Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/978871-255b-443a-8e01-fc839bb6d173/1/WcnXDwovy7fb7PcYqhjByfbUgt4.roa
File:                     WcnXDwovy7fb7PcYqhjByfbUgt4.roa (raw, json)
Hash identifier:          1zdsf0JcXW0Cn6tHjpo4feHQ7ylVZ+tveZAvPW3w1aQ=
Subject key identifier:   59:C9:D7:0F:0A:2F:CB:B7:DB:EC:F7:18:AA:18:C1:C9:F6:D4:82:DE
Certificate issuer:       /CN=2681b7b4ae3e75dc4b36cff2937923ecdff7259b
Certificate serial:       018CC64A4DD189C3568616260FFFA3959E63
Authority key identifier: 26:81:B7:B4:AE:3E:75:DC:4B:36:CF:F2:93:79:23:EC:DF:F7:25:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JoG3tK4-ddxLNs_yk3kj7N_3JZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/978871-255b-443a-8e01-fc839bb6d173/1/WcnXDwovy7fb7PcYqhjByfbUgt4.roa
Signing time:             Mon 01 Jan 2024 18:30:07 +0000
ROA not before:           Mon 01 Jan 2024 18:30:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60793
IP address blocks:        185.19.12.0/22 maxlen: 22
                          185.192.156.0/22 maxlen: 22
                          2a03:fe40::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/978871-255b-443a-8e01-fc839bb6d173/1/JoG3tK4-ddxLNs_yk3kj7N_3JZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/978871-255b-443a-8e01-fc839bb6d173/1/JoG3tK4-ddxLNs_yk3kj7N_3JZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JoG3tK4-ddxLNs_yk3kj7N_3JZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:4d:d1:89:c3:56:86:16:26:0f:ff:a3:95:9e:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2681b7b4ae3e75dc4b36cff2937923ecdff7259b
        Validity
            Not Before: Jan  1 18:30:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=59c9d70f0a2fcbb7dbecf718aa18c1c9f6d482de
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:29:f9:3b:0e:48:c5:2c:c4:08:7a:04:11:79:
                    89:62:d1:ac:5c:b5:f2:0c:2a:65:31:e5:17:d2:cc:
                    f4:89:61:8f:03:03:5f:b2:bc:2c:de:82:d8:5e:f1:
                    00:8f:ad:ae:aa:8a:dd:e8:41:8f:52:e6:f8:48:ef:
                    47:1a:db:fb:2d:37:95:bb:73:f5:15:c2:b8:79:c5:
                    c8:be:4e:c7:a0:b2:c2:21:52:45:06:ea:04:68:79:
                    f8:0c:f1:fc:c7:00:96:ec:ec:50:0d:17:0d:cb:fe:
                    62:b0:4b:93:aa:bc:46:41:92:02:86:0a:52:76:0a:
                    a9:c9:45:63:31:ea:35:8d:19:79:39:9d:11:2e:90:
                    41:16:0f:28:8f:c1:b5:7b:4d:42:d2:0c:e6:02:b2:
                    86:d5:63:0f:fd:4b:26:d9:2b:78:10:37:38:e1:ac:
                    84:8b:a0:e1:6d:1c:1f:2f:b2:21:31:80:c2:0d:3a:
                    7d:3d:d5:37:cf:52:c6:10:c8:90:40:dd:00:ee:bb:
                    2e:9a:2f:38:16:10:06:e1:c1:f1:bb:c5:ec:6d:69:
                    56:a1:50:cd:84:3b:bc:f3:d7:ff:64:ef:71:b9:b8:
                    16:c9:61:f6:02:02:f8:b5:6d:32:3a:e0:ef:0e:b8:
                    e0:d5:60:3e:b2:0f:70:d2:51:48:b1:02:5e:13:d5:
                    c1:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:C9:D7:0F:0A:2F:CB:B7:DB:EC:F7:18:AA:18:C1:C9:F6:D4:82:DE
            X509v3 Authority Key Identifier:
                keyid:26:81:B7:B4:AE:3E:75:DC:4B:36:CF:F2:93:79:23:EC:DF:F7:25:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JoG3tK4-ddxLNs_yk3kj7N_3JZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/978871-255b-443a-8e01-fc839bb6d173/1/WcnXDwovy7fb7PcYqhjByfbUgt4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/978871-255b-443a-8e01-fc839bb6d173/1/JoG3tK4-ddxLNs_yk3kj7N_3JZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.19.12.0/22
                  185.192.156.0/22
                IPv6:
                  2a03:fe40::/32

    Signature Algorithm: sha256WithRSAEncryption
         14:ff:12:59:0d:c3:58:af:bf:12:f8:e0:d5:25:79:5f:c3:bd:
         cb:70:3e:a3:bc:eb:05:7f:ca:ee:fc:8b:3f:9f:ed:f4:20:87:
         1f:91:a4:c1:26:28:bd:40:c8:59:3c:4f:2d:5e:4e:1f:6a:2f:
         ec:6c:55:e1:0a:f1:89:40:39:a4:18:c0:29:68:48:2d:81:43:
         fd:a0:df:af:ab:6c:a3:cf:c6:87:40:ec:57:da:16:0f:13:09:
         34:33:cb:a6:e5:58:5b:94:14:5c:99:ca:46:f8:17:0d:02:93:
         bd:c7:47:fd:b9:2e:57:35:a7:74:42:0c:98:10:66:6f:d7:67:
         16:ec:50:e2:52:42:33:3c:75:de:19:af:4d:65:85:39:db:61:
         d6:e2:2c:28:92:0b:68:b5:eb:76:dd:64:a4:51:f6:eb:f2:77:
         d2:1c:a5:49:5a:ee:46:ff:94:9a:74:a8:d5:c6:ac:86:a1:a3:
         c8:5c:6a:8c:20:32:0c:06:b9:11:11:d3:a5:65:9e:04:8e:9d:
         d1:64:09:3e:ca:9c:97:e9:0f:87:65:0d:f2:ca:a8:50:1a:23:
         59:d3:da:84:08:cf:07:ba:cb:62:1a:c1:6e:61:7d:3b:97:fa:
         02:c4:8c:8f:35:50:4d:2e:7e:76:bb:46:51:58:6c:35:c8:ef:
         a4:d1:88:7e
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzGSk3RicNWhhYmD/+jlZ5jMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI2ODFiN2I0YWUzZTc1ZGM0YjM2Y2ZmMjkzNzkyM2VjZGZm
NzI1OWIwHhcNMjQwMTAxMTgzMDA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OWM5ZDcwZjBhMmZjYmI3ZGJlY2Y3MThhYTE4YzFjOWY2ZDQ4MmRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoSn5Ow5IxSzECHoEEXmJYtGsXLXy
DCplMeUX0sz0iWGPAwNfsrws3oLYXvEAj62uqord6EGPUub4SO9HGtv7LTeVu3P1
FcK4ecXIvk7HoLLCIVJFBuoEaHn4DPH8xwCW7OxQDRcNy/5isEuTqrxGQZIChgpS
dgqpyUVjMeo1jRl5OZ0RLpBBFg8oj8G1e01C0gzmArKG1WMP/Usm2St4EDc44ayE
i6DhbRwfL7IhMYDCDTp9PdU3z1LGEMiQQN0A7rsumi84FhAG4cHxu8XsbWlWoVDN
hDu889f/ZO9xubgWyWH2AgL4tW0yOuDvDrjg1WA+sg9w0lFIsQJeE9XBEQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFFnJ1w8KL8u32+z3GKoYwcn21ILeMB8GA1UdIwQY
MBaAFCaBt7SuPnXcSzbP8pN5I+zf9yWbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSm9HM3RLNC1kZHhMTnNfeWsza2o3Tl8zSlpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC85Nzg4NzEtMjU1Yi00NDNhLThlMDEt
ZmM4MzliYjZkMTczLzEvV2NuWER3b3Z5N2ZiN1BjWXFoakJ5ZmJVZ3Q0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC85Nzg4NzEtMjU1Yi00NDNhLThlMDEtZmM4MzliYjZkMTcz
LzEvSm9HM3RLNC1kZHhMTnNfeWsza2o3Tl8zSlpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCuRMMAwQC
ucCcMA0EAgACMAcDBQAqA/5AMA0GCSqGSIb3DQEBCwUAA4IBAQAU/xJZDcNYr78S
+ODVJXlfw73LcD6jvOsFf8ru/Is/n+30IIcfkaTBJii9QMhZPE8tXk4fai/sbFXh
CvGJQDmkGMApaEgtgUP9oN+vq2yjz8aHQOxX2hYPEwk0M8um5VhblBRcmcpG+BcN
ApO9x0f9uS5XNad0QgyYEGZv12cW7FDiUkIzPHXeGa9NZYU522HW4iwokgtotet2
3WSkUfbr8nfSHKVJWu5G/5SadKjVxqyGoaPIXGqMIDIMBrkREdOlZZ4Ejp3RZAk+
ypyX6Q+HZQ3yyqhQGiNZ09qECM8HustiGsFuYX07l/oCxIyPNVBNLn52u0ZRWGw1
yO+k0Yh+
-----END CERTIFICATE-----