Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2c/a324f4-9770-4a58-a6ef-d62fa6319fd4/1/W1FSZVVHuNAFS1MPVML2o4sSYgg.roa
File:                     W1FSZVVHuNAFS1MPVML2o4sSYgg.roa (raw, json)
Hash identifier:          DPFsng72tMTuRMwEWtUf24BXNSaRg9itP7rMRCg70P4=
Subject key identifier:   5B:51:52:65:55:47:B8:D0:05:4B:53:0F:54:C2:F6:A3:8B:12:62:08
Certificate issuer:       /CN=49ee1194bd81d1946c39f10f7fdfdf22d1a03112
Certificate serial:       018CC8DE783C5D34F7181B017E9417680607
Authority key identifier: 49:EE:11:94:BD:81:D1:94:6C:39:F1:0F:7F:DF:DF:22:D1:A0:31:12
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Se4RlL2B0ZRsOfEPf9_fItGgMRI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2c/a324f4-9770-4a58-a6ef-d62fa6319fd4/1/W1FSZVVHuNAFS1MPVML2o4sSYgg.roa
Signing time:             Tue 02 Jan 2024 06:31:12 +0000
ROA not before:           Tue 02 Jan 2024 06:31:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60423
IP address blocks:        185.83.113.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2c/a324f4-9770-4a58-a6ef-d62fa6319fd4/1/Se4RlL2B0ZRsOfEPf9_fItGgMRI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2c/a324f4-9770-4a58-a6ef-d62fa6319fd4/1/Se4RlL2B0ZRsOfEPf9_fItGgMRI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Se4RlL2B0ZRsOfEPf9_fItGgMRI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 22 May 2024 23:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:78:3c:5d:34:f7:18:1b:01:7e:94:17:68:06:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=49ee1194bd81d1946c39f10f7fdfdf22d1a03112
        Validity
            Not Before: Jan  2 06:31:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5b5152655547b8d0054b530f54c2f6a38b126208
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:43:78:46:26:ad:d7:a2:6a:b0:bf:94:ee:37:
                    d9:0e:b2:90:38:08:12:18:85:b9:ee:a0:2c:34:52:
                    a8:98:a7:05:9f:60:b1:eb:0d:58:d6:f2:e1:e7:11:
                    ff:86:66:52:bd:03:fe:0c:62:cb:ab:8a:6b:a3:48:
                    48:8d:fd:3b:79:28:4f:39:b1:c2:be:c2:d8:03:22:
                    96:ee:20:c5:c9:f3:23:d6:a4:2b:36:b4:d3:a8:88:
                    44:8e:cb:48:85:53:e4:72:d8:1e:6c:01:7c:af:00:
                    6f:59:48:34:13:ec:61:ef:c3:d1:de:6f:9f:01:35:
                    e3:e4:29:d4:81:6c:c1:d7:a9:9a:f7:65:0e:0b:31:
                    d3:e2:0a:68:56:c3:62:24:7a:b3:64:5d:60:6d:74:
                    e9:0c:d2:98:b3:76:16:ae:cc:27:04:34:a4:cd:c7:
                    10:a4:43:10:29:4f:91:12:be:13:9f:43:37:a8:09:
                    c9:e9:f5:42:26:4b:f7:17:7f:9e:00:7e:24:fc:36:
                    20:fe:96:10:f3:a9:80:7b:a6:83:38:5e:b0:ed:f3:
                    f3:d1:5b:3a:9d:bb:5c:10:96:95:2b:f1:cc:c1:85:
                    65:01:e1:3c:c8:08:7d:7c:84:b5:02:a0:7f:76:41:
                    42:57:9d:71:a4:b1:97:34:d4:b1:64:cb:1c:cd:10:
                    05:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:51:52:65:55:47:B8:D0:05:4B:53:0F:54:C2:F6:A3:8B:12:62:08
            X509v3 Authority Key Identifier:
