Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/76/18a2fd-15f5-43e6-b786-c6d9f915bd8b/1/WeK1z97yQbPYGIo8av-F4JURaK0.roa
File:                     WeK1z97yQbPYGIo8av-F4JURaK0.roa (raw, json)
Hash identifier:          H4I7EhJAkgI4NDzXJVjuwB8HNCzCkfR6f+lO4w6WwFs=
Subject key identifier:   59:E2:B5:CF:DE:F2:41:B3:D8:18:8A:3C:6A:FF:85:E0:95:11:68:AD
Certificate issuer:       /CN=494a8565276b4a251ba573dd6d5f5f878238ebd2
Certificate serial:       018CC5DD17BF5A435D8C26AAB549D97E55C8
Authority key identifier: 49:4A:85:65:27:6B:4A:25:1B:A5:73:DD:6D:5F:5F:87:82:38:EB:D2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SUqFZSdrSiUbpXPdbV9fh4I469I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/76/18a2fd-15f5-43e6-b786-c6d9f915bd8b/1/WeK1z97yQbPYGIo8av-F4JURaK0.roa
Signing time:             Mon 01 Jan 2024 16:30:50 +0000
ROA not before:           Mon 01 Jan 2024 16:30:50 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211607
IP address blocks:        193.3.53.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/76/18a2fd-15f5-43e6-b786-c6d9f915bd8b/1/SUqFZSdrSiUbpXPdbV9fh4I469I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/76/18a2fd-15f5-43e6-b786-c6d9f915bd8b/1/SUqFZSdrSiUbpXPdbV9fh4I469I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SUqFZSdrSiUbpXPdbV9fh4I469I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dd:17:bf:5a:43:5d:8c:26:aa:b5:49:d9:7e:55:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=494a8565276b4a251ba573dd6d5f5f878238ebd2
        Validity
            Not Before: Jan  1 16:30:50 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=59e2b5cfdef241b3d8188a3c6aff85e0951168ad
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:cc:95:d9:e0:df:d3:26:4c:9c:b1:f5:1e:b9:
                    ba:25:ee:13:58:e1:68:91:3e:58:b3:31:51:3d