Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/01/fe4266-7f54-4fb3-b810-e97d1d0220af/1/WXCGcwKj4E2ogtIYi2xxazAHoMw.roa
File:                     WXCGcwKj4E2ogtIYi2xxazAHoMw.roa (raw, json)
Hash identifier:          wXh4kuSYTKU6vJu2lm1VJsBjww6BTFMvjUExyLqyyXw=
Subject key identifier:   59:70:86:73:02:A3:E0:4D:A8:82:D2:18:8B:6C:71:6B:30:07:A0:CC
Certificate issuer:       /CN=8e626c909eb4951154bcee8221e43951b4257624
Certificate serial:       0192052ADFEC11CEAEFD90C65EFCD4C2D328
Authority key identifier: 8E:62:6C:90:9E:B4:95:11:54:BC:EE:82:21:E4:39:51:B4:25:76:24
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jmJskJ60lRFUvO6CIeQ5UbQldiQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/01/fe4266-7f54-4fb3-b810-e97d1d0220af/1/WXCGcwKj4E2ogtIYi2xxazAHoMw.roa
Signing time:             Wed 18 Sep 2024 12:45:48 +0000
ROA not before:           Wed 18 Sep 2024 12:45:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     6762
IP address blocks:        46.244.111.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/01/fe4266-7f54-4fb3-b810-e97d1d0220af/1/jmJskJ60lRFUvO6CIeQ5UbQldiQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/01/fe4266-7f54-4fb3-b810-e97d1d0220af/1/jmJskJ60lRFUvO6CIeQ5UbQldiQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jmJskJ60lRFUvO6CIeQ5UbQldiQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 15:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:05:2a:df:ec:11:ce:ae:fd:90:c6:5e:fc:d4:c2:d3:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8e626c909eb4951154bcee8221e43951b4257624
        Validity
            Not Before: Sep 18 12:45:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5970867302a3e04da882d2188b6c716b3007a0cc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:b5:da:9e:7c:a4:d6:e7:d2:bc:6f:65:cd:10:
                    f0:c2:59:d2:ad:96:50:9c:30:ff:fb:39:42:34:34:
                    4e:10:d4:3b:3b:ad:ab:c5:6b:e1:7f:54:9b:f0:64:
                    ea:1b:f7:53:19:1d:09:ad:34:1b:27:4a:91:f2:5f:
                    eb:25:53:2a:37:6a:d2:94:5d:b8:29:ee:45:a8:2d:
                    52:22:e7:17:bd:63:de:79:70:68:15:ea:6d:f2:13:
                    47:01:b8:dd:f7:d0:b2:a7:e2:7f:76:a9:f5:64:a7:
                    b9:2f:51:38:2e:dc:05:43:3f:89:3a:a7:6f:13:33:
                    cf:f2:4c:13:e8:98:f8:0f:ae:2f:b8:24:40:40:d0:
                    06:8a:05:cf:c2:0c:2c:77:74:de:85:44:7c:16:e8:
                    98:cc:a5:98:32:40:88:4e:25:4d:18:23:d7:fa:b9:
                    12:3a:c9:6c:14:70:02:21:5a:b9:33:a2:a1:15:bb:
                    fa:61:f5:78:dc:00:33:2e:64:96:7c:f8:8f:4e:96:
                    84:83:b2:2b:37:2b:9b:18:87:59:8c:ee:88:df:86:
                    77:0d:ec:48:f1:37:f0:5a:d1:d9:f8:fb:f2:11:be:
                    d2:8f:fa:0d:ba:d6:02:3a:17:2e:df:00:aa:08:3d:
                    31:26:3f:85:04:df:49:f5:3f:53:10:c8:bb:75:7f:
                    62:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:70:86:73:02:A3:E0:4D:A8:82:D2:18:8B:6C:71:6B:30:07:A0:CC
            X509v3 Authority Key Identifier:
