Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/4e7b5c-2906-478a-8ef0-d29701487536/1/WV6CMdQUFdVGNuQHXRNui40ZS3A.roa
File:                     WV6CMdQUFdVGNuQHXRNui40ZS3A.roa (raw, json)
Hash identifier:          lrZalQHSNpcuGZkAiTbK4eBEoS2I3/4/c+B/dPHBX3E=
Subject key identifier:   59:5E:82:31:D4:14:15:D5:46:36:E4:07:5D:13:6E:8B:8D:19:4B:70
Certificate issuer:       /CN=5157c87d111c8050fd5c9ac2b06be62323675033
Certificate serial:       018CC42556B757349020CCE41FA3EEE34522
Authority key identifier: 51:57:C8:7D:11:1C:80:50:FD:5C:9A:C2:B0:6B:E6:23:23:67:50:33
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UVfIfREcgFD9XJrCsGvmIyNnUDM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/4e7b5c-2906-478a-8ef0-d29701487536/1/WV6CMdQUFdVGNuQHXRNui40ZS3A.roa
Signing time:             Mon 01 Jan 2024 08:30:30 +0000
ROA not before:           Mon 01 Jan 2024 08:30:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     58082
IP address blocks:        109.233.128.0/21 maxlen: 24
                          109.233.128.0/22 maxlen: 24
                          109.233.132.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/4e7b5c-2906-478a-8ef0-d29701487536/1/UVfIfREcgFD9XJrCsGvmIyNnUDM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/4e7b5c-2906-478a-8ef0-d29701487536/1/UVfIfREcgFD9XJrCsGvmIyNnUDM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UVfIfREcgFD9XJrCsGvmIyNnUDM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 22:00:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:56:b7:57:34:90:20:cc:e4:1f:a3:ee:e3:45:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5157c87d111c8050fd5c9ac2b06be62323675033
        Validity
            Not Before: Jan  1 08:30:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=595e8231d41415d54636e4075d136e8b8d194b70
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:c9:b6:40:55:d4:2f:17:47:5c:bd:46:93:ec:
                    cd:47:c2:d1:60:d2:96:82:bb:30:ed:0d:c2:ea:0d:
                    66:e3:a7:62:02:64:d5:de:7c:fa:14:96:29:eb:ed:
                    00:aa:db:5a:0b:14:2c:84:e5:1d:43:e0:26:a6:85:
                    26:6a:9f:0b:72:31:fb:e4:1d:c9:8b:a6:90:c5:a3:
                    db:3c:29:46:70:e2:a7:eb:4d:f6:eb:36:fc:91:67:
                    b0:2a:ae:71:e7:95:80:aa:04:96:c3:91:03:5a:e8:
                    91:ce:08:14:f6:6b:f1:da:ea:6b:1e:50:20:4c:32:
                    5e:64:3b:86:4e:ff:b5:b4:7e:e2:c0:0c:74:25:d4:
                    dd:67:50:2b:e5:02:1e:14:7e:26:4d:1c:92:56:95:
                    3a:ea:7b:c5:78:87:4d:64:35:9b:79:a1:d2:76:af:
                    c4:70:cf:10:ad:95:da:0c:d7:29:37:91:5c:38:b5:
                    5b:78:40:87:e7:f3:b4:a5:44:6d:67:27:c7:f6:32:
                    86:61:4f:c4:7f:dc:f8:19:42:78:37:73:49:a0:c9:
                    b6:3f:ef:48:dd:9d:ad:f4:4b:13:d9:2a:a9:2e:c9:
                    2b:88:32:6f:74:d2:27:8f:3b:f6:6d:01:60:54:d3:
                    c1:1e:4b:39:c2:7d:70:cf:15:3b:4d:7e:3c:5b:2e:
                    fd:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:5E:82:31:D4:14:15:D5:46:36:E4:07:5D:13:6E:8B:8D:19:4B:70
            X509v3 Authority Key Identifier:
                keyid:51:57:C8:7D:11:1C:80:50:FD:5C:9A:C2:B0:6B:E6:23:23:67:50:33

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UVfIfREcgFD9XJrCsGvmIyNnUDM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/4e7b5c-2906-478a-8ef0-d29701487536/1/WV6CMdQUFdVGNuQHXRNui40ZS3A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/4e7b5c-2906-478a-8ef0-d29701487536/1/UVfIfREcgFD9XJrCsGvmIyNnUDM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.233.128.0/21

    Signature Algorithm: sha256WithRSAEncryption
         e6:02:a0:e6:7d:8e:ad:58:4e:9a:f4:e0:87:29:dc:f3:cd:93:
         47:d3:17:a5:0c:e6:a0:93:db:81:95:69:f8:a2:7d:c0:e5:a0:
         9f:0b:21:06:d7:08:56:9a:c3:34:8a:d9:a6:1a:d1:5d:11:bb:
         37:b9:41:ae:06:f7:37:30:6a:ce:9b:29:7a:f4:7f:98:5c:bd:
         ad:58:76:b9:bf:3b:c7:cf:26:0b:22:84:e7:e8:e3:c3:40:ee:
         39:8f:33:5c:9b:a6:d7:6d:fc:40:35:3b:b6:99:a4:c0:d3:18:
         0f:a4:e2:c3:e7:64:13:6d:bc:7b:7e:9f:1c:48:49:1c:d3:e4:
         3e:7a:fb:d4:b1:f7:fb:52:48:b1:f1:38:8f:c4:6e:d5:ea:cd:
         95:1f:7c:42:bc:6a:c9:bb:92:3c:b9:72:2b:b5:c3:49:c5:4d:
         81:f1:ca:ca:23:b6:2a:d0:75:ee:26:bc:21:57:c5:66:d6:89:
         a4:0b:cc:e4:b7:93:0e:3d:b7:93:e9:a8:41:cd:e0:5f:f5:d8:
         ba:fe:2c:7a:19:5d:9a:ea:87:d1:90:15:10:73:9d:70:1f:96:
         fe:83:4f:02:5c:ad:7c:6f:ba:8c:af:83:3d:ea:fd:07:0e:3a:
         50:46:e0:e9:0b:3f:17:61:2a:87:57:89:22:61:0c:59:09:0b:
         0d:92:39:82
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJVa3VzSQIMzkH6Pu40UiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUxNTdjODdkMTExYzgwNTBmZDVjOWFjMmIwNmJlNjIzMjM2
NzUwMzMwHhcNMjQwMTAxMDgzMDMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OTVlODIzMWQ0MTQxNWQ1NDYzNmU0MDc1ZDEzNmU4YjhkMTk0YjcwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAucm2QFXULxdHXL1Gk+zNR8LRYNKW
grsw7Q3C6g1m46diAmTV3nz6FJYp6+0AqttaCxQshOUdQ+AmpoUmap8LcjH75B3J
i6aQxaPbPClGcOKn60326zb8kWewKq5x55WAqgSWw5EDWuiRzggU9mvx2uprHlAg
TDJeZDuGTv+1tH7iwAx0JdTdZ1Ar5QIeFH4mTRySVpU66nvFeIdNZDWbeaHSdq/E
cM8QrZXaDNcpN5FcOLVbeECH5/O0pURtZyfH9jKGYU/Ef9z4GUJ4N3NJoMm2P+9I
3Z2t9EsT2SqpLskriDJvdNInjzv2bQFgVNPBHks5wn1wzxU7TX48Wy79/QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFlegjHUFBXVRjbkB10TbouNGUtwMB8GA1UdIwQY
MBaAFFFXyH0RHIBQ/VyawrBr5iMjZ1AzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVVZmSWZSRWNnRkQ5WEpyQ3NHdm1JeU5uVURNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy80ZTdiNWMtMjkwNi00NzhhLThlZjAt
ZDI5NzAxNDg3NTM2LzEvV1Y2Q01kUVVGZFZHTnVRSFhSTnVpNDBaUzNBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy80ZTdiNWMtMjkwNi00NzhhLThlZjAtZDI5NzAxNDg3NTM2
LzEvVVZmSWZSRWNnRkQ5WEpyQ3NHdm1JeU5uVURNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDbemAMA0G
CSqGSIb3DQEBCwUAA4IBAQDmAqDmfY6tWE6a9OCHKdzzzZNH0xelDOagk9uBlWn4
on3A5aCfCyEG1whWmsM0itmmGtFdEbs3uUGuBvc3MGrOmyl69H+YXL2tWHa5vzvH
zyYLIoTn6OPDQO45jzNcm6bXbfxANTu2maTA0xgPpOLD52QTbbx7fp8cSEkc0+Q+
evvUsff7Ukix8TiPxG7V6s2VH3xCvGrJu5I8uXIrtcNJxU2B8crKI7Yq0HXuJrwh
V8Vm1omkC8zkt5MOPbeT6ahBzeBf9di6/ix6GV2a6ofRkBUQc51wH5b+g08CXK18
b7qMr4M96v0HDjpQRuDpCz8XYSqHV4kiYQxZCQsNkjmC
-----END CERTIFICATE-----