Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1a/4f336b-4a79-4425-9556-be45f0d2abbb/1/WJM4RDhXiCc1nntAouYLafv_YQk.roa
File:                     WJM4RDhXiCc1nntAouYLafv_YQk.roa (raw, json)
Hash identifier:          Akke2MjvyfjKCYXC3eGQlXVkBi87hkU5BLy+Q7H/lZE=
Subject key identifier:   58:93:38:44:38:57:88:27:35:9E:7B:40:A2:E6:0B:69:FB:FF:61:09
Certificate issuer:       /CN=9cb25ce550e4d9bda05bd5d45c8b6ba37430bbba
Certificate serial:       018DA6FFDA6F308A17C088F222BBA6B0C069
Authority key identifier: 9C:B2:5C:E5:50:E4:D9:BD:A0:5B:D5:D4:5C:8B:6B:A3:74:30:BB:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nLJc5VDk2b2gW9XUXItro3Qwu7o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1a/4f336b-4a79-4425-9556-be45f0d2abbb/1/WJM4RDhXiCc1nntAouYLafv_YQk.roa
Signing time:             Wed 14 Feb 2024 09:43:21 +0000
ROA not before:           Wed 14 Feb 2024 09:43:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     1239
IP address blocks:        2.56.32.0/22 maxlen: 22
                          45.81.160.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1a/4f336b-4a79-4425-9556-be45f0d2abbb/1/nLJc5VDk2b2gW9XUXItro3Qwu7o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1a/4f336b-4a79-4425-9556-be45f0d2abbb/1/nLJc5VDk2b2gW9XUXItro3Qwu7o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nLJc5VDk2b2gW9XUXItro3Qwu7o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 14:46:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:a6:ff:da:6f:30:8a:17:c0:88:f2:22:bb:a6:b0:c0:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9cb25ce550e4d9bda05bd5d45c8b6ba37430bbba
        Validity
            Not Before: Feb 14 09:43:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5893384438578827359e7b40a2e60b69fbff6109
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:df:44:05:b0:df:d7:6b:95:af:df:33:c8:23:
                    15:f5:59:27:89:c9:75:7e:a6:f5:4e:9d:8b:cd:7a:
                    8f:d2:55:32:e4:77:20:80:e7:73:06:35:f0:2b:fd:
                    8b:6d:0c:ba:2f:39:11:80:cd:1f:59:d7:12:7b:c3:
                    aa:1d:70:26:03:1a:48:ba:06:59:61:08:c8:d8:77:
                    dc:43:0a:62:f0:9e:fb:92:63:95:d1:b9:3c:e4:de:
                    49:72:d7:f7:cb:9d:f6:75:3a:b0:f7:86:ea:43:ee:
                    e8:af:cc:a5:5f:5f:d5:91:3c:33:c3:04:c8:b1:2e:
                    cb:d8:7c:29:01:45:98:c0:35:ce:5c:6a:0d:6a:0a:
                    8c:fa:32:5e:4b:95:16:1f:7a:8c:d7:14:ae:34:79:
                    2d:41:d1:d3:0c:e2:e0:8e:bb:61:e7:2d:41:65:93:
                    03:a8:e9:ec:30:21:93:23:37:ef:c6:ae:9b:fc:6e:
                    95:ec:0b:ab:51:21:92:23:93:0b:52:b4:f6:b7:46:
                    0e:d9:08:f6:50:50:2c:e9:7c:52:ed:12:6a:49:8a:
                    13:4a:1d:7f:e4:00:67:77:5b:93:69:cc:ef:7b:11:
                    54:dc:c0:54:31:2b:3c:50:23:74:a9:53:d7:cc:70:
                    fc:1b:64:a3:e2:d2:f0:7a:9c:f3:0e:ff:ba:e3:e6:
                    87:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:93:38:44:38:57:88:27:35:9E:7B:40:A2:E6:0B:69:FB:FF:61:09
            X509v3 Authority Key Identifier:
