Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/9355b9-73d4-4c4c-9601-f01a2f58ef88/1/WnrDoywytSaPAQBWNaGR3G4IOo0.roa
File:                     WnrDoywytSaPAQBWNaGR3G4IOo0.roa (raw, json)
Hash identifier:          edK+15G8Q2TQbY0o9RRcOTSVBnp/+O2AO257L93gDNI=
Subject key identifier:   5A:7A:C3:A3:2C:32:B5:26:8F:01:00:56:35:A1:91:DC:6E:08:3A:8D
Certificate issuer:       /CN=8ad47baa9aa6e0a20ad995a79c2a8de604f9aa37
Certificate serial:       018CC9BBC1366CED2F3F7CFDB60EBF4108B5
Authority key identifier: 8A:D4:7B:AA:9A:A6:E0:A2:0A:D9:95:A7:9C:2A:8D:E6:04:F9:AA:37
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/itR7qpqm4KIK2ZWnnCqN5gT5qjc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b1/9355b9-73d4-4c4c-9601-f01a2f58ef88/1/WnrDoywytSaPAQBWNaGR3G4IOo0.roa
Signing time:             Tue 02 Jan 2024 10:32:54 +0000
ROA not before:           Tue 02 Jan 2024 10:32:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199143
IP address blocks:        5.158.217.0/24 maxlen: 24
                          5.158.216.0/24 maxlen: 24
                          5.158.219.0/24 maxlen: 24
                          5.158.218.0/24 maxlen: 24
                          5.158.220.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b1/9355b9-73d4-4c4c-9601-f01a2f58ef88/1/itR7qpqm4KIK2ZWnnCqN5gT5qjc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b1/9355b9-73d4-4c4c-9601-f01a2f58ef88/1/itR7qpqm4KIK2ZWnnCqN5gT5qjc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/itR7qpqm4KIK2ZWnnCqN5gT5qjc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 22:01:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bb:c1:36:6c:ed:2f:3f:7c:fd:b6:0e:bf:41:08:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8ad47baa9aa6e0a20ad995a79c2a8de604f9aa37
        Validity
            Not Before: Jan  2 10:32:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5a7ac3a32c32b5268f01005635a191dc6e083a8d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:ee:00:41:d3:5a:b4:81:6a:2d:27:2c:3f:a5:
                    b1:57:37:3f:57:30:63:46:26:18:e7:d4:4f:2d:34:
                    20:25:cb:30:ca:cb:bc:88:52:88:56:45:3c:c5:3b:
                    c6:16:19:4f:dd:d4:34:bc:dd:78:4c:82:19:de:f7:
                    1b:4d:a9:5f:71:1a:a1:ac:05:70:62:e9:d5:90:b0:
                    52:30:aa:2d:1b:c6:5b:72:18:2d:cc:28:62:0e:03:
                    ed:00:d2:80:88:10:5b:5c:b9:c4:0f:da:8f:d7:57:
                    90:b1:44:60:b0:ab:3a:9a:f7:bd:c5:2d:6a:56:a5:
                    c5:cb:b5:04:ed:c2:12:9c:e3:fa:83:db:f1:c6:a9:
                    f2:0b:7d:ce:93:80:8e:fc:e1:23:be:ea:cf:93:13:
                    82:19:30:17:ec:d8:80:ac:17:15:81:8c:df:95:7b:
                    9f:7d:56:1a:64:1d:27:26:ab:f3:77:41:fd:c0:66:
                    60:0c:25:27:1e:fc:1e:73:7c:6f:40:1d:44:ca:cc:
                    81:be:a8:5e:fd:dc:ce:11:ca:14:0b:30:78:70:0a:
                    c3:f4:e8:51:a9:e8:08:f8:42:c7:bc:03:3d:65:ed:
                    ad:5f:72:bc:d2:93:cb:41:ca:b6:5f:0f:63:40:9c:
                    3f:19:fc:af:93:31:54:dd:2f:24:8c:fb:b9:99:a1:
                    0a:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5A:7A:C3:A3:2C:32:B5:26:8F:01:00:56:35:A1:91:DC:6E:08:3A:8D
