Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/9fc14c-c366-46ff-aaf7-8949e751b219/1/XWzDZCQV_DiIYRMB4P2-aVeomhw.roa
File:                     XWzDZCQV_DiIYRMB4P2-aVeomhw.roa (raw, json)
Hash identifier:          C8OCvQgzKIEb/BHMkGbslFHLjeLL2vHsYjb+g0LdPZ4=
Subject key identifier:   5D:6C:C3:64:24:15:FC:38:88:61:13:01:E0:FD:BE:69:57:A8:9A:1C
Certificate issuer:       /CN=de19baa8c880a9459dc5f44d675dea4ef96dbdef
Certificate serial:       018CC8DF38F8F7B4DED85C9AE298921F08A2
Authority key identifier: DE:19:BA:A8:C8:80:A9:45:9D:C5:F4:4D:67:5D:EA:4E:F9:6D:BD:EF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3hm6qMiAqUWdxfRNZ13qTvltve8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a7/9fc14c-c366-46ff-aaf7-8949e751b219/1/XWzDZCQV_DiIYRMB4P2-aVeomhw.roa
Signing time:             Tue 02 Jan 2024 06:32:01 +0000
ROA not before:           Tue 02 Jan 2024 06:32:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     553
IP address blocks:        141.59.0.0/16 maxlen: 16

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a7/9fc14c-c366-46ff-aaf7-8949e751b219/1/3hm6qMiAqUWdxfRNZ13qTvltve8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a7/9fc14c-c366-46ff-aaf7-8949e751b219/1/3hm6qMiAqUWdxfRNZ13qTvltve8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3hm6qMiAqUWdxfRNZ13qTvltve8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Jun 2024 18:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:38:f8:f7:b4:de:d8:5c:9a:e2:98:92:1f:08:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=de19baa8c880a9459dc5f44d675dea4ef96dbdef
        Validity
            Not Before: Jan  2 06:32:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5d6cc3642415fc3888611301e0fdbe6957a89a1c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:92:5d:00:74:1d:ec:87:fe:cc:d3:9d:27:b4:
                    81:9d:f6:d8:56:03:b6:42:9e:78:d1:6e:dc:eb:2e:
                    ea:09:3e:43:f3:41:14:a0:95:e0:1a:eb:ae:1c:31:
                    b3:ac:0f:9d:db:21:6f:26:0a:3c:8c:41:4f:21:3d:
                    86:f4:ef:db:d8:4f:79:5c:db:70:56:5c:30:8a:cd:
                    76:5b:13:1e:06:1a:96:f7:5d:d0:c7:73:14:0a:31:
                    e2:59:a0:d0:ff:ea:7e:17:e7:0b:c0:74:43:a5:dc:
                    1f:6c:06:4a:3b:5e:04:3c:52:a4:98:2d:cc:5d:22:
                    fa:e1:3c:ad:9c:62:10:26:ec:15:28:98:43:9b:2e:
                    b7:d1:8a:f2:69:38:4a:a0:61:1a:f6:4a:fb:03:eb:
                    9e:b6:b3:9c:5d:3d:f2:cb:07:2e:02:c0:a2:73:a0:
                    bf:25:2a:0c:e2:ac:49:f0:a1:ed:ea:09:f3:65:3d:
                    ec:d7:59:f0:85:ab:1b:fd:cc:e9:9e:d7:9b:a9:1b:
                    f3:8a:14:44:e6:2e:30:ce:28:ea:b1:ba:93:49:de:
                    7c:bc:29:50:2b:09:5f:cc:4e:41:96:1c:31:59:8d:
                    62:32:c1:b7:f9:d6:2b:9d:6a:a9:dc:75:0f:6e:c6:
                    3a:1e:05:1e:3a:e4:81:08:d4:a8:95:9a:e9:53:33:
                    e2:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:6C:C3:64:24:15:FC:38:88:61:13:01:E0:FD:BE:69:57:A8:9A:1C
            X509v3 Authority Key Identifier:
                keyid:DE:19:BA:A8:C8:80:A9:45:9D:C5:F4:4D:67:5D:EA:4E:F9:6D:BD:EF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3hm6qMiAqUWdxfRNZ13qTvltve8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/9fc14c-c366-46ff-aaf7-8949e751b219/1/XWzDZCQV_DiIYRMB4P2-aVeomhw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/9fc14c-c366-46ff-aaf7-8949e751b219/1/3hm6qMiAqUWdxfRNZ13qTvltve8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.59.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         23:f3:d0:72:91:c9:ee:a3:bd:d5:01:90:6b:4b:0a:67:c6:85:
         f6:76:79:e8:f8:d0:3d:ec:2d:8a:0b:4c:b4:be:ae:ce:e5:b4:
         6f:4d:06:6f:1a:8f:77:42:6b:cb:00:11:06:26:59:f7:df:58:
         07:a0:79:a5:e6:cb:85:f4:32:05:ab:87:ba:7f:45:7b:08:3d:
         29:34:20:32:98:54:09:00:05:aa:2d:4d:60:3f:78:9d:e7:16:
         68:fa:91:7b:bf:56:87:59:64:86:04:07:08:ee:12:15:6e:7a:
         9d:ef:ee:66:95:8d:8c:51:07:cd:0c:b4:0a:00:2d:4f:b6:60:
         e7:61:0b:04:13:20:0e:ec:94:5d:b2:c2:69:c0:2b:c0:a6:b4:
         36:2b:3e:16:d2:be:ef:e1:a5:df:55:23:60:91:36:a4:a5:bb:
         c5:29:9a:91:0c:53:bc:69:f2:5d:05:0a:31:d6:ac:2a:d4:5f:
         3d:bb:ba:62:b4:99:5c:cc:a6:1c:2c:ae:3e:08:a3:8d:7d:89:
         17:8a:7a:49:8e:49:20:e0:05:00:41:1b:80:ec:d6:54:51:08:
         84:93:5c:2c:5f:d6:4f:a6:d2:b2:5b:fd:b9:59:30:32:53:5c:
         86:8c:16:64:2f:32:c7:0f:5e:cf:7d:aa:f1:1a:0b:59:45:7d:
         df:d3:c3:0f
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAYzI3zj497Te2Fya4piSHwiiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRlMTliYWE4Yzg4MGE5NDU5ZGM1ZjQ0ZDY3NWRlYTRlZjk2
ZGJkZWYwHhcNMjQwMTAyMDYzMjAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZDZjYzM2NDI0MTVmYzM4ODg2MTEzMDFlMGZkYmU2OTU3YTg5YTFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp5JdAHQd7If+zNOdJ7SBnfbYVgO2
Qp540W7c6y7qCT5D80EUoJXgGuuuHDGzrA+d2yFvJgo8jEFPIT2G9O/b2E95XNtw
Vlwwis12WxMeBhqW913Qx3MUCjHiWaDQ/+p+F+cLwHRDpdwfbAZKO14EPFKkmC3M
XSL64TytnGIQJuwVKJhDmy630YryaThKoGEa9kr7A+uetrOcXT3yywcuAsCic6C/
JSoM4qxJ8KHt6gnzZT3s11nwhasb/czpntebqRvzihRE5i4wzijqsbqTSd58vClQ
KwlfzE5BlhwxWY1iMsG3+dYrnWqp3HUPbsY6HgUeOuSBCNSolZrpUzPibQIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFF1sw2QkFfw4iGETAeD9vmlXqJocMB8GA1UdIwQY
MBaAFN4ZuqjIgKlFncX0TWdd6k75bb3vMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM2htNnFNaUFxVVdkeGZSTloxM3FUdmx0dmU4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy85ZmMxNGMtYzM2Ni00NmZmLWFhZjct
ODk0OWU3NTFiMjE5LzEvWFd6RFpDUVZfRGlJWVJNQjRQMi1hVmVvbWh3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy85ZmMxNGMtYzM2Ni00NmZmLWFhZjctODk0OWU3NTFiMjE5
LzEvM2htNnFNaUFxVVdkeGZSTloxM3FUdmx0dmU4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAjTswDQYJ
KoZIhvcNAQELBQADggEBACPz0HKRye6jvdUBkGtLCmfGhfZ2eej40D3sLYoLTLS+
rs7ltG9NBm8aj3dCa8sAEQYmWfffWAegeaXmy4X0MgWrh7p/RXsIPSk0IDKYVAkA
BaotTWA/eJ3nFmj6kXu/VodZZIYEBwjuEhVuep3v7maVjYxRB80MtAoALU+2YOdh
CwQTIA7slF2ywmnAK8CmtDYrPhbSvu/hpd9VI2CRNqSlu8UpmpEMU7xp8l0FCjHW
rCrUXz27umK0mVzMphwsrj4Io419iReKekmOSSDgBQBBG4Ds1lRRCISTXCxf1k+m
0rJb/blZMDJTXIaMFmQvMscPXs99qvEaC1lFfd/Tww8=
-----END CERTIFICATE-----