Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/50/1a2f03-1d7b-4e04-951d-25c11b796982/1/WvyQMYn6Pj9qfGYQQOhPTbt77zA.roa
File:                     WvyQMYn6Pj9qfGYQQOhPTbt77zA.roa (raw, json)
Hash identifier:          OEYTUXxgZ1XJFV7Ot5DMRUCLK3tuVMdSI5ZLydBERCY=
Subject key identifier:   5A:FC:90:31:89:FA:3E:3F:6A:7C:66:10:40:E8:4F:4D:BB:7B:EF:30
Certificate issuer:       /CN=8a1e3f8d2f942d8fc116ef8e5759bc3767fb0b06
Certificate serial:       018CC6B77C55E803325447FAA0710F335451
Authority key identifier: 8A:1E:3F:8D:2F:94:2D:8F:C1:16:EF:8E:57:59:BC:37:67:FB:0B:06
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ih4_jS-ULY_BFu-OV1m8N2f7CwY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/50/1a2f03-1d7b-4e04-951d-25c11b796982/1/WvyQMYn6Pj9qfGYQQOhPTbt77zA.roa
Signing time:             Mon 01 Jan 2024 20:29:22 +0000
ROA not before:           Mon 01 Jan 2024 20:29:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39835
IP address blocks:        194.13.135.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/50/1a2f03-1d7b-4e04-951d-25c11b796982/1/ih4_jS-ULY_BFu-OV1m8N2f7CwY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/50/1a2f03-1d7b-4e04-951d-25c11b796982/1/ih4_jS-ULY_BFu-OV1m8N2f7CwY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ih4_jS-ULY_BFu-OV1m8N2f7CwY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:7c:55:e8:03:32:54:47:fa:a0:71:0f:33:54:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8a1e3f8d2f942d8fc116ef8e5759bc3767fb0b06
        Validity
            Not Before: Jan  1 20:29:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5afc903189fa3e3f6a7c661040e84f4dbb7bef30
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:36:6d:cf:71:89:4c:45:21:d9:3f:5e:e8:15:
                    87:c0:53:7d:f3:0d:a4:eb:61:33:e8:20:ef:c7:94:
                    e9:e0:ec:19:cc:0b:aa:44:87:f5:4a:16:dc:6d:9c:
                    b1:72:a9:27:98:3f:4e:f6:30:7e:40:97:9c:04:b7:
                    07:9b:f6:b6:55:79:aa:5c:9b:94:ae:c2:57:c8:a6:
                    60:d6:f4:90:1b:71:48:e2:59:9d:fe:d6:e4:d4:f5:
                    64:3d:c1:ed:7d:82:1b:84:98:b9:53:53:1e:ae:b8:
                    fb:7d:b4:ab:0b:ae:93:68:ad:5c:c9:12:35:03:f1:
                    84:02:5c:6d:72:f4:80:a0:9a:8c:c3:b5:e3:b1:91:
                    0b:54:92:c0:4f:05:d4:03:d8:57:19:e9:52:a9:ee:
                    28:e9:67:65:8f:34:2e:ef:61:d2:83:8e:ea:f6:2e:
                    25:86:c9:09:3e:46:0a:9f:78:17:df:69:49:72:eb:
                    53:1d:54:0a:29:4c:4f:e8:06:a5:d5:1b:28:03:5a:
                    99:af:83:55:b5:5e:d8:bb:f5:c2:dd:fb:b4:82:d0:
                    21:33:70:f4:54:62:a6:83:6c:a4:ef:93:f6:b2:7e:
                    85:51:44:96:92:3d:fe:6a:37:01:28:d4:37:a5:ce:
                    a6:1a:79:59:4f:da:e4:52:c2:f8:23:9c:fa:b2:c8:
                    d3:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5A:FC:90:31:89:FA:3E:3F:6A:7C:66:10:40:E8:4F:4D:BB:7B:EF:30
            X509v3 Authority Key Identifier:
                keyid:8A:1E:3F:8D:2F:94:2D:8F:C1:16:EF:8E:57:59:BC:37:67:FB:0B:06

