Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/1ea2b0-6b9a-44d7-a2e5-2206cc2e691c/1/WdidAxl6YYJtfglA3clzHafEnMw.roa
File:                     WdidAxl6YYJtfglA3clzHafEnMw.roa (raw, json)
Hash identifier:          SKa3mD30FvN7LwNsCMjtvg/vF7pT7gP2D8VjEXTwaEY=
Subject key identifier:   59:D8:9D:03:19:7A:61:82:6D:7E:09:40:DD:C9:73:1D:A7:C4:9C:CC
Certificate issuer:       /CN=81cca9f15e1921953a628c8ad2ac4be977b6c303
Certificate serial:       018CC492E4A687CAF63C76C81AB1FB4D99E4
Authority key identifier: 81:CC:A9:F1:5E:19:21:95:3A:62:8C:8A:D2:AC:4B:E9:77:B6:C3:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gcyp8V4ZIZU6YoyK0qxL6Xe2wwM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/1ea2b0-6b9a-44d7-a2e5-2206cc2e691c/1/WdidAxl6YYJtfglA3clzHafEnMw.roa
Signing time:             Mon 01 Jan 2024 10:30:10 +0000
ROA not before:           Mon 01 Jan 2024 10:30:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200554
IP address blocks:        5.160.10.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/24/1ea2b0-6b9a-44d7-a2e5-2206cc2e691c/1/gcyp8V4ZIZU6YoyK0qxL6Xe2wwM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/24/1ea2b0-6b9a-44d7-a2e5-2206cc2e691c/1/gcyp8V4ZIZU6YoyK0qxL6Xe2wwM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gcyp8V4ZIZU6YoyK0qxL6Xe2wwM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 14:33:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:92:e4:a6:87:ca:f6:3c:76:c8:1a:b1:fb:4d:99:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=81cca9f15e1921953a628c8ad2ac4be977b6c303
        Validity
            Not Before: Jan  1 10:30:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=59d89d03197a61826d7e0940ddc9731da7c49ccc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:e3:93:3c:ac:bf:ec:a3:08:a7:6a:aa:8c:b0:
                    48:6e:4f:29:cc:24:97:7b:06:b3:3c:77:a9:ea:a4:
                    54:2e:bc:7c:44:52:41:0b:ca:27:19:e7:df:b9:ce:
                    76:c8:3c:23:12:04:91:3c:9a:8a:a5:64:09:13:ac:
                    9e:68:1e:2f:97:4c:0c:55:58:2a:27:cb:49:e5:0f:
                    6b:63:f9:b3:ca:14:11:87:61:b8:4d:2f:1e:08:80:
                    eb:c5:c9:9b:8c:ef:2e:c7:e8:6a:c3:57:54:d0:54:
                    ed:40:1f:38:30:e2:00:58:de:7f:2f:67:89:12:1f:
                    3c:82:a3:32:94:d0:0e:35:d9:d3:17:36:18:61:a8:
                    24:b8:98:6b:ab:38:f4:a7:00:84:6c:08:81:2a:6c:
                    72:9a:3b:f8:d8:63:d4:ef:eb:3b:71:c2:51:c5:2b:
                    0d:1b:32:20:a4:ad:99:1a:ba:88:da:e7:a7:a5:af:
                    74:9f:ca:12:a9:0e:a8:5a:ad:91:b6:33:1e:95:5a:
                    70:c5:1f:b9:e9:d3:b1:8c:29:72:85:10:17:a5:c3:
                    91:27:a2:85:c2:3c:01:96:0d:8e:cb:3a:17:17:8e:
                    45:6a:44:bf:81:69:11:aa:60:c8:23:23:68:75:53:
                    c6:ef:b5:a5:cc:ba:7f:d5:6a:ed:a8:84:19:26:7e:
                    94:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:D8:9D:03:19:7A:61:82:6D:7E:09:40:DD:C9:73:1D:A7:C4:9C:CC
            X509v3 Authority Key Identifier:
