Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/840757-8149-40fe-a49b-ae5e74ed5ba0/1/WNmdgqrjN3zQJoQIg_-stTBmzsY.roa
File:                     WNmdgqrjN3zQJoQIg_-stTBmzsY.roa (raw, json)
Hash identifier:          5+v1J0ulVIfXD/4RLcmmgma4YByGjIM/EMrqUbhUxlE=
Subject key identifier:   58:D9:9D:82:AA:E3:37:7C:D0:26:84:08:83:FF:AC:B5:30:66:CE:C6
Certificate issuer:       /CN=f9a3520fd9c299a2874df5e47b6302a4252a726b
Certificate serial:       018CC6B7C0731CC4B44FC30B05380CFE94FE
Authority key identifier: F9:A3:52:0F:D9:C2:99:A2:87:4D:F5:E4:7B:63:02:A4:25:2A:72:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-aNSD9nCmaKHTfXke2MCpCUqcms.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/840757-8149-40fe-a49b-ae5e74ed5ba0/1/WNmdgqrjN3zQJoQIg_-stTBmzsY.roa
Signing time:             Mon 01 Jan 2024 20:29:40 +0000
ROA not before:           Mon 01 Jan 2024 20:29:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202253
IP address blocks:        62.182.44.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/840757-8149-40fe-a49b-ae5e74ed5ba0/1/1-aNSD9nCmaKHTfXke2MCpCUqcms.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/840757-8149-40fe-a49b-ae5e74ed5ba0/1/1-aNSD9nCmaKHTfXke2MCpCUqcms.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-aNSD9nCmaKHTfXke2MCpCUqcms.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Jun 2024 04:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:c0:73:1c:c4:b4:4f:c3:0b:05:38:0c:fe:94:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f9a3520fd9c299a2874df5e47b6302a4252a726b
        Validity
            Not Before: Jan  1 20:29:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=58d99d82aae3377cd026840883ffacb53066cec6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:e7:20:9b:5c:ca:54:3a:6c:87:75:81:52:c4:
                    60:90:84:cb:f9:1d:b0:b0:fe:46:1b:e1:80:09:a4:
                    3f:26:03:ce:56:b0:0c:e4:ad:b8:6b:01:0f:29:ff:
                    8f:2a:b1:ed:65:30:5a:de:9c:dd:3a:fc:ec:20:29:
                    a3:58:4e:da:6e:3e:3d:ab:05:e6:77:a6:9c:e2:b6:
                    a2:e9:53:67:a9:e3:8f:b2:09:8e:cb:cd:75:c5:0b:
                    99:10:6d:05:17:fc:ba:c9:7a:9c:f0:15:43:2d:b6:
                    ed:e5:a2:d2:24:c8:13:e6:38:ac:2b:68:d4:00:35:
                    45:b5:1b:2b:a4:bf:35:d9:54:1a:b2:29:70:e5:a3:
                    20:2d:6c:90:a4:6e:47:b6:57:41:a2:4c:3a:76:91:
                    4b:bf:64:78:a1:9f:64:99:63:13:39:2a:14:27:f8:
                    ce:aa:cc:36:85:09:c3:51:1f:6c:43:ed:7c:4f:e3:
                    6e:52:d9:04:33:f2:55:6a:94:40:ee:3f:f0:2e:11:
                    a7:be:53:aa:d8:f9:9e:4e:85:40:37:05:2b:dd:1b:
                    38:fc:37:63:5d:a1:86:d1:2a:2c:09:70:38:18:8d:
                    f5:a2:9d:96:78:57:fd:30:59:35:c8:d8:0d:76:2a:
                    1e:e6:a5:8f:09:8a:25:bf:85:42:b0:a5:d3:c9:8a:
                    fd:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:D9:9D:82:AA:E3:37:7C:D0:26:84:08:83:FF:AC:B5:30:66:CE:C6
            X509v3 Authority Key Identifier:
                keyid:F9:A3:52:0F:D9:C2:99:A2:87:4D:F5:E4:7B:63:02:A4:25:2A:72:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-aNSD9nCmaKHTfXke2MCpCUqcms.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/840757-8149-40fe-a49b-ae5e74ed5ba0/1/WNmdgqrjN3zQJoQIg_-stTBmzsY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/840757-8149-40fe-a49b-ae5e74ed5ba0/1/1-aNSD9nCmaKHTfXke2MCpCUqcms.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.182.44.0/22

    Signature Algorithm: sha256WithRSAEncryption
         3e:d7:ce:b4:02:ad:66:2a:4e:c4:57:89:c8:81:9c:1d:2d:59:
         60:c8:89:f2:f1:a0:c4:12:3a:20:9e:fe:fe:6b:12:71:7c:2c:
         eb:0c:2d:97:af:ad:67:cc:fd:77:01:ee:c8:32:6f:24:c7:51:
         83:c0:a4:c5:45:9b:41:e1:90:47:fd:60:c0:56:91:51:e8:43:
         20:70:ce:e5:75:8a:f1:48:38:e5:43:0d:10:c8:23:a8:a0:7a:
         8b:c0:c7:f4:3f:6c:1c:e3:ef:0d:16:0d:0a:83:2a:c5:3b:e8:
         3a:d8:29:2a:47:96:bd:16:b7:2e:3a:1c:bb:c6:41:7a:a1:b8:
         7c:8a:47:9c:48:5b:2b:fa:2f:44:0e:7d:4a:8c:5a:51:1f:69:
         a9:68:e9:70:b4:0f:e7:f9:e3:fc:e0:5f:f5:b7:b3:35:f4:a2:
         30:6f:cd:a6:af:ce:a8:51:a8:87:02:8e:ce:da:ba:14:65:91:
         e3:62:8a:7b:7d:62:61:91:19:61:d8:34:83:37:11:a3:64:53:
         e5:4d:05:26:32:75:c5:3d:c8:f2:a2:21:33:2c:ad:c3:69:8d:
         b8:4e:67:55:16:cf:9d:ef:e4:c8:e9:18:6e:f4:f2:03:6e:19:
         16:1d:69:e0:4c:35:0c:95:c0:3b:88:1e:52:42:b6:49:7a:f3:
         ef:51:b5:86
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzGt8BzHMS0T8MLBTgM/pT+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY5YTM1MjBmZDljMjk5YTI4NzRkZjVlNDdiNjMwMmE0MjUy
YTcyNmIwHhcNMjQwMTAxMjAyOTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OGQ5OWQ4MmFhZTMzNzdjZDAyNjg0MDg4M2ZmYWNiNTMwNjZjZWM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwecgm1zKVDpsh3WBUsRgkITL+R2w
sP5GG+GACaQ/JgPOVrAM5K24awEPKf+PKrHtZTBa3pzdOvzsICmjWE7abj49qwXm
d6ac4rai6VNnqeOPsgmOy811xQuZEG0FF/y6yXqc8BVDLbbt5aLSJMgT5jisK2jU
ADVFtRsrpL812VQasilw5aMgLWyQpG5HtldBokw6dpFLv2R4oZ9kmWMTOSoUJ/jO
qsw2hQnDUR9sQ+18T+NuUtkEM/JVapRA7j/wLhGnvlOq2PmeToVANwUr3Rs4/Ddj
XaGG0SosCXA4GI31op2WeFf9MFk1yNgNdioe5qWPCYolv4VCsKXTyYr92wIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFFjZnYKq4zd80CaECIP/rLUwZs7GMB8GA1UdIwQY
MBaAFPmjUg/Zwpmih0315HtjAqQlKnJrMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1hTlNEOW5DbWFLSFRmWGtlMk1DcENVcWNtcy5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMjUvODQwNzU3LTgxNDktNDBmZS1hNDli
LWFlNWU3NGVkNWJhMC8xL1dObWRncXJqTjN6UUpvUUlnXy1zdFRCbXpzWS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMjUvODQwNzU3LTgxNDktNDBmZS1hNDliLWFlNWU3NGVkNWJh
MC8xLzEtYU5TRDluQ21hS0hUZlhrZTJNQ3BDVXFjbXMuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAI+tiww
DQYJKoZIhvcNAQELBQADggEBAD7XzrQCrWYqTsRXiciBnB0tWWDIifLxoMQSOiCe
/v5rEnF8LOsMLZevrWfM/XcB7sgybyTHUYPApMVFm0HhkEf9YMBWkVHoQyBwzuV1
ivFIOOVDDRDII6igeovAx/Q/bBzj7w0WDQqDKsU76DrYKSpHlr0Wty46HLvGQXqh
uHyKR5xIWyv6L0QOfUqMWlEfaalo6XC0D+f54/zgX/W3szX0ojBvzaavzqhRqIcC
js7auhRlkeNiint9YmGRGWHYNIM3EaNkU+VNBSYydcU9yPKiITMsrcNpjbhOZ1UW
z53v5MjpGG708gNuGRYdaeBMNQyVwDuIHlJCtkl68+9RtYY=
-----END CERTIFICATE-----