Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/45/802e9e-f982-449d-8b70-76c05cf5f2e6/1/WcxrVG30ez155iHso6Jyw2NdXb8.roa
File:                     WcxrVG30ez155iHso6Jyw2NdXb8.roa (raw, json)
Hash identifier:          ictoiGtGDH6tQEBZTBfUGf9K4cvUZIslMdBTwkKtQOM=
Subject key identifier:   59:CC:6B:54:6D:F4:7B:3D:79:E6:21:EC:A3:A2:72:C3:63:5D:5D:BF
Certificate issuer:       /CN=369c713c51987e1ffa5482277f5f1c8cb722f44b
Certificate serial:       018CC26D2336C533C4ACA4BAEB53C6779C5A
Authority key identifier: 36:9C:71:3C:51:98:7E:1F:FA:54:82:27:7F:5F:1C:8C:B7:22:F4:4B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NpxxPFGYfh_6VIInf18cjLci9Es.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/45/802e9e-f982-449d-8b70-76c05cf5f2e6/1/WcxrVG30ez155iHso6Jyw2NdXb8.roa
Signing time:             Mon 01 Jan 2024 00:29:41 +0000
ROA not before:           Mon 01 Jan 2024 00:29:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199773
IP address blocks:        92.60.155.0/24 maxlen: 24
                          92.60.159.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/45/802e9e-f982-449d-8b70-76c05cf5f2e6/1/NpxxPFGYfh_6VIInf18cjLci9Es.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/45/802e9e-f982-449d-8b70-76c05cf5f2e6/1/NpxxPFGYfh_6VIInf18cjLci9Es.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NpxxPFGYfh_6VIInf18cjLci9Es.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 24 Jun 2024 10:03:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:23:36:c5:33:c4:ac:a4:ba:eb:53:c6:77:9c:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=369c713c51987e1ffa5482277f5f1c8cb722f44b
        Validity
            Not Before: Jan  1 00:29:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=59cc6b546df47b3d79e621eca3a272c3635d5dbf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:56:eb:fd:d6:45:4c:c6:1d:d3:6a:bd:dd:8b:
                    8f:6d:c7:fd:00:18:4d:f8:c3:44:8f:47:6a:dc:e9:
                    6d:c8:ae:95:d0:0a:24:6c:22:f3:23:52:b9:91:a4:
                    42:12:87:83:18:ba:ed:63:16:0a:f1:b8:f3:0d:b4:
                    ed:bf:1c:a8:ae:31:bf:0a:bf:5f:56:79:d3:07:bf:
                    9d:6f:1f:f3:c0:14:9f:b6:6c:70:ac:b8:a8:ec:76:
                    39:58:ae:97:ad:e6:c5:80:93:80:20:b4:58:87:38:
                    e2:c7:ae:4f:5e:89:cb:b5:13:ec:5f:0d:30:28:97:
                    d1:b9:0b:7e:5d:18:e6:5f:5a:d0:24:bc:04:d0:a8:
                    a9:1c:55:86:a5:56:d0:bb:1b:d7:f8:8f:7c:da:ec:
                    4a:e4:da:8f:75:2f:a2:02:a7:90:30:25:8d:0f:72:
                    84:63:b7:37:56:4f:88:11:f6:00:15:1e:f2:fa:ed:
                    d0:6e:b5:30:9d:f2:75:d8:a2:3a:eb:b1:87:6f:52:
                    cf:14:86:43:f5:1b:2a:1d:8b:73:ca:19:aa:98:c4:
                    03:92:34:95:18:0a:81:14:7a:f5:3c:87:4a:6a:20:
                    04:8d:dd:19:a8:33:1f:f8:37:18:5a:6f:95:37:9a:
                    7f:b8:d2:50:50:6d:bd:8c:01:ba:24:f5:9e:e5:3c:
                    b1:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:CC:6B:54:6D:F4:7B:3D:79:E6:21:EC:A3:A2:72:C3:63:5D:5D:BF
            X509v3 Authority Key Identifier:
