Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/64/5863ea-419a-4c29-8e3e-8d525a563e61/1/WfnvqYLR-IhpVsIB249sEVNv0ck.roa
File:                     WfnvqYLR-IhpVsIB249sEVNv0ck.roa (raw, json)
Hash identifier:          m81sYPj0mBJoYQo6cFyiKcl1GQ17VlcYBiFkpRNc0/Y=
Subject key identifier:   59:F9:EF:A9:82:D1:F8:88:69:56:C2:01:DB:8F:6C:11:53:6F:D1:C9
Certificate issuer:       /CN=d4c7c4eab5c07948cbf44a8a01c6a827fdae9341
Certificate serial:       018CC26D268147A089D56B3D700E035A1677
Authority key identifier: D4:C7:C4:EA:B5:C0:79:48:CB:F4:4A:8A:01:C6:A8:27:FD:AE:93:41
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1MfE6rXAeUjL9EqKAcaoJ_2uk0E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/64/5863ea-419a-4c29-8e3e-8d525a563e61/1/WfnvqYLR-IhpVsIB249sEVNv0ck.roa
Signing time:             Mon 01 Jan 2024 00:29:42 +0000
ROA not before:           Mon 01 Jan 2024 00:29:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41346
IP address blocks:        195.114.28.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/64/5863ea-419a-4c29-8e3e-8d525a563e61/1/1MfE6rXAeUjL9EqKAcaoJ_2uk0E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/64/5863ea-419a-4c29-8e3e-8d525a563e61/1/1MfE6rXAeUjL9EqKAcaoJ_2uk0E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1MfE6rXAeUjL9EqKAcaoJ_2uk0E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 01:01:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:26:81:47:a0:89:d5:6b:3d:70:0e:03:5a:16:77
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d4c7c4eab5c07948cbf44a8a01c6a827fdae9341
        Validity
            Not Before: Jan  1 00:29:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=59f9efa982d1f8886956c201db8f6c11536fd1c9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:6a:43:bd:f0:41:41:d3:31:be:9a:0c:e0:b9:
                    9d:a6:c1:e3:5d:f8:3e:b5:8e:64:7b:a1:9e:d3:2b:
                    41:8f:45:c7:cc:76:11:83:01:50:aa:09:bb:c6:70:
                    3a:e5:ae:86:8f:b0:d8:9d:06:91:fb:af:0c:53:fc:
                    a7:51:60:0f:f2:67:2e:36:eb:e7:79:e8:83:5c:47:
                    10:66:0c:dc:e1:2f:de:8e:84:f5:d1:a4:7b:83:cf:
                    95:fd:5b:7a:6d:5c:68:47:b0:f1:46:ba:dc:a0:48:
                    51:d8:fd:84:42:eb:ed:79:9e:bd:d2:43:2f:6d:80:
                    da:d3:b3:1f:e3:48:54:36:3b:b8:66:0b:a6:e6:b0:
                    95:47:21:8e:c0:e0:68:ba:77:ab:56:8d:79:81:9a:
                    a9:d7:f5:f4:19:13:a0:bd:d1:4d:49:f0:e6:42:2c:
                    2a:20:fe:96:ac:26:19:49:04:a2:61:a3:c4:be:41:
                    b1:82:d9:7b:30:f1:28:10:77:86:73:79:11:fe:03:
                    e0:af:56:27:0e:63:c9:37:ae:05:88:f7:d0:8b:57:
                    a2:5a:fa:55:46:30:6d:e1:c5:20:21:2a:b2:21:59:
                    25:73:f8:3c:d9:c3:d0:91:ff:75:87:d2:44:c5:70:
                    48:f9:90:f6:bd:85:ba:3f:fd:05:ed:f5:11:98:ec:
                    0e:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:F9:EF:A9:82:D1:F8:88:69:56:C2:01:DB:8F:6C:11:53:6F:D1:C9
            X509v3 Authority Key Identifier:
                keyid:D4:C7:C4:EA:B5:C0:79:48:CB:F4:4A:8A:01:C6:A8:27:FD:AE:93:41

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1MfE6rXAeUjL9EqKAcaoJ_2uk0E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/64/5863ea-419a-4c29-8e3e-8d525a563e61/1/WfnvqYLR-IhpVsIB249sEVNv0ck.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/64/5863ea-419a-4c29-8e3e-8d525a563e61/1/1MfE6rXAeUjL9EqKAcaoJ_2uk0E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.114.28.0/23

    Signature Algorithm: sha256WithRSAEncryption
         95:90:65:3d:b3:15:ac:20:1d:2a:f1:c6:a0:74:2d:56:a8:2d:
         4c:78:08:77:3a:43:c0:4d:82:f5:17:8b:38:27:9c:57:9a:0d:
         ff:4d:15:17:aa:c6:e3:e9:50:b5:ab:8b:0f:37:38:9d:16:c8:
         70:51:f5:ab:7b:23:dd:2a:34:92:4e:5c:1f:de:cb:7c:71:66:
         eb:f9:70:03:67:d8:47:d5:c5:d1:84:4f:73:00:60:61:3b:87:
         4c:57:29:dc:95:5d:96:c1:f5:5e:c4:1a:ba:4e:d7:35:30:41:
         27:0d:9b:8d:f4:ae:28:10:37:d9:6a:d0:cf:15:b8:fd:b1:0f:
         73:a6:e5:98:f6:7a:76:1b:48:e2:a5:95:0c:d4:6e:5e:15:10:
         b0:33:67:f8:88:c6:30:49:f8:b1:1d:a4:1d:2a:fd:61:c1:a7:
         0a:d9:50:67:89:ac:6b:ba:d0:a4:3a:d3:0c:71:b3:c7:6e:b3:
         10:1e:61:55:52:27:15:f7:2e:27:17:cc:00:7c:8a:df:93:42:
         c3:5c:26:ce:1a:e1:14:f2:b5:a3:c6:74:1e:cb:cf:86:f4:53:
         39:30:34:7d:a5:4d:f0:56:5c:2a:a1:ab:9e:3d:5e:02:27:5f:
         a4:d6:f7:dd:8d:9d:64:10:83:cb:cf:89:a5:e3:de:53:45:d8:
         b1:96:91:89
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbSaBR6CJ1Ws9cA4DWhZ3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0YzdjNGVhYjVjMDc5NDhjYmY0NGE4YTAxYzZhODI3ZmRh
ZTkzNDEwHhcNMjQwMTAxMDAyOTQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OWY5ZWZhOTgyZDFmODg4Njk1NmMyMDFkYjhmNmMxMTUzNmZkMWM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm2pDvfBBQdMxvpoM4LmdpsHjXfg+
tY5ke6Ge0ytBj0XHzHYRgwFQqgm7xnA65a6Gj7DYnQaR+68MU/ynUWAP8mcuNuvn
eeiDXEcQZgzc4S/ejoT10aR7g8+V/Vt6bVxoR7DxRrrcoEhR2P2EQuvteZ690kMv
bYDa07Mf40hUNju4Zgum5rCVRyGOwOBounerVo15gZqp1/X0GROgvdFNSfDmQiwq
IP6WrCYZSQSiYaPEvkGxgtl7MPEoEHeGc3kR/gPgr1YnDmPJN64FiPfQi1eiWvpV
RjBt4cUgISqyIVklc/g82cPQkf91h9JExXBI+ZD2vYW6P/0F7fURmOwOSwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFn576mC0fiIaVbCAduPbBFTb9HJMB8GA1UdIwQY
MBaAFNTHxOq1wHlIy/RKigHGqCf9rpNBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMU1mRTZyWEFlVWpMOUVxS0FjYW9KXzJ1azBFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NC81ODYzZWEtNDE5YS00YzI5LThlM2Ut
OGQ1MjVhNTYzZTYxLzEvV2ZudnFZTFItSWhwVnNJQjI0OXNFVk52MGNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NC81ODYzZWEtNDE5YS00YzI5LThlM2UtOGQ1MjVhNTYzZTYx
LzEvMU1mRTZyWEFlVWpMOUVxS0FjYW9KXzJ1azBFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBw3IcMA0G
CSqGSIb3DQEBCwUAA4IBAQCVkGU9sxWsIB0q8cagdC1WqC1MeAh3OkPATYL1F4s4
J5xXmg3/TRUXqsbj6VC1q4sPNzidFshwUfWreyPdKjSSTlwf3st8cWbr+XADZ9hH
1cXRhE9zAGBhO4dMVynclV2WwfVexBq6Ttc1MEEnDZuN9K4oEDfZatDPFbj9sQ9z
puWY9np2G0jipZUM1G5eFRCwM2f4iMYwSfixHaQdKv1hwacK2VBniaxrutCkOtMM
cbPHbrMQHmFVUicV9y4nF8wAfIrfk0LDXCbOGuEU8rWjxnQey8+G9FM5MDR9pU3w
VlwqoauePV4CJ1+k1vfdjZ1kEIPLz4ml495TRdixlpGJ
-----END CERTIFICATE-----