97e/PB6LeYySv3S2wmbG9pgkD96DliLYj
NLIIA4j09TQzIskL7gOlKcm80QZj7DgNPLj05f1bKA2jLpSz39PvrGcUvQsWrGoi
8iJvpcKNOoTD8OlcBHw5zfuKraDfkQWsHi2nKuZzoseISoxJw7lglVbS8oTJiLoH
VNXIrOMdERX6TFXAwZ8AIHZh6ZD5Rhm7bnschFR6ELQ/AXeokUpdv+sv4cTrKY00
NlWWgO4V0edAKW+5lNQsZtc9bPUD9Ur9Be3uqSVBKqu0EcuJ4N2/gW8ud3A+uxwo
rhzRKVfreaMkhQZem6pfwYEhqtu6hqeA2F7MMvU8FtV/
-----END CERTIFICATE-----