Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b4/d99fac-35dc-4f2c-8f95-f195223d03b3/1/WaBgHFrZw0y6z5wijFnJQTUVeSg.roa
File:                     WaBgHFrZw0y6z5wijFnJQTUVeSg.roa (raw, json)
Hash identifier:          w4OtV7N8CWfl7bUmM7sa94eVSRTZLDDKiitgv0wq1OI=
Subject key identifier:   59:A0:60:1C:5A:D9:C3:4C:BA:CF:9C:22:8C:59:C9:41:35:15:79:28
Certificate issuer:       /CN=7c29c2f5723f29ec5e0e793e73ab55b8a1c86ba9
Certificate serial:       018D59EAD8EBDBB821D3212B7041050AC2E9
Authority key identifier: 7C:29:C2:F5:72:3F:29:EC:5E:0E:79:3E:73:AB:55:B8:A1:C8:6B:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fCnC9XI_KexeDnk-c6tVuKHIa6k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b4/d99fac-35dc-4f2c-8f95-f195223d03b3/1/WaBgHFrZw0y6z5wijFnJQTUVeSg.roa
Signing time:             Tue 30 Jan 2024 10:29:39 +0000
ROA not before:           Tue 30 Jan 2024 10:29:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48610
IP address blocks:        176.97.194.0/24 maxlen: 24
                          2a13:8e40::/36 maxlen: 36

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b4/d99fac-35dc-4f2c-8f95-f195223d03b3/1/fCnC9XI_KexeDnk-c6tVuKHIa6k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b4/d99fac-35dc-4f2c-8f95-f195223d03b3/1/fCnC9XI_KexeDnk-c6tVuKHIa6k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fCnC9XI_KexeDnk-c6tVuKHIa6k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Jun 2024 19:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:59:ea:d8:eb:db:b8:21:d3:21:2b:70:41:05:0a:c2:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7c29c2f5723f29ec5e0e793e73ab55b8a1c86ba9
        Validity
            Not Before: Jan 30 10:29:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=59a0601c5ad9c34cbacf9c228c59c94135157928
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:5a:cf:48:42:75:27:99:37:45:f5:07:b8:79:
                    d4:6a:64:18:1e:e4:7a:a8:6b:a6:2d:78:dd:9d:6a:
                    04:01:8f:c4:0a:35:6a:f0:9c:d4:ae:9e:13:d2:32:
                    04:5f:b8:7f:34:a0:d4:0b:7c:86:50:85:8c:3e:12:
                    0a:b5:e1:a8:82:19:b3:88:61:34:17:d7:48:9b:d4:
                    fc:c1:f7:0f:d3:ae:0a:fd:7e:96:6a:e2:d7:5e:f7:
                    5b:c1:02:15:cd:cc:df:a8:57:06:b3:30:fc:90:9a:
                    64:65:84:75:7b:35:ea:13:18:9f:64:94:3b:22:c4:
                    88:37:57:db:9a:a6:e3:58:e2:bc:c7:c1:34:a1:68:
                    47:17:c1:d3:39:e9:6b:03:5b:29:ee:95:65:66:cd:
                    14:21:06:19:b4:0e:45:03:44:be:66:4b:72:f0:d9:
                    f8:b2:87:12:80:af:01:25:81:d0:e4:c6:0a:3e:1b:
                    86:4e:ca:9d:9c:9a:ed:24:6a:a8:74:7e:49:86:69:
                    62:e1:05:2f:38:5f:8e:28:87:4b:49:46:08:eb:48:
                    bb:81:3d:cc:91:76:0b:e5:65:0a:56:2d:7d:76:97:
                    50:ee:ba:51:6b:44:b1:59:85:2a:ca:21:ba:ef:3c:
                    59:62:8a:89:03:45:f8:91:b0:9d:e6:33:ac:c5:9a:
                    21:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:A0:60:1C:5A:D9:C3:4C:BA:CF:9C:22:8C:59:C9:41:35:15:79:28
            X509v3 Authority Key Identifier:
                keyid:7C:29:C2:F5:72:3F:29:EC:5E:0E:79:3E:73:AB:55:B8:A1:C8:6B:A9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fCnC9XI_KexeDnk-c6tVuKHIa6k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/d99fac-35dc-4f2c-8f95-f195223d03b3/1/WaBgHFrZw0y6z5wijFnJQTUVeSg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/d99fac-35dc-4f2c-8f95-f195223d03b3/1/fCnC9XI_KexeDnk-c6tVuKHIa6k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.97.194.0/24
                IPv6:
                  2a13:8e40::/36

    Signature Algorithm: sha256WithRSAEncryption
         4b:5b:29:df:da:94:b2:ae:b0:8e:d5:80:36:bb:71:7d:45:fc:
         cb:06:e6:42:7f:89:33:4c:9c:14:5f:bf:83:cb:13:15:28:90:
         d8:28:01:ea:59:4d:7a:38:94:00:5b:15:a1:ac:db:42:83:40:
         4b:3f:63:42:4f:de:24:31:4b:8d:d6:6b:98:b3:ec:ee:ff:77:
         eb:4a:9b:ed:ed:82:82:a6:29:e8:bf:a2:88:33:be:cc:ea:a3:
         f1:19:c1:8f:9e:ae:c5:0c:6b:3a:9b:d2:bf:60:d6:d4:48:9e:
         cf:ee:4f:54:7b:70:88:bf:35:96:35:a6:06:67:13:ba:74:c4:
         2a:ab:8b:39:6a:b7:09:45:63:50:44:a9:7e:6d:69:2e:7a:cc:
         73:ef:e2:3b:06:aa:fb:1c:43:a2:27:c2:06:72:29:42:fa:da:
         8a:18:33:1f:12:54:fe:9b:72:da:8c:5e:ac:b0:5a:54:62:b4:
         2d:d9:5f:09:51:d3:d5:30:78:25:66:26:43:54:8c:92:b4:e1:
         2b:03:4b:e4:51:de:23:64:fb:f5:aa:06:69:2e:e9:87:fe:eb:
         9d:22:34:e4:8e:9e:43:85:bc:25:4a:16:20:82:1a:51:2c:96:
         3b:f2:98:ec:2d:95:31:f6:eb:eb:c0:67:7a:7a:af:f2:18:98:
         be:67:3c:b9
-----BEGIN CERTIFICATE-----
MIIFDTCCA/WgAwIBAgISAY1Z6tjr27gh0yErcEEFCsLpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdjMjljMmY1NzIzZjI5ZWM1ZTBlNzkzZTczYWI1NWI4YTFj
ODZiYTkwHhcNMjQwMTMwMTAyOTM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OWEwNjAxYzVhZDljMzRjYmFjZjljMjI4YzU5Yzk0MTM1MTU3OTI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4VrPSEJ1J5k3RfUHuHnUamQYHuR6
qGumLXjdnWoEAY/ECjVq8JzUrp4T0jIEX7h/NKDUC3yGUIWMPhIKteGoghmziGE0
F9dIm9T8wfcP064K/X6WauLXXvdbwQIVzczfqFcGszD8kJpkZYR1ezXqExifZJQ7
IsSIN1fbmqbjWOK8x8E0oWhHF8HTOelrA1sp7pVlZs0UIQYZtA5FA0S+Zkty8Nn4
socSgK8BJYHQ5MYKPhuGTsqdnJrtJGqodH5Jhmli4QUvOF+OKIdLSUYI60i7gT3M
kXYL5WUKVi19dpdQ7rpRa0SxWYUqyiG67zxZYoqJA0X4kbCd5jOsxZohZwIDAQAB
o4ICGTCCAhUwHQYDVR0OBBYEFFmgYBxa2cNMus+cIoxZyUE1FXkoMB8GA1UdIwQY
MBaAFHwpwvVyPynsXg55PnOrVbihyGupMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZkNuQzlYSV9LZXhlRG5rLWM2dFZ1S0hJYTZrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNC9kOTlmYWMtMzVkYy00ZjJjLThmOTUt
ZjE5NTIyM2QwM2IzLzEvV2FCZ0hGclp3MHk2ejV3aWpGbkpRVFVWZVNnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNC9kOTlmYWMtMzVkYy00ZjJjLThmOTUtZjE5NTIyM2QwM2Iz
LzEvZkNuQzlYSV9LZXhlRG5rLWM2dFZ1S0hJYTZrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC8GCCsGAQUFBwEHAQH/BCAwHjAMBAIAATAGAwQAsGHCMA4E
AgACMAgDBgQqE45AADANBgkqhkiG9w0BAQsFAAOCAQEAS1sp39qUsq6wjtWANrtx
fUX8ywbmQn+JM0ycFF+/g8sTFSiQ2CgB6llNejiUAFsVoazbQoNASz9jQk/eJDFL
jdZrmLPs7v9360qb7e2CgqYp6L+iiDO+zOqj8RnBj56uxQxrOpvSv2DW1Eiez+5P
VHtwiL81ljWmBmcTunTEKquLOWq3CUVjUESpfm1pLnrMc+/iOwaq+xxDoifCBnIp
QvraihgzHxJU/pty2oxerLBaVGK0LdlfCVHT1TB4JWYmQ1SMkrThKwNL5FHeI2T7
9aoGaS7ph/7rnSI05I6eQ4W8JUoWIIIaUSyWO/KY7C2VMfbr68Bnenqv8hiYvmc8
uQ==
-----END CERTIFICATE-----