                keyid:9C:B2:5C:E5:50:E4:D9:BD:A0:5B:D5:D4:5C:8B:6B:A3:74:30:BB:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nLJc5VDk2b2gW9XUXItro3Qwu7o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/4f336b-4a79-4425-9556-be45f0d2abbb/1/WJM4RDhXiCc1nntAouYLafv_YQk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/4f336b-4a79-4425-9556-be45f0d2abbb/1/nLJc5VDk2b2gW9XUXItro3Qwu7o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.56.32.0/22
                  45.81.160.0/24

    Signature Algorithm: sha256WithRSAEncryption
         88:30:54:e2:b5:19:81:80:9a:4f:57:e5:56:9d:a2:78:a1:4d:
         aa:bb:b6:b1:22:ff:eb:14:72:77:13:0b:c5:38:5f:bf:57:bf:
         84:ef:9e:08:d7:d3:6b:c6:c2:be:5c:83:79:1f:cf:c7:99:6a:
         8a:77:15:d2:68:85:94:55:4d:49:49:ed:79:6b:b9:33:0b:1f:
         21:89:36:4d:f1:f8:5c:da:f6:44:e7:a4:2a:5f:c2:ed:9c:48:
         b4:5a:f0:3a:c0:48:bf:ea:0e:9e:63:33:40:46:b9:2a:29:de:
         94:90:89:c3:18:13:24:4b:02:45:38:24:76:e5:60:90:53:94:
         2d:23:08:ac:dc:4f:10:e9:9f:4e:0d:a2:87:6c:82:ce:88:57:
         32:72:59:6f:86:a0:bc:67:13:0d:5a:98:98:3d:e5:f0:f6:37:
         71:ed:fc:d9:04:49:c3:9f:41:36:d5:f3:22:74:f4:3b:5e:d6:
         d3:24:e6:aa:01:11:16:0b:b1:37:7b:49:20:49:eb:a5:3b:f4:
         68:3f:0b:39:bd:d6:b9:e9:ad:f3:64:ce:84:e8:80:8b:53:88:
         f5:40:7a:84:40:93:dd:36:81:3f:eb:f0:87:e0:3f:50:af:04:
         58:89:70:79:45:a0:21:47:07:43:57:21:9d:9f:7d:1d:99:33:
         81:c5:06:4d
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY2m/9pvMIoXwIjyIrumsMBpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDljYjI1Y2U1NTBlNGQ5YmRhMDViZDVkNDVjOGI2YmEzNzQz
MGJiYmEwHhcNMjQwMjE0MDk0MzIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ODkzMzg0NDM4NTc4ODI3MzU5ZTdiNDBhMmU2MGI2OWZiZmY2MTA5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg99EBbDf12uVr98zyCMV9Vknicl1
fqb1Tp2LzXqP0lUy5HcggOdzBjXwK/2LbQy6LzkRgM0fWdcSe8OqHXAmAxpIugZZ
YQjI2HfcQwpi8J77kmOV0bk85N5Jctf3y532dTqw94bqQ+7or8ylX1/VkTwzwwTI
sS7L2HwpAUWYwDXOXGoNagqM+jJeS5UWH3qM1xSuNHktQdHTDOLgjrth5y1BZZMD
qOnsMCGTIzfvxq6b/G6V7AurUSGSI5MLUrT2t0YO2Qj2UFAs6XxS7RJqSYoTSh1/
5ABnd1uTaczvexFU3MBUMSs8UCN0qVPXzHD8G2Sj4tLwepzzDv+64+aH4wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFFiTOEQ4V4gnNZ57QKLmC2n7/2EJMB8GA1UdIwQY
MBaAFJyyXOVQ5Nm9oFvV1FyLa6N0MLu6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbkxKYzVWRGsyYjJnVzlYVVhJdHJvM1F3dTdvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYS80ZjMzNmItNGE3OS00NDI1LTk1NTYt
YmU0NWYwZDJhYmJiLzEvV0pNNFJEaFhpQ2Mxbm50QW91WUxhZnZfWVFrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYS80ZjMzNmItNGE3OS00NDI1LTk1NTYtYmU0NWYwZDJhYmJi
LzEvbkxKYzVWRGsyYjJnVzlYVVhJdHJvM1F3dTdvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCAjggAwQA
LVGgMA0GCSqGSIb3DQEBCwUAA4IBAQCIMFTitRmBgJpPV+VWnaJ4oU2qu7axIv/r
FHJ3EwvFOF+/V7+E754I19NrxsK+XIN5H8/HmWqKdxXSaIWUVU1JSe15a7kzCx8h
iTZN8fhc2vZE56QqX8LtnEi0WvA6wEi/6g6eYzNARrkqKd6UkInDGBMkSwJFOCR2
5WCQU5QtIwis3E8Q6Z9ODaKHbILOiFcycllvhqC8ZxMNWpiYPeXw9jdx7fzZBEnD
n0E21fMidPQ7XtbTJOaqAREWC7E3e0kgSeulO/RoPws5vda56a3zZM6E6ICLU4j1
QHqEQJPdNoE/6/CH4D9QrwRYiXB5RaAhRwdDVyGdn30dmTOBxQZN
-----END CERTIFICATE-----