Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/49/1d33ca-8d1c-49c0-be97-ad8fbeaa8dd9/1/W-sClE13C42C_jjTiDT-NxUznjk.roa
File:                     W-sClE13C42C_jjTiDT-NxUznjk.roa (raw, json)
Hash identifier:          4E2X93vqacAaaHPB8pVgUxB0DvapUTgRspsaCR2dwK4=
Subject key identifier:   5B:EB:02:94:4D:77:0B:8D:82:FE:38:D3:88:34:FE:37:15:33:9E:39
Certificate issuer:       /CN=76a75826e991225a429ff8a1e7ffdc80466420df
Certificate serial:       018CC8013569D2993FB51E4C2305CD0C23E2
Authority key identifier: 76:A7:58:26:E9:91:22:5A:42:9F:F8:A1:E7:FF:DC:80:46:64:20:DF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dqdYJumRIlpCn_ih5__cgEZkIN8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/49/1d33ca-8d1c-49c0-be97-ad8fbeaa8dd9/1/W-sClE13C42C_jjTiDT-NxUznjk.roa
Signing time:             Tue 02 Jan 2024 02:29:31 +0000
ROA not before:           Tue 02 Jan 2024 02:29:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12693
IP address blocks:        153.96.42.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/49/1d33ca-8d1c-49c0-be97-ad8fbeaa8dd9/1/dqdYJumRIlpCn_ih5__cgEZkIN8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/49/1d33ca-8d1c-49c0-be97-ad8fbeaa8dd9/1/dqdYJumRIlpCn_ih5__cgEZkIN8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dqdYJumRIlpCn_ih5__cgEZkIN8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:35:69:d2:99:3f:b5:1e:4c:23:05:cd:0c:23:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=76a75826e991225a429ff8a1e7ffdc80466420df
        Validity
            Not Before: Jan  2 02:29:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5beb02944d770b8d82fe38d38834fe3715339e39
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:0a:e9:57:b1:77:a9:6b:48:83:7b:91:f0:93:
                    e5:62:5b:8f:19:ca:6c:e5:1e:cc:a7:1d:a4:e7:8a:
                    a9:87:9d:66:b0:8a:37:40:ed:de:2f:b7:ab:84:3b:
                    e1:23:af:68:c4:f0:0e:34:b0:a2:0b:df:d5:5b:d6:
                    20:b6:ef:c1:0b:05:a9:b6:67:56:67:a0:09:e7:61:
                    0b:d7:41:33:37:0d:1c:8d:01:e6:f2:03:1c:52:9a:
                    d7:e6:84:b0:72:b8:9f:ae:b8:f9:1d:14:fd:24:2e:
                    cd:c6:ec:98:9c:1e:3e:a7:af:b9:60:85:2b:40:16:
                    7f:33:3b:2b:ed:1a:40:b6:87:3c:1a:39:05:8f:6f:
                    74:d2:3c:40:5a:e7:da:1f:18:16:69:70:f3:82:a4:
                    e7:c8:91:e8:71:c8:5e:40:c9:a4:a5:32:bf:22:01:
                    d4:bb:3e:91:14:4b:39:39:1e:ea:eb:dd:9f:ef:a0:
                    14:90:8f:b1:ea:6c:ba:36:d8:82:61:89:4a:ff:75:
                    5f:31:35:7d:45:b1:53:15:fd:2c:b3:00:64:d8:f7:
                    d7:a6:73:02:39:36:59:d9:36:4e:bc:97:84:05:fe:
                    e3:d2:29:45:50:a4:09:1c:92:ef:76:e4:20:19:91:
                    4d:bb:dc:a3:e0:22:85:e5:e5:fd:10:f7:0d:8d:74:
                    d8:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:EB:02:94:4D:77:0B:8D:82:FE:38:D3:88:34:FE:37:15:33:9E:39
            X509v3 Authority Key Identifier:
