Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/WUkofYn04yMSwquxuWlMW4mkzMA.roa
File:                     WUkofYn04yMSwquxuWlMW4mkzMA.roa (raw, json)
Hash identifier:          8WOEPrwg4PjZtPdNRMnDYT/aMN89KmerjOv8ZE8jMCo=
Subject key identifier:   59:49:28:7D:89:F4:E3:23:12:C2:AB:B1:B9:69:4C:5B:89:A4:CC:C0
Certificate issuer:       /CN=49e51694c4d46b4fcc02fae71e5db942a7108e47
Certificate serial:       018D6A30249A14FD6EFF3AA7A50F06F8BBA1
Authority key identifier: 49:E5:16:94:C4:D4:6B:4F:CC:02:FA:E7:1E:5D:B9:42:A7:10:8E:47
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SeUWlMTUa0_MAvrnHl25QqcQjkc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/WUkofYn04yMSwquxuWlMW4mkzMA.roa
Signing time:             Fri 02 Feb 2024 14:19:16 +0000
ROA not before:           Fri 02 Feb 2024 14:19:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     9009
IP address blocks:        80.71.225.0/24 maxlen: 24
                          81.29.145.0/24 maxlen: 24
                          81.29.154.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/SeUWlMTUa0_MAvrnHl25QqcQjkc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/SeUWlMTUa0_MAvrnHl25QqcQjkc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SeUWlMTUa0_MAvrnHl25QqcQjkc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 29 Apr 2024 05:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:6a:30:24:9a:14:fd:6e:ff:3a:a7:a5:0f:06:f8:bb:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=49e51694c4d46b4fcc02fae71e5db942a7108e47
        Validity
            Not Before: Feb  2 14:19:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5949287d89f4e32312c2abb1b9694c5b89a4ccc0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:d4:38:c3:60:80:5e:25:52:c3:f1:14:ab:ab:
                    7a:7c:b0:c8:e5:00:22:87:ed:e8:9b:65:6c:54:64:
                    d9:ce:df:8a:ca:77:75:34:f3:15:6f:55:ce:02:bb:
                    25:1e:84:da:21:0a:60:dc:f9:46:a7:dd:77:6c:ad:
                    d0:8b:69:6e:23:28:8d:7f:5c:3c:fe:bd:67:07:45:
                    9c:3e:3c:2c:e5:a6:37:56:82:6f:a2:50:db:f1:5a:
                    ff:5e:3c:83:a8:d3:e4:c9:03:14:eb:f4:12:bc:e3:
                    ec:9b:c9:4a:b8:11:d9:c7:8d:cb:06:a8:1b:37:98:
                    8a:2e:fd:91:11:1a:36:a1:28:aa:a2:c5:00:bf:6c:
                    d4:4f:64:da:89:f1:9e:e0:b9:e9:cc:ea:11:b3:44:
                    4e:8d:4a:d6:f3:b7:aa:e2:05:55:12:5c:08:4e:40:
                    27:88:d9:ae:3d:93:19:f2:3a:54:de:46:83:6e:c9:
                    bb:f4:c3:a4:91:31:8e:bb:75:62:38:88:dc:ec:5f:
                    79:20:91:ba:2d:a2:0f:f5:b2:5a:dd:20:b2:7d:9e:
                    93:a2:fe:b0:b8:28:3a:cd:7d:28:93:81:fb:98:2d:
                    fb:3b:c6:08:3c:8c:19:ba:36:f2:01:26:ff:69:9e:
                    a1:b0:05:ef:3c:10:18:85:d0:53:82:1c:71:3b:d5:
                    e4:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:49:28:7D:89:F4:E3:23:12:C2:AB:B1:B9:69:4C:5B:89:A4:CC:C0
            X509v3 Authority Key Identifier:
                keyid:49:E5:16:94:C4:D4:6B:4F:CC:02:FA:E7:1E:5D:B9:42:A7:10:8E:47

