Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/a0e08a-9ff0-44b4-bcc4-a10690a744e4/1/WN8XSfewpSHiuDGpFM843bGQYR0.roa
File:                     WN8XSfewpSHiuDGpFM843bGQYR0.roa (raw, json)
Hash identifier:          6Jhs6sB+wSoIj1UwnQ8oMBrpZ9Zq1FkbJmAFPvrJAEg=
Subject key identifier:   58:DF:17:49:F7:B0:A5:21:E2:B8:31:A9:14:CF:38:DD:B1:90:61:1D
Certificate issuer:       /CN=25cf9d8d552cdc7d8c0dc6f649b301f2351409ee
Certificate serial:       018CCA2A174B48E45FCD1AB24CE3A0CBAE98
Authority key identifier: 25:CF:9D:8D:55:2C:DC:7D:8C:0D:C6:F6:49:B3:01:F2:35:14:09:EE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Jc-djVUs3H2MDcb2SbMB8jUUCe4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/a0e08a-9ff0-44b4-bcc4-a10690a744e4/1/WN8XSfewpSHiuDGpFM843bGQYR0.roa
Signing time:             Tue 02 Jan 2024 12:33:25 +0000
ROA not before:           Tue 02 Jan 2024 12:33:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61125
IP address blocks:        45.66.35.0/24 maxlen: 24
                          2a09:61c4::/30 maxlen: 30

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/a0e08a-9ff0-44b4-bcc4-a10690a744e4/1/Jc-djVUs3H2MDcb2SbMB8jUUCe4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/a0e08a-9ff0-44b4-bcc4-a10690a744e4/1/Jc-djVUs3H2MDcb2SbMB8jUUCe4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Jc-djVUs3H2MDcb2SbMB8jUUCe4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Jun 2024 08:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:17:4b:48:e4:5f:cd:1a:b2:4c:e3:a0:cb:ae:98
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=25cf9d8d552cdc7d8c0dc6f649b301f2351409ee
        Validity
            Not Before: Jan  2 12:33:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=58df1749f7b0a521e2b831a914cf38ddb190611d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:4a:b0:17:76:f7:cc:61:50:e8:ef:fa:d0:1d:
                    ae:98:1b:a9:54:e6:bc:e8:07:17:eb:f0:1b:46:12:
                    9b:85:6d:ad:90:9e:3f:39:0e:92:07:dc:48:60:16:
                    d4:ea:f3:8d:71:25:3d:e9:e3:4f:2e:b6:63:ad:19:
                    80:7b:e4:5f:03:96:e0:6b:b5:0e:a0:13:07:7d:cb:
                    2b:8f:6d:89:c9:93:07:d5:90:79:e2:ae:8d:cb:d6:
                    26:8d:63:7e:58:78:84:86:b5:ca:4d:5f:0d:fc:37:
                    88:3d:f1:17:86:04:f4:63:f7:93:fc:f4:bf:3b:e4:
                    67:a4:33:7c:d6:89:34:06:90:ba:da:e0:b3:58:b3:
                    7c:20:76:a6:92:f5:ad:f1:9b:e4:90:32:55:81:f1:
                    1f:e1:1c:84:61:f9:d4:4b:e2:9b:87:67:1c:a7:14:
                    51:0e:7b:9c:96:0d:29:e2:24:01:08:72:59:ee:c1:
                    bb:ba:0b:3d:8a:12:d5:c5:d1:0e:4b:16:24:d4:1c:
                    55:d8:bc:58:63:54:9b:80:9f:25:7c:3c:64:36:1e:
                    5c:c8:6c:5e:fe:92:57:02:07:82:7b:c6:17:de:ff:
                    04:0c:7d:42:c5:13:c9:9e:d9:01:f9:7c:9d:01:26:
                    39:af:07:d6:23:18:16:8b:e6:42:95:50:89:76:8e:
                    f8:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:DF:17:49:F7:B0:A5:21:E2:B8:31:A9:14:CF:38:DD:B1:90:61:1D
            X509v3 Authority Key Identifier:
                keyid:25:CF:9D:8D:55:2C:DC:7D:8C:0D:C6:F6:49:B3:01:F2:35:14:09:EE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Jc-djVUs3H2MDcb2SbMB8jUUCe4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/a0e08a-9ff0-44b4-bcc4-a10690a744e4/1/WN8XSfewpSHiuDGpFM843bGQYR0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/a0e08a-9ff0-44b4-bcc4-a10690a744e4/1/Jc-djVUs3H2MDcb2SbMB8jUUCe4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.66.35.0/24
                IPv6:
                  2a09:61c4::/30

    Signature Algorithm: sha256WithRSAEncryption
         1d:11:92:f6:8e:3d:f7:37:3c:f6:81:ad:e5:76:8c:e0:fa:d7:
         ae:e5:12:2a:32:ca:c6:e5:04:51:a5:fd:44:0a:78:3e:72:a0:
         aa:f8:0f:57:b7:a4:48:eb:f6:91:29:02:38:3c:8a:99:56:41:
         1b:a0:6b:d9:0c:be:8f:c7:cd:8b:b1:18:97:e4:69:b1:23:1c:
         5f:ba:83:ef:48:51:21:85:66:e7:05:98:3a:56:2b:03:d5:30:
         f1:6b:c9:5f:e5:7d:06:6d:a2:2c:0c:8c:ce:f3:5d:72:e3:e2:
         3c:70:23:de:96:c2:97:68:40:47:a4:47:71:28:07:c3:06:fb:
         62:fa:40:5e:61:73:4f:50:7f:95:18:5d:f2:03:2c:13:a2:89:
         c8:d1:2d:e9:52:3d:dc:9a:0a:ed:ff:c7:57:a8:fd:f5:54:34:
         3c:d0:5d:20:22:b4:a3:5f:af:46:84:e9:79:f0:56:43:a2:db:
         29:50:3f:fb:53:1e:55:ab:da:3b:20:38:a6:55:23:05:68:e2:
         04:35:5f:4e:ae:cb:0e:b9:70:34:71:2c:0b:8d:af:89:ac:3b:
         d2:95:0e:14:4d:43:04:57:13:91:90:62:a2:66:d8:95:7f:61:
         b5:bd:44:f9:89:36:29:cc:fd:57:ab:41:9b:49:c3:3d:10:c6:
         d0:d2:21:0b
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzKKhdLSORfzRqyTOOgy66YMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI1Y2Y5ZDhkNTUyY2RjN2Q4YzBkYzZmNjQ5YjMwMWYyMzUx
NDA5ZWUwHhcNMjQwMTAyMTIzMzI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OGRmMTc0OWY3YjBhNTIxZTJiODMxYTkxNGNmMzhkZGIxOTA2MTFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt0qwF3b3zGFQ6O/60B2umBupVOa8
6AcX6/AbRhKbhW2tkJ4/OQ6SB9xIYBbU6vONcSU96eNPLrZjrRmAe+RfA5bga7UO
oBMHfcsrj22JyZMH1ZB54q6Ny9YmjWN+WHiEhrXKTV8N/DeIPfEXhgT0Y/eT/PS/
O+RnpDN81ok0BpC62uCzWLN8IHamkvWt8ZvkkDJVgfEf4RyEYfnUS+Kbh2ccpxRR
Dnuclg0p4iQBCHJZ7sG7ugs9ihLVxdEOSxYk1BxV2LxYY1SbgJ8lfDxkNh5cyGxe
/pJXAgeCe8YX3v8EDH1CxRPJntkB+XydASY5rwfWIxgWi+ZClVCJdo740QIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFFjfF0n3sKUh4rgxqRTPON2xkGEdMB8GA1UdIwQY
MBaAFCXPnY1VLNx9jA3G9kmzAfI1FAnuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSmMtZGpWVXMzSDJNRGNiMlNiTUI4alVVQ2U0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi9hMGUwOGEtOWZmMC00NGI0LWJjYzQt
YTEwNjkwYTc0NGU0LzEvV044WFNmZXdwU0hpdURHcEZNODQzYkdRWVIwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi9hMGUwOGEtOWZmMC00NGI0LWJjYzQtYTEwNjkwYTc0NGU0
LzEvSmMtZGpWVXMzSDJNRGNiMlNiTUI4alVVQ2U0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQALUIjMA0E
AgACMAcDBQIqCWHEMA0GCSqGSIb3DQEBCwUAA4IBAQAdEZL2jj33Nzz2ga3ldozg
+teu5RIqMsrG5QRRpf1ECng+cqCq+A9Xt6RI6/aRKQI4PIqZVkEboGvZDL6Px82L
sRiX5GmxIxxfuoPvSFEhhWbnBZg6VisD1TDxa8lf5X0GbaIsDIzO811y4+I8cCPe
lsKXaEBHpEdxKAfDBvti+kBeYXNPUH+VGF3yAywToonI0S3pUj3cmgrt/8dXqP31
VDQ80F0gIrSjX69GhOl58FZDotspUD/7Ux5Vq9o7IDimVSMFaOIENV9OrssOuXA0
cSwLja+JrDvSlQ4UTUMEVxORkGKiZtiVf2G1vUT5iTYpzP1Xq0GbScM9EMbQ0iEL
-----END CERTIFICATE-----