                keyid:8E:62:6C:90:9E:B4:95:11:54:BC:EE:82:21:E4:39:51:B4:25:76:24

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jmJskJ60lRFUvO6CIeQ5UbQldiQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/fe4266-7f54-4fb3-b810-e97d1d0220af/1/WXCGcwKj4E2ogtIYi2xxazAHoMw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/01/fe4266-7f54-4fb3-b810-e97d1d0220af/1/jmJskJ60lRFUvO6CIeQ5UbQldiQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.244.111.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4c:da:80:05:81:42:b8:c5:4b:56:e9:72:53:da:72:50:00:3b:
         fd:79:f9:06:3f:d8:91:ee:e8:c1:18:2d:ba:68:4a:57:6b:31:
         8b:99:97:1d:77:29:9f:07:34:01:1f:32:a4:bc:f1:5e:4c:cb:
         a3:dc:5f:5c:8b:78:c3:03:b9:0a:c7:d2:45:5d:32:3e:b7:51:
         85:cd:24:76:2c:fe:67:5e:dd:69:58:71:06:c2:62:92:37:43:
         a4:c8:d0:55:48:2b:db:13:80:03:4c:40:bc:19:21:e8:6b:11:
         9c:bc:1b:3d:e5:fe:ee:65:90:a5:8f:33:a8:28:a6:93:39:ce:
         15:f2:dc:05:56:19:34:3f:07:64:e1:5a:74:16:be:3a:58:8e:
         50:ca:98:18:09:6d:e0:13:b4:2d:ee:c8:67:66:e3:26:2b:b5:
         57:5e:63:ba:b1:22:4a:69:48:b1:bc:a1:d3:b4:23:50:75:56:
         42:b8:0c:8d:54:28:dd:c6:c8:bc:7b:6c:3a:f1:06:ca:9c:a5:
         7d:bf:89:4b:3d:c4:40:c1:ad:08:fb:d5:0e:f8:ad:52:c7:26:
         36:19:2f:f7:0b:1c:1f:55:f5:77:c1:22:f7:71:e6:22:e4:7e:
         a0:86:b6:f0:45:f5:48:ce:f1:64:64:48:78:3b:fd:af:30:0f:
         a1:42:55:0b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZIFKt/sEc6u/ZDGXvzUwtMoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhlNjI2YzkwOWViNDk1MTE1NGJjZWU4MjIxZTQzOTUxYjQy
NTc2MjQwHhcNMjQwOTE4MTI0NTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OTcwODY3MzAyYTNlMDRkYTg4MmQyMTg4YjZjNzE2YjMwMDdhMGNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqrXannyk1ufSvG9lzRDwwlnSrZZQ
nDD/+zlCNDROENQ7O62rxWvhf1Sb8GTqG/dTGR0JrTQbJ0qR8l/rJVMqN2rSlF24
Ke5FqC1SIucXvWPeeXBoFept8hNHAbjd99Cyp+J/dqn1ZKe5L1E4LtwFQz+JOqdv
EzPP8kwT6Jj4D64vuCRAQNAGigXPwgwsd3TehUR8FuiYzKWYMkCITiVNGCPX+rkS
OslsFHACIVq5M6KhFbv6YfV43AAzLmSWfPiPTpaEg7IrNyubGIdZjO6I34Z3DexI
8TfwWtHZ+PvyEb7Sj/oNutYCOhcu3wCqCD0xJj+FBN9J9T9TEMi7dX9iewIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFlwhnMCo+BNqILSGItscWswB6DMMB8GA1UdIwQY
MBaAFI5ibJCetJURVLzugiHkOVG0JXYkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvam1Kc2tKNjBsUkZVdk82Q0llUTVVYlFsZGlRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMS9mZTQyNjYtN2Y1NC00ZmIzLWI4MTAt
ZTk3ZDFkMDIyMGFmLzEvV1hDR2N3S2o0RTJvZ3RJWWkyeHhhekFIb013LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMS9mZTQyNjYtN2Y1NC00ZmIzLWI4MTAtZTk3ZDFkMDIyMGFm
LzEvam1Kc2tKNjBsUkZVdk82Q0llUTVVYlFsZGlRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALvRvMA0G
CSqGSIb3DQEBCwUAA4IBAQBM2oAFgUK4xUtW6XJT2nJQADv9efkGP9iR7ujBGC26
aEpXazGLmZcddymfBzQBHzKkvPFeTMuj3F9ci3jDA7kKx9JFXTI+t1GFzSR2LP5n
Xt1pWHEGwmKSN0OkyNBVSCvbE4ADTEC8GSHoaxGcvBs95f7uZZCljzOoKKaTOc4V
8twFVhk0Pwdk4Vp0Fr46WI5QypgYCW3gE7Qt7shnZuMmK7VXXmO6sSJKaUixvKHT
tCNQdVZCuAyNVCjdxsi8e2w68QbKnKV9v4lLPcRAwa0I+9UO+K1SxyY2GS/3Cxwf
VfV3wSL3ceYi5H6ghrbwRfVIzvFkZEh4O/2vMA+hQlUL
-----END CERTIFICATE-----