Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/Wg58izxB37JpJrX1cgPc0C3ihi4.roa
File:                     Wg58izxB37JpJrX1cgPc0C3ihi4.roa (raw, json)
Hash identifier:          WasFTe7nxClau29o8C2io4EQI9vvn86qU3LRgulo51s=
Subject key identifier:   5A:0E:7C:8B:3C:41:DF:B2:69:26:B5:F5:72:03:DC:D0:2D:E2:86:2E
Certificate issuer:       /CN=6c8fd1a8ae5996c1e5692c1a8c42bfe9c3ba5745
Certificate serial:       0196C6B2D3759790A1D45597287832E91F49
Authority key identifier: 6C:8F:D1:A8:AE:59:96:C1:E5:69:2C:1A:8C:42:BF:E9:C3:BA:57:45
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/Wg58izxB37JpJrX1cgPc0C3ihi4.roa
Signing time:             Mon 12 May 2025 22:52:10 +0000
ROA not before:           Mon 12 May 2025 22:52:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     64289
IP address blocks:        185.144.102.0/24 maxlen: 32
                          185.144.103.0/24 maxlen: 32
                          193.201.208.0/24 maxlen: 32
                          193.201.209.0/24 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 15:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:c6:b2:d3:75:97:90:a1:d4:55:97:28:78:32:e9:1f:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6c8fd1a8ae5996c1e5692c1a8c42bfe9c3ba5745
        Validity
            Not Before: May 12 22:52:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5a0e7c8b3c41dfb26926b5f57203dcd02de2862e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:c2:8b:b3:2a:9c:48:72:f1:ac:53:95:93:7d:
                    2f:fb:d0:6b:44:62:0e:e2:ec:33:56:af:fe:95:64:
                    d7:71:c8:26:92:b5:06:9a:89:b5:32:b5:6f:3b:98:
                    c8:dc:cc:3d:96:f9:b2:18:40:cc:a4:3d:9a:9b:13:
                    83:00:59:93:f8:f2:0e:77:43:26:61:6e:f7:e3:3d:
                    22:df:c3:c7:64:f5:d6:49:67:0a:3d:04:fb:e9:25:
                    a7:db:76:ae:93:b0:22:1c:d3:3a:f3:59:91:bd:3d:
                    76:4c:8e:8c:a4:4f:9f:95:7e:5e:2d:b5:40:16:85:
                    22:13:fe:bf:d4:c7:2c:cc:0c:4e:9d:15:1b:3f:76:
                    f0:2c:12:8d:ff:8f:b5:f3:56:c2:03:53:8a:a9:bb:
                    e3:21:88:70:4e:05:50:43:8d:c3:6b:7e:12:a1:1e:
                    e2:a3:9d:53:1f:df:da:d9:47:9f:61:02:a9:4c:dc:
                    6e:04:5e:dd:d4:3b:3d:f6:bd:82:d4:54:ce:1a:f0:
                    c4:b9:50:76:7f:1d:15:c9:81:fe:56:fe:8c:bd:a3:
                    7b:dd:b3:56:31:8f:3d:ed:7a:35:e6:52:24:96:03:
                    8c:89:7a:4b:a4:65:78:1e:92:9e:77:f0:4e:e9:87:
                    6d:5f:45:5d:a3:e4:e8:fb:ae:d8:6c:a3:47:8f:54:
                    19:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5A:0E:7C:8B:3C:41:DF:B2:69:26:B5:F5:72:03:DC:D0:2D:E2:86:2E
            X509v3 Authority Key Identifier:
                keyid:6C:8F:D1:A8:AE:59:96:C1:E5:69:2C:1A:8C:42:BF:E9:C3:BA:57:45

