Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/50/11bc81-7563-4545-ac20-de3520cf14af/1/WImvxaT26a0LDX9dPPOZYx0apD8.roa
File:                     WImvxaT26a0LDX9dPPOZYx0apD8.roa (raw, json)
Hash identifier:          zQVVdb+OZJGsBiW7LTOlGWkUC9d5W15KvVTQbt7V7U0=
Subject key identifier:   58:89:AF:C5:A4:F6:E9:AD:0B:0D:7F:5D:3C:F3:99:63:1D:1A:A4:3F
Certificate issuer:       /CN=b013c5622a5f979efac9cfb187623e4a1cdf0062
Certificate serial:       01921BFA1B78CDA7B68950779E64EC3B2D0E
Authority key identifier: B0:13:C5:62:2A:5F:97:9E:FA:C9:CF:B1:87:62:3E:4A:1C:DF:00:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sBPFYipfl576yc-xh2I-ShzfAGI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/50/11bc81-7563-4545-ac20-de3520cf14af/1/WImvxaT26a0LDX9dPPOZYx0apD8.roa
Signing time:             Sun 22 Sep 2024 23:03:48 +0000
ROA not before:           Sun 22 Sep 2024 23:03:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210893
IP address blocks:        195.5.127.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/50/11bc81-7563-4545-ac20-de3520cf14af/1/sBPFYipfl576yc-xh2I-ShzfAGI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/50/11bc81-7563-4545-ac20-de3520cf14af/1/sBPFYipfl576yc-xh2I-ShzfAGI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sBPFYipfl576yc-xh2I-ShzfAGI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:1b:fa:1b:78:cd:a7:b6:89:50:77:9e:64:ec:3b:2d:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b013c5622a5f979efac9cfb187623e4a1cdf0062
        Validity
            Not Before: Sep 22 23:03:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5889afc5a4f6e9ad0b0d7f5d3cf399631d1aa43f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:b4:cb:1b:c7:1b:39:89:9a:51:c9:43:d2:3a:
                    3d:1a:e2:d6:e4:00:81:eb:a9:97:b4:0b:27:50:a9:
                    5b:21:8d:14:00:b5:2b:38:ea:f7:3e:cc:b2:6d:99:
                    b8:55:40:88:88:b2:1d:ef:bd:f0:09:fa:96:b1:28:
                    35:53:bf:51:99:28:5c:f2:a5:54:ef:85:2a:6a:96:
                    18:12:b7:81:93:b7:40:8f:46:1e:0d:bb:21:55:9a:
                    d0:f6:af:40:bc:b7:26:51:7e:63:6b:51:66:76:34:
                    e4:78:fa:7c:10:50:96:dc:66:c0:d4:46:b8:44:a6:
                    b1:16:ad:ec:e4:d3:84:84:3d:65:10:e5:b9:3f:55:
                    53:92:d7:cf:d6:e3:46:ec:e5:67:60:71:ac:06:4a:
                    f6:ee:d3:dd:1f:de:7d:e5:65:31:31:d2:1f:2d:ec:
                    4e:6a:0e:cf:78:e5:04:ea:b2:4c:03:20:fe:d4:e3:
                    dc:81:0d:8b:c3:16:43:83:2b:9a:fa:f0:d3:ea:c4:
                    e9:75:b8:26:79:94:cf:51:39:be:b3:5a:2b:a2:2d:
                    f1:6a:26:59:e5:57:61:ec:1b:c8:d8:83:16:47:4f:
                    2a:8e:b0:5c:52:21:7e:e8:f5:0a:a6:c8:77:f6:79:
                    11:a2:25:c6:cf:3a:94:55:fc:67:69:8d:df:80:c6:
                    62:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:89:AF:C5:A4:F6:E9:AD:0B:0D:7F:5D:3C:F3:99:63:1D:1A:A4:3F
            X509v3 Authority Key Identifier:
                keyid:B0:13:C5:62:2A:5F:97:9E:FA:C9:CF:B1:87:62:3E:4A:1C:DF:00:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sBPFYipfl576yc-xh2I-ShzfAGI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/50/11bc81-7563-4545-ac20-de3520cf14af/1/WImvxaT26a0LDX9dPPOZYx0apD8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/50/11bc81-7563-4545-ac20-de3520cf14af/1/sBPFYipfl576yc-xh2I-ShzfAGI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.5.127.0/24

    Signature Algorithm: sha256WithRSAEncryption
         71:ba:83:94:31:8e:8a:f3:b1:89:e3:14:16:3a:41:c8:da:4a:
         8e:fd:24:7f:f3:21:79:90:8a:f1:c4:fd:bf:70:b3:a7:a1:be:
         97:d6:9e:47:8c:d4:35:a5:34:98:0a:39:4e:6f:a9:96:75:fd:
         1d:c2:65:79:ed:cf:b9:36:3a:bb:95:ad:ad:8e:0e:47:88:93:
         43:77:32:21:0d:1e:d9:b4:0e:48:f1:9c:51:b6:0a:2a:ce:d7:
         33:07:49:67:0a:10:2b:55:00:0d:1e:6d:92:7c:d7:00:6a:52:
         9b:f6:a3:bf:63:ac:85:d6:f8:d9:71:28:5d:17:49:48:b6:60:
         62:f1:de:f0:75:2d:35:64:8f:51:b5:a4:05:70:7f:d9:81:88:
         50:af:dc:72:b5:20:be:57:24:89:54:0e:f3:77:e0:db:ca:d4:
         7e:ea:87:9f:d3:f6:bd:95:66:2b:d1:3a:c8:56:de:62:41:76:
         6b:3e:d6:4d:6e:69:21:02:f7:5d:0e:57:c7:57:3f:90:e2:e9:
         42:c3:4d:a6:a6:7a:7c:48:89:c0:96:86:a9:6c:cb:af:3d:2e:
         63:36:e6:5c:1d:d3:84:03:a4:69:e2:5d:e5:f9:1f:98:95:f8:
         c1:4c:75:e0:39:cb:43:e6:a7:08:cd:64:25:7a:13:f7:41:7a:
         13:5f:66:ac
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZIb+ht4zae2iVB3nmTsOy0OMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIwMTNjNTYyMmE1Zjk3OWVmYWM5Y2ZiMTg3NjIzZTRhMWNk
ZjAwNjIwHhcNMjQwOTIyMjMwMzQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ODg5YWZjNWE0ZjZlOWFkMGIwZDdmNWQzY2YzOTk2MzFkMWFhNDNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAybTLG8cbOYmaUclD0jo9GuLW5ACB
66mXtAsnUKlbIY0UALUrOOr3PsyybZm4VUCIiLId773wCfqWsSg1U79RmShc8qVU
74UqapYYEreBk7dAj0YeDbshVZrQ9q9AvLcmUX5ja1FmdjTkePp8EFCW3GbA1Ea4
RKaxFq3s5NOEhD1lEOW5P1VTktfP1uNG7OVnYHGsBkr27tPdH9595WUxMdIfLexO
ag7PeOUE6rJMAyD+1OPcgQ2LwxZDgyua+vDT6sTpdbgmeZTPUTm+s1oroi3xaiZZ
5Vdh7BvI2IMWR08qjrBcUiF+6PUKpsh39nkRoiXGzzqUVfxnaY3fgMZi8wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFiJr8Wk9umtCw1/XTzzmWMdGqQ/MB8GA1UdIwQY
MBaAFLATxWIqX5ee+snPsYdiPkoc3wBiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc0JQRllpcGZsNTc2eWMteGgySS1TaHpmQUdJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MC8xMWJjODEtNzU2My00NTQ1LWFjMjAt
ZGUzNTIwY2YxNGFmLzEvV0ltdnhhVDI2YTBMRFg5ZFBQT1pZeDBhcEQ4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MC8xMWJjODEtNzU2My00NTQ1LWFjMjAtZGUzNTIwY2YxNGFm
LzEvc0JQRllpcGZsNTc2eWMteGgySS1TaHpmQUdJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwwV/MA0G
CSqGSIb3DQEBCwUAA4IBAQBxuoOUMY6K87GJ4xQWOkHI2kqO/SR/8yF5kIrxxP2/
cLOnob6X1p5HjNQ1pTSYCjlOb6mWdf0dwmV57c+5Njq7la2tjg5HiJNDdzIhDR7Z
tA5I8ZxRtgoqztczB0lnChArVQANHm2SfNcAalKb9qO/Y6yF1vjZcShdF0lItmBi
8d7wdS01ZI9RtaQFcH/ZgYhQr9xytSC+VySJVA7zd+DbytR+6oef0/a9lWYr0TrI
Vt5iQXZrPtZNbmkhAvddDlfHVz+Q4ulCw02mpnp8SInAloapbMuvPS5jNuZcHdOE
A6Rp4l3l+R+YlfjBTHXgOctD5qcIzWQlehP3QXoTX2as
-----END CERTIFICATE-----