Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/18/bcf272-d751-45be-9856-018a3770da77/1/WKgIv0kiUlC2f-1vajasCn09ED8.roa
File:                     WKgIv0kiUlC2f-1vajasCn09ED8.roa (raw, json)
Hash identifier:          RtObs672FsWvVK/SGtx746wePKS+yCGVSQjyz/P2CJk=
Subject key identifier:   58:A8:08:BF:49:22:52:50:B6:7F:ED:6F:6A:36:AC:0A:7D:3D:10:3F
Certificate issuer:       /CN=29f14d411c20ecfc496215fcdb0f43d847219096
Certificate serial:       018CC49370A739336A84DD10FABF599D0399
Authority key identifier: 29:F1:4D:41:1C:20:EC:FC:49:62:15:FC:DB:0F:43:D8:47:21:90:96
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KfFNQRwg7PxJYhX82w9D2EchkJY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/18/bcf272-d751-45be-9856-018a3770da77/1/WKgIv0kiUlC2f-1vajasCn09ED8.roa
Signing time:             Mon 01 Jan 2024 10:30:46 +0000
ROA not before:           Mon 01 Jan 2024 10:30:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41926
IP address blocks:        193.34.101.0/24 maxlen: 24
                          193.34.103.0/24 maxlen: 24
                          193.34.100.0/24 maxlen: 24
                          193.34.102.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/18/bcf272-d751-45be-9856-018a3770da77/1/KfFNQRwg7PxJYhX82w9D2EchkJY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/18/bcf272-d751-45be-9856-018a3770da77/1/KfFNQRwg7PxJYhX82w9D2EchkJY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KfFNQRwg7PxJYhX82w9D2EchkJY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:70:a7:39:33:6a:84:dd:10:fa:bf:59:9d:03:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=29f14d411c20ecfc496215fcdb0f43d847219096
        Validity
            Not Before: Jan  1 10:30:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=58a808bf49225250b67fed6f6a36ac0a7d3d103f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:f6:dd:fc:e5:27:65:8d:02:b3:72:63:cf:48:
                    39:9e:fa:e6:40:04:36:a9:a4:94:23:a2:e7:1b:20:
                    f2:1e:43:c4:d5:f7:2a:bc:60:f7:bd:74:3c:67:54:
                    08:01:a5:52:96:42:20:e8:69:c1:64:d8:9b:df:eb:
                    64:c9:4f:4a:ac:b8:8e:94:a8:90:1c:de:fb:c1:22:
                    ba:70:61:f5:8d:0a:73:2d:83:3d:f2:1f:89:14:d4:
                    a2:26:c0:45:13:25:1f:cc:76:8e:74:49:be:41:8a:
                    b1:c9:76:4c:76:cb:b2:9e:03:dc:09:c5:29:28:f5:
                    9b:44:86:3d:85:64:32:ad:bc:40:88:b4:00:35:7e:
                    0b:bc:75:87:09:ef:61:ca:01:9f:9d:f2:53:ee:42:
                    83:a6:88:82:11:a1:3a:2d:66:f4:cc:3e:33:de:40:
                    6b:55:9a:ab:a6:e8:89:12:7a:3d:66:78:3d:42:d9:
                    61:30:e1:0e:0e:f7:e2:ae:59:30:26:18:b8:24:66:
                    c1:9d:45:59:67:b2:5e:97:fe:0f:d5:2e:0c:05:c8:
                    fa:77:76:78:9b:6b:97:8e:bf:24:c2:9b:30:53:83:
                    0e:a6:e9:f3:05:12:44:a7:87:c8:99:c2:91:02:80:
                    91:90:93:f4:1b:6d:39:60:4f:f0:44:21:37:8a:f8:
                    c1:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:A8:08:BF:49:22:52:50:B6:7F:ED:6F:6A:36:AC:0A:7D:3D:10:3F
            X509v3 Authority Key Identifier:
