Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/54/669ebf-ee7f-4eb7-8486-95ad92ac8698/1/WmnXNywDhATZSN_VZtF716Thrms.roa
File:                     WmnXNywDhATZSN_VZtF716Thrms.roa (raw, json)
Hash identifier:          zZOfelxqJq/1SCACj0xSOzNBCzw5rbzs1wB7PmdmYQI=
Subject key identifier:   5A:69:D7:37:2C:03:84:04:D9:48:DF:D5:66:D1:7B:D7:A4:E1:AE:6B
Certificate issuer:       /CN=1062bc36512658a0f7d3f96bc1d8e67d9fd4918b
Certificate serial:       019169DB676ACDB398DFF2EBCD26E0DBDCA4
Authority key identifier: 10:62:BC:36:51:26:58:A0:F7:D3:F9:6B:C1:D8:E6:7D:9F:D4:91:8B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EGK8NlEmWKD30_lrwdjmfZ_UkYs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/54/669ebf-ee7f-4eb7-8486-95ad92ac8698/1/WmnXNywDhATZSN_VZtF716Thrms.roa
Signing time:             Mon 19 Aug 2024 08:57:52 +0000
ROA not before:           Mon 19 Aug 2024 08:57:52 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     396982
IP address blocks:        195.245.86.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/54/669ebf-ee7f-4eb7-8486-95ad92ac8698/1/EGK8NlEmWKD30_lrwdjmfZ_UkYs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/54/669ebf-ee7f-4eb7-8486-95ad92ac8698/1/EGK8NlEmWKD30_lrwdjmfZ_UkYs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EGK8NlEmWKD30_lrwdjmfZ_UkYs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:69:db:67:6a:cd:b3:98:df:f2:eb:cd:26:e0:db:dc:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1062bc36512658a0f7d3f96bc1d8e67d9fd4918b
        Validity
            Not Before: Aug 19 08:57:52 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5a69d7372c038404d948dfd566d17bd7a4e1ae6b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:68:b0:eb:97:a6:36:70:49:39:86:66:e8:57:
                    42:6c:84:e0:a1:db:25:72:29:32:e0:17:d0:d0:0f:
                    03:27:c9:99:67:1c:2e:85:4d:91:b8:a2:3a:cf:fa:
                    e9:61:10:46:b1:03:b5:16:44:c4:a1:4c:6d:6f:bd:
                    de:a1:8a:6a:58:b4:53:4d:18:47:38:61:85:2f:ee:
                    59:3d:49:88:8c:6a:3a:4a:7a:13:37:c4:8c:e2:ef:
                    60:ff:64:80:d2:ff:1e:35:22:a4:19:24:59:d3:c2:
                    aa:fe:ea:ed:a9:ea:22:64:dd:06:b2:84:8f:8c:cd:
                    63:f7:db:c5:e8:7a:dd:d4:02:83:c7:36:67:cd:84:
                    87:e0:2f:e8:e5:ac:a7:42:0f:06:ec:53:35:fe:f4:
                    2f:eb:6f:47:62:7c:1c:d8:bc:a0:e1:39:2d:06:60:
                    99:83:a6:cb:6c:5f:bb:4c:9d:82:e9:a9:db:15:de:
                    81:a0:d0:4b:ae:f2:a7:44:da:db:37:bd:ad:3f:86:
                    25:14:59:ea:f5:04:0e:ab:0b:dd:e6:d3:6b:96:06:
                    d2:33:24:88:b4:18:30:9b:5d:fc:4e:5e:1d:1c:67:
                    ec:92:a0:a1:c8:91:bf:83:41:77:ff:93:28:18:e4:
                    12:43:cc:5f:18:a6:c3:ed:f2:c3:e5:a5:3f:ee:4a:
                    c4:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5A:69:D7:37:2C:03:84:04:D9:48:DF:D5:66:D1:7B:D7:A4:E1:AE:6B
            X509v3 Authority Key Identifier:
                keyid:10:62:BC:36:51:26:58:A0:F7:D3:F9:6B:C1:D8:E6:7D:9F:D4:91:8B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EGK8NlEmWKD30_lrwdjmfZ_UkYs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/54/669ebf-ee7f-4eb7-8486-95ad92ac8698/1/WmnXNywDhATZSN_VZtF716Thrms.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/54/669ebf-ee7f-4eb7-8486-95ad92ac8698/1/EGK8NlEmWKD30_lrwdjmfZ_UkYs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.245.86.0/23

    Signature Algorithm: sha256WithRSAEncryption
         d1:88:90:f1:fe:da:2d:06:3b:99:48:e4:e2:d3:6f:2e:36:b6:
         d2:d7:29:a0:d2:d6:c3:e8:c0:f5:4d:b9:6e:fb:ef:bc:78:ef:
         7e:c3:16:00:ad:06:6a:f0:9a:8c:ed:1b:77:f9:a3:3d:9d:03:
         e2:83:d6:08:a5:93:d6:1c:5b:12:2d:d6:2d:80:e9:8d:b8:3c:
         c2:54:d8:08:fa:29:99:2d:63:a1:dd:23:57:11:1a:5b:a8:62:
         5c:1a:9b:0d:d9:ed:b0:11:83:b4:6e:76:96:fe:9d:cd:ab:10:
         d2:82:4c:44:ac:86:7d:74:65:22:47:6d:dc:09:a3:f9:f2:2a:
         63:c1:06:f8:a9:4a:cc:fa:90:8f:8a:d8:b3:2d:b9:c9:db:e9:
         27:41:6a:d2:f7:c0:05:2d:8c:5c:3d:c2:41:b2:1b:14:b7:5a:
         7f:e0:78:53:04:26:de:d8:f6:5c:d1:24:4b:c4:77:66:7a:52:
         ad:e1:e3:d1:82:2a:26:4b:c0:4a:9a:74:bc:b6:f7:68:e4:91:
         11:a6:08:c1:b6:8f:2e:b4:e3:54:09:98:b4:ea:02:85:d3:ec:
         4f:bc:ba:05:77:66:ba:ab:77:61:1e:e0:6b:26:34:9f:33:c2:
         8b:7b:c2:95:ff:80:fc:60:bd:2f:1f:33:54:04:bc:99:2c:9e:
         03:7d:8d:97
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZFp22dqzbOY3/LrzSbg29ykMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEwNjJiYzM2NTEyNjU4YTBmN2QzZjk2YmMxZDhlNjdkOWZk
NDkxOGIwHhcNMjQwODE5MDg1NzUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YTY5ZDczNzJjMDM4NDA0ZDk0OGRmZDU2NmQxN2JkN2E0ZTFhZTZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtmiw65emNnBJOYZm6FdCbITgodsl
ciky4BfQ0A8DJ8mZZxwuhU2RuKI6z/rpYRBGsQO1FkTEoUxtb73eoYpqWLRTTRhH
OGGFL+5ZPUmIjGo6SnoTN8SM4u9g/2SA0v8eNSKkGSRZ08Kq/urtqeoiZN0GsoSP
jM1j99vF6Hrd1AKDxzZnzYSH4C/o5aynQg8G7FM1/vQv629HYnwc2Lyg4TktBmCZ
g6bLbF+7TJ2C6anbFd6BoNBLrvKnRNrbN72tP4YlFFnq9QQOqwvd5tNrlgbSMySI
tBgwm138Tl4dHGfskqChyJG/g0F3/5MoGOQSQ8xfGKbD7fLD5aU/7krEiwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFpp1zcsA4QE2Ujf1WbRe9ek4a5rMB8GA1UdIwQY
MBaAFBBivDZRJlig99P5a8HY5n2f1JGLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRUdLOE5sRW1XS0QzMF9scndkam1mWl9Va1lzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NC82NjllYmYtZWU3Zi00ZWI3LTg0ODYt
OTVhZDkyYWM4Njk4LzEvV21uWE55d0RoQVRaU05fVlp0RjcxNlRocm1zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NC82NjllYmYtZWU3Zi00ZWI3LTg0ODYtOTVhZDkyYWM4Njk4
LzEvRUdLOE5sRW1XS0QzMF9scndkam1mWl9Va1lzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBw/VWMA0G
CSqGSIb3DQEBCwUAA4IBAQDRiJDx/totBjuZSOTi028uNrbS1ymg0tbD6MD1Tblu
+++8eO9+wxYArQZq8JqM7Rt3+aM9nQPig9YIpZPWHFsSLdYtgOmNuDzCVNgI+imZ
LWOh3SNXERpbqGJcGpsN2e2wEYO0bnaW/p3NqxDSgkxErIZ9dGUiR23cCaP58ipj
wQb4qUrM+pCPitizLbnJ2+knQWrS98AFLYxcPcJBshsUt1p/4HhTBCbe2PZc0SRL
xHdmelKt4ePRgiomS8BKmnS8tvdo5JERpgjBto8utONUCZi06gKF0+xPvLoFd2a6
q3dhHuBrJjSfM8KLe8KV/4D8YL0vHzNUBLyZLJ4DfY2X
-----END CERTIFICATE-----