            X509v3 Authority Key Identifier:
                keyid:8A:D4:7B:AA:9A:A6:E0:A2:0A:D9:95:A7:9C:2A:8D:E6:04:F9:AA:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/itR7qpqm4KIK2ZWnnCqN5gT5qjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/9355b9-73d4-4c4c-9601-f01a2f58ef88/1/WnrDoywytSaPAQBWNaGR3G4IOo0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/9355b9-73d4-4c4c-9601-f01a2f58ef88/1/itR7qpqm4KIK2ZWnnCqN5gT5qjc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.158.216.0-5.158.220.255

    Signature Algorithm: sha256WithRSAEncryption
         37:bb:83:a1:b0:a9:01:83:56:6b:c9:ce:76:fa:f3:79:06:7f:
         cc:dd:6c:85:78:d7:6c:d0:79:31:bb:a2:30:69:5c:64:89:bc:
         d6:27:7f:2d:43:71:da:1f:9a:75:f2:5b:81:f6:bc:73:e8:2a:
         b5:bd:98:c8:5b:99:82:d8:db:e5:f0:e3:1f:e7:03:2a:ac:b5:
         81:c9:ff:18:9f:7a:e8:61:38:9f:5c:44:25:2d:50:59:1e:5c:
         ff:aa:43:bf:f9:71:f1:56:a1:ae:aa:b1:15:60:e2:37:59:7b:
         5c:45:fa:1b:b3:a5:12:d1:36:b5:f0:55:bb:46:a5:d3:0a:d8:
         6e:19:a5:ae:8f:19:12:fa:f5:f5:46:e5:8e:a4:33:55:de:71:
         25:b6:0c:46:4f:d8:9b:e7:3f:64:2f:4e:41:22:be:e4:18:07:
         a2:9c:82:9c:52:ca:50:96:af:b8:6e:9b:76:c1:5a:03:f1:ca:
         ee:0c:2f:d5:71:ac:97:cd:f7:13:77:74:94:69:25:34:bb:43:
         10:8c:45:8e:e0:4a:e7:27:8c:51:0b:c9:33:3f:e2:e4:f6:69:
         77:7d:e2:b5:af:d9:06:5e:f4:1f:54:b2:17:95:9c:3f:b8:34:
         f2:ce:35:f6:50:8a:39:ac:de:5f:c8:8b:f1:22:ab:e2:7d:b7:
         5f:ec:ff:58
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzJu8E2bO0vP3z9tg6/QQi1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhhZDQ3YmFhOWFhNmUwYTIwYWQ5OTVhNzljMmE4ZGU2MDRm
OWFhMzcwHhcNMjQwMTAyMTAzMjU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YTdhYzNhMzJjMzJiNTI2OGYwMTAwNTYzNWExOTFkYzZlMDgzYThkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhu4AQdNatIFqLScsP6WxVzc/VzBj
RiYY59RPLTQgJcswysu8iFKIVkU8xTvGFhlP3dQ0vN14TIIZ3vcbTalfcRqhrAVw
YunVkLBSMKotG8ZbchgtzChiDgPtANKAiBBbXLnED9qP11eQsURgsKs6mve9xS1q
VqXFy7UE7cISnOP6g9vxxqnyC33Ok4CO/OEjvurPkxOCGTAX7NiArBcVgYzflXuf
fVYaZB0nJqvzd0H9wGZgDCUnHvwec3xvQB1EysyBvqhe/dzOEcoUCzB4cArD9OhR
qegI+ELHvAM9Ze2tX3K80pPLQcq2Xw9jQJw/GfyvkzFU3S8kjPu5maEKxQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFFp6w6MsMrUmjwEAVjWhkdxuCDqNMB8GA1UdIwQY
MBaAFIrUe6qapuCiCtmVp5wqjeYE+ao3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaXRSN3FwcW00S0lLMlpXbm5DcU41Z1Q1cWpjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS85MzU1YjktNzNkNC00YzRjLTk2MDEt
ZjAxYTJmNThlZjg4LzEvV25yRG95d3l0U2FQQVFCV05hR1IzRzRJT28wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS85MzU1YjktNzNkNC00YzRjLTk2MDEtZjAxYTJmNThlZjg4
LzEvaXRSN3FwcW00S0lLMlpXbm5DcU41Z1Q1cWpjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAMFntgD
BAAFntwwDQYJKoZIhvcNAQELBQADggEBADe7g6GwqQGDVmvJznb683kGf8zdbIV4
12zQeTG7ojBpXGSJvNYnfy1DcdofmnXyW4H2vHPoKrW9mMhbmYLY2+Xw4x/nAyqs
tYHJ/xifeuhhOJ9cRCUtUFkeXP+qQ7/5cfFWoa6qsRVg4jdZe1xF+huzpRLRNrXw
VbtGpdMK2G4Zpa6PGRL69fVG5Y6kM1XecSW2DEZP2JvnP2QvTkEivuQYB6KcgpxS
ylCWr7hum3bBWgPxyu4ML9VxrJfN9xN3dJRpJTS7QxCMRY7gSucnjFELyTM/4uT2
aXd94rWv2QZe9B9UsheVnD+4NPLONfZQijms3l/Ii/Eiq+J9t1/s/1g=
-----END CERTIFICATE-----