                keyid:29:F1:4D:41:1C:20:EC:FC:49:62:15:FC:DB:0F:43:D8:47:21:90:96

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KfFNQRwg7PxJYhX82w9D2EchkJY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/18/bcf272-d751-45be-9856-018a3770da77/1/WKgIv0kiUlC2f-1vajasCn09ED8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/18/bcf272-d751-45be-9856-018a3770da77/1/KfFNQRwg7PxJYhX82w9D2EchkJY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.34.100.0/22

    Signature Algorithm: sha256WithRSAEncryption
         56:9d:e2:c1:25:de:62:a6:1f:0f:af:ad:aa:c8:a6:16:a8:c7:
         8f:22:ce:fd:a5:cd:ba:1e:9e:84:e9:3b:ae:cf:d8:38:9d:96:
         0d:59:2f:99:2f:50:9e:61:39:9a:fd:48:93:56:7a:5b:e0:ce:
         e8:7c:2a:08:90:3e:13:76:6b:38:03:bd:42:2d:87:a5:b1:8d:
         e2:f0:dc:91:a9:b8:bc:3d:fd:0e:54:df:fc:87:e7:fb:f0:72:
         2d:be:2d:c2:9d:d8:83:7a:eb:b9:aa:30:8e:25:40:e9:2c:92:
         40:fb:9e:be:ab:b1:a5:a0:b6:23:27:b3:3e:44:b8:00:d7:0e:
         b3:ac:48:2d:e2:5e:5c:2f:ce:7c:d9:23:48:80:75:9f:81:bb:
         82:5a:b7:de:f8:4c:1e:28:0f:e7:e3:d8:b3:5a:9c:41:c0:4b:
         22:a4:c8:ea:3f:d7:c6:5a:cb:c9:53:c1:01:5a:17:96:a6:43:
         e9:b6:57:13:3f:97:1c:2f:f6:ed:83:3f:4f:a2:83:61:3b:ba:
         e7:d7:f1:32:c4:41:20:01:dd:99:ec:a0:a3:1d:ce:34:4e:78:
         ae:48:32:a6:30:67:7f:ed:ea:de:01:d8:eb:cf:8d:16:cc:a5:
         37:90:7b:86:15:7c:b8:ef:71:37:f6:16:cc:a1:6a:81:7b:52:
         9a:f4:64:9e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEk3CnOTNqhN0Q+r9ZnQOZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5ZjE0ZDQxMWMyMGVjZmM0OTYyMTVmY2RiMGY0M2Q4NDcy
MTkwOTYwHhcNMjQwMTAxMTAzMDQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OGE4MDhiZjQ5MjI1MjUwYjY3ZmVkNmY2YTM2YWMwYTdkM2QxMDNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu/bd/OUnZY0Cs3Jjz0g5nvrmQAQ2
qaSUI6LnGyDyHkPE1fcqvGD3vXQ8Z1QIAaVSlkIg6GnBZNib3+tkyU9KrLiOlKiQ
HN77wSK6cGH1jQpzLYM98h+JFNSiJsBFEyUfzHaOdEm+QYqxyXZMdsuyngPcCcUp
KPWbRIY9hWQyrbxAiLQANX4LvHWHCe9hygGfnfJT7kKDpoiCEaE6LWb0zD4z3kBr
VZqrpuiJEno9Zng9QtlhMOEODvfirlkwJhi4JGbBnUVZZ7Jel/4P1S4MBcj6d3Z4
m2uXjr8kwpswU4MOpunzBRJEp4fImcKRAoCRkJP0G205YE/wRCE3ivjBXQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFioCL9JIlJQtn/tb2o2rAp9PRA/MB8GA1UdIwQY
MBaAFCnxTUEcIOz8SWIV/NsPQ9hHIZCWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS2ZGTlFSd2c3UHhKWWhYODJ3OUQyRWNoa0pZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOC9iY2YyNzItZDc1MS00NWJlLTk4NTYt
MDE4YTM3NzBkYTc3LzEvV0tnSXYwa2lVbEMyZi0xdmFqYXNDbjA5RUQ4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOC9iY2YyNzItZDc1MS00NWJlLTk4NTYtMDE4YTM3NzBkYTc3
LzEvS2ZGTlFSd2c3UHhKWWhYODJ3OUQyRWNoa0pZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwSJkMA0G
CSqGSIb3DQEBCwUAA4IBAQBWneLBJd5iph8Pr62qyKYWqMePIs79pc26Hp6E6Tuu
z9g4nZYNWS+ZL1CeYTma/UiTVnpb4M7ofCoIkD4Tdms4A71CLYelsY3i8NyRqbi8
Pf0OVN/8h+f78HItvi3CndiDeuu5qjCOJUDpLJJA+56+q7GloLYjJ7M+RLgA1w6z
rEgt4l5cL8582SNIgHWfgbuCWrfe+EweKA/n49izWpxBwEsipMjqP9fGWsvJU8EB
WheWpkPptlcTP5ccL/btgz9PooNhO7rn1/EyxEEgAd2Z7KCjHc40TniuSDKmMGd/
7ereAdjrz40WzKU3kHuGFXy473E39hbMoWqBe1Ka9GSe
-----END CERTIFICATE-----