                keyid:76:A7:58:26:E9:91:22:5A:42:9F:F8:A1:E7:FF:DC:80:46:64:20:DF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dqdYJumRIlpCn_ih5__cgEZkIN8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/49/1d33ca-8d1c-49c0-be97-ad8fbeaa8dd9/1/W-sClE13C42C_jjTiDT-NxUznjk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/49/1d33ca-8d1c-49c0-be97-ad8fbeaa8dd9/1/dqdYJumRIlpCn_ih5__cgEZkIN8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  153.96.42.0/23

    Signature Algorithm: sha256WithRSAEncryption
         36:f1:27:7c:e5:2d:22:f7:5c:23:42:0c:dc:ea:9b:4c:07:cd:
         a4:67:c9:f5:9c:df:c6:e4:95:cd:18:e3:a6:bf:d7:b9:48:0d:
         56:7f:bc:ad:13:0f:9a:af:15:13:5d:6f:8f:54:7a:47:30:dc:
         b0:13:18:da:2a:f4:c2:b8:74:11:c1:f6:88:97:a3:80:e5:f4:
         df:56:b1:50:4d:bb:be:1d:1e:89:ef:fa:72:9d:4f:44:00:79:
         0f:dc:f3:55:3c:b9:9b:c5:18:2b:4e:41:65:fb:98:f5:ff:f1:
         cc:80:89:7f:f3:dd:9f:80:6a:1e:16:64:df:b9:d4:92:91:ab:
         22:e4:ed:9a:f4:52:ca:68:f6:c3:b2:a3:a3:44:35:77:17:16:
         07:a7:a4:44:83:4a:87:9a:ad:da:da:c9:74:8d:27:59:a9:a0:
         3e:d6:37:06:24:e9:10:ed:0d:3d:1e:1c:62:ee:fc:2f:aa:18:
         fe:49:8e:1f:06:aa:2b:25:d3:c8:db:0d:e8:84:6a:34:b0:23:
         e3:e1:f8:f7:70:03:ca:93:14:2a:73:db:eb:c4:8e:d4:20:0c:
         43:2b:82:52:52:39:22:93:b8:7a:56:d4:9b:d5:63:fa:d9:ec:
         bc:7c:37:b1:53:6d:58:e1:3e:84:9e:23:90:37:ee:71:13:53:
         00:2d:61:34
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIATVp0pk/tR5MIwXNDCPiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc2YTc1ODI2ZTk5MTIyNWE0MjlmZjhhMWU3ZmZkYzgwNDY2
NDIwZGYwHhcNMjQwMTAyMDIyOTMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YmViMDI5NDRkNzcwYjhkODJmZTM4ZDM4ODM0ZmUzNzE1MzM5ZTM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwgrpV7F3qWtIg3uR8JPlYluPGcps
5R7Mpx2k54qph51msIo3QO3eL7erhDvhI69oxPAONLCiC9/VW9Ygtu/BCwWptmdW
Z6AJ52EL10EzNw0cjQHm8gMcUprX5oSwcrifrrj5HRT9JC7NxuyYnB4+p6+5YIUr
QBZ/Mzsr7RpAtoc8GjkFj2900jxAWufaHxgWaXDzgqTnyJHoccheQMmkpTK/IgHU
uz6RFEs5OR7q692f76AUkI+x6my6NtiCYYlK/3VfMTV9RbFTFf0sswBk2PfXpnMC
OTZZ2TZOvJeEBf7j0ilFUKQJHJLvduQgGZFNu9yj4CKF5eX9EPcNjXTYaQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFvrApRNdwuNgv4404g0/jcVM545MB8GA1UdIwQY
MBaAFHanWCbpkSJaQp/4oef/3IBGZCDfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZHFkWUp1bVJJbHBDbl9paDVfX2NnRVprSU44LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OS8xZDMzY2EtOGQxYy00OWMwLWJlOTct
YWQ4ZmJlYWE4ZGQ5LzEvVy1zQ2xFMTNDNDJDX2pqVGlEVC1OeFV6bmprLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OS8xZDMzY2EtOGQxYy00OWMwLWJlOTctYWQ4ZmJlYWE4ZGQ5
LzEvZHFkWUp1bVJJbHBDbl9paDVfX2NnRVprSU44LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBmWAqMA0G
CSqGSIb3DQEBCwUAA4IBAQA28Sd85S0i91wjQgzc6ptMB82kZ8n1nN/G5JXNGOOm
v9e5SA1Wf7ytEw+arxUTXW+PVHpHMNywExjaKvTCuHQRwfaIl6OA5fTfVrFQTbu+
HR6J7/pynU9EAHkP3PNVPLmbxRgrTkFl+5j1//HMgIl/892fgGoeFmTfudSSkasi
5O2a9FLKaPbDsqOjRDV3FxYHp6REg0qHmq3a2sl0jSdZqaA+1jcGJOkQ7Q09Hhxi
7vwvqhj+SY4fBqorJdPI2w3ohGo0sCPj4fj3cAPKkxQqc9vrxI7UIAxDK4JSUjki
k7h6VtSb1WP62ey8fDexU21Y4T6EniOQN+5xE1MALWE0
-----END CERTIFICATE-----