Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/06/032276-25dc-4c30-8a7b-95a33e12a3ad/1/WTddX8RMTbkMVqaLialiYQiR-DA.roa
File:                     WTddX8RMTbkMVqaLialiYQiR-DA.roa (raw, json)
Hash identifier:          BPoezX+SDfX7nrnpRaueRxj+IICS0ML4OLWYmEKPJf4=
Subject key identifier:   59:37:5D:5F:C4:4C:4D:B9:0C:56:A6:8B:89:A9:62:61:08:91:F8:30
Certificate issuer:       /CN=2841262acd62c90e68081a6f777375df2c3713c2
Certificate serial:       018CC5DCF076FA34CE70114BA2E1521C47C6
Authority key identifier: 28:41:26:2A:CD:62:C9:0E:68:08:1A:6F:77:73:75:DF:2C:37:13:C2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KEEmKs1iyQ5oCBpvd3N13yw3E8I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/06/032276-25dc-4c30-8a7b-95a33e12a3ad/1/WTddX8RMTbkMVqaLialiYQiR-DA.roa
Signing time:             Mon 01 Jan 2024 16:30:40 +0000
ROA not before:           Mon 01 Jan 2024 16:30:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39834
IP address blocks:        79.173.0.0/18 maxlen: 18
                          2a02:f740::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/06/032276-25dc-4c30-8a7b-95a33e12a3ad/1/KEEmKs1iyQ5oCBpvd3N13yw3E8I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/06/032276-25dc-4c30-8a7b-95a33e12a3ad/1/KEEmKs1iyQ5oCBpvd3N13yw3E8I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KEEmKs1iyQ5oCBpvd3N13yw3E8I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 22:00:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:f0:76:fa:34:ce:70:11:4b:a2:e1:52:1c:47:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2841262acd62c90e68081a6f777375df2c3713c2
        Validity
            Not Before: Jan  1 16:30:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=59375d5fc44c4db90c56a68b89a962610891f830
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:30:7f:e9:5b:97:9a:81:3a:bf:80:69:d2:0f:
                    f6:4c:e3:ea:6c:5c:ee:bd:4b:d8:3c:60:b4:ea:61:
                    66:c3:ac:93:fd:f7:38:7b:f5:65:49:61:c6:96:5e:
                    ef:1b:77:b4:44:f7:ef:f3:1d:82:66:10:36:ba:56:
                    3f:f6:05:42:07:88:5d:65:90:08:b7:f2:d5:55:13:
                    b2:3f:9a:de:14:81:2f:a1:b5:26:a5:9e:4c:b9:72:
                    93:ff:b8:4b:ae:05:87:83:ad:b8:b4:13:bb:e7:ed:
                    9a:40:3f:60:07:a3:52:8d:45:a4:66:83:2f:8b:e3:
                    e1:0e:2d:cc:76:f4:68:d2:6e:29:82:0e:c4:31:d8:
                    8d:c5:f4:4d:de:06:06:a5:d7:91:d7:ad:78:a4:2e:
                    df:de:03:65:19:81:93:26:b1:ab:e9:3d:16:35:b1:
                    aa:49:9b:91:ac:f3:89:8c:1c:f6:ad:10:bb:b5:b3:
                    22:da:dd:18:30:e5:18:15:3c:45:ed:9c:59:ad:a8:
                    37:a8:dd:a0:89:3e:cd:f2:d6:e8:02:49:cb:12:f0:
                    56:86:b8:a9:1c:1b:f2:58:9b:b1:38:24:e6:2e:48:
                    1f:76:65:4f:da:81:68:a0:2f:67:96:02:0a:2b:88:
                    d4:0c:84:41:e3:90:46:93:e6:c1:04:20:27:29:45:
                    58:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:37:5D:5F:C4:4C:4D:B9:0C:56:A6:8B:89:A9:62:61:08:91:F8:30
            X509v3 Authority Key Identifier:
                keyid:28:41:26:2A:CD:62:C9:0E:68:08:1A:6F:77:73:75:DF:2C:37:13:C2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KEEmKs1iyQ5oCBpvd3N13yw3E8I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/06/032276-25dc-4c30-8a7b-95a33e12a3ad/1/WTddX8RMTbkMVqaLialiYQiR-DA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/06/032276-25dc-4c30-8a7b-95a33e12a3ad/1/KEEmKs1iyQ5oCBpvd3N13yw3E8I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.173.0.0/18
                IPv6:
                  2a02:f740::/29

    Signature Algorithm: sha256WithRSAEncryption
         96:15:aa:bb:e3:76:bf:1e:d8:af:06:aa:f0:73:24:27:70:22:
         98:ea:90:56:cd:22:1d:be:a8:a8:51:7a:74:e3:47:c8:42:4b:
         70:85:b9:b4:85:f0:ed:7f:86:ec:92:70:79:cc:e3:4a:18:17:
         be:1a:80:9c:f0:85:cc:99:e2:ff:03:a6:0e:72:db:a0:63:78:
         fc:0d:16:81:ed:1d:18:0f:18:82:f2:3c:10:24:cf:1d:f8:90:
         41:5f:29:f5:44:43:cd:bd:53:df:cb:7c:af:5d:69:34:0d:8d:
         46:cc:b6:b9:c5:21:3b:d9:04:06:be:30:5d:42:46:f8:89:52:
         f6:8c:d7:bd:00:f9:63:f8:d6:12:42:11:03:4c:98:8e:37:b4:
         e3:df:f0:73:1b:25:36:e7:0e:72:7e:4e:96:36:e7:51:33:8c:
         10:51:ef:ea:60:39:b0:e2:ab:7f:41:34:30:18:d1:7a:d0:32:
         8b:a0:74:39:14:99:20:7a:ad:09:81:3f:97:30:82:be:95:c9:
         bf:ec:a5:13:a0:43:61:ab:44:e1:5c:cd:bb:69:b5:3a:2c:f0:
         09:c8:8f:d0:6e:fb:4e:d0:ad:fe:00:19:5e:27:13:49:a7:01:
         42:24:9c:f4:cb:35:b8:e2:7d:ed:bc:4e:86:48:ac:7c:5d:1f:
         e6:e9:ab:8f
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzF3PB2+jTOcBFLouFSHEfGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI4NDEyNjJhY2Q2MmM5MGU2ODA4MWE2Zjc3NzM3NWRmMmMz
NzEzYzIwHhcNMjQwMTAxMTYzMDQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OTM3NWQ1ZmM0NGM0ZGI5MGM1NmE2OGI4OWE5NjI2MTA4OTFmODMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkjB/6VuXmoE6v4Bp0g/2TOPqbFzu
vUvYPGC06mFmw6yT/fc4e/VlSWHGll7vG3e0RPfv8x2CZhA2ulY/9gVCB4hdZZAI
t/LVVROyP5reFIEvobUmpZ5MuXKT/7hLrgWHg624tBO75+2aQD9gB6NSjUWkZoMv
i+PhDi3MdvRo0m4pgg7EMdiNxfRN3gYGpdeR1614pC7f3gNlGYGTJrGr6T0WNbGq
SZuRrPOJjBz2rRC7tbMi2t0YMOUYFTxF7ZxZrag3qN2giT7N8tboAknLEvBWhrip
HBvyWJuxOCTmLkgfdmVP2oFooC9nlgIKK4jUDIRB45BGk+bBBCAnKUVYTQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFFk3XV/ETE25DFami4mpYmEIkfgwMB8GA1UdIwQY
MBaAFChBJirNYskOaAgab3dzdd8sNxPCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS0VFbUtzMWl5UTVvQ0JwdmQzTjEzeXczRThJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNi8wMzIyNzYtMjVkYy00YzMwLThhN2It
OTVhMzNlMTJhM2FkLzEvV1RkZFg4Uk1UYmtNVnFhTGlhbGlZUWlSLURBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNi8wMzIyNzYtMjVkYy00YzMwLThhN2ItOTVhMzNlMTJhM2Fk
LzEvS0VFbUtzMWl5UTVvQ0JwdmQzTjEzeXczRThJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQGT60AMA0E
AgACMAcDBQMqAvdAMA0GCSqGSIb3DQEBCwUAA4IBAQCWFaq743a/HtivBqrwcyQn
cCKY6pBWzSIdvqioUXp040fIQktwhbm0hfDtf4bsknB5zONKGBe+GoCc8IXMmeL/
A6YOctugY3j8DRaB7R0YDxiC8jwQJM8d+JBBXyn1REPNvVPfy3yvXWk0DY1GzLa5
xSE72QQGvjBdQkb4iVL2jNe9APlj+NYSQhEDTJiON7Tj3/BzGyU25w5yfk6WNudR
M4wQUe/qYDmw4qt/QTQwGNF60DKLoHQ5FJkgeq0JgT+XMIK+lcm/7KUToENhq0Th
XM27abU6LPAJyI/QbvtO0K3+ABleJxNJpwFCJJz0yzW44n3tvE6GSKx8XR/m6auP
-----END CERTIFICATE-----