Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1a/ca2cb5-b25b-435c-bacb-0ae696bd368a/1/WVIZpVZcVpej-e0fLEhE-_k7geE.roa
File:                     WVIZpVZcVpej-e0fLEhE-_k7geE.roa (raw, json)
Hash identifier:          qKFoe5pWxbvSRU7qlD6xAqELTIP/SIFobrIGqTlePdc=
Subject key identifier:   59:52:19:A5:56:5C:56:97:A3:F9:ED:1F:2C:48:44:FB:F9:3B:81:E1
Certificate issuer:       /CN=8cd0b6547548802ea59814672547bcc836d70fcf
Certificate serial:       018CC2DB10686772E47C127670C4DC60C549
Authority key identifier: 8C:D0:B6:54:75:48:80:2E:A5:98:14:67:25:47:BC:C8:36:D7:0F:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jNC2VHVIgC6lmBRnJUe8yDbXD88.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1a/ca2cb5-b25b-435c-bacb-0ae696bd368a/1/WVIZpVZcVpej-e0fLEhE-_k7geE.roa
Signing time:             Mon 01 Jan 2024 02:29:45 +0000
ROA not before:           Mon 01 Jan 2024 02:29:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3303
IP address blocks:        194.56.234.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1a/ca2cb5-b25b-435c-bacb-0ae696bd368a/1/jNC2VHVIgC6lmBRnJUe8yDbXD88.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1a/ca2cb5-b25b-435c-bacb-0ae696bd368a/1/jNC2VHVIgC6lmBRnJUe8yDbXD88.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jNC2VHVIgC6lmBRnJUe8yDbXD88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 27 Jun 2024 08:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:10:68:67:72:e4:7c:12:76:70:c4:dc:60:c5:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8cd0b6547548802ea59814672547bcc836d70fcf
        Validity
            Not Before: Jan  1 02:29:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=595219a5565c5697a3f9ed1f2c4844fbf93b81e1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:1a:e5:63:a7:a1:a8:49:67:93:79:7d:8d:80:
                    18:f6:7d:d5:01:cf:63:e1:91:5f:09:1c:00:62:0c:
                    d5:21:7f:ac:63:94:ca:43:80:02:5f:64:28:41:9d:
                    cf:64:c6:fd:9a:e2:a8:8e:f2:d0:9e:4b:72:c2:7d:
                    b4:49:b0:05:a9:91:84:8a:96:a3:ce:53:ef:02:0a:
                    fa:8f:19:8e:ed:a7:c5:fd:7b:5e:60:b6:48:f2:c6:
                    86:f9:c1:45:cd:53:a6:f4:7e:90:58:10:9e:b3:16:
                    fb:dd:8f:cd:4d:dc:6f:36:34:86:da:87:78:cb:a1:
                    ad:75:e4:b3:3d:c3:f2:ff:92:c1:bd:50:1a:64:05:
                    72:ad:bf:4e:34:2e:50:7a:db:04:2c:ae:4b:15:ea:
                    c2:bf:55:60:3e:07:a9:92:9b:0b:f4:d1:ba:6b:87:
                    55:31:58:d3:ab:48:56:79:c4:d7:be:db:98:ac:10:
                    db:df:95:c4:c4:24:4e:40:aa:47:4d:f0:c4:7e:9a:
                    8d:6e:43:98:43:82:4c:11:34:26:13:91:c8:76:a1:
                    15:fa:84:55:e9:20:06:6b:43:26:b7:ec:c6:bb:a0:
                    82:ec:05:a8:92:29:c7:c2:4e:a3:e4:5f:c6:9c:c2:
                    cf:44:b8:75:13:e3:49:c1:aa:04:24:de:2e:79:f0:
                    62:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:52:19:A5:56:5C:56:97:A3:F9:ED:1F:2C:48:44:FB:F9:3B:81:E1
            X509v3 Authority Key Identifier:
                keyid:8C:D0:B6:54:75:48:80:2E:A5:98:14:67:25:47:BC:C8:36:D7:0F:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jNC2VHVIgC6lmBRnJUe8yDbXD88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/ca2cb5-b25b-435c-bacb-0ae696bd368a/1/WVIZpVZcVpej-e0fLEhE-_k7geE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/ca2cb5-b25b-435c-bacb-0ae696bd368a/1/jNC2VHVIgC6lmBRnJUe8yDbXD88.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.56.234.0/24

    Signature Algorithm: sha256WithRSAEncryption
         63:eb:00:b1:e9:cc:b7:cb:fc:cb:b1:a7:2a:30:39:7a:37:40:
         9b:14:18:36:f3:cc:60:b8:e7:b4:6d:55:63:cf:40:cd:f8:28:
         c2:5f:68:9d:b7:00:4c:d2:4f:20:d4:81:44:49:47:a0:5c:df:
         79:f2:61:87:fe:72:f8:fe:92:c3:11:77:69:56:ee:2c:f4:2d:
         c5:36:7e:41:1a:3c:be:cb:4e:04:65:ab:41:f7:0e:8a:1d:b7:
         4b:e6:54:93:64:ef:b4:16:4e:cc:ae:ad:98:2c:f9:b2:8a:52:
         ce:57:2d:2e:17:46:7b:0f:6c:2a:3a:02:86:2a:04:c6:52:5e:
         62:2f:56:96:ee:8e:12:64:a7:e1:89:15:f8:c5:46:3f:4e:8a:
         13:ba:66:4d:b5:3d:81:d4:53:d9:02:81:be:26:f0:ff:90:55:
         72:8a:a8:89:42:17:91:97:80:1b:a7:7b:9e:72:13:9b:1b:20:
         2a:c4:07:84:d1:a1:48:61:7f:04:3c:a5:67:57:cb:ef:55:da:
         9e:d8:c8:01:a7:b9:38:19:bd:31:40:f5:05:d3:b3:fb:c2:93:
         38:70:0d:5b:f2:58:6f:43:cd:39:86:b0:51:4c:be:c7:e0:fc:
         1a:56:99:47:a3:09:37:31:61:b0:00:12:23:ef:69:d2:e2:43:
         50:7e:51:4b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2xBoZ3LkfBJ2cMTcYMVJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhjZDBiNjU0NzU0ODgwMmVhNTk4MTQ2NzI1NDdiY2M4MzZk
NzBmY2YwHhcNMjQwMTAxMDIyOTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OTUyMTlhNTU2NWM1Njk3YTNmOWVkMWYyYzQ4NDRmYmY5M2I4MWUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApBrlY6ehqElnk3l9jYAY9n3VAc9j
4ZFfCRwAYgzVIX+sY5TKQ4ACX2QoQZ3PZMb9muKojvLQnktywn20SbAFqZGEipaj
zlPvAgr6jxmO7afF/XteYLZI8saG+cFFzVOm9H6QWBCesxb73Y/NTdxvNjSG2od4
y6GtdeSzPcPy/5LBvVAaZAVyrb9ONC5QetsELK5LFerCv1VgPgepkpsL9NG6a4dV
MVjTq0hWecTXvtuYrBDb35XExCROQKpHTfDEfpqNbkOYQ4JMETQmE5HIdqEV+oRV
6SAGa0Mmt+zGu6CC7AWokinHwk6j5F/GnMLPRLh1E+NJwaoEJN4uefBikQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFlSGaVWXFaXo/ntHyxIRPv5O4HhMB8GA1UdIwQY
MBaAFIzQtlR1SIAupZgUZyVHvMg21w/PMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvak5DMlZIVklnQzZsbUJSbkpVZTh5RGJYRDg4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYS9jYTJjYjUtYjI1Yi00MzVjLWJhY2It
MGFlNjk2YmQzNjhhLzEvV1ZJWnBWWmNWcGVqLWUwZkxFaEUtX2s3Z2VFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYS9jYTJjYjUtYjI1Yi00MzVjLWJhY2ItMGFlNjk2YmQzNjhh
LzEvak5DMlZIVklnQzZsbUJSbkpVZTh5RGJYRDg4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwjjqMA0G
CSqGSIb3DQEBCwUAA4IBAQBj6wCx6cy3y/zLsacqMDl6N0CbFBg288xguOe0bVVj
z0DN+CjCX2idtwBM0k8g1IFESUegXN958mGH/nL4/pLDEXdpVu4s9C3FNn5BGjy+
y04EZatB9w6KHbdL5lSTZO+0Fk7Mrq2YLPmyilLOVy0uF0Z7D2wqOgKGKgTGUl5i
L1aW7o4SZKfhiRX4xUY/TooTumZNtT2B1FPZAoG+JvD/kFVyiqiJQheRl4Abp3ue
chObGyAqxAeE0aFIYX8EPKVnV8vvVdqe2MgBp7k4Gb0xQPUF07P7wpM4cA1b8lhv
Q805hrBRTL7H4PwaVplHowk3MWGwABIj72nS4kNQflFL
-----END CERTIFICATE-----