                keyid:36:9C:71:3C:51:98:7E:1F:FA:54:82:27:7F:5F:1C:8C:B7:22:F4:4B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NpxxPFGYfh_6VIInf18cjLci9Es.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/45/802e9e-f982-449d-8b70-76c05cf5f2e6/1/WcxrVG30ez155iHso6Jyw2NdXb8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/45/802e9e-f982-449d-8b70-76c05cf5f2e6/1/NpxxPFGYfh_6VIInf18cjLci9Es.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.60.155.0/24
                  92.60.159.0/24

    Signature Algorithm: sha256WithRSAEncryption
         34:bc:85:a5:25:a2:bc:ad:39:0f:8e:e9:46:59:4b:db:e5:00:
         9b:a6:67:7e:27:82:2b:86:19:b7:70:d3:da:cd:1c:4b:37:8f:
         06:c9:45:7e:3a:1a:62:c3:7c:eb:6e:81:54:63:40:9d:41:3e:
         2f:a2:0c:d9:d0:33:5c:e1:01:5c:a6:18:bb:c5:98:a6:04:bc:
         5a:fb:63:eb:7e:4a:b9:1b:0a:a4:08:18:80:a3:01:d3:5f:5a:
         95:fc:80:bf:1c:a2:b5:69:c4:d9:b3:50:fb:c6:58:43:55:2c:
         10:4e:7f:ee:3b:f5:cf:49:9a:2b:ce:28:c0:22:7d:b1:de:85:
         b3:32:bc:24:ab:95:6a:1c:b7:b9:28:40:8d:20:d8:5f:bc:0e:
         5e:de:5b:42:b1:d8:62:fe:23:e9:f7:9e:f0:16:55:e1:43:2d:
         3f:51:c6:f9:49:22:8a:44:1d:74:96:91:d4:84:0f:64:37:f7:
         0d:76:94:ef:10:b7:78:80:53:89:99:62:54:b5:ac:0f:38:e5:
         98:5e:a6:84:a7:fb:8a:5f:e4:a4:d5:f1:94:00:aa:be:fa:c5:
         10:51:89:35:96:18:aa:7b:ff:4e:e1:1b:2d:c7:60:4f:ad:5f:
         dd:a3:65:00:94:55:a4:c1:77:14:18:ed:00:73:34:2f:aa:6a:
         af:57:12:ec
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzCbSM2xTPErKS661PGd5xaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2OWM3MTNjNTE5ODdlMWZmYTU0ODIyNzdmNWYxYzhjYjcy
MmY0NGIwHhcNMjQwMTAxMDAyOTQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OWNjNmI1NDZkZjQ3YjNkNzllNjIxZWNhM2EyNzJjMzYzNWQ1ZGJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvlbr/dZFTMYd02q93YuPbcf9ABhN
+MNEj0dq3OltyK6V0AokbCLzI1K5kaRCEoeDGLrtYxYK8bjzDbTtvxyorjG/Cr9f
VnnTB7+dbx/zwBSftmxwrLio7HY5WK6XrebFgJOAILRYhzjix65PXonLtRPsXw0w
KJfRuQt+XRjmX1rQJLwE0KipHFWGpVbQuxvX+I982uxK5NqPdS+iAqeQMCWND3KE
Y7c3Vk+IEfYAFR7y+u3QbrUwnfJ12KI667GHb1LPFIZD9RsqHYtzyhmqmMQDkjSV
GAqBFHr1PIdKaiAEjd0ZqDMf+DcYWm+VN5p/uNJQUG29jAG6JPWe5TyxDQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFFnMa1Rt9Hs9eeYh7KOicsNjXV2/MB8GA1UdIwQY
MBaAFDaccTxRmH4f+lSCJ39fHIy3IvRLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnB4eFBGR1lmaF82VklJbmYxOGNqTGNpOUVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NS84MDJlOWUtZjk4Mi00NDlkLThiNzAt
NzZjMDVjZjVmMmU2LzEvV2N4clZHMzBlejE1NWlIc282Snl3Mk5kWGI4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NS84MDJlOWUtZjk4Mi00NDlkLThiNzAtNzZjMDVjZjVmMmU2
LzEvTnB4eFBGR1lmaF82VklJbmYxOGNqTGNpOUVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAXDybAwQA
XDyfMA0GCSqGSIb3DQEBCwUAA4IBAQA0vIWlJaK8rTkPjulGWUvb5QCbpmd+J4Ir
hhm3cNPazRxLN48GyUV+Ohpiw3zrboFUY0CdQT4vogzZ0DNc4QFcphi7xZimBLxa
+2Prfkq5GwqkCBiAowHTX1qV/IC/HKK1acTZs1D7xlhDVSwQTn/uO/XPSZorzijA
In2x3oWzMrwkq5VqHLe5KECNINhfvA5e3ltCsdhi/iPp957wFlXhQy0/Ucb5SSKK
RB10lpHUhA9kN/cNdpTvELd4gFOJmWJUtawPOOWYXqaEp/uKX+Sk1fGUAKq++sUQ
UYk1lhiqe/9O4Rstx2BPrV/do2UAlFWkwXcUGO0AczQvqmqvVxLs
-----END CERTIFICATE-----