                keyid:49:EE:11:94:BD:81:D1:94:6C:39:F1:0F:7F:DF:DF:22:D1:A0:31:12

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Se4RlL2B0ZRsOfEPf9_fItGgMRI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2c/a324f4-9770-4a58-a6ef-d62fa6319fd4/1/W1FSZVVHuNAFS1MPVML2o4sSYgg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2c/a324f4-9770-4a58-a6ef-d62fa6319fd4/1/Se4RlL2B0ZRsOfEPf9_fItGgMRI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.83.113.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2b:ad:40:f3:2a:ac:45:79:f0:41:43:41:20:fd:e9:ee:a3:09:
         9f:b8:8c:37:05:26:64:2a:73:36:8d:4d:53:43:aa:27:7f:9b:
         c8:22:e9:11:7a:04:5d:a9:d3:d7:ed:56:ba:85:b7:c8:a2:a3:
         ff:4a:c4:06:6a:e0:48:e1:16:8a:49:f9:b7:62:be:0e:62:97:
         ab:1d:f8:01:16:e7:80:7f:b3:82:42:75:ee:df:04:bc:fc:0c:
         d3:ce:46:9e:c6:a4:5d:07:5e:2e:97:dc:a9:20:e2:87:72:6e:
         8d:b8:7e:0a:ec:c8:b1:46:ea:61:6d:40:3f:9c:d6:c2:b8:d1:
         51:22:c0:7b:b1:19:14:7c:61:61:e3:af:65:60:47:bd:30:31:
         a1:21:ff:dc:38:de:3c:ad:9e:72:6d:f5:e4:d2:ad:82:59:e3:
         bb:2a:70:49:8e:c5:a5:d7:16:8e:34:22:cc:e7:d7:b1:2e:9e:
         85:3c:6d:f0:ea:c0:ce:93:92:40:23:11:65:80:44:b8:4c:50:
         55:8b:5c:cc:4f:c4:df:e9:c4:a3:27:1f:9e:8e:30:cf:1c:5c:
         58:72:6a:34:7d:1b:56:c0:40:d7:82:7a:32:40:92:69:55:7f:
         8b:e9:23:0d:27:0f:f2:dc:46:21:f8:d1:94:ce:af:32:b7:f6:
         31:6b:ba:56
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3ng8XTT3GBsBfpQXaAYHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ5ZWUxMTk0YmQ4MWQxOTQ2YzM5ZjEwZjdmZGZkZjIyZDFh
MDMxMTIwHhcNMjQwMTAyMDYzMTEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YjUxNTI2NTU1NDdiOGQwMDU0YjUzMGY1NGMyZjZhMzhiMTI2MjA4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt0N4Riat16JqsL+U7jfZDrKQOAgS
GIW57qAsNFKomKcFn2Cx6w1Y1vLh5xH/hmZSvQP+DGLLq4pro0hIjf07eShPObHC
vsLYAyKW7iDFyfMj1qQrNrTTqIhEjstIhVPkctgebAF8rwBvWUg0E+xh78PR3m+f
ATXj5CnUgWzB16ma92UOCzHT4gpoVsNiJHqzZF1gbXTpDNKYs3YWrswnBDSkzccQ
pEMQKU+REr4Tn0M3qAnJ6fVCJkv3F3+eAH4k/DYg/pYQ86mAe6aDOF6w7fPz0Vs6
nbtcEJaVK/HMwYVlAeE8yAh9fIS1AqB/dkFCV51xpLGXNNSxZMsczRAF1QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFtRUmVVR7jQBUtTD1TC9qOLEmIIMB8GA1UdIwQY
MBaAFEnuEZS9gdGUbDnxD3/f3yLRoDESMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU2U0UmxMMkIwWlJzT2ZFUGY5X2ZJdEdnTVJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYy9hMzI0ZjQtOTc3MC00YTU4LWE2ZWYt
ZDYyZmE2MzE5ZmQ0LzEvVzFGU1pWVkh1TkFGUzFNUFZNTDJvNHNTWWdnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYy9hMzI0ZjQtOTc3MC00YTU4LWE2ZWYtZDYyZmE2MzE5ZmQ0
LzEvU2U0UmxMMkIwWlJzT2ZFUGY5X2ZJdEdnTVJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuVNxMA0G
CSqGSIb3DQEBCwUAA4IBAQArrUDzKqxFefBBQ0Eg/enuowmfuIw3BSZkKnM2jU1T
Q6onf5vIIukRegRdqdPX7Va6hbfIoqP/SsQGauBI4RaKSfm3Yr4OYperHfgBFueA
f7OCQnXu3wS8/AzTzkaexqRdB14ul9ypIOKHcm6NuH4K7MixRuphbUA/nNbCuNFR
IsB7sRkUfGFh469lYEe9MDGhIf/cON48rZ5ybfXk0q2CWeO7KnBJjsWl1xaONCLM
59exLp6FPG3w6sDOk5JAIxFlgES4TFBVi1zMT8Tf6cSjJx+ejjDPHFxYcmo0fRtW
wEDXgnoyQJJpVX+L6SMNJw/y3EYh+NGUzq8yt/Yxa7pW
-----END CERTIFICATE-----