Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2d/366560-096e-4835-89fd-563600319a1f/1/Wu5SlgEQbv_1kAvYZKCoeTY_h2E.roa
File:                     Wu5SlgEQbv_1kAvYZKCoeTY_h2E.roa (raw, json)
Hash identifier:          WWKcLjG5dP3AvCwBZc8lg1x45PWPHYn36x5N4G/Yh0U=
Subject key identifier:   5A:EE:52:96:01:10:6E:FF:F5:90:0B:D8:64:A0:A8:79:36:3F:87:61
Certificate issuer:       /CN=8e987039b3f3b2db9b298ae0d8d0eb348969ad62
Certificate serial:       0192721FB0474B92A7A665567B63A714BC18
Authority key identifier: 8E:98:70:39:B3:F3:B2:DB:9B:29:8A:E0:D8:D0:EB:34:89:69:AD:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jphwObPzstubKYrg2NDrNIlprWI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2d/366560-096e-4835-89fd-563600319a1f/1/Wu5SlgEQbv_1kAvYZKCoeTY_h2E.roa
Signing time:             Wed 09 Oct 2024 16:32:12 +0000
ROA not before:           Wed 09 Oct 2024 16:32:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     59810
IP address blocks:        193.134.148.0/24 maxlen: 24
                          193.134.149.0/24 maxlen: 24
                          193.134.150.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2d/366560-096e-4835-89fd-563600319a1f/1/jphwObPzstubKYrg2NDrNIlprWI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2d/366560-096e-4835-89fd-563600319a1f/1/jphwObPzstubKYrg2NDrNIlprWI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jphwObPzstubKYrg2NDrNIlprWI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Oct 2024 14:44:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:72:1f:b0:47:4b:92:a7:a6:65:56:7b:63:a7:14:bc:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8e987039b3f3b2db9b298ae0d8d0eb348969ad62
        Validity
            Not Before: Oct  9 16:32:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5aee529601106efff5900bd864a0a879363f8761
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:96:f1:19:16:84:85:60:6a:08:e4:2a:63:d9:
                    e1:61:6e:3e:b4:73:ec:96:5e:0d:1b:b2:3d:ca:cb:
                    12:8e:ff:ce:f6:e5:b1:e8:f6:be:b7:80:7f:0c:8e:
                    09:da:f6:82:17:5a:66:47:a5:bc:38:42:cc:6e:e0:
                    9c:5c:3b:f1:55:6b:e3:b2:a3:72:6c:15:f5:5a:00:
                    c9:2f:9a:57:84:1b:ef:c3:88:17:2a:72:2c:95:6b:
                    cd:da:83:8e:a3:30:73:31:7d:00:54:b3:f1:e2:af:
                    b7:a6:2b:c4:09:32:56:0e:d0:dc:30:e8:fb:ee:c4:
                    81:bb:6b:d9:dc:2f:17:f6:b9:0c:ea:92:74:e3:fe:
                    70:fe:be:51:47:70:c8:db:5a:b5:c4:81:c6:09:92:
                    16:e2:e3:42:c8:f0:6a:ce:28:d5:3e:b3:af:de:83:
                    ed:55:25:46:73:55:76:ab:d5:5e:64:04:bf:1b:95:
                    19:dd:bd:2f:b8:a6:9e:c3:7e:95:68:9b:36:05:aa:
                    59:3f:e7:76:df:4e:fc:67:e1:c3:62:9b:48:cf:02:
                    17:ee:5d:02:14:80:92:db:10:63:88:6d:90:36:f1:
                    34:f2:a1:4d:ee:1e:bd:69:54:46:b0:49:be:fd:2b:
                    b6:13:90:12:40:bb:94:3f:2e:f2:81:f3:32:f1:67:
                    a0:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5A:EE:52:96:01:10:6E:FF:F5:90:0B:D8:64:A0:A8:79:36:3F:87:61
            X509v3 Authority Key Identifier:
                keyid:8E:98:70:39:B3:F3:B2:DB:9B:29:8A:E0:D8:D0:EB:34:89:69:AD:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jphwObPzstubKYrg2NDrNIlprWI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/366560-096e-4835-89fd-563600319a1f/1/Wu5SlgEQbv_1kAvYZKCoeTY_h2E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/366560-096e-4835-89fd-563600319a1f/1/jphwObPzstubKYrg2NDrNIlprWI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.134.148.0-193.134.150.255

    Signature Algorithm: sha256WithRSAEncryption
         8a:e4:7a:9c:b8:08:50:b9:50:d3:39:fe:68:38:78:53:c3:6b:
         7a:28:a6:09:8b:e0:c2:9f:75:15:9a:dd:9f:d6:35:20:89:31:
         c8:b1:79:2c:30:67:8a:05:db:3f:f7:95:70:5c:d9:13:7d:94:
         20:28:c5:88:6d:24:32:54:5c:8f:ca:63:32:87:c8:67:2c:b2:
         24:00:81:de:72:af:0c:5b:5f:19:2a:2d:62:f7:a5:67:71:fd:
         11:ba:2c:fd:56:84:61:88:13:6c:9e:b9:71:b3:92:f2:16:48:
         5d:a5:11:59:4b:93:00:1d:f9:29:6a:aa:84:ab:26:35:09:0e:
         27:3c:7e:41:48:e1:d4:e2:1b:e2:9c:33:54:93:59:74:ed:3d:
         c5:e3:9e:d4:17:d2:7f:34:a3:5e:7f:0b:0c:ac:a4:c6:bf:51:
         f3:3b:fa:31:b7:b0:4c:97:b3:98:c7:75:19:71:ce:3a:18:2c:
         64:24:a8:76:de:b0:0b:b2:ad:42:f2:34:5b:a3:da:11:71:88:
         45:11:af:0b:2d:81:23:58:40:07:5a:a1:92:8a:0d:04:08:89:
         b2:fa:2b:34:c3:84:d5:d8:b7:00:41:82:ed:af:d7:cf:d1:ba:
         41:68:12:e6:7c:84:8b:c7:09:19:96:b2:a9:8d:ba:96:ae:ec:
         4d:dc:c2:77
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZJyH7BHS5KnpmVWe2OnFLwYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhlOTg3MDM5YjNmM2IyZGI5YjI5OGFlMGQ4ZDBlYjM0ODk2
OWFkNjIwHhcNMjQxMDA5MTYzMjEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YWVlNTI5NjAxMTA2ZWZmZjU5MDBiZDg2NGEwYTg3OTM2M2Y4NzYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5JbxGRaEhWBqCOQqY9nhYW4+tHPs
ll4NG7I9yssSjv/O9uWx6Pa+t4B/DI4J2vaCF1pmR6W8OELMbuCcXDvxVWvjsqNy
bBX1WgDJL5pXhBvvw4gXKnIslWvN2oOOozBzMX0AVLPx4q+3pivECTJWDtDcMOj7
7sSBu2vZ3C8X9rkM6pJ04/5w/r5RR3DI21q1xIHGCZIW4uNCyPBqzijVPrOv3oPt
VSVGc1V2q9VeZAS/G5UZ3b0vuKaew36VaJs2BapZP+d23078Z+HDYptIzwIX7l0C
FICS2xBjiG2QNvE08qFN7h69aVRGsEm+/Su2E5ASQLuUPy7ygfMy8WegiwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFFruUpYBEG7/9ZAL2GSgqHk2P4dhMB8GA1UdIwQY
MBaAFI6YcDmz87LbmymK4NjQ6zSJaa1iMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvanBod09iUHpzdHViS1lyZzJORHJOSWxwcldJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZC8zNjY1NjAtMDk2ZS00ODM1LTg5ZmQt
NTYzNjAwMzE5YTFmLzEvV3U1U2xnRVFidl8xa0F2WVpLQ29lVFlfaDJFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZC8zNjY1NjAtMDk2ZS00ODM1LTg5ZmQtNTYzNjAwMzE5YTFm
LzEvanBod09iUHpzdHViS1lyZzJORHJOSWxwcldJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBALBhpQD
BADBhpYwDQYJKoZIhvcNAQELBQADggEBAIrkepy4CFC5UNM5/mg4eFPDa3oopgmL
4MKfdRWa3Z/WNSCJMcixeSwwZ4oF2z/3lXBc2RN9lCAoxYhtJDJUXI/KYzKHyGcs
siQAgd5yrwxbXxkqLWL3pWdx/RG6LP1WhGGIE2yeuXGzkvIWSF2lEVlLkwAd+Slq
qoSrJjUJDic8fkFI4dTiG+KcM1STWXTtPcXjntQX0n80o15/CwyspMa/UfM7+jG3
sEyXs5jHdRlxzjoYLGQkqHbesAuyrULyNFuj2hFxiEURrwstgSNYQAdaoZKKDQQI
ibL6KzTDhNXYtwBBgu2v18/RukFoEuZ8hIvHCRmWsqmNupau7E3cwnc=
-----END CERTIFICATE-----