Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/bc5cc8-b3ef-40fc-ae40-78ec8023068f/1/Wd13vMZJlV8KJZb8O8n4mXNAg08.roa
File:                     Wd13vMZJlV8KJZb8O8n4mXNAg08.roa (raw, json)
Hash identifier:          8gdqJnUZa4fGpbPFYppn0ofYh7qm/ilA9+2RjUofZWs=
Subject key identifier:   59:DD:77:BC:C6:49:95:5F:0A:25:96:FC:3B:C9:F8:99:73:40:83:4F
Certificate issuer:       /CN=87c3b85a7befbb4490d7ac852eb8be84bf938b4d
Certificate serial:       018CC2DB5373E9507DD82A486CBCEC76F884
Authority key identifier: 87:C3:B8:5A:7B:EF:BB:44:90:D7:AC:85:2E:B8:BE:84:BF:93:8B:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/h8O4Wnvvu0SQ16yFLri-hL-Ti00.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/bc5cc8-b3ef-40fc-ae40-78ec8023068f/1/Wd13vMZJlV8KJZb8O8n4mXNAg08.roa
Signing time:             Mon 01 Jan 2024 02:30:02 +0000
ROA not before:           Mon 01 Jan 2024 02:30:02 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41198
IP address blocks:        194.140.254.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/bc5cc8-b3ef-40fc-ae40-78ec8023068f/1/h8O4Wnvvu0SQ16yFLri-hL-Ti00.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/bc5cc8-b3ef-40fc-ae40-78ec8023068f/1/h8O4Wnvvu0SQ16yFLri-hL-Ti00.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/h8O4Wnvvu0SQ16yFLri-hL-Ti00.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 16:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:53:73:e9:50:7d:d8:2a:48:6c:bc:ec:76:f8:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=87c3b85a7befbb4490d7ac852eb8be84bf938b4d
        Validity
            Not Before: Jan  1 02:30:02 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=59dd77bcc649955f0a2596fc3bc9f8997340834f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:9f:37:d1:d1:78:84:37:ff:aa:b9:5d:3d:cf:
                    59:ae:84:8f:39:1c:8f:c6:fa:31:89:50:7f:6f:39:
                    7e:36:00:6a:eb:02:ce:fb:24:10:76:df:43:8c:c0:
                    2f:bd:00:ba:e4:96:f2:17:bd:a3:f5:0d:29:10:53:
                    1a:39:7b:b3:3d:d7:c3:94:b4:50:d4:fb:a2:5a:1d:
                    f7:f3:9f:67:2b:ae:5b:b7:3d:2f:80:d7:71:87:05:
                    a9:5b:f7:36:50:5e:ab:24:3d:bb:3e:12:a4:56:9f:
                    45:61:73:77:d9:60:5f:93:dc:d9:a3:39:d6:70:f1:
                    90:35:62:f9:ab:74:28:6e:4b:69:95:72:f7:a9:88:
                    1f:92:e9:1b:88:51:d3:ef:71:43:fc:6c:fc:b0:6f:
                    86:a2:69:59:33:69:69:6e:3e:6b:10:2d:b3:8a:4c:
                    19:73:cd:64:60:dd:c9:89:0e:b0:e2:53:c9:67:d7:
                    7d:45:bb:f9:39:db:e7:1e:7c:02:c5:a5:22:00:09:
                    47:03:87:9e:24:77:67:58:ad:c4:20:e6:d6:74:78:
                    22:02:40:ad:0e:c5:16:00:d2:98:3b:d2:3a:b5:cf:
                    bc:1b:ab:04:e5:93:ab:4e:5f:9a:1b:1f:e0:e6:b1:
                    4b:d5:be:69:77:5e:45:db:d8:a3:88:ad:3c:1c:1d:
                    ad:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:DD:77:BC:C6:49:95:5F:0A:25:96:FC:3B:C9:F8:99:73:40:83:4F
            X509v3 Authority Key Identifier:
                keyid:87:C3:B8:5A:7B:EF:BB:44:90:D7:AC:85:2E:B8:BE:84:BF:93:8B:4D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/h8O4Wnvvu0SQ16yFLri-hL-Ti00.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/bc5cc8-b3ef-40fc-ae40-78ec8023068f/1/Wd13vMZJlV8KJZb8O8n4mXNAg08.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/bc5cc8-b3ef-40fc-ae40-78ec8023068f/1/h8O4Wnvvu0SQ16yFLri-hL-Ti00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.140.254.0/24

    Signature Algorithm: sha256WithRSAEncryption
         26:db:76:c8:ac:8c:dc:57:e7:c1:29:60:92:64:7e:5c:27:1d:
         d7:9d:2d:dd:82:34:e6:6a:88:af:7b:c5:8f:0c:69:d5:39:ab:
         45:1e:f8:63:5e:04:6e:7f:99:e1:9c:f4:68:7c:ea:4a:de:c3:
         80:9c:bb:76:80:f3:ba:57:9d:8a:5e:db:c2:6c:9b:34:cf:59:
         50:e8:ea:6b:b2:70:73:04:c0:b7:b5:e3:2e:34:cf:fb:02:c9:
         af:f5:ba:cf:e0:d7:14:3c:f4:17:e0:1e:0e:e9:6e:1c:90:c1:
         36:90:15:f6:bf:bd:43:d3:03:eb:d8:67:42:10:8e:91:ff:79:
         54:1a:ac:1f:f5:04:8a:fd:7a:96:98:bd:5e:b4:07:0e:e0:fd:
         a2:a5:d4:48:a0:a4:81:0d:b1:15:69:71:b6:66:a9:6e:2d:43:
         8f:37:db:a7:da:7f:2f:65:5a:f2:ba:b0:51:59:86:a6:3d:28:
         7c:f7:4a:cd:56:56:cd:30:47:07:a6:84:fa:38:5e:55:bd:68:
         b4:2b:ae:fb:4f:7c:94:8f:16:16:09:e1:51:50:40:dc:5e:21:
         bb:6c:7b:c9:0f:ec:29:ef:de:95:01:f8:55:5f:a1:ee:9a:4a:
         b3:78:c6:d3:16:98:dc:9f:67:67:e2:67:c8:e0:02:62:87:52:
         b4:99:7a:75
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC21Nz6VB92CpIbLzsdviEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg3YzNiODVhN2JlZmJiNDQ5MGQ3YWM4NTJlYjhiZTg0YmY5
MzhiNGQwHhcNMjQwMTAxMDIzMDAyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OWRkNzdiY2M2NDk5NTVmMGEyNTk2ZmMzYmM5Zjg5OTczNDA4MzRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjp830dF4hDf/qrldPc9ZroSPORyP
xvoxiVB/bzl+NgBq6wLO+yQQdt9DjMAvvQC65JbyF72j9Q0pEFMaOXuzPdfDlLRQ
1PuiWh33859nK65btz0vgNdxhwWpW/c2UF6rJD27PhKkVp9FYXN32WBfk9zZoznW
cPGQNWL5q3QobktplXL3qYgfkukbiFHT73FD/Gz8sG+GomlZM2lpbj5rEC2zikwZ
c81kYN3JiQ6w4lPJZ9d9Rbv5OdvnHnwCxaUiAAlHA4eeJHdnWK3EIObWdHgiAkCt
DsUWANKYO9I6tc+8G6sE5ZOrTl+aGx/g5rFL1b5pd15F29ijiK08HB2t/wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFndd7zGSZVfCiWW/DvJ+JlzQINPMB8GA1UdIwQY
MBaAFIfDuFp777tEkNeshS64voS/k4tNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaDhPNFdudnZ1MFNRMTZ5RkxyaS1oTC1UaTAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny9iYzVjYzgtYjNlZi00MGZjLWFlNDAt
NzhlYzgwMjMwNjhmLzEvV2QxM3ZNWkpsVjhLSlpiOE84bjRtWE5BZzA4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny9iYzVjYzgtYjNlZi00MGZjLWFlNDAtNzhlYzgwMjMwNjhm
LzEvaDhPNFdudnZ1MFNRMTZ5RkxyaS1oTC1UaTAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwoz+MA0G
CSqGSIb3DQEBCwUAA4IBAQAm23bIrIzcV+fBKWCSZH5cJx3XnS3dgjTmaoive8WP
DGnVOatFHvhjXgRuf5nhnPRofOpK3sOAnLt2gPO6V52KXtvCbJs0z1lQ6OprsnBz
BMC3teMuNM/7Asmv9brP4NcUPPQX4B4O6W4ckME2kBX2v71D0wPr2GdCEI6R/3lU
Gqwf9QSK/XqWmL1etAcO4P2ipdRIoKSBDbEVaXG2ZqluLUOPN9un2n8vZVryurBR
WYamPSh890rNVlbNMEcHpoT6OF5VvWi0K677T3yUjxYWCeFRUEDcXiG7bHvJD+wp
796VAfhVX6HumkqzeMbTFpjcn2dn4mfI4AJih1K0mXp1
-----END CERTIFICATE-----