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ih4_jS-ULY_BFu-OV1m8N2f7CwY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/50/1a2f03-1d7b-4e04-951d-25c11b796982/1/WvyQMYn6Pj9qfGYQQOhPTbt77zA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/50/1a2f03-1d7b-4e04-951d-25c11b796982/1/ih4_jS-ULY_BFu-OV1m8N2f7CwY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.13.135.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8d:ce:1c:f5:b2:70:09:ec:05:e5:25:86:15:19:be:0e:f7:9a:
         21:44:3d:5b:ce:1e:b7:e6:cb:93:f4:65:83:be:83:c6:8a:04:
         55:a4:f3:6e:91:c8:28:00:12:98:16:cb:f3:4c:a4:70:ea:b9:
         d7:aa:bf:a8:0a:bf:8b:af:f3:74:39:78:43:3e:bf:08:44:cb:
         da:ee:5d:8b:41:0f:0d:5b:4b:ea:b7:b9:c2:c2:8d:bc:30:e5:
         62:ac:15:21:18:7a:36:86:9a:09:de:72:5b:d4:17:45:0b:e7:
         d2:51:56:5a:8b:d8:a6:1a:fa:42:a8:2a:59:81:31:0b:93:ca:
         04:e1:cb:f9:55:3e:a5:5b:3b:aa:b1:b7:c3:5d:8b:55:5b:c0:
         aa:bb:30:ad:1a:06:55:f2:56:50:cf:fd:bf:65:75:90:ea:6a:
         97:84:fd:42:bc:08:c3:64:39:8e:99:d2:46:f8:b9:5c:fa:98:
         96:10:5f:be:5c:81:4f:b2:c0:39:a3:a7:b5:bb:38:4e:c9:30:
         3a:58:23:a3:ac:44:1a:97:44:53:9e:49:fe:1e:07:a6:23:33:
         b4:51:d7:cd:71:f0:b1:10:f1:ce:c8:11:91:03:fe:66:bf:86:
         64:f5:de:a2:28:9c:48:ad:59:85:e9:11:6f:87:2a:b5:a2:cc:
         73:86:cb:c9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGt3xV6AMyVEf6oHEPM1RRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhhMWUzZjhkMmY5NDJkOGZjMTE2ZWY4ZTU3NTliYzM3Njdm
YjBiMDYwHhcNMjQwMTAxMjAyOTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YWZjOTAzMTg5ZmEzZTNmNmE3YzY2MTA0MGU4NGY0ZGJiN2JlZjMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkDZtz3GJTEUh2T9e6BWHwFN98w2k
62Ez6CDvx5Tp4OwZzAuqRIf1ShbcbZyxcqknmD9O9jB+QJecBLcHm/a2VXmqXJuU
rsJXyKZg1vSQG3FI4lmd/tbk1PVkPcHtfYIbhJi5U1Merrj7fbSrC66TaK1cyRI1
A/GEAlxtcvSAoJqMw7XjsZELVJLATwXUA9hXGelSqe4o6WdljzQu72HSg47q9i4l
hskJPkYKn3gX32lJcutTHVQKKUxP6Aal1RsoA1qZr4NVtV7Yu/XC3fu0gtAhM3D0
VGKmg2yk75P2sn6FUUSWkj3+ajcBKNQ3pc6mGnlZT9rkUsL4I5z6ssjTzQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFr8kDGJ+j4/anxmEEDoT027e+8wMB8GA1UdIwQY
MBaAFIoeP40vlC2PwRbvjldZvDdn+wsGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaWg0X2pTLVVMWV9CRnUtT1YxbThOMmY3Q3dZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MC8xYTJmMDMtMWQ3Yi00ZTA0LTk1MWQt
MjVjMTFiNzk2OTgyLzEvV3Z5UU1ZbjZQajlxZkdZUVFPaFBUYnQ3N3pBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MC8xYTJmMDMtMWQ3Yi00ZTA0LTk1MWQtMjVjMTFiNzk2OTgy
LzEvaWg0X2pTLVVMWV9CRnUtT1YxbThOMmY3Q3dZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwg2HMA0G
CSqGSIb3DQEBCwUAA4IBAQCNzhz1snAJ7AXlJYYVGb4O95ohRD1bzh635suT9GWD
voPGigRVpPNukcgoABKYFsvzTKRw6rnXqr+oCr+Lr/N0OXhDPr8IRMva7l2LQQ8N
W0vqt7nCwo28MOVirBUhGHo2hpoJ3nJb1BdFC+fSUVZai9imGvpCqCpZgTELk8oE
4cv5VT6lWzuqsbfDXYtVW8CquzCtGgZV8lZQz/2/ZXWQ6mqXhP1CvAjDZDmOmdJG
+Llc+piWEF++XIFPssA5o6e1uzhOyTA6WCOjrEQal0RTnkn+HgemIzO0UdfNcfCx
EPHOyBGRA/5mv4Zk9d6iKJxIrVmF6RFvhyq1osxzhsvJ
-----END CERTIFICATE-----