Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d6/5e6a8f-0b79-4894-b91c-eecee893c527/1/WPrE-BmhZ1k_zZjElfmBbgbSJVg.roa
File:                     WPrE-BmhZ1k_zZjElfmBbgbSJVg.roa (raw, json)
Hash identifier:          xcrd2//YylLYpXJHG9qz9OiR6JgHj95ywvfqF2gAmkI=
Subject key identifier:   58:FA:C4:F8:19:A1:67:59:3F:CD:98:C4:95:F9:81:6E:06:D2:25:58
Certificate issuer:       /CN=1b0bb51a7b532be4d44ba604ae6e063f063f37d4
Certificate serial:       018CC94D5CDF0BB8EDDAB58836DACF2C9B75
Authority key identifier: 1B:0B:B5:1A:7B:53:2B:E4:D4:4B:A6:04:AE:6E:06:3F:06:3F:37:D4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Gwu1GntTK-TUS6YErm4GPwY_N9Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d6/5e6a8f-0b79-4894-b91c-eecee893c527/1/WPrE-BmhZ1k_zZjElfmBbgbSJVg.roa
Signing time:             Tue 02 Jan 2024 08:32:19 +0000
ROA not before:           Tue 02 Jan 2024 08:32:19 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206429
IP address blocks:        185.186.196.0/22 maxlen: 22
                          185.252.152.0/22 maxlen: 22
                          2a0b:8580::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d6/5e6a8f-0b79-4894-b91c-eecee893c527/1/Gwu1GntTK-TUS6YErm4GPwY_N9Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d6/5e6a8f-0b79-4894-b91c-eecee893c527/1/Gwu1GntTK-TUS6YErm4GPwY_N9Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Gwu1GntTK-TUS6YErm4GPwY_N9Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 May 2024 23:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:5c:df:0b:b8:ed:da:b5:88:36:da:cf:2c:9b:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1b0bb51a7b532be4d44ba604ae6e063f063f37d4
        Validity
            Not Before: Jan  2 08:32:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=58fac4f819a167593fcd98c495f9816e06d22558
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:22:91:7e:3e:6b:b7:bb:cd:b5:e2:96:41:11:
                    4e:a3:f2:94:21:1a:34:8c:88:5f:b0:b1:1b:ea:bd:
                    19:dd:d2:ed:58:c1:8b:3c:b8:aa:d8:1e:2d:ec:82:
                    a2:4c:c2:8a:e3:b0:03:17:7c:67:1e:bd:1a:22:ec:
                    a1:3c:db:6b:8f:b9:d9:b5:b1:77:e0:a2:6b:8b:ee:
                    9b:33:88:aa:e5:86:8f:e5:39:93:c5:3d:9f:c5:62:
                    72:ec:d1:75:c3:3a:e9:9c:33:85:b7:fc:cb:13:05:
                    01:ff:98:80:de:a5:a7:72:33:42:f6:0d:fa:c1:f5:
                    d8:72:37:e2:3c:df:1f:54:78:cd:7e:9e:bc:b4:37:
                    eb:53:54:8c:5e:67:04:88:6b:d7:9a:6d:25:59:02:
                    b7:e6:19:7c:cb:98:6c:c4:a1:5f:5a:18:09:16:c1:
                    03:02:81:14:13:c1:ca:5b:8f:0f:74:6c:0b:1a:5e:
                    2a:85:39:d1:af:56:4e:9a:03:f3:5b:db:c7:f7:5a:
                    b6:e6:46:bd:ba:e3:9f:05:a1:b1:1a:7c:84:6d:aa:
                    14:be:1d:4a:21:31:8d:59:6e:01:77:da:92:3b:eb:
                    ae:92:1e:21:91:9e:70:c4:29:37:96:6e:38:8b:02:
                    bb:93:c6:65:aa:1e:f3:e2:e5:05:a2:24:62:56:15:
                    18:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:FA:C4:F8:19:A1:67:59:3F:CD:98:C4:95:F9:81:6E:06:D2:25:58
            X509v3 Authority Key Identifier:
                keyid:1B:0B:B5:1A:7B:53:2B:E4:D4:4B:A6:04:AE:6E:06:3F:06:3F:37:D4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Gwu1GntTK-TUS6YErm4GPwY_N9Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d6/5e6a8f-0b79-4894-b91c-eecee893c527/1/WPrE-BmhZ1k_zZjElfmBbgbSJVg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d6/5e6a8f-0b79-4894-b91c-eecee893c527/1/Gwu1GntTK-TUS6YErm4GPwY_N9Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.186.196.0/22
                  185.252.152.0/22
                IPv6:
                  2a0b:8580::/29

    Signature Algorithm: sha256WithRSAEncryption
         4d:dd:1f:c1:21:6f:83:88:31:14:18:4b:b1:3b:f4:d3:19:8e:
         c1:6e:88:6f:55:0e:63:1f:10:eb:e4:e6:ee:1f:93:66:43:c3:
         d3:9b:26:62:c1:29:42:c0:c9:a2:e6:72:50:bc:f7:36:5f:ef:
         62:8b:d5:07:56:ce:16:d3:c0:59:06:84:23:b0:a0:16:91:7a:
         8d:95:63:e4:fc:18:92:e3:0f:f4:9a:3e:8f:85:14:ff:28:9c:
         75:ae:7b:06:56:e0:2c:48:a8:66:f2:3c:d7:bd:57:5f:1e:f6:
         74:86:ef:1e:2e:51:6a:66:61:26:61:19:48:19:35:ed:96:b0:
         98:33:6c:fa:a1:27:f0:f8:6c:c9:d5:99:8e:94:9b:71:2e:48:
         f2:c5:25:8a:ee:fc:33:77:57:2f:97:59:f8:77:4b:5f:39:1e:
         9d:ac:e8:50:49:ba:27:95:62:65:88:03:f5:c3:02:3d:82:29:
         5d:0b:05:59:c4:ac:17:77:ac:6e:2e:0b:3b:87:fd:5e:b6:f0:
         d0:36:33:4e:71:08:f0:d4:89:6d:e2:06:a9:57:db:99:86:aa:
         0d:58:76:a1:e0:c9:32:4e:de:dc:d6:91:fa:c6:58:99:a6:8f:
         2c:f6:65:a1:af:57:45:f9:8d:82:d2:3a:91:17:a2:eb:07:ad:
         f8:e3:fe:b4
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzJTVzfC7jt2rWINtrPLJt1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiMGJiNTFhN2I1MzJiZTRkNDRiYTYwNGFlNmUwNjNmMDYz
ZjM3ZDQwHhcNMjQwMTAyMDgzMjE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OGZhYzRmODE5YTE2NzU5M2ZjZDk4YzQ5NWY5ODE2ZTA2ZDIyNTU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0SKRfj5rt7vNteKWQRFOo/KUIRo0
jIhfsLEb6r0Z3dLtWMGLPLiq2B4t7IKiTMKK47ADF3xnHr0aIuyhPNtrj7nZtbF3
4KJri+6bM4iq5YaP5TmTxT2fxWJy7NF1wzrpnDOFt/zLEwUB/5iA3qWncjNC9g36
wfXYcjfiPN8fVHjNfp68tDfrU1SMXmcEiGvXmm0lWQK35hl8y5hsxKFfWhgJFsED
AoEUE8HKW48PdGwLGl4qhTnRr1ZOmgPzW9vH91q25ka9uuOfBaGxGnyEbaoUvh1K
ITGNWW4Bd9qSO+uukh4hkZ5wxCk3lm44iwK7k8Zlqh7z4uUFoiRiVhUYBQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFFj6xPgZoWdZP82YxJX5gW4G0iVYMB8GA1UdIwQY
MBaAFBsLtRp7Uyvk1EumBK5uBj8GPzfUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3d1MUdudFRLLVRVUzZZRXJtNEdQd1lfTjlRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNi81ZTZhOGYtMGI3OS00ODk0LWI5MWMt
ZWVjZWU4OTNjNTI3LzEvV1ByRS1CbWhaMWtfelpqRWxmbUJiZ2JTSlZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNi81ZTZhOGYtMGI3OS00ODk0LWI5MWMtZWVjZWU4OTNjNTI3
LzEvR3d1MUdudFRLLVRVUzZZRXJtNEdQd1lfTjlRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCubrEAwQC
ufyYMA0EAgACMAcDBQMqC4WAMA0GCSqGSIb3DQEBCwUAA4IBAQBN3R/BIW+DiDEU
GEuxO/TTGY7BbohvVQ5jHxDr5ObuH5NmQ8PTmyZiwSlCwMmi5nJQvPc2X+9ii9UH
Vs4W08BZBoQjsKAWkXqNlWPk/BiS4w/0mj6PhRT/KJx1rnsGVuAsSKhm8jzXvVdf
HvZ0hu8eLlFqZmEmYRlIGTXtlrCYM2z6oSfw+GzJ1ZmOlJtxLkjyxSWK7vwzd1cv
l1n4d0tfOR6drOhQSbonlWJliAP1wwI9gildCwVZxKwXd6xuLgs7h/1etvDQNjNO
cQjw1Ilt4gapV9uZhqoNWHah4MkyTt7c1pH6xliZpo8s9mWhr1dF+Y2C0jqRF6Lr
B6344/60
-----END CERTIFICATE-----