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SeUWlMTUa0_MAvrnHl25QqcQjkc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/WUkofYn04yMSwquxuWlMW4mkzMA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/SeUWlMTUa0_MAvrnHl25QqcQjkc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.71.225.0/24
                  81.29.145.0/24
                  81.29.154.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2a:31:0c:a6:94:b7:6d:e5:5a:fe:0f:41:4e:1d:41:4f:4f:b5:
         63:f0:a5:b4:9d:6e:e0:dd:94:c9:53:4a:a1:c9:b9:fa:ca:32:
         42:ad:98:70:bf:96:d8:f1:9b:1f:64:34:d4:c2:13:6f:d5:6d:
         8f:f1:7e:14:ec:2a:9a:31:6f:b2:54:ad:86:9c:16:74:4d:ca:
         30:1e:a2:f8:a3:95:12:00:9f:dd:79:bb:ba:77:fb:d5:ed:c1:
         c0:1f:ca:b9:fd:69:5c:6c:ca:52:64:b6:7d:85:8b:c5:7b:c3:
         df:85:c7:d2:54:cc:c6:fb:76:e4:d7:6b:64:5e:d8:71:99:56:
         dd:52:bc:58:c6:e2:42:06:18:a6:56:ff:1a:19:36:7f:98:68:
         86:06:78:cc:e9:d1:78:93:2c:ca:e0:eb:8a:1b:7e:99:e9:bc:
         11:32:65:42:85:d8:43:7b:05:12:fb:2e:fb:04:23:4b:01:d6:
         de:44:38:80:a4:99:dd:a8:f6:62:06:3f:b9:53:e5:91:e3:e1:
         b7:36:3c:cf:c0:89:16:d3:f9:bc:a4:20:2b:cd:06:ee:59:bc:
         9e:03:5b:28:8c:e5:84:e1:b6:20:2d:41:d0:ce:aa:03:2f:eb:
         32:3a:50:8d:6b:89:de:ee:16:fe:22:fd:4b:1a:f5:6c:72:b2:
         08:a3:0d:4c
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAY1qMCSaFP1u/zqnpQ8G+LuhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ5ZTUxNjk0YzRkNDZiNGZjYzAyZmFlNzFlNWRiOTQyYTcx
MDhlNDcwHhcNMjQwMjAyMTQxOTE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OTQ5Mjg3ZDg5ZjRlMzIzMTJjMmFiYjFiOTY5NGM1Yjg5YTRjY2MwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgtQ4w2CAXiVSw/EUq6t6fLDI5QAi
h+3om2VsVGTZzt+Kynd1NPMVb1XOArslHoTaIQpg3PlGp913bK3Qi2luIyiNf1w8
/r1nB0WcPjws5aY3VoJvolDb8Vr/XjyDqNPkyQMU6/QSvOPsm8lKuBHZx43LBqgb
N5iKLv2RERo2oSiqosUAv2zUT2TaifGe4LnpzOoRs0ROjUrW87eq4gVVElwITkAn
iNmuPZMZ8jpU3kaDbsm79MOkkTGOu3ViOIjc7F95IJG6LaIP9bJa3SCyfZ6Tov6w
uCg6zX0ok4H7mC37O8YIPIwZujbyASb/aZ6hsAXvPBAYhdBTghxxO9XkswIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFFlJKH2J9OMjEsKrsblpTFuJpMzAMB8GA1UdIwQY
MBaAFEnlFpTE1GtPzAL65x5duUKnEI5HMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU2VVV2xNVFVhMF9NQXZybkhsMjVRcWNRamtjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni85ZGI1MjUtMTA1OS00YzA3LWE1YWQt
MTkxODliM2M5YzdkLzEvV1Vrb2ZZbjA0eU1Td3F1eHVXbE1XNG1rek1BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ni85ZGI1MjUtMTA1OS00YzA3LWE1YWQtMTkxODliM2M5Yzdk
LzEvU2VVV2xNVFVhMF9NQXZybkhsMjVRcWNRamtjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAUEfhAwQA
UR2RAwQAUR2aMA0GCSqGSIb3DQEBCwUAA4IBAQAqMQymlLdt5Vr+D0FOHUFPT7Vj
8KW0nW7g3ZTJU0qhybn6yjJCrZhwv5bY8ZsfZDTUwhNv1W2P8X4U7CqaMW+yVK2G
nBZ0TcowHqL4o5USAJ/debu6d/vV7cHAH8q5/WlcbMpSZLZ9hYvFe8PfhcfSVMzG
+3bk12tkXthxmVbdUrxYxuJCBhimVv8aGTZ/mGiGBnjM6dF4kyzK4OuKG36Z6bwR
MmVChdhDewUS+y77BCNLAdbeRDiApJndqPZiBj+5U+WR4+G3NjzPwIkW0/m8pCAr
zQbuWbyeA1sojOWE4bYgLUHQzqoDL+syOlCNa4ne7hb+Iv1LGvVscrIIow1M
-----END CERTIFICATE-----