Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/c4731c-a8fe-4a0b-991a-35820f51c578/1/WIJZFJAqPpGswQ-bRR9WJgFE2R4.roa
File:                     WIJZFJAqPpGswQ-bRR9WJgFE2R4.roa (raw, json)
Hash identifier:          evNS+NfJNZJ8ea23J86UtfpVYNVTYut368Awt3vrq8M=
Subject key identifier:   58:82:59:14:90:2A:3E:91:AC:C1:0F:9B:45:1F:56:26:01:44:D9:1E
Certificate issuer:       /CN=e8c0b5d7d7caf7ef4d3555c0d90e95d7bf86e606
Certificate serial:       018F9BC0A45FDCD5DC93A9487869FD166EC7
Authority key identifier: E8:C0:B5:D7:D7:CA:F7:EF:4D:35:55:C0:D9:0E:95:D7:BF:86:E6:06
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6MC119fK9-9NNVXA2Q6V17-G5gY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1e/c4731c-a8fe-4a0b-991a-35820f51c578/1/WIJZFJAqPpGswQ-bRR9WJgFE2R4.roa
Signing time:             Tue 21 May 2024 15:24:04 +0000
ROA not before:           Tue 21 May 2024 15:24:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49881
IP address blocks:        193.104.54.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1e/c4731c-a8fe-4a0b-991a-35820f51c578/1/6MC119fK9-9NNVXA2Q6V17-G5gY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1e/c4731c-a8fe-4a0b-991a-35820f51c578/1/6MC119fK9-9NNVXA2Q6V17-G5gY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6MC119fK9-9NNVXA2Q6V17-G5gY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Sep 2024 15:00:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:9b:c0:a4:5f:dc:d5:dc:93:a9:48:78:69:fd:16:6e:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e8c0b5d7d7caf7ef4d3555c0d90e95d7bf86e606
        Validity
            Not Before: May 21 15:24:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=58825914902a3e91acc10f9b451f56260144d91e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:cf:74:40:15:bf:c4:24:59:16:72:b7:68:12:
                    1c:0e:65:f4:03:b9:ce:1c:f8:f2:b5:a8:52:dd:6d:
                    72:14:e9:72:0a:f8:4c:fe:c1:d3:10:97:35:02:c5:
                    51:19:4d:4c:94:b7:e6:dd:3b:a1:10:b6:e9:78:ee:
                    7f:9c:63:00:ab:14:67:3f:4d:bf:3c:7e:9d:24:5a:
                    65:a0:aa:f7:0f:08:02:c9:40:82:e4:56:5d:3a:87:
                    21:de:3d:71:61:15:56:61:f7:6f:7f:6a:88:35:47:
                    d3:dd:a1:25:9c:e6:31:11:cf:70:63:51:4c:5b:28:
                    70:4c:bd:44:2f:cb:77:fb:02:1f:9a:5e:00:e7:84:
                    75:3d:63:25:d0:6f:54:c1:72:8a:82:3e:a0:87:65:
                    05:35:2b:2c:a2:45:7d:95:d7:92:fe:1f:35:27:59:
                    88:77:5d:93:1c:bf:54:07:8f:40:1d:46:cc:16:7d:
                    0c:a8:9b:8c:53:fd:18:21:99:a8:d8:9d:8a:d8:b2:
                    9c:50:e6:d8:8e:5f:16:01:94:6f:89:df:9a:3e:f4:
                    c9:15:53:64:ba:51:b4:a5:93:8e:6f:1d:ec:eb:bb:
                    a8:2d:5d:42:4c:ac:d3:75:f5:ba:75:21:6d:d4:67:
                    b2:1c:b7:11:f1:2c:13:32:14:11:2c:34:53:40:88:
                    29:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:82:59:14:90:2A:3E:91:AC:C1:0F:9B:45:1F:56:26:01:44:D9:1E
            X509v3 Authority Key Identifier:
                keyid:E8:C0:B5:D7:D7:CA:F7:EF:4D:35:55:C0:D9:0E:95:D7:BF:86:E6:06

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6MC119fK9-9NNVXA2Q6V17-G5gY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/c4731c-a8fe-4a0b-991a-35820f51c578/1/WIJZFJAqPpGswQ-bRR9WJgFE2R4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/c4731c-a8fe-4a0b-991a-35820f51c578/1/6MC119fK9-9NNVXA2Q6V17-G5gY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.104.54.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3d:59:cb:18:a7:31:b4:2b:f1:25:5c:61:ca:c4:49:6a:90:a5:
         7a:5e:b2:12:13:e9:f1:fb:91:3b:1d:36:c3:34:51:4b:b7:c0:
         0b:2e:b0:ad:c1:68:2b:26:48:6d:b9:78:89:40:b4:58:5f:ff:
         3d:a5:09:16:99:aa:3f:30:53:8d:f5:93:82:f8:c6:85:3a:54:
         a4:46:89:b5:e6:50:cd:94:bb:a5:17:14:98:c7:3a:d8:30:46:
         37:19:be:fa:62:44:b8:20:1a:c0:5b:78:a9:ca:5f:c1:96:00:
         9b:77:2b:bb:84:cd:48:04:2f:66:ba:0f:a4:34:62:30:77:2e:
         d3:d5:89:b6:ca:ef:87:68:a0:52:a0:ac:34:df:db:4d:4c:41:
         3f:35:c5:d2:76:fa:04:df:fa:5f:99:c9:ac:86:0c:09:94:48:
         ba:64:87:9c:14:e2:16:16:48:e6:ef:4e:47:48:27:b6:64:23:
         ac:3e:cd:12:29:4a:71:e2:f3:3d:10:91:e9:0b:ad:f3:21:38:
         bd:7a:f6:bc:8d:4d:ed:8c:8c:1c:b7:07:4c:3e:d6:22:68:00:
         be:e3:e6:19:fd:7f:d4:f6:1b:af:54:5c:a7:84:71:fd:85:75:
         39:f1:ca:38:f7:88:f3:e8:41:89:68:89:77:e9:26:4a:45:7c:
         f8:6d:b4:f0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY+bwKRf3NXck6lIeGn9Fm7HMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU4YzBiNWQ3ZDdjYWY3ZWY0ZDM1NTVjMGQ5MGU5NWQ3YmY4
NmU2MDYwHhcNMjQwNTIxMTUyNDA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ODgyNTkxNDkwMmEzZTkxYWNjMTBmOWI0NTFmNTYyNjAxNDRkOTFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlM90QBW/xCRZFnK3aBIcDmX0A7nO
HPjytahS3W1yFOlyCvhM/sHTEJc1AsVRGU1MlLfm3TuhELbpeO5/nGMAqxRnP02/
PH6dJFploKr3DwgCyUCC5FZdOoch3j1xYRVWYfdvf2qINUfT3aElnOYxEc9wY1FM
WyhwTL1EL8t3+wIfml4A54R1PWMl0G9UwXKKgj6gh2UFNSssokV9ldeS/h81J1mI
d12THL9UB49AHUbMFn0MqJuMU/0YIZmo2J2K2LKcUObYjl8WAZRvid+aPvTJFVNk
ulG0pZOObx3s67uoLV1CTKzTdfW6dSFt1GeyHLcR8SwTMhQRLDRTQIgpHwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFiCWRSQKj6RrMEPm0UfViYBRNkeMB8GA1UdIwQY
MBaAFOjAtdfXyvfvTTVVwNkOlde/huYGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNk1DMTE5Zks5LTlOTlZYQTJRNlYxNy1HNWdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS9jNDczMWMtYThmZS00YTBiLTk5MWEt
MzU4MjBmNTFjNTc4LzEvV0lKWkZKQXFQcEdzd1EtYlJSOVdKZ0ZFMlI0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS9jNDczMWMtYThmZS00YTBiLTk5MWEtMzU4MjBmNTFjNTc4
LzEvNk1DMTE5Zks5LTlOTlZYQTJRNlYxNy1HNWdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwWg2MA0G
CSqGSIb3DQEBCwUAA4IBAQA9WcsYpzG0K/ElXGHKxElqkKV6XrISE+nx+5E7HTbD
NFFLt8ALLrCtwWgrJkhtuXiJQLRYX/89pQkWmao/MFON9ZOC+MaFOlSkRom15lDN
lLulFxSYxzrYMEY3Gb76YkS4IBrAW3ipyl/BlgCbdyu7hM1IBC9mug+kNGIwdy7T
1Ym2yu+HaKBSoKw039tNTEE/NcXSdvoE3/pfmcmshgwJlEi6ZIecFOIWFkjm705H
SCe2ZCOsPs0SKUpx4vM9EJHpC63zITi9eva8jU3tjIwctwdMPtYiaAC+4+YZ/X/U
9huvVFynhHH9hXU58co494jz6EGJaIl36SZKRXz4bbTw
-----END CERTIFICATE-----