Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/6afd1e-cb7e-4e6e-a8a4-e18602739cd5/1/wfyRH8WZIseAQ2gNnf1Tcrj_1y4.roa
File:                     wfyRH8WZIseAQ2gNnf1Tcrj_1y4.roa (raw, json)
Hash identifier:          JqE5W+dEVZeC00yNPenXghxr7s1nC/Vis5wBvA/OE/Q=
Subject key identifier:   C1:FC:91:1F:C5:99:22:C7:80:43:68:0D:9D:FD:53:72:B8:FF:D7:2E
Certificate issuer:       /CN=5853e65a3087b4ca85c8802b60ff0f02b4106d97
Certificate serial:       018CC26D473761C5EB51E814D9D1F938CBC9
Authority key identifier: 58:53:E6:5A:30:87:B4:CA:85:C8:80:2B:60:FF:0F:02:B4:10:6D:97
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WFPmWjCHtMqFyIArYP8PArQQbZc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/62/6afd1e-cb7e-4e6e-a8a4-e18602739cd5/1/wfyRH8WZIseAQ2gNnf1Tcrj_1y4.roa
Signing time:             Mon 01 Jan 2024 00:29:50 +0000
ROA not before:           Mon 01 Jan 2024 00:29:50 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50694
IP address blocks:        95.170.96.0/22 maxlen: 22
                          95.170.100.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/62/6afd1e-cb7e-4e6e-a8a4-e18602739cd5/1/WFPmWjCHtMqFyIArYP8PArQQbZc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/62/6afd1e-cb7e-4e6e-a8a4-e18602739cd5/1/WFPmWjCHtMqFyIArYP8PArQQbZc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WFPmWjCHtMqFyIArYP8PArQQbZc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 01 Jun 2024 22:02:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:47:37:61:c5:eb:51:e8:14:d9:d1:f9:38:cb:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5853e65a3087b4ca85c8802b60ff0f02b4106d97
        Validity
            Not Before: Jan  1 00:29:50 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c1fc911fc59922c78043680d9dfd5372b8ffd72e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:ca:84:1b:76:6b:e1:bf:8a:61:7e:5b:bc:6f:
                    7b:d5:08:b7:86:4d:d8:0c:3e:37:e6:7b:7e:8d:64:
                    60:c1:5e:d0:a8:53:8d:a2:68:76:62:4b:1a:e9:bb:
                    6d:56:65:2b:b0:42:87:01:bf:9b:bf:96:d2:d9:a8:
                    80:e1:0e:e5:ba:5a:22:db:15:5f:85:d1:28:7d:e9:
                    cc:58:2f:13:ba:a4:2a:7d:3a:74:ce:e0:88:0f:37:
                    66:74:e7:7a:41:ef:7b:65:66:a0:47:59:43:3c:10:
                    e0:74:b3:98:19:c8:f6:e9:8c:0d:68:56:f5:a0:a3:
                    82:5c:49:9a:d2:89:25:14:a7:af:4f:e4:00:b0:9f:
                    dc:df:e7:17:b2:31:d1:89:a4:10:71:1a:66:02:b4:
                    8f:c0:a1:c6:e4:a5:ff:02:e9:c3:03:54:40:6d:ac:
                    81:83:22:33:ce:25:90:40:33:2d:f7:6f:17:94:2e:
                    49:97:9d:fb:4e:7d:40:9b:32:c0:95:ad:23:b6:b2:
                    f2:24:35:90:ce:d1:19:c9:fa:89:4f:60:f1:44:71:
                    76:a5:36:89:c5:90:b4:a9:df:c5:f5:41:52:06:1a:
                    83:49:f1:f1:52:f7:c0:44:3a:34:ff:89:e0:9f:15:
                    9c:84:f6:7d:16:e0:55:a3:a1:76:dc:0c:a4:1a:45:
                    dc:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:FC:91:1F:C5:99:22:C7:80:43:68:0D:9D:FD:53:72:B8:FF:D7:2E
            X509v3 Authority Key Identifier:
                keyid:58:53:E6:5A:30:87:B4:CA:85:C8:80:2B:60:FF:0F:02:B4:10:6D:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WFPmWjCHtMqFyIArYP8PArQQbZc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/6afd1e-cb7e-4e6e-a8a4-e18602739cd5/1/wfyRH8WZIseAQ2gNnf1Tcrj_1y4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/62/6afd1e-cb7e-4e6e-a8a4-e18602739cd5/1/WFPmWjCHtMqFyIArYP8PArQQbZc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.170.96.0/21

    Signature Algorithm: sha256WithRSAEncryption
         08:b1:a8:8f:58:4f:42:c2:af:34:2b:48:c8:28:f0:5a:52:50:
         db:7a:16:c2:4b:d6:f2:21:f1:d6:3c:3a:4e:5d:3f:87:bf:4f:
         9c:13:ad:ca:c0:ff:d2:28:dd:23:2c:00:65:a7:a8:5e:2e:15:
         50:e2:c5:cc:92:10:23:3b:a0:dd:5e:64:bb:6f:6d:8c:e7:7c:
         ca:ec:1e:8a:cf:60:64:3a:c7:53:cf:b8:a2:cd:c2:fa:97:80:
         20:d7:41:68:8c:70:72:84:0f:58:2b:c5:3b:fc:43:0a:c0:0e:
         3c:62:02:10:13:e7:15:d5:85:12:9a:54:05:5e:9d:05:42:ea:
         9c:4a:73:3e:41:b1:80:bb:4e:8c:20:a5:9c:c7:cb:38:7f:99:
         6c:05:be:6a:14:5c:cf:f4:6a:09:de:7d:e7:fc:20:2c:95:9f:
         ce:0d:23:d4:22:44:56:87:99:73:78:25:bd:ec:b1:c6:40:7e:
         54:53:51:a5:a6:bc:9c:59:cc:72:dc:b3:89:28:b2:37:05:fb:
         85:92:66:58:0e:ed:6b:6b:84:55:12:f3:b3:c3:e9:13:56:48:
         5c:68:3a:0e:44:ad:b4:6c:a5:e9:c5:41:84:d6:b1:57:5c:a4:
         8e:cd:82:1b:91:6c:e4:32:6c:3b:fe:ba:38:0e:cc:dd:32:c4:
         c2:01:7e:4c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbUc3YcXrUegU2dH5OMvJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4NTNlNjVhMzA4N2I0Y2E4NWM4ODAyYjYwZmYwZjAyYjQx
MDZkOTcwHhcNMjQwMTAxMDAyOTUwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMWZjOTExZmM1OTkyMmM3ODA0MzY4MGQ5ZGZkNTM3MmI4ZmZkNzJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu8qEG3Zr4b+KYX5bvG971Qi3hk3Y
DD435nt+jWRgwV7QqFONomh2Yksa6bttVmUrsEKHAb+bv5bS2aiA4Q7luloi2xVf
hdEofenMWC8TuqQqfTp0zuCIDzdmdOd6Qe97ZWagR1lDPBDgdLOYGcj26YwNaFb1
oKOCXEma0oklFKevT+QAsJ/c3+cXsjHRiaQQcRpmArSPwKHG5KX/AunDA1RAbayB
gyIzziWQQDMt928XlC5Jl537Tn1AmzLAla0jtrLyJDWQztEZyfqJT2DxRHF2pTaJ
xZC0qd/F9UFSBhqDSfHxUvfARDo0/4ngnxWchPZ9FuBVo6F23AykGkXcewIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMH8kR/FmSLHgENoDZ39U3K4/9cuMB8GA1UdIwQY
MBaAFFhT5lowh7TKhciAK2D/DwK0EG2XMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0ZQbVdqQ0h0TXFGeUlBcllQOFBBclFRYlpjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi82YWZkMWUtY2I3ZS00ZTZlLWE4YTQt
ZTE4NjAyNzM5Y2Q1LzEvd2Z5Ukg4V1pJc2VBUTJnTm5mMVRjcmpfMXk0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi82YWZkMWUtY2I3ZS00ZTZlLWE4YTQtZTE4NjAyNzM5Y2Q1
LzEvV0ZQbVdqQ0h0TXFGeUlBcllQOFBBclFRYlpjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDX6pgMA0G
CSqGSIb3DQEBCwUAA4IBAQAIsaiPWE9Cwq80K0jIKPBaUlDbehbCS9byIfHWPDpO
XT+Hv0+cE63KwP/SKN0jLABlp6heLhVQ4sXMkhAjO6DdXmS7b22M53zK7B6Kz2Bk
OsdTz7iizcL6l4Ag10FojHByhA9YK8U7/EMKwA48YgIQE+cV1YUSmlQFXp0FQuqc
SnM+QbGAu06MIKWcx8s4f5lsBb5qFFzP9GoJ3n3n/CAslZ/ODSPUIkRWh5lzeCW9
7LHGQH5UU1GlprycWcxy3LOJKLI3BfuFkmZYDu1ra4RVEvOzw+kTVkhcaDoORK20
bKXpxUGE1rFXXKSOzYIbkWzkMmw7/ro4DszdMsTCAX5M
-----END CERTIFICATE-----