Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ce/52b481-f303-4a96-97dd-7370fd80df6c/1/w4SJnjwr5olmQDgJ-TbHDtA7FKU.roa
File:                     w4SJnjwr5olmQDgJ-TbHDtA7FKU.roa (raw, json)
Hash identifier:          jcWvnEfadLtXVMRgXchDLNsk7Gz2YXmmXic7j+UfmYU=
Subject key identifier:   C3:84:89:9E:3C:2B:E6:89:66:40:38:09:F9:36:C7:0E:D0:3B:14:A5
Certificate issuer:       /CN=586b0182105bb27b0c8bcf2842bd3c1a85164bd1
Certificate serial:       019347D9669DF15F69C0F67F1A48DA128BFB
Authority key identifier: 58:6B:01:82:10:5B:B2:7B:0C:8B:CF:28:42:BD:3C:1A:85:16:4B:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WGsBghBbsnsMi88oQr08GoUWS9E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ce/52b481-f303-4a96-97dd-7370fd80df6c/1/w4SJnjwr5olmQDgJ-TbHDtA7FKU.roa
Signing time:             Wed 20 Nov 2024 04:34:10 +0000
ROA not before:           Wed 20 Nov 2024 04:34:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     2914
IP address blocks:        194.179.192.0/19 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ce/52b481-f303-4a96-97dd-7370fd80df6c/1/WGsBghBbsnsMi88oQr08GoUWS9E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ce/52b481-f303-4a96-97dd-7370fd80df6c/1/WGsBghBbsnsMi88oQr08GoUWS9E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WGsBghBbsnsMi88oQr08GoUWS9E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 16:00:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:47:d9:66:9d:f1:5f:69:c0:f6:7f:1a:48:da:12:8b:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=586b0182105bb27b0c8bcf2842bd3c1a85164bd1
        Validity
            Not Before: Nov 20 04:34:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c384899e3c2be68966403809f936c70ed03b14a5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:7f:ca:c6:39:0c:76:c0:45:ec:28:d3:f9:bb:
                    1a:87:82:fb:6f:2c:32:0e:2c:eb:21:7b:bb:bb:d5:
                    b3:06:be:28:9f:bc:56:31:65:72:7f:ce:17:c5:cd:
                    85:b8:0d:01:a3:f4:e5:5c:1d:58:b5:0b:05:22:19:
                    d5:a0:19:25:34:fb:f5:b8:ef:93:2b:93:ac:2e:b7:
                    e9:ee:f0:9b:f6:73:d3:91:36:5c:9c:df:fb:5c:65:
                    22:2c:e4:f5:78:df:cb:91:fa:06:99:ea:b7:66:1a:
                    79:9f:2a:93:fe:5e:ae:11:0c:72:33:54:05:14:cd:
                    a4:8b:b6:ff:ef:80:c2:3b:ed:c4:ea:a6:93:0b:fe:
                    21:3f:33:15:f6:d8:31:85:3a:a4:23:3a:83:9a:d8:
                    bd:13:6b:82:5b:ab:f0:2b:83:ba:b1:c5:ff:c0:dd:
                    37:ce:32:85:83:e1:60:13:59:f0:a8:95:8c:8d:28:
                    9e:ea:c2:37:be:95:9c:27:89:e3:40:13:ac:e4:20:
                    fd:ea:45:83:00:39:17:6b:71:45:b6:cf:9b:52:c6:
                    2b:5f:49:44:ea:3d:bb:80:a2:d8:0a:9e:af:99:94:
                    1c:e8:5c:e9:fd:b1:6f:b1:9b:36:52:fd:00:58:bf:
                    54:d9:b7:5d:e0:65:4e:de:b5:19:ad:53:20:3c:9f:
                    06:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C3:84:89:9E:3C:2B:E6:89:66:40:38:09:F9:36:C7:0E:D0:3B:14:A5
            X509v3 Authority Key Identifier:
                keyid:58:6B:01:82:10:5B:B2:7B:0C:8B:CF:28:42:BD:3C:1A:85:16:4B:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WGsBghBbsnsMi88oQr08GoUWS9E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ce/52b481-f303-4a96-97dd-7370fd80df6c/1/w4SJnjwr5olmQDgJ-TbHDtA7FKU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ce/52b481-f303-4a96-97dd-7370fd80df6c/1/WGsBghBbsnsMi88oQr08GoUWS9E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.179.192.0/19

    Signature Algorithm: sha256WithRSAEncryption
         61:25:3e:46:49:17:be:37:fe:71:94:5e:26:f0:19:7a:48:e0:
         55:65:3f:cf:be:5f:56:19:66:29:24:e6:da:f4:16:75:46:bf:
         f8:d1:2a:c4:5a:b6:57:7c:28:c0:e6:d5:72:44:af:cc:e9:7d:
         c1:94:d7:c3:da:ba:91:db:11:c2:e9:67:67:6d:8a:aa:63:52:
         10:f6:1f:f2:3a:02:57:c2:23:34:38:cc:66:20:5d:c0:07:b7:
         7c:d0:89:3e:45:f5:fa:63:d3:24:6a:df:80:62:83:52:ea:60:
         87:cb:6c:88:14:e1:66:48:12:a8:88:b7:15:b6:b8:98:bc:51:
         89:6f:d1:db:fe:92:77:bd:25:32:d4:9f:84:f0:da:65:21:93:
         ff:23:66:a4:68:2a:a9:6a:56:f4:be:5d:8c:c1:60:7c:1a:be:
         f2:4e:45:99:38:10:08:91:ab:f2:07:46:00:58:d0:9c:8e:09:
         82:13:fd:9e:f2:e4:4f:23:a2:42:45:18:de:ba:da:85:37:ec:
         9c:e1:d7:d6:06:48:5d:ee:ec:88:9c:0d:ae:49:2b:b4:01:e7:
         c4:1c:c7:0f:84:a0:f2:b4:a1:75:c2:2e:8f:b9:f3:2a:e3:79:
         40:1a:51:11:3f:23:95:17:08:eb:d1:85:46:cd:6e:0a:f1:ea:
         91:76:e1:32
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZNH2Wad8V9pwPZ/GkjaEov7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4NmIwMTgyMTA1YmIyN2IwYzhiY2YyODQyYmQzYzFhODUx
NjRiZDEwHhcNMjQxMTIwMDQzNDEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMzg0ODk5ZTNjMmJlNjg5NjY0MDM4MDlmOTM2YzcwZWQwM2IxNGE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvH/KxjkMdsBF7CjT+bsah4L7bywy
DizrIXu7u9WzBr4on7xWMWVyf84Xxc2FuA0Bo/TlXB1YtQsFIhnVoBklNPv1uO+T
K5OsLrfp7vCb9nPTkTZcnN/7XGUiLOT1eN/LkfoGmeq3Zhp5nyqT/l6uEQxyM1QF
FM2ki7b/74DCO+3E6qaTC/4hPzMV9tgxhTqkIzqDmti9E2uCW6vwK4O6scX/wN03
zjKFg+FgE1nwqJWMjSie6sI3vpWcJ4njQBOs5CD96kWDADkXa3FFts+bUsYrX0lE
6j27gKLYCp6vmZQc6Fzp/bFvsZs2Uv0AWL9U2bdd4GVO3rUZrVMgPJ8GeQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMOEiZ48K+aJZkA4Cfk2xw7QOxSlMB8GA1UdIwQY
MBaAFFhrAYIQW7J7DIvPKEK9PBqFFkvRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0dzQmdoQmJzbnNNaTg4b1FyMDhHb1VXUzlFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZS81MmI0ODEtZjMwMy00YTk2LTk3ZGQt
NzM3MGZkODBkZjZjLzEvdzRTSm5qd3I1b2xtUURnSi1UYkhEdEE3RktVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZS81MmI0ODEtZjMwMy00YTk2LTk3ZGQtNzM3MGZkODBkZjZj
LzEvV0dzQmdoQmJzbnNNaTg4b1FyMDhHb1VXUzlFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQFwrPAMA0G
CSqGSIb3DQEBCwUAA4IBAQBhJT5GSRe+N/5xlF4m8Bl6SOBVZT/Pvl9WGWYpJOba
9BZ1Rr/40SrEWrZXfCjA5tVyRK/M6X3BlNfD2rqR2xHC6WdnbYqqY1IQ9h/yOgJX
wiM0OMxmIF3AB7d80Ik+RfX6Y9Mkat+AYoNS6mCHy2yIFOFmSBKoiLcVtriYvFGJ
b9Hb/pJ3vSUy1J+E8NplIZP/I2akaCqpalb0vl2MwWB8Gr7yTkWZOBAIkavyB0YA
WNCcjgmCE/2e8uRPI6JCRRjeutqFN+yc4dfWBkhd7uyInA2uSSu0AefEHMcPhKDy
tKF1wi6PufMq43lAGlERPyOVFwjr0YVGzW4K8eqRduEy
-----END CERTIFICATE-----