Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/WJ3NiCG3ZHF3sx7x7kP0nSA4WW8.roa
File:                     WJ3NiCG3ZHF3sx7x7kP0nSA4WW8.roa (raw, json)
Hash identifier:          WF3/ZKtEDprUrzp6KXvVA2+uLnDQbhBfGHUpcuvtRXg=
Subject key identifier:   58:9D:CD:88:21:B7:64:71:77:B3:1E:F1:EE:43:F4:9D:20:38:59:6F
Certificate issuer:       /CN=4f14112d05e9d876149d2778d48edaaa324db0a5
Certificate serial:       018CC727590BD1D85383D7A35002EA0C24C7
Authority key identifier: 4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/WJ3NiCG3ZHF3sx7x7kP0nSA4WW8.roa
Signing time:             Mon 01 Jan 2024 22:31:33 +0000
ROA not before:           Mon 01 Jan 2024 22:31:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42708
IP address blocks:        176.116.31.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 08:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:59:0b:d1:d8:53:83:d7:a3:50:02:ea:0c:24:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f14112d05e9d876149d2778d48edaaa324db0a5
        Validity
            Not Before: Jan  1 22:31:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=589dcd8821b7647177b31ef1ee43f49d2038596f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:ef:14:fa:fa:4d:54:ea:7e:20:e5:aa:1f:e8:
                    72:be:0a:16:90:2b:8c:b7:a2:2a:ef:e1:06:4e:23:
                    77:6d:51:cb:45:02:6a:e4:ca:25:67:c1:15:89:c3:
                    64:e9:bf:bc:1c:3d:fa:67:e0:54:56:7e:e7:9b:b9:
                    a1:95:71:2e:e7:13:c2:4f:9e:9d:69:df:79:68:d2:
                    61:21:a7:e8:aa:2b:0d:e5:84:f8:0d:cc:14:3d:9b:
                    a1:69:90:a0:4b:d2:7f:05:42:3d:b9:50:35:7e:1f:
                    33:0c:c6:09:4b:51:62:3b:03:f5:04:ac:63:29:37:
                    24:f2:2c:35:5d:63:6b:9e:4a:ff:76:2a:3a:9a:44:
                    6e:5b:51:aa:8e:60:35:3c:6c:42:96:49:3f:14:95:
                    30:23:68:e0:09:97:8a:d7:a2:63:65:90:2d:7c:69:
                    ba:26:3a:ed:60:71:d5:3e:bf:2b:f4:fc:13:04:2a:
                    e1:71:2e:d3:c8:a2:7c:76:1d:fa:96:2f:ee:45:98:
                    1e:6b:39:16:33:7e:b3:3e:ce:92:ac:db:14:de:a9:
                    0d:8b:82:f5:a3:df:d8:7f:5c:8b:e2:b1:47:dd:7e:
                    57:17:9b:71:a9:9d:2d:e2:2c:7a:f0:a3:64:d6:1d:
                    b7:5e:6a:83:b1:4e:6b:f4:85:f5:6a:2c:9c:d8:22:
                    94:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:9D:CD:88:21:B7:64:71:77:B3:1E:F1:EE:43:F4:9D:20:38:59:6F
            X509v3 Authority Key Identifier:
                keyid:4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/WJ3NiCG3ZHF3sx7x7kP0nSA4WW8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.116.31.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c8:05:f8:ce:a0:04:10:4f:2b:3e:a2:65:2f:49:dd:90:96:f1:
         6f:2f:99:59:cf:b6:63:7c:fb:29:dd:b0:e8:36:f3:07:1f:c7:
         bd:51:09:89:a9:8a:f7:77:42:76:3e:e2:9f:fe:e2:35:e7:56:
         d5:62:ed:33:88:9e:6b:ce:86:0d:4f:53:96:ca:c5:2b:d6:46:
         80:ae:8d:72:06:fa:d5:d1:67:63:53:b2:3d:b7:4d:b7:ae:41:
         59:2f:79:f9:f7:b7:40:36:0b:d0:11:df:b4:c4:2b:7a:dc:65:
         70:3c:94:fb:40:42:45:04:62:40:52:77:0a:d2:35:08:db:ff:
         de:16:b1:77:6a:7b:90:5c:d7:07:a0:41:b4:4e:36:e7:d7:a7:
         a6:3b:b1:d4:f7:ff:cc:42:b8:74:b0:26:09:51:76:42:42:30:
         f2:75:62:c1:fc:10:45:c2:74:1a:35:85:a2:32:26:d8:ee:45:
         aa:e2:f1:45:46:62:74:fa:53:cd:d7:56:5f:4e:4d:67:cb:c9:
         bf:82:3a:27:de:36:15:04:7a:d0:e8:bd:2a:a3:19:fc:a5:67:
         f7:14:fe:17:a5:02:44:30:75:2a:cd:70:12:e6:60:f2:bb:f4:
         12:6e:b1:97:68:0b:1e:7b:b3:1b:e8:f7:70:04:bf:09:e8:5d:
         18:0d:4c:01
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJ1kL0dhTg9ejUALqDCTHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMTQxMTJkMDVlOWQ4NzYxNDlkMjc3OGQ0OGVkYWFhMzI0
ZGIwYTUwHhcNMjQwMTAxMjIzMTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ODlkY2Q4ODIxYjc2NDcxNzdiMzFlZjFlZTQzZjQ5ZDIwMzg1OTZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAte8U+vpNVOp+IOWqH+hyvgoWkCuM
t6Iq7+EGTiN3bVHLRQJq5MolZ8EVicNk6b+8HD36Z+BUVn7nm7mhlXEu5xPCT56d
ad95aNJhIafoqisN5YT4DcwUPZuhaZCgS9J/BUI9uVA1fh8zDMYJS1FiOwP1BKxj
KTck8iw1XWNrnkr/dio6mkRuW1GqjmA1PGxClkk/FJUwI2jgCZeK16JjZZAtfGm6
JjrtYHHVPr8r9PwTBCrhcS7TyKJ8dh36li/uRZgeazkWM36zPs6SrNsU3qkNi4L1
o9/Yf1yL4rFH3X5XF5txqZ0t4ix68KNk1h23XmqDsU5r9IX1aiyc2CKUkwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFidzYght2Rxd7Me8e5D9J0gOFlvMB8GA1UdIwQY
MBaAFE8UES0F6dh2FJ0neNSO2qoyTbClMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUt
YmFmYmRmYzgxMzJhLzEvV0ozTmlDRzNaSEYzc3g3eDdrUDBuU0E0V1c4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUtYmFmYmRmYzgxMzJh
LzEvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsHQfMA0G
CSqGSIb3DQEBCwUAA4IBAQDIBfjOoAQQTys+omUvSd2QlvFvL5lZz7ZjfPsp3bDo
NvMHH8e9UQmJqYr3d0J2PuKf/uI151bVYu0ziJ5rzoYNT1OWysUr1kaAro1yBvrV
0WdjU7I9t023rkFZL3n597dANgvQEd+0xCt63GVwPJT7QEJFBGJAUncK0jUI2//e
FrF3anuQXNcHoEG0Tjbn16emO7HU9//MQrh0sCYJUXZCQjDydWLB/BBFwnQaNYWi
MibY7kWq4vFFRmJ0+lPN11ZfTk1ny8m/gjon3jYVBHrQ6L0qoxn8pWf3FP4XpQJE
MHUqzXAS5mDyu/QSbrGXaAsee7Mb6PdwBL8J6F0YDUwB
-----END CERTIFICATE-----