Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/74/8c143d-e2a3-4314-9a51-a0b9751efa47/1/WJbeEGnHVwzoh27CnV-Llcvad9A.roa
File:                     WJbeEGnHVwzoh27CnV-Llcvad9A.roa (raw, json)
Hash identifier:          GuNYyTD79nY/6no1a2xjBXpewSjcUAKa0zBYf0Rdnhg=
Subject key identifier:   58:96:DE:10:69:C7:57:0C:E8:87:6E:C2:9D:5F:8B:95:CB:DA:77:D0
Certificate issuer:       /CN=48096ad33beb3e9504ad51a4e79034f7d1847633
Certificate serial:       018CC6B7FE4512518B7AB48F1B824CAC2B60
Authority key identifier: 48:09:6A:D3:3B:EB:3E:95:04:AD:51:A4:E7:90:34:F7:D1:84:76:33
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SAlq0zvrPpUErVGk55A099GEdjM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/74/8c143d-e2a3-4314-9a51-a0b9751efa47/1/WJbeEGnHVwzoh27CnV-Llcvad9A.roa
Signing time:             Mon 01 Jan 2024 20:29:56 +0000
ROA not before:           Mon 01 Jan 2024 20:29:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42493
IP address blocks:        2.59.124.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/74/8c143d-e2a3-4314-9a51-a0b9751efa47/1/SAlq0zvrPpUErVGk55A099GEdjM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/74/8c143d-e2a3-4314-9a51-a0b9751efa47/1/SAlq0zvrPpUErVGk55A099GEdjM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SAlq0zvrPpUErVGk55A099GEdjM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 16 Nov 2024 17:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:fe:45:12:51:8b:7a:b4:8f:1b:82:4c:ac:2b:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=48096ad33beb3e9504ad51a4e79034f7d1847633
        Validity
            Not Before: Jan  1 20:29:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5896de1069c7570ce8876ec29d5f8b95cbda77d0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:2e:e3:4c:e7:ab:cd:1c:ef:b6:c9:af:9f:ce:
                    43:a1:b0:b7:3e:78:a6:87:ed:90:e2:a7:ef:fb:9a:
                    84:92:d1:93:38:d0:3c:f7:90:91:ea:74:15:5d:b5:
                    e8:df:30:05:90:cd:06:47:c0:43:b1:77:20:33:d6:
                    02:51:0a:49:ee:1e:bc:29:50:c9:ab:eb:b7:df:93:
                    ff:a3:09:44:1a:8c:44:01:b9:36:43:a3:3c:c8:93:
                    16:4f:71:2e:6f:88:09:74:85:92:59:58:dd:5a:e1:
                    83:f0:e9:81:7b:f2:21:81:6e:42:34:75:be:b7:e9:
                    59:d3:72:e1:e8:7c:e4:3f:b5:51:8a:cf:87:c1:a6:
                    66:f8:bf:b7:29:33:b4:d4:57:b1:e5:ad:f4:75:b7:
                    af:2b:1f:8b:51:06:f4:d3:5e:42:df:97:4f:b3:f4:
                    34:49:69:16:92:66:15:d5:26:f3:3b:a1:f0:d1:a3:
                    90:4b:69:21:3b:1b:85:df:bf:a9:9e:e2:49:cd:c7:
                    8f:92:e0:46:d9:e2:7b:3e:06:30:f0:64:12:27:02:
                    0b:24:a9:e4:52:83:ed:3d:9b:c6:d1:2e:b2:73:ab:
                    d2:43:88:d9:fd:9f:1b:0f:8e:40:d0:bb:6b:9f:90:
                    6d:44:ca:64:07:81:b1:0d:a5:ee:17:c3:15:8d:b7:
                    67:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:96:DE:10:69:C7:57:0C:E8:87:6E:C2:9D:5F:8B:95:CB:DA:77:D0
            X509v3 Authority Key Identifier:
                keyid:48:09:6A:D3:3B:EB:3E:95:04:AD:51:A4:E7:90:34:F7:D1:84:76:33

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SAlq0zvrPpUErVGk55A099GEdjM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/74/8c143d-e2a3-4314-9a51-a0b9751efa47/1/WJbeEGnHVwzoh27CnV-Llcvad9A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/74/8c143d-e2a3-4314-9a51-a0b9751efa47/1/SAlq0zvrPpUErVGk55A099GEdjM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.59.124.0/22

    Signature Algorithm: sha256WithRSAEncryption
         a4:93:32:05:4b:26:d0:42:be:17:1c:ba:30:1e:49:90:86:31:
         85:3a:42:ce:e3:12:9f:27:4c:a9:db:bc:14:5b:bf:bd:74:de:
         21:a1:42:32:2c:d5:5d:2a:6c:6c:64:0e:17:ce:6b:9b:e7:6f:
         e6:8c:64:59:c1:73:db:3a:92:a8:89:34:8c:c5:d6:8f:72:e0:
         40:5c:bf:fb:f2:4c:7b:c3:55:fe:99:95:8a:63:b8:09:0f:7f:
         ad:d9:fa:63:b9:4c:9c:32:0c:db:fb:80:4b:62:c9:2f:7d:9e:
         69:0a:b4:8e:f1:22:ef:be:ad:4e:7e:22:22:be:c4:15:29:55:
         82:ad:4c:0a:c0:06:7b:de:c5:75:0e:4f:d3:57:31:a1:97:8a:
         04:72:b8:cf:40:85:29:26:67:3b:93:87:99:af:61:06:3d:7c:
         ca:d3:35:15:c0:d2:8a:68:8d:ee:7c:56:9c:1a:8e:b5:1f:1e:
         13:a7:2b:ca:a8:3f:16:4e:b4:ef:d9:50:48:31:7b:2f:bd:16:
         98:dd:66:d9:0a:9d:50:26:34:96:4e:36:6e:b3:38:5e:12:32:
         a4:41:05:01:fd:7d:28:c6:76:94:79:a4:af:04:a4:d3:dd:ab:
         54:9b:21:94:28:2d:25:97:dd:6d:4f:ca:19:05:9c:b5:27:43:
         5e:22:b2:8c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGt/5FElGLerSPG4JMrCtgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ4MDk2YWQzM2JlYjNlOTUwNGFkNTFhNGU3OTAzNGY3ZDE4
NDc2MzMwHhcNMjQwMTAxMjAyOTU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ODk2ZGUxMDY5Yzc1NzBjZTg4NzZlYzI5ZDVmOGI5NWNiZGE3N2QwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjy7jTOerzRzvtsmvn85DobC3Pnim
h+2Q4qfv+5qEktGTONA895CR6nQVXbXo3zAFkM0GR8BDsXcgM9YCUQpJ7h68KVDJ
q+u335P/owlEGoxEAbk2Q6M8yJMWT3Eub4gJdIWSWVjdWuGD8OmBe/IhgW5CNHW+
t+lZ03Lh6HzkP7VRis+HwaZm+L+3KTO01Fex5a30dbevKx+LUQb0015C35dPs/Q0
SWkWkmYV1SbzO6Hw0aOQS2khOxuF37+pnuJJzcePkuBG2eJ7PgYw8GQSJwILJKnk
UoPtPZvG0S6yc6vSQ4jZ/Z8bD45A0Ltrn5BtRMpkB4GxDaXuF8MVjbdnxQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFiW3hBpx1cM6Iduwp1fi5XL2nfQMB8GA1UdIwQY
MBaAFEgJatM76z6VBK1RpOeQNPfRhHYzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU0FscTB6dnJQcFVFclZHazU1QTA5OUdFZGpNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NC84YzE0M2QtZTJhMy00MzE0LTlhNTEt
YTBiOTc1MWVmYTQ3LzEvV0piZUVHbkhWd3pvaDI3Q25WLUxsY3ZhZDlBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NC84YzE0M2QtZTJhMy00MzE0LTlhNTEtYTBiOTc1MWVmYTQ3
LzEvU0FscTB6dnJQcFVFclZHazU1QTA5OUdFZGpNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCAjt8MA0G
CSqGSIb3DQEBCwUAA4IBAQCkkzIFSybQQr4XHLowHkmQhjGFOkLO4xKfJ0yp27wU
W7+9dN4hoUIyLNVdKmxsZA4Xzmub52/mjGRZwXPbOpKoiTSMxdaPcuBAXL/78kx7
w1X+mZWKY7gJD3+t2fpjuUycMgzb+4BLYskvfZ5pCrSO8SLvvq1OfiIivsQVKVWC
rUwKwAZ73sV1Dk/TVzGhl4oEcrjPQIUpJmc7k4eZr2EGPXzK0zUVwNKKaI3ufFac
Go61Hx4TpyvKqD8WTrTv2VBIMXsvvRaY3WbZCp1QJjSWTjZuszheEjKkQQUB/X0o
xnaUeaSvBKTT3atUmyGUKC0ll91tT8oZBZy1J0NeIrKM
-----END CERTIFICATE-----