Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5d/1ed27c-2d8c-4080-a458-9f522a284595/1/WvtSsvIfE6AVpCNTdqsIKAs6ATQ.roa
File:                     WvtSsvIfE6AVpCNTdqsIKAs6ATQ.roa (raw, json)
Hash identifier:          B5dzuhPSmncRV1W0JhPQV2OTrrkgWS1sVmmnRaS2m/c=
Subject key identifier:   5A:FB:52:B2:F2:1F:13:A0:15:A4:23:53:76:AB:08:28:0B:3A:01:34
Certificate issuer:       /CN=2ec121e1545df3e5bb86e9188f2825fad7477f75
Certificate serial:       018F81C9016440E3BB2BC29F8DEC18109B50
Authority key identifier: 2E:C1:21:E1:54:5D:F3:E5:BB:86:E9:18:8F:28:25:FA:D7:47:7F:75
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LsEh4VRd8-W7hukYjygl-tdHf3U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5d/1ed27c-2d8c-4080-a458-9f522a284595/1/WvtSsvIfE6AVpCNTdqsIKAs6ATQ.roa
Signing time:             Thu 16 May 2024 14:23:04 +0000
ROA not before:           Thu 16 May 2024 14:23:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39886
IP address blocks:        109.94.32.0/19 maxlen: 24
                          213.111.0.0/18 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5d/1ed27c-2d8c-4080-a458-9f522a284595/1/LsEh4VRd8-W7hukYjygl-tdHf3U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5d/1ed27c-2d8c-4080-a458-9f522a284595/1/LsEh4VRd8-W7hukYjygl-tdHf3U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LsEh4VRd8-W7hukYjygl-tdHf3U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 08:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:81:c9:01:64:40:e3:bb:2b:c2:9f:8d:ec:18:10:9b:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2ec121e1545df3e5bb86e9188f2825fad7477f75
        Validity
            Not Before: May 16 14:23:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5afb52b2f21f13a015a4235376ab08280b3a0134
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:5f:d3:0b:d1:1c:1e:16:56:b9:c1:ad:d0:ec:
                    2e:f4:c8:73:3d:a3:71:fd:9f:2a:c1:15:fe:83:a5:
                    ce:c0:ab:62:00:c4:27:24:4d:3e:31:cd:a2:87:e6:
                    de:9d:c2:a4:16:b0:94:4b:89:89:6f:39:90:96:a9:
                    44:6b:80:4b:15:0d:ac:a8:c3:59:d2:20:6a:b4:cb:
                    57:24:ef:e8:5f:53:1e:60:2a:5f:e9:b5:04:cf:e1:
                    b6:f0:34:ec:19:cb:8e:d6:b2:62:fc:5c:d6:12:f9:
                    4a:d1:f4:7f:70:1a:0c:6a:f7:7b:03:36:29:2a:f8:
                    2c:b0:c0:49:5d:37:6e:e5:3e:ab:93:89:56:e9:fe:
                    9e:91:a8:ac:7d:7d:b8:ee:6d:79:57:c6:a4:23:ad:
                    58:2c:5a:87:ac:e7:e6:db:c8:84:3d:49:3d:82:62:
                    bc:94:eb:96:08:19:68:83:2c:5e:d8:79:53:3a:48:
                    bd:bb:8b:6b:53:32:c5:ff:f5:aa:fa:4d:5e:b0:a5:
                    46:60:52:9f:02:5f:b9:6f:fc:38:79:56:28:40:b9:
                    db:23:0a:18:33:75:a5:c3:43:f1:1a:e4:31:05:ad:
                    42:1b:12:88:74:93:fa:69:29:e2:6f:1b:82:2a:e2:
                    01:71:56:60:3f:9a:e5:4d:1f:15:61:34:d6:d7:55:
                    99:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5A:FB:52:B2:F2:1F:13:A0:15:A4:23:53:76:AB:08:28:0B:3A:01:34
            X509v3 Authority Key Identifier:
                keyid:2E:C1:21:E1:54:5D:F3:E5:BB:86:E9:18:8F:28:25:FA:D7:47:7F:75

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LsEh4VRd8-W7hukYjygl-tdHf3U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/1ed27c-2d8c-4080-a458-9f522a284595/1/WvtSsvIfE6AVpCNTdqsIKAs6ATQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/1ed27c-2d8c-4080-a458-9f522a284595/1/LsEh4VRd8-W7hukYjygl-tdHf3U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.94.32.0/19
                  213.111.0.0/18

    Signature Algorithm: sha256WithRSAEncryption
         14:f8:00:de:7f:f4:3c:7a:da:34:e4:11:bf:51:6f:8c:2d:e2:
         16:31:c3:56:3f:0f:05:87:b8:bc:a8:c0:5d:b7:c1:49:b9:4e:
         23:a2:41:09:06:20:13:e1:83:08:1a:11:d8:10:fa:7a:2b:92:
         a5:2f:3e:a4:85:a4:d4:91:28:6f:b2:25:5d:a2:4c:30:4a:1a:
         f1:04:af:f1:02:85:9c:b8:91:b6:83:db:47:f2:c4:a1:a9:95:
         2e:dc:6e:14:53:e4:4f:65:bd:f8:04:be:ce:15:2c:63:04:1c:
         b6:09:ed:4d:14:56:cc:ad:b5:8a:33:f1:fa:bd:7f:7f:c1:49:
         75:60:af:6d:7d:87:ca:16:31:bd:51:73:7e:da:bf:f5:e7:35:
         93:15:cb:cb:99:ed:c3:62:55:1c:03:48:37:0b:41:24:38:3a:
         21:40:6b:df:df:a2:43:9f:1c:61:0b:f6:39:63:0a:52:15:61:
         b1:32:24:6e:18:de:21:e9:a7:f0:31:24:95:3a:90:ae:7d:b8:
         58:2b:83:bc:e3:72:77:ea:32:6a:b4:7d:1b:f4:76:cb:28:14:
         50:79:23:28:39:6d:8b:b7:01:77:98:47:d1:90:0e:c1:17:b9:
         00:be:70:59:21:c0:de:45:46:7f:a2:2e:49:99:78:f2:2c:67:
         af:14:a9:4a
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY+ByQFkQOO7K8KfjewYEJtQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlYzEyMWUxNTQ1ZGYzZTViYjg2ZTkxODhmMjgyNWZhZDc0
NzdmNzUwHhcNMjQwNTE2MTQyMzA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YWZiNTJiMmYyMWYxM2EwMTVhNDIzNTM3NmFiMDgyODBiM2EwMTM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjl/TC9EcHhZWucGt0Owu9MhzPaNx
/Z8qwRX+g6XOwKtiAMQnJE0+Mc2ih+bencKkFrCUS4mJbzmQlqlEa4BLFQ2sqMNZ
0iBqtMtXJO/oX1MeYCpf6bUEz+G28DTsGcuO1rJi/FzWEvlK0fR/cBoMavd7AzYp
KvgssMBJXTdu5T6rk4lW6f6ekaisfX247m15V8akI61YLFqHrOfm28iEPUk9gmK8
lOuWCBlogyxe2HlTOki9u4trUzLF//Wq+k1esKVGYFKfAl+5b/w4eVYoQLnbIwoY
M3Wlw0PxGuQxBa1CGxKIdJP6aSnibxuCKuIBcVZgP5rlTR8VYTTW11WZhQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFFr7UrLyHxOgFaQjU3arCCgLOgE0MB8GA1UdIwQY
MBaAFC7BIeFUXfPlu4bpGI8oJfrXR391MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTHNFaDRWUmQ4LVc3aHVrWWp5Z2wtdGRIZjNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZC8xZWQyN2MtMmQ4Yy00MDgwLWE0NTgt
OWY1MjJhMjg0NTk1LzEvV3Z0U3N2SWZFNkFWcENOVGRxc0lLQXM2QVRRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZC8xZWQyN2MtMmQ4Yy00MDgwLWE0NTgtOWY1MjJhMjg0NTk1
LzEvTHNFaDRWUmQ4LVc3aHVrWWp5Z2wtdGRIZjNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQFbV4gAwQG
1W8AMA0GCSqGSIb3DQEBCwUAA4IBAQAU+ADef/Q8eto05BG/UW+MLeIWMcNWPw8F
h7i8qMBdt8FJuU4jokEJBiAT4YMIGhHYEPp6K5KlLz6khaTUkShvsiVdokwwShrx
BK/xAoWcuJG2g9tH8sShqZUu3G4UU+RPZb34BL7OFSxjBBy2Ce1NFFbMrbWKM/H6
vX9/wUl1YK9tfYfKFjG9UXN+2r/15zWTFcvLme3DYlUcA0g3C0EkODohQGvf36JD
nxxhC/Y5YwpSFWGxMiRuGN4h6afwMSSVOpCufbhYK4O843J36jJqtH0b9HbLKBRQ
eSMoOW2LtwF3mEfRkA7BF7kAvnBZIcDeRUZ/oi5JmXjyLGevFKlK
-----END CERTIFICATE-----