                keyid:81:CC:A9:F1:5E:19:21:95:3A:62:8C:8A:D2:AC:4B:E9:77:B6:C3:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gcyp8V4ZIZU6YoyK0qxL6Xe2wwM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/1ea2b0-6b9a-44d7-a2e5-2206cc2e691c/1/WdidAxl6YYJtfglA3clzHafEnMw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/1ea2b0-6b9a-44d7-a2e5-2206cc2e691c/1/gcyp8V4ZIZU6YoyK0qxL6Xe2wwM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.160.10.0/24

    Signature Algorithm: sha256WithRSAEncryption
         55:bc:06:1a:2a:88:9c:4f:5a:b5:19:0b:6c:1a:a5:1c:e3:b9:
         10:ac:e2:b2:7d:cb:e4:f2:bc:13:53:5e:b1:e1:12:65:8f:4b:
         93:81:d8:08:eb:7f:84:bf:ba:0b:8f:8e:06:17:26:2c:3b:cd:
         ea:8c:6d:fb:18:b8:89:86:31:50:aa:66:90:40:1e:20:cb:a3:
         d9:06:8b:4c:20:dd:27:02:cc:86:d5:32:41:46:28:a4:df:76:
         20:90:53:c6:b6:d2:c2:c0:5a:66:55:a6:56:6c:dd:15:ca:ae:
         89:36:ba:a3:48:af:d7:e0:9b:42:47:e1:ab:5e:59:1a:81:5b:
         37:db:ae:22:99:e0:7d:08:d8:ca:85:42:50:fe:fd:5d:c7:3a:
         97:f5:19:ff:95:a4:f5:19:11:65:ef:4c:4c:94:ba:86:72:28:
         da:8f:97:e5:9a:fc:d8:bc:33:3e:4d:c5:c0:c3:5c:40:f9:2f:
         f4:b8:2f:da:25:b0:52:4a:e2:43:fb:9b:07:53:59:e3:70:cb:
         97:bc:75:ea:67:43:e9:03:7d:95:be:59:f3:b0:95:d4:07:f2:
         09:25:21:52:68:8e:89:60:dc:1d:d8:72:a0:96:49:d6:00:2a:
         af:33:ed:f1:40:6b:ef:3c:c3:07:d6:23:52:de:14:c0:fd:1f:
         a6:71:a8:3e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEkuSmh8r2PHbIGrH7TZnkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgxY2NhOWYxNWUxOTIxOTUzYTYyOGM4YWQyYWM0YmU5Nzdi
NmMzMDMwHhcNMjQwMTAxMTAzMDEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OWQ4OWQwMzE5N2E2MTgyNmQ3ZTA5NDBkZGM5NzMxZGE3YzQ5Y2NjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArOOTPKy/7KMIp2qqjLBIbk8pzCSX
ewazPHep6qRULrx8RFJBC8onGeffuc52yDwjEgSRPJqKpWQJE6yeaB4vl0wMVVgq
J8tJ5Q9rY/mzyhQRh2G4TS8eCIDrxcmbjO8ux+hqw1dU0FTtQB84MOIAWN5/L2eJ
Eh88gqMylNAONdnTFzYYYagkuJhrqzj0pwCEbAiBKmxymjv42GPU7+s7ccJRxSsN
GzIgpK2ZGrqI2uenpa90n8oSqQ6oWq2RtjMelVpwxR+56dOxjClyhRAXpcORJ6KF
wjwBlg2OyzoXF45FakS/gWkRqmDIIyNodVPG77WlzLp/1WrtqIQZJn6UtQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFnYnQMZemGCbX4JQN3Jcx2nxJzMMB8GA1UdIwQY
MBaAFIHMqfFeGSGVOmKMitKsS+l3tsMDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ2N5cDhWNFpJWlU2WW95SzBxeEw2WGUyd3dNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC8xZWEyYjAtNmI5YS00NGQ3LWEyZTUt
MjIwNmNjMmU2OTFjLzEvV2RpZEF4bDZZWUp0ZmdsQTNjbHpIYWZFbk13LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC8xZWEyYjAtNmI5YS00NGQ3LWEyZTUtMjIwNmNjMmU2OTFj
LzEvZ2N5cDhWNFpJWlU2WW95SzBxeEw2WGUyd3dNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABaAKMA0G
CSqGSIb3DQEBCwUAA4IBAQBVvAYaKoicT1q1GQtsGqUc47kQrOKyfcvk8rwTU16x
4RJlj0uTgdgI63+Ev7oLj44GFyYsO83qjG37GLiJhjFQqmaQQB4gy6PZBotMIN0n
AsyG1TJBRiik33YgkFPGttLCwFpmVaZWbN0Vyq6JNrqjSK/X4JtCR+GrXlkagVs3
264imeB9CNjKhUJQ/v1dxzqX9Rn/laT1GRFl70xMlLqGcijaj5flmvzYvDM+TcXA
w1xA+S/0uC/aJbBSSuJD+5sHU1njcMuXvHXqZ0PpA32VvlnzsJXUB/IJJSFSaI6J
YNwd2HKglknWACqvM+3xQGvvPMMH1iNS3hTA/R+mcag+
-----END CERTIFICATE-----