Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/ef060c-c726-4b99-8360-b53f27130d78/1/lwZfh1PIBhgIfLSQ1NQdFfka8do.roa
File:                     lwZfh1PIBhgIfLSQ1NQdFfka8do.roa (raw, json)
Hash identifier:          OstMkuei4zH/liPA0ZQeW28ViBQ1BE0QuAcRBywCfLY=
Subject key identifier:   97:06:5F:87:53:C8:06:18:08:7C:B4:90:D4:D4:1D:15:F9:1A:F1:DA
Certificate issuer:       /CN=58fdc4e22becb535a1c57f4b8dc441b5331677e3
Certificate serial:       018CC5001526948067EC9F4038B003AEBE9C
Authority key identifier: 58:FD:C4:E2:2B:EC:B5:35:A1:C5:7F:4B:8D:C4:41:B5:33:16:77:E3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WP3E4ivstTWhxX9LjcRBtTMWd-M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/ef060c-c726-4b99-8360-b53f27130d78/1/lwZfh1PIBhgIfLSQ1NQdFfka8do.roa
Signing time:             Mon 01 Jan 2024 12:29:26 +0000
ROA not before:           Mon 01 Jan 2024 12:29:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47194
IP address blocks:        212.65.160.0/19 maxlen: 19

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/ef060c-c726-4b99-8360-b53f27130d78/1/WP3E4ivstTWhxX9LjcRBtTMWd-M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/ef060c-c726-4b99-8360-b53f27130d78/1/WP3E4ivstTWhxX9LjcRBtTMWd-M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WP3E4ivstTWhxX9LjcRBtTMWd-M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 23:23:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:15:26:94:80:67:ec:9f:40:38:b0:03:ae:be:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=58fdc4e22becb535a1c57f4b8dc441b5331677e3
        Validity
            Not Before: Jan  1 12:29:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=97065f8753c80618087cb490d4d41d15f91af1da
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:94:84:b7:fc:2e:5e:5e:43:79:fd:ee:cd:aa:
                    d2:25:15:d4:49:d0:0d:70:1a:85:61:ec:ae:2e:ca:
                    cd:53:34:fa:b1:41:31:57:c4:c8:c3:7e:d2:e9:a0:
                    93:c1:d1:7b:b4:06:00:3a:43:27:90:25:f9:f1:03:
                    57:39:ef:3c:75:b1:39:21:75:6e:76:1a:61:5f:6a:
                    19:bc:c2:f9:12:91:f0:7d:7a:e0:a6:81:8c:2f:4a:
                    b8:13:a8:ef:69:7d:9a:99:24:40:9f:16:1e:f7:41:
                    e9:1c:9e:b6:44:a2:37:b8:fc:c8:e8:58:c7:8a:cf:
                    a2:48:d4:75:bb:ae:01:45:43:60:a1:a2:28:36:4d:
                    a7:a8:79:db:21:c7:e7:50:f4:76:09:bf:66:b8:52:
                    ac:63:23:2e:bd:06:09:7c:ee:c9:0b:2e:f8:d0:f5:
                    19:61:03:d9:45:a6:41:ed:b8:11:33:fe:8c:b6:8f:
                    e4:43:b3:c0:bd:73:5d:45:cc:4c:29:f1:c5:2b:40:
                    54:08:0b:06:59:31:ec:d9:ad:f8:81:0d:9c:dc:a6:
                    0a:63:3c:a2:d0:57:77:8e:f4:72:35:11:18:8d:89:
                    44:38:d2:a9:6d:37:11:29:a7:ba:29:71:65:b2:87:
                    09:de:16:d9:5f:d1:61:91:1a:aa:ed:48:3b:79:e2:
                    8a:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:06:5F:87:53:C8:06:18:08:7C:B4:90:D4:D4:1D:15:F9:1A:F1:DA
            X509v3 Authority Key Identifier:
                keyid:58:FD:C4:E2:2B:EC:B5:35:A1:C5:7F:4B:8D:C4:41:B5:33:16:77:E3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WP3E4ivstTWhxX9LjcRBtTMWd-M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/ef060c-c726-4b99-8360-b53f27130d78/1/lwZfh1PIBhgIfLSQ1NQdFfka8do.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/ef060c-c726-4b99-8360-b53f27130d78/1/WP3E4ivstTWhxX9LjcRBtTMWd-M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.65.160.0/19

    Signature Algorithm: sha256WithRSAEncryption
         16:a3:20:59:ed:41:aa:9f:13:7e:95:01:cd:9b:74:15:a0:22:
         c8:3b:55:28:78:57:4f:8f:97:d0:10:3e:cd:b9:14:0c:5f:7b:
         fe:64:c1:b8:de:23:d1:ae:15:66:2d:ad:12:bb:40:74:4b:12:
         5c:5f:c5:f7:e4:c6:b0:be:cb:67:8f:3a:f4:d7:9f:88:d3:d3:
         75:51:b9:6c:14:05:52:4c:6e:05:de:00:b4:a4:3e:d3:a1:3e:
         50:7b:98:80:dd:7b:a2:30:8f:90:42:1c:ad:09:9a:a0:d9:a9:
         96:a7:78:4e:fb:19:ab:47:f9:fc:70:8a:84:2d:bc:82:67:d9:
         37:ce:92:b4:f5:a1:63:be:0f:40:54:3a:20:0a:d9:82:8c:2a:
         df:d3:9d:87:cb:e0:03:5a:80:37:1e:6a:dc:28:76:f9:49:1f:
         35:ec:31:b3:58:88:3a:ae:2c:b1:62:bf:45:28:c2:ad:9c:f7:
         5e:1a:f0:d1:e2:48:a6:91:6a:91:53:1f:f1:ae:a8:e2:44:39:
         84:5b:95:5f:ee:15:94:f4:fd:bc:75:a3:30:eb:8f:d3:53:cf:
         7c:25:b5:b2:5e:0d:e6:71:a0:68:f1:87:27:bd:60:05:d2:1f:
         02:77:94:77:2c:bb:3f:3f:40:8a:a7:60:19:8b:9f:6b:a8:f3:
         df:62:80:2e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFABUmlIBn7J9AOLADrr6cMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4ZmRjNGUyMmJlY2I1MzVhMWM1N2Y0YjhkYzQ0MWI1MzMx
Njc3ZTMwHhcNMjQwMTAxMTIyOTI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NzA2NWY4NzUzYzgwNjE4MDg3Y2I0OTBkNGQ0MWQxNWY5MWFmMWRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArZSEt/wuXl5Def3uzarSJRXUSdAN
cBqFYeyuLsrNUzT6sUExV8TIw37S6aCTwdF7tAYAOkMnkCX58QNXOe88dbE5IXVu
dhphX2oZvML5EpHwfXrgpoGML0q4E6jvaX2amSRAnxYe90HpHJ62RKI3uPzI6FjH
is+iSNR1u64BRUNgoaIoNk2nqHnbIcfnUPR2Cb9muFKsYyMuvQYJfO7JCy740PUZ
YQPZRaZB7bgRM/6Mto/kQ7PAvXNdRcxMKfHFK0BUCAsGWTHs2a34gQ2c3KYKYzyi
0Fd3jvRyNREYjYlEONKpbTcRKae6KXFlsocJ3hbZX9FhkRqq7Ug7eeKKhQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJcGX4dTyAYYCHy0kNTUHRX5GvHaMB8GA1UdIwQY
MBaAFFj9xOIr7LU1ocV/S43EQbUzFnfjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV1AzRTRpdnN0VFdoeFg5TGpjUkJ0VE1XZC1NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS9lZjA2MGMtYzcyNi00Yjk5LTgzNjAt
YjUzZjI3MTMwZDc4LzEvbHdaZmgxUElCaGdJZkxTUTFOUWRGZmthOGRvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS9lZjA2MGMtYzcyNi00Yjk5LTgzNjAtYjUzZjI3MTMwZDc4
LzEvV1AzRTRpdnN0VFdoeFg5TGpjUkJ0VE1XZC1NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQF1EGgMA0G
CSqGSIb3DQEBCwUAA4IBAQAWoyBZ7UGqnxN+lQHNm3QVoCLIO1UoeFdPj5fQED7N
uRQMX3v+ZMG43iPRrhVmLa0Su0B0SxJcX8X35Mawvstnjzr015+I09N1UblsFAVS
TG4F3gC0pD7ToT5Qe5iA3XuiMI+QQhytCZqg2amWp3hO+xmrR/n8cIqELbyCZ9k3
zpK09aFjvg9AVDogCtmCjCrf052Hy+ADWoA3HmrcKHb5SR817DGzWIg6riyxYr9F
KMKtnPdeGvDR4kimkWqRUx/xrqjiRDmEW5Vf7hWU9P28daMw64/TU898JbWyXg3m
caBo8YcnvWAF0h8Cd5R3LLs/P0CKp2AZi59rqPPfYoAu
-----END CERTIFICATE-----