Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/49/5ad73b-db17-4322-ade5-b9a9d8ae9421/1/WITtAVLvfi234Mrxn3ca9Qjj4z8.roa
File:                     WITtAVLvfi234Mrxn3ca9Qjj4z8.roa (raw, json)
Hash identifier:          3DCfbY/oE474WHxt44Nr0/rMX0jKLCWVUPYnsCBRdDQ=
Subject key identifier:   58:84:ED:01:52:EF:7E:2D:B7:E0:CA:F1:9F:77:1A:F5:08:E3:E3:3F
Certificate issuer:       /CN=9b759ec9ff54de03a7ff3a65edbb2e0758e6878c
Certificate serial:       018CC64ACA30AC5BFA4515180AE3499168C3
Authority key identifier: 9B:75:9E:C9:FF:54:DE:03:A7:FF:3A:65:ED:BB:2E:07:58:E6:87:8C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m3Weyf9U3gOn_zpl7bsuB1jmh4w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/49/5ad73b-db17-4322-ade5-b9a9d8ae9421/1/WITtAVLvfi234Mrxn3ca9Qjj4z8.roa
Signing time:             Mon 01 Jan 2024 18:30:39 +0000
ROA not before:           Mon 01 Jan 2024 18:30:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212727
IP address blocks:        164.153.132.0/24 maxlen: 24
                          164.153.134.0/24 maxlen: 24
                          164.153.133.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/49/5ad73b-db17-4322-ade5-b9a9d8ae9421/1/m3Weyf9U3gOn_zpl7bsuB1jmh4w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/49/5ad73b-db17-4322-ade5-b9a9d8ae9421/1/m3Weyf9U3gOn_zpl7bsuB1jmh4w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m3Weyf9U3gOn_zpl7bsuB1jmh4w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 15 Jun 2024 01:01:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:ca:30:ac:5b:fa:45:15:18:0a:e3:49:91:68:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9b759ec9ff54de03a7ff3a65edbb2e0758e6878c
        Validity
            Not Before: Jan  1 18:30:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5884ed0152ef7e2db7e0caf19f771af508e3e33f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f3:2e:d9:e5:11:1d:18:16:65:dd:4e:b6:91:67:
                    84:78:07:30:c1:ff:06:3e:a1:ff:ff:27:a9:45:cd:
                    a1:40:5f:d6:53:02:b7:1e:52:16:a5:2b:01:ca:e8:
                    f4:2f:2b:47:af:72:83:26:b4:55:fa:1e:ab:2a:77:
                    96:46:1b:0c:a5:1c:48:1a:3b:51:6c:ea:19:56:85:
                    ec:f3:76:fe:ee:be:a8:b0:69:d0:64:27:99:90:c0:
                    e8:0f:30:8d:f9:b8:46:ef:64:b4:f6:d2:31:35:85:
                    83:d7:fd:ff:22:2a:e4:b6:c8:e1:a0:43:0e:f0:74:
                    1c:e8:2b:6b:67:20:0c:6e:9f:26:33:d6:58:41:f7:
                    11:4f:f7:4b:9e:cf:f8:5c:b1:bf:31:25:52:1a:53:
                    c9:6e:a4:48:6b:b2:c6:c1:15:a5:eb:f8:28:61:4a:
                    83:21:c5:bb:13:7c:19:04:91:12:78:5b:54:ad:f8:
                    a8:1e:6f:16:51:09:f3:9b:5b:95:f3:04:a8:71:14:
                    73:8d:c4:7d:6a:40:93:8f:c0:50:99:f0:af:24:c7:
                    6a:cd:e4:12:a7:b3:12:fa:89:7e:94:e0:f3:27:54:
                    09:18:e8:f5:82:c4:1f:c3:2c:32:51:b4:2f:ce:fb:
                    9a:5a:53:0e:86:7d:4f:0d:41:bf:ac:86:3d:de:56:
                    f7:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:84:ED:01:52:EF:7E:2D:B7:E0:CA:F1:9F:77:1A:F5:08:E3:E3:3F
            X509v3 Authority Key Identifier:
                keyid:9B:75:9E:C9:FF:54:DE:03:A7:FF:3A:65:ED:BB:2E:07:58:E6:87:8C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m3Weyf9U3gOn_zpl7bsuB1jmh4w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/49/5ad73b-db17-4322-ade5-b9a9d8ae9421/1/WITtAVLvfi234Mrxn3ca9Qjj4z8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/49/5ad73b-db17-4322-ade5-b9a9d8ae9421/1/m3Weyf9U3gOn_zpl7bsuB1jmh4w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  164.153.132.0-164.153.134.255

    Signature Algorithm: sha256WithRSAEncryption
         46:52:37:c4:fc:2e:b2:be:c5:94:b4:bf:c6:8e:02:be:2c:49:
         12:83:c1:0e:e5:28:4f:8d:93:4c:d1:f7:f6:ac:9a:d2:b1:6b:
         02:1e:b2:77:57:f3:cc:6d:b6:05:6b:cb:c1:32:f3:0b:a4:f1:
         71:92:35:fc:28:c4:cc:f4:5f:c8:dd:65:bd:54:72:67:2c:b4:
         cc:8b:72:a8:4a:bb:8a:a3:13:80:be:a2:46:66:9f:e7:05:b4:
         d4:09:fc:39:ea:41:f1:26:11:92:27:a0:52:8c:7f:d7:11:c3:
         51:66:ee:c1:85:6c:c6:83:e8:41:50:a2:7e:3d:01:f9:0c:59:
         55:6c:46:00:f9:bf:da:ef:6f:97:49:4a:ff:c9:06:65:3b:40:
         21:ae:ee:77:2f:d7:7a:7b:eb:82:7b:1d:53:02:8d:1f:2c:f6:
         2b:82:94:3b:d3:16:30:9a:5d:77:1d:d9:2b:09:89:29:c9:4f:
         f1:2a:0f:c2:1c:35:3c:4c:a5:d7:d7:fd:16:24:63:d0:b0:08:
         ed:20:0d:71:12:30:a6:c7:d5:dc:60:e5:57:c1:38:40:90:2a:
         8b:0e:29:45:5c:30:27:bc:e2:0e:6e:0c:a2:01:45:af:fb:9b:
         24:4f:b9:15:91:b0:07:a5:85:77:1b:33:81:b3:eb:9a:32:05:
         9a:74:7f:5b
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzGSsowrFv6RRUYCuNJkWjDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDliNzU5ZWM5ZmY1NGRlMDNhN2ZmM2E2NWVkYmIyZTA3NThl
Njg3OGMwHhcNMjQwMTAxMTgzMDM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ODg0ZWQwMTUyZWY3ZTJkYjdlMGNhZjE5Zjc3MWFmNTA4ZTNlMzNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8y7Z5REdGBZl3U62kWeEeAcwwf8G
PqH//yepRc2hQF/WUwK3HlIWpSsByuj0LytHr3KDJrRV+h6rKneWRhsMpRxIGjtR
bOoZVoXs83b+7r6osGnQZCeZkMDoDzCN+bhG72S09tIxNYWD1/3/IirktsjhoEMO
8HQc6CtrZyAMbp8mM9ZYQfcRT/dLns/4XLG/MSVSGlPJbqRIa7LGwRWl6/goYUqD
IcW7E3wZBJESeFtUrfioHm8WUQnzm1uV8wSocRRzjcR9akCTj8BQmfCvJMdqzeQS
p7MS+ol+lODzJ1QJGOj1gsQfwywyUbQvzvuaWlMOhn1PDUG/rIY93lb3aQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFFiE7QFS734tt+DK8Z93GvUI4+M/MB8GA1UdIwQY
MBaAFJt1nsn/VN4Dp/86Ze27LgdY5oeMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbTNXZXlmOVUzZ09uX3pwbDdic3VCMWptaDR3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OS81YWQ3M2ItZGIxNy00MzIyLWFkZTUt
YjlhOWQ4YWU5NDIxLzEvV0lUdEFWTHZmaTIzNE1yeG4zY2E5UWpqNHo4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OS81YWQ3M2ItZGIxNy00MzIyLWFkZTUtYjlhOWQ4YWU5NDIx
LzEvbTNXZXlmOVUzZ09uX3pwbDdic3VCMWptaDR3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAKkmYQD
BACkmYYwDQYJKoZIhvcNAQELBQADggEBAEZSN8T8LrK+xZS0v8aOAr4sSRKDwQ7l
KE+Nk0zR9/asmtKxawIesndX88xttgVry8Ey8wuk8XGSNfwoxMz0X8jdZb1Ucmcs
tMyLcqhKu4qjE4C+okZmn+cFtNQJ/DnqQfEmEZInoFKMf9cRw1Fm7sGFbMaD6EFQ
on49AfkMWVVsRgD5v9rvb5dJSv/JBmU7QCGu7ncv13p764J7HVMCjR8s9iuClDvT
FjCaXXcd2SsJiSnJT/EqD8IcNTxMpdfX/RYkY9CwCO0gDXESMKbH1dxg5VfBOECQ
KosOKUVcMCe84g5uDKIBRa/7myRPuRWRsAelhXcbM4Gz65oyBZp0f1s=
-----END CERTIFICATE-----