Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/04/de8662-993f-47f7-a27f-00b92c1c1ef4/1/WH0ldTLoau8qR39hQszAm9F_p_A.roa
File:                     WH0ldTLoau8qR39hQszAm9F_p_A.roa (raw, json)
Hash identifier:          ZbkedGsD+SeqTZ4FVwCeWoZj3QMMCpYRNInOdr5QSEI=
Subject key identifier:   58:7D:25:75:32:E8:6A:EF:2A:47:7F:61:42:CC:C0:9B:D1:7F:A7:F0
Certificate issuer:       /CN=f440e5eba2f8bfc8fe8fe56cc88a4289652390ba
Certificate serial:       018DAC2461678FD6A575AEDCDFF1A49976B5
Authority key identifier: F4:40:E5:EB:A2:F8:BF:C8:FE:8F:E5:6C:C8:8A:42:89:65:23:90:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9EDl66L4v8j-j-VsyIpCiWUjkLo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/04/de8662-993f-47f7-a27f-00b92c1c1ef4/1/WH0ldTLoau8qR39hQszAm9F_p_A.roa
Signing time:             Thu 15 Feb 2024 09:41:21 +0000
ROA not before:           Thu 15 Feb 2024 09:41:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48467
IP address blocks:        195.225.130.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/04/de8662-993f-47f7-a27f-00b92c1c1ef4/1/9EDl66L4v8j-j-VsyIpCiWUjkLo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/04/de8662-993f-47f7-a27f-00b92c1c1ef4/1/9EDl66L4v8j-j-VsyIpCiWUjkLo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9EDl66L4v8j-j-VsyIpCiWUjkLo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:ac:24:61:67:8f:d6:a5:75:ae:dc:df:f1:a4:99:76:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f440e5eba2f8bfc8fe8fe56cc88a4289652390ba
        Validity
            Not Before: Feb 15 09:41:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=587d257532e86aef2a477f6142ccc09bd17fa7f0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:f6:11:0f:86:e0:47:8b:12:10:b8:23:2c:33:
                    fa:92:68:9b:4d:fd:bd:7b:9a:46:f3:2b:8e:49:fd:
                    76:f4:64:de:d4:c9:50:a9:d3:6b:84:d5:56:28:ca:
                    63:cc:7b:68:65:06:94:7d:3f:0c:c0:51:af:f7:11:
                    2f:91:68:8b:9a:30:b4:de:ed:67:84:15:b0:5a:08:
                    53:0f:f6:1c:05:7b:91:54:22:8f:27:f6:88:6e:d9:
                    30:a4:a0:d6:16:94:62:19:8f:d6:7a:42:99:d0:c9:
                    d6:1d:ad:e2:e0:27:49:75:43:8d:35:05:6d:7e:16:
                    72:ff:a7:8a:af:48:32:92:4d:42:26:26:50:24:75:
                    e5:49:7a:35:2d:db:61:ab:f4:0b:a7:81:b3:b9:a0:
                    91:5a:8b:61:a6:a6:04:c4:ce:f1:cc:bb:0f:fb:60:
                    38:b1:97:1f:b5:53:d7:8b:94:e6:56:04:37:53:80:
                    dd:ae:59:c1:63:10:29:29:a1:4d:70:d1:43:66:54:
                    25:aa:f4:1f:92:f1:aa:87:67:dc:4d:7b:59:13:82:
                    d3:2d:1f:c3:20:ea:01:db:ba:e6:4d:26:e8:81:ee:
                    cb:c2:92:8d:f8:8e:ef:49:7c:aa:00:0e:53:90:97:
                    d0:63:0f:17:d1:4f:43:05:58:cf:2e:84:06:2c:8d:
                    ab:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:7D:25:75:32:E8:6A:EF:2A:47:7F:61:42:CC:C0:9B:D1:7F:A7:F0
            X509v3 Authority Key Identifier:
                keyid:F4:40:E5:EB:A2:F8:BF:C8:FE:8F:E5:6C:C8:8A:42:89:65:23:90:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9EDl66L4v8j-j-VsyIpCiWUjkLo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/04/de8662-993f-47f7-a27f-00b92c1c1ef4/1/WH0ldTLoau8qR39hQszAm9F_p_A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/04/de8662-993f-47f7-a27f-00b92c1c1ef4/1/9EDl66L4v8j-j-VsyIpCiWUjkLo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.225.130.0/24

    Signature Algorithm: sha256WithRSAEncryption
         35:aa:ac:c8:4b:aa:ba:e0:c0:71:1e:48:34:b7:e4:a4:94:c3:
         2a:f3:59:e4:88:0b:e1:11:37:22:72:4b:b4:cb:6d:83:5d:ac:
         56:c2:6e:03:d4:16:cc:14:8e:8f:94:3d:8c:bb:0a:91:b8:05:
         c5:ed:94:32:97:72:e9:18:1b:dd:b6:1d:74:5c:92:58:d4:08:
         41:1f:4c:3f:1c:cb:8f:03:f6:19:a4:ae:76:4c:77:75:27:25:
         12:cf:3f:7e:13:73:bd:3c:5c:02:2e:80:22:3c:94:c7:80:1c:
         3f:a1:51:d9:8a:69:f5:af:dd:4f:63:e8:89:d4:6d:c9:6b:3e:
         b8:1f:95:e5:8f:63:47:02:76:31:6f:d5:f1:f4:c3:25:7e:0e:
         ba:ed:a3:d3:57:f8:26:a4:ad:d2:0f:0b:a9:3a:b0:87:be:af:
         d3:e7:9e:af:66:81:dd:33:44:fc:0b:e8:f2:30:ed:37:f9:09:
         4d:5f:11:5a:7f:05:c8:ff:4e:fd:78:bd:bf:6d:cc:db:e2:27:
         40:c8:6b:c2:df:9e:94:8d:42:9b:4b:a5:17:e7:08:01:9d:21:
         62:eb:7a:68:32:13:e7:2d:ec:34:54:25:c1:56:23:ad:1a:c6:
         05:50:7f:d2:fc:d5:6f:07:f7:57:1e:43:af:c3:8b:42:73:04:
         46:60:99:72
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY2sJGFnj9alda7c3/GkmXa1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY0NDBlNWViYTJmOGJmYzhmZThmZTU2Y2M4OGE0Mjg5NjUy
MzkwYmEwHhcNMjQwMjE1MDk0MTIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ODdkMjU3NTMyZTg2YWVmMmE0NzdmNjE0MmNjYzA5YmQxN2ZhN2YwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqfYRD4bgR4sSELgjLDP6kmibTf29
e5pG8yuOSf129GTe1MlQqdNrhNVWKMpjzHtoZQaUfT8MwFGv9xEvkWiLmjC03u1n
hBWwWghTD/YcBXuRVCKPJ/aIbtkwpKDWFpRiGY/WekKZ0MnWHa3i4CdJdUONNQVt
fhZy/6eKr0gykk1CJiZQJHXlSXo1Ldthq/QLp4GzuaCRWothpqYExM7xzLsP+2A4
sZcftVPXi5TmVgQ3U4DdrlnBYxApKaFNcNFDZlQlqvQfkvGqh2fcTXtZE4LTLR/D
IOoB27rmTSboge7LwpKN+I7vSXyqAA5TkJfQYw8X0U9DBVjPLoQGLI2rYwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFh9JXUy6GrvKkd/YULMwJvRf6fwMB8GA1UdIwQY
MBaAFPRA5eui+L/I/o/lbMiKQollI5C6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOUVEbDY2TDR2OGotai1Wc3lJcENpV1Vqa0xvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNC9kZTg2NjItOTkzZi00N2Y3LWEyN2Yt
MDBiOTJjMWMxZWY0LzEvV0gwbGRUTG9hdThxUjM5aFFzekFtOUZfcF9BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNC9kZTg2NjItOTkzZi00N2Y3LWEyN2YtMDBiOTJjMWMxZWY0
LzEvOUVEbDY2TDR2OGotai1Wc3lJcENpV1Vqa0xvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw+GCMA0G
CSqGSIb3DQEBCwUAA4IBAQA1qqzIS6q64MBxHkg0t+SklMMq81nkiAvhETcicku0
y22DXaxWwm4D1BbMFI6PlD2MuwqRuAXF7ZQyl3LpGBvdth10XJJY1AhBH0w/HMuP
A/YZpK52THd1JyUSzz9+E3O9PFwCLoAiPJTHgBw/oVHZimn1r91PY+iJ1G3Jaz64
H5Xlj2NHAnYxb9Xx9MMlfg667aPTV/gmpK3SDwupOrCHvq/T556vZoHdM0T8C+jy
MO03+QlNXxFafwXI/079eL2/bczb4idAyGvC356UjUKbS6UX5wgBnSFi63poMhPn
Lew0VCXBViOtGsYFUH/S/NVvB/dXHkOvw4tCcwRGYJly
-----END CERTIFICATE-----