Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2e/71dee2-e1c1-40ce-b311-3f33866192d0/1/WBgqwH28j1M4ShY2ZKTTU863LMM.roa
File:                     WBgqwH28j1M4ShY2ZKTTU863LMM.roa (raw, json)
Hash identifier:          T9ByRmwG8z+Eop5kVJFc2ZFT3QqL8r8dbRfGBdHFvpY=
Subject key identifier:   58:18:2A:C0:7D:BC:8F:53:38:4A:16:36:64:A4:D3:53:CE:B7:2C:C3
Certificate issuer:       /CN=12ee6257d0c3a2b930561af2522d9e5af7f9cbc7
Certificate serial:       018CC6B89F583893C17B6B148C86449F41B1
Authority key identifier: 12:EE:62:57:D0:C3:A2:B9:30:56:1A:F2:52:2D:9E:5A:F7:F9:CB:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Eu5iV9DDorkwVhryUi2eWvf5y8c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2e/71dee2-e1c1-40ce-b311-3f33866192d0/1/WBgqwH28j1M4ShY2ZKTTU863LMM.roa
Signing time:             Mon 01 Jan 2024 20:30:37 +0000
ROA not before:           Mon 01 Jan 2024 20:30:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        185.235.38.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2e/71dee2-e1c1-40ce-b311-3f33866192d0/1/Eu5iV9DDorkwVhryUi2eWvf5y8c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2e/71dee2-e1c1-40ce-b311-3f33866192d0/1/Eu5iV9DDorkwVhryUi2eWvf5y8c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Eu5iV9DDorkwVhryUi2eWvf5y8c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 16:01:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:9f:58:38:93:c1:7b:6b:14:8c:86:44:9f:41:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=12ee6257d0c3a2b930561af2522d9e5af7f9cbc7
        Validity
            Not Before: Jan  1 20:30:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=58182ac07dbc8f53384a163664a4d353ceb72cc3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:bb:ab:f1:65:a7:07:12:f2:a3:54:52:80:4c:
                    ae:d3:2c:bd:21:21:0b:0c:bc:22:9f:9b:78:27:c8:
                    ed:34:13:88:ab:0e:49:5e:c1:28:df:b1:c0:e4:b7:
                    21:07:bc:7d:2e:ec:15:0f:01:ce:8c:a3:db:11:86:
                    f0:f6:75:42:02:2a:8b:5e:a9:12:6b:56:b5:48:53:
                    47:e0:6e:c5:a2:b9:20:cf:fc:7e:5d:30:4d:35:98:
                    79:ab:f8:d0:3b:2c:ce:61:ef:f8:29:c6:d9:51:24:
                    d2:7b:a9:cb:ad:93:4c:16:64:1d:ea:36:ad:d7:01:
                    56:11:51:71:8c:ec:c3:46:85:00:5b:eb:90:f5:81:
                    22:4b:dd:d0:7c:6a:d1:fd:75:48:15:f1:54:b6:5b:
                    17:71:06:4e:8f:59:15:e5:f3:78:0d:74:30:e0:51:
                    0f:76:85:ee:a8:40:f5:e8:ac:3e:81:ef:78:13:9d:
                    ee:70:67:9c:ac:86:0f:7c:dd:40:02:32:79:19:dd:
                    3a:dd:a6:61:d3:62:1b:ac:d9:ac:36:e3:55:71:85:
                    45:10:58:ca:4d:9f:a5:28:d0:c5:94:85:69:f3:d7:
                    9e:26:20:ff:4f:f2:d8:da:0e:8c:3b:9a:a9:0c:4e:
                    e2:59:c7:8d:87:de:b8:b1:0c:8c:7c:61:43:e3:33:
                    fe:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:18:2A:C0:7D:BC:8F:53:38:4A:16:36:64:A4:D3:53:CE:B7:2C:C3
            X509v3 Authority Key Identifier:
                keyid:12:EE:62:57:D0:C3:A2:B9:30:56:1A:F2:52:2D:9E:5A:F7:F9:CB:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Eu5iV9DDorkwVhryUi2eWvf5y8c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/71dee2-e1c1-40ce-b311-3f33866192d0/1/WBgqwH28j1M4ShY2ZKTTU863LMM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/71dee2-e1c1-40ce-b311-3f33866192d0/1/Eu5iV9DDorkwVhryUi2eWvf5y8c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.235.38.0/24

    Signature Algorithm: sha256WithRSAEncryption
         31:7a:56:9b:1e:f0:f6:c1:f6:06:fe:5c:27:b4:bb:34:ea:57:
         71:2f:98:92:a2:07:e9:53:ce:a2:af:3e:a3:7a:8f:88:f7:0e:
         6a:ed:0a:3b:71:4c:6c:e2:3f:c1:15:27:10:50:17:43:01:ae:
         8b:c1:a2:77:be:5e:29:7e:1f:13:c5:0d:52:75:a2:67:7d:01:
         29:d8:51:be:f9:30:38:8c:38:56:fb:1d:08:95:c7:40:73:d2:
         24:9e:35:8b:ae:be:c8:df:50:95:3c:ce:d6:4a:15:ff:08:0d:
         91:14:e7:b5:18:68:48:61:9a:14:60:28:e1:f2:63:85:56:33:
         02:44:43:4f:57:13:dd:a6:29:e3:7f:63:39:6c:bb:ce:d5:3c:
         3e:2a:e2:e0:18:bb:f2:e0:04:63:83:23:7b:0b:f0:58:ca:d5:
         3f:0f:e6:15:e0:ec:b8:d8:64:c5:86:09:0b:f9:eb:9e:ee:31:
         62:2b:36:3b:ec:3c:02:fc:8b:5e:a2:86:88:5e:1f:3f:ac:db:
         72:7c:d2:56:41:f0:f4:0a:7c:21:c7:d4:26:a3:af:03:df:99:
         bb:49:59:10:a6:9e:ce:4c:4a:45:af:e9:de:82:5c:d8:cf:0e:
         dc:94:14:85:e2:35:23:8d:95:f2:26:e3:81:29:73:87:c6:26:
         29:b2:f6:26
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGuJ9YOJPBe2sUjIZEn0GxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEyZWU2MjU3ZDBjM2EyYjkzMDU2MWFmMjUyMmQ5ZTVhZjdm
OWNiYzcwHhcNMjQwMTAxMjAzMDM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ODE4MmFjMDdkYmM4ZjUzMzg0YTE2MzY2NGE0ZDM1M2NlYjcyY2MzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqLur8WWnBxLyo1RSgEyu0yy9ISEL
DLwin5t4J8jtNBOIqw5JXsEo37HA5LchB7x9LuwVDwHOjKPbEYbw9nVCAiqLXqkS
a1a1SFNH4G7Forkgz/x+XTBNNZh5q/jQOyzOYe/4KcbZUSTSe6nLrZNMFmQd6jat
1wFWEVFxjOzDRoUAW+uQ9YEiS93QfGrR/XVIFfFUtlsXcQZOj1kV5fN4DXQw4FEP
doXuqED16Kw+ge94E53ucGecrIYPfN1AAjJ5Gd063aZh02IbrNmsNuNVcYVFEFjK
TZ+lKNDFlIVp89eeJiD/T/LY2g6MO5qpDE7iWceNh964sQyMfGFD4zP+CwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFgYKsB9vI9TOEoWNmSk01POtyzDMB8GA1UdIwQY
MBaAFBLuYlfQw6K5MFYa8lItnlr3+cvHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRXU1aVY5RERvcmt3VmhyeVVpMmVXdmY1eThjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZS83MWRlZTItZTFjMS00MGNlLWIzMTEt
M2YzMzg2NjE5MmQwLzEvV0JncXdIMjhqMU00U2hZMlpLVFRVODYzTE1NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZS83MWRlZTItZTFjMS00MGNlLWIzMTEtM2YzMzg2NjE5MmQw
LzEvRXU1aVY5RERvcmt3VmhyeVVpMmVXdmY1eThjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuesmMA0G
CSqGSIb3DQEBCwUAA4IBAQAxelabHvD2wfYG/lwntLs06ldxL5iSogfpU86irz6j
eo+I9w5q7Qo7cUxs4j/BFScQUBdDAa6LwaJ3vl4pfh8TxQ1SdaJnfQEp2FG++TA4
jDhW+x0IlcdAc9IknjWLrr7I31CVPM7WShX/CA2RFOe1GGhIYZoUYCjh8mOFVjMC
RENPVxPdpinjf2M5bLvO1Tw+KuLgGLvy4ARjgyN7C/BYytU/D+YV4Oy42GTFhgkL
+eue7jFiKzY77DwC/IteooaIXh8/rNtyfNJWQfD0Cnwhx9Qmo68D35m7SVkQpp7O
TEpFr+neglzYzw7clBSF4jUjjZXyJuOBKXOHxiYpsvYm
-----END CERTIFICATE-----