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/Wg58izxB37JpJrX1cgPc0C3ihi4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.144.102.0/23
                  193.201.208.0/23

    Signature Algorithm: sha256WithRSAEncryption
         1f:6e:e9:fc:38:67:a8:cd:05:4f:5e:e6:56:e7:9f:ba:26:cd:
         cc:11:43:17:1e:28:58:9e:39:d5:ec:74:48:87:44:26:c3:f1:
         84:26:9d:29:2f:4c:2f:1c:66:c5:b6:e0:8e:ac:7d:10:34:50:
         c3:10:73:3c:f2:e2:84:90:84:a6:fb:98:8b:8a:1a:f7:86:b6:
         82:01:f5:71:19:01:d1:ef:25:02:e4:07:8d:21:78:59:76:f9:
         fc:fd:24:c2:67:c4:10:00:41:9d:b1:1f:91:dc:88:d6:d7:6d:
         4f:a8:88:29:21:bd:85:f3:17:72:cd:79:51:24:46:56:47:bd:
         e6:b3:c4:d2:6c:c5:44:19:bd:23:e5:58:1e:63:bd:c5:4f:a6:
         f3:3b:7a:fc:77:45:2f:a7:a0:72:30:8f:32:3f:5b:2b:63:65:
         51:a2:95:14:72:81:19:54:e4:51:c3:92:2b:f7:4b:35:53:5d:
         7f:8f:bb:af:1d:2c:e3:3b:a8:ef:bd:33:4a:5c:e8:5e:8a:8b:
         b5:cb:c1:f9:f7:47:e8:2a:d8:ad:10:15:c1:0b:df:a2:f8:ed:
         dd:46:e2:7e:6f:da:e5:f7:0c:a5:9e:8b:a6:6b:82:d3:02:7d:
         c9:ce:a9:34:ae:45:b4:5a:a6:11:8c:f7:40:16:b5:bb:9d:b0:
         c1:c8:94:63
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZbGstN1l5Ch1FWXKHgy6R9JMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjOGZkMWE4YWU1OTk2YzFlNTY5MmMxYThjNDJiZmU5YzNi
YTU3NDUwHhcNMjUwNTEyMjI1MjEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YTBlN2M4YjNjNDFkZmIyNjkyNmI1ZjU3MjAzZGNkMDJkZTI4NjJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAucKLsyqcSHLxrFOVk30v+9BrRGIO
4uwzVq/+lWTXccgmkrUGmom1MrVvO5jI3Mw9lvmyGEDMpD2amxODAFmT+PIOd0Mm
YW734z0i38PHZPXWSWcKPQT76SWn23auk7AiHNM681mRvT12TI6MpE+flX5eLbVA
FoUiE/6/1McszAxOnRUbP3bwLBKN/4+181bCA1OKqbvjIYhwTgVQQ43Da34SoR7i
o51TH9/a2UefYQKpTNxuBF7d1Ds99r2C1FTOGvDEuVB2fx0VyYH+Vv6MvaN73bNW
MY897Xo15lIklgOMiXpLpGV4HpKed/BO6YdtX0Vdo+To+67YbKNHj1QZWQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFFoOfIs8Qd+yaSa19XID3NAt4oYuMB8GA1UdIwQY
MBaAFGyP0aiuWZbB5WksGoxCv+nDuldFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYklfUnFLNVpsc0hsYVN3YWpFS182Y082VjBVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC80OTI1OTAtYTAyZi00NDNlLWFhYTMt
ZmVhYzI2ZWFlY2MyLzEvV2c1OGl6eEIzN0pwSnJYMWNnUGMwQzNpaGk0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC80OTI1OTAtYTAyZi00NDNlLWFhYTMtZmVhYzI2ZWFlY2My
LzEvYklfUnFLNVpsc0hsYVN3YWpFS182Y082VjBVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBuZBmAwQB
wcnQMA0GCSqGSIb3DQEBCwUAA4IBAQAfbun8OGeozQVPXuZW55+6Js3MEUMXHihY
njnV7HRIh0Qmw/GEJp0pL0wvHGbFtuCOrH0QNFDDEHM88uKEkISm+5iLihr3hraC
AfVxGQHR7yUC5AeNIXhZdvn8/STCZ8QQAEGdsR+R3IjW121PqIgpIb2F8xdyzXlR
JEZWR73ms8TSbMVEGb0j5VgeY73FT6bzO3r8d0Uvp6ByMI8yP1srY2VRopUUcoEZ
VORRw5Ir90s1U11/j7uvHSzjO6jvvTNKXOheiou1y8H590foKtitEBXBC9+i+O3d
RuJ+b9rl9wylnouma4LTAn3Jzqk0rkW0WqYRjPdAFrW7nbDByJRj
-----END CERTIFICATE-----