Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/53/843820-deac-4a0a-bf32-93190d3e1d98/1/W3WW6HWHAZicJBI7U-JSCenDZYQ.roa
File:                     W3WW6HWHAZicJBI7U-JSCenDZYQ.roa (raw, json)
Hash identifier:          llPhicJWA1wGXhw3KKrjYRKPjTwhasf7egy9y4jfkPU=
Subject key identifier:   5B:75:96:E8:75:87:01:98:9C:24:12:3B:53:E2:52:09:E9:C3:65:84
Certificate issuer:       /CN=844f7e66995c994a30d08687110bfd6a9a056134
Certificate serial:       018D3ADA26ACD7564943692F6B2174FB0E3B
Authority key identifier: 84:4F:7E:66:99:5C:99:4A:30:D0:86:87:11:0B:FD:6A:9A:05:61:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hE9-ZplcmUow0IaHEQv9apoFYTQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/53/843820-deac-4a0a-bf32-93190d3e1d98/1/W3WW6HWHAZicJBI7U-JSCenDZYQ.roa
Signing time:             Wed 24 Jan 2024 09:43:11 +0000
ROA not before:           Wed 24 Jan 2024 09:43:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203777
IP address blocks:        109.205.198.0/24 maxlen: 24
                          194.104.121.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/53/843820-deac-4a0a-bf32-93190d3e1d98/1/hE9-ZplcmUow0IaHEQv9apoFYTQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/53/843820-deac-4a0a-bf32-93190d3e1d98/1/hE9-ZplcmUow0IaHEQv9apoFYTQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hE9-ZplcmUow0IaHEQv9apoFYTQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:3a:da:26:ac:d7:56:49:43:69:2f:6b:21:74:fb:0e:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=844f7e66995c994a30d08687110bfd6a9a056134
        Validity
            Not Before: Jan 24 09:43:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5b7596e8758701989c24123b53e25209e9c36584
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:29:6c:2b:42:b9:17:98:80:3a:36:46:75:07:
                    26:9a:34:f9:50:42:5b:4a:62:71:d5:2d:d2:fb:95:
                    23:e4:ec:8b:d8:05:30:45:a7:db:dc:4e:ac:b8:a6:
                    d8:c9:4b:61:4f:48:63:66:db:5e:26:43:6e:fd:e3:
                    0c:cf:33:81:c4:11:ce:5a:5a:4b:33:1c:3d:00:45:
                    7f:bc:e2:bf:12:77:e8:e1:df:c1:d5:f4:e1:a3:3d:
                    ac:df:9a:f4:3c:ec:53:47:4c:35:75:bb:10:48:5f:
                    97:8f:7e:b6:fa:6a:31:01:19:9d:ab:30:d3:9d:51:
                    42:c5:08:57:c0:5e:25:72:d2:c5:b3:7f:4a:68:59:
                    4d:65:19:d2:7f:05:a6:fa:bf:8e:bc:4d:03:eb:66:
                    28:57:6f:ee:83:24:db:a6:c5:ec:96:15:27:19:91:
                    3b:f7:2b:8e:43:6c:77:1a:b3:83:cc:a5:75:38:30:
                    66:69:d0:fb:1c:d5:3a:15:29:26:40:e9:36:b8:c9:
                    98:61:4f:bb:35:66:80:27:26:c2:b7:26:39:34:fa:
                    b5:e3:be:6d:27:25:b4:e8:f2:ff:6a:33:93:7f:82:
                    7b:b9:46:92:5d:e0:6d:b4:bd:14:12:b6:51:b5:78:
                    61:9f:74:48:6c:e3:8d:5d:33:db:9a:8b:b0:82:c6:
                    eb:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:75:96:E8:75:87:01:98:9C:24:12:3B:53:E2:52:09:E9:C3:65:84
            X509v3 Authority Key Identifier:
                keyid:84:4F:7E:66:99:5C:99:4A:30:D0:86:87:11:0B:FD:6A:9A:05:61:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hE9-ZplcmUow0IaHEQv9apoFYTQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/53/843820-deac-4a0a-bf32-93190d3e1d98/1/W3WW6HWHAZicJBI7U-JSCenDZYQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/53/843820-deac-4a0a-bf32-93190d3e1d98/1/hE9-ZplcmUow0IaHEQv9apoFYTQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.205.198.0/24
                  194.104.121.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6a:c2:44:28:48:e2:b5:b5:7a:1e:73:8b:55:17:d3:3a:36:25:
         23:03:d6:b2:f5:73:c0:37:17:b4:bf:17:fc:c2:51:bc:19:f7:
         d2:4d:8e:01:53:60:88:54:e4:cb:1c:49:8e:24:7d:22:50:f3:
         60:3f:96:15:21:b2:ff:94:70:2a:37:39:9f:cb:0b:5a:ef:3d:
         31:b4:03:b0:c5:87:93:1e:a0:07:8f:3c:62:07:d1:80:c7:64:
         14:f6:a2:ba:e4:ec:d6:84:f1:c8:a0:2e:0b:48:f3:ee:16:91:
         27:0b:b3:fa:ac:20:82:61:2d:9c:f1:81:d2:58:13:e6:60:65:
         8c:d2:a1:86:34:46:46:e6:cb:dd:70:33:39:5a:67:8d:5d:8b:
         2d:81:84:47:f9:e4:bd:41:e7:68:46:f4:de:9a:b6:56:a2:75:
         d5:94:1e:0e:72:c6:5f:20:f0:7e:41:1c:41:9c:6a:d3:34:58:
         d9:51:35:17:aa:90:00:d1:95:a5:c8:1a:6c:9f:f7:d5:b2:7f:
         64:c8:c3:82:24:d7:2c:e8:15:94:dc:e6:23:13:b0:37:3f:bb:
         40:b7:b1:c2:44:d1:8a:55:97:d8:48:8b:7a:c6:a3:89:f7:a4:
         a6:74:04:48:fd:be:ee:0c:8b:2a:a2:c3:c7:b5:21:da:55:a3:
         c5:54:08:d6
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY062ias11ZJQ2kvayF0+w47MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0NGY3ZTY2OTk1Yzk5NGEzMGQwODY4NzExMGJmZDZhOWEw
NTYxMzQwHhcNMjQwMTI0MDk0MzExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1Yjc1OTZlODc1ODcwMTk4OWMyNDEyM2I1M2UyNTIwOWU5YzM2NTg0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApylsK0K5F5iAOjZGdQcmmjT5UEJb
SmJx1S3S+5Uj5OyL2AUwRafb3E6suKbYyUthT0hjZtteJkNu/eMMzzOBxBHOWlpL
Mxw9AEV/vOK/Enfo4d/B1fThoz2s35r0POxTR0w1dbsQSF+Xj362+moxARmdqzDT
nVFCxQhXwF4lctLFs39KaFlNZRnSfwWm+r+OvE0D62YoV2/ugyTbpsXslhUnGZE7
9yuOQ2x3GrODzKV1ODBmadD7HNU6FSkmQOk2uMmYYU+7NWaAJybCtyY5NPq1475t
JyW06PL/ajOTf4J7uUaSXeBttL0UErZRtXhhn3RIbOONXTPbmouwgsbrjwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFFt1luh1hwGYnCQSO1PiUgnpw2WEMB8GA1UdIwQY
MBaAFIRPfmaZXJlKMNCGhxEL/WqaBWE0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaEU5LVpwbGNtVW93MElhSEVRdjlhcG9GWVRRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81My84NDM4MjAtZGVhYy00YTBhLWJmMzIt
OTMxOTBkM2UxZDk4LzEvVzNXVzZIV0hBWmljSkJJN1UtSlNDZW5EWllRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81My84NDM4MjAtZGVhYy00YTBhLWJmMzItOTMxOTBkM2UxZDk4
LzEvaEU5LVpwbGNtVW93MElhSEVRdjlhcG9GWVRRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAbc3GAwQA
wmh5MA0GCSqGSIb3DQEBCwUAA4IBAQBqwkQoSOK1tXoec4tVF9M6NiUjA9ay9XPA
Nxe0vxf8wlG8GffSTY4BU2CIVOTLHEmOJH0iUPNgP5YVIbL/lHAqNzmfywta7z0x
tAOwxYeTHqAHjzxiB9GAx2QU9qK65OzWhPHIoC4LSPPuFpEnC7P6rCCCYS2c8YHS
WBPmYGWM0qGGNEZG5svdcDM5WmeNXYstgYRH+eS9QedoRvTemrZWonXVlB4OcsZf
IPB+QRxBnGrTNFjZUTUXqpAA0ZWlyBpsn/fVsn9kyMOCJNcs6BWU3OYjE7A3P7tA
t7HCRNGKVZfYSIt6xqOJ96SmdARI/b7uDIsqosPHtSHaVaPFVAjW
-----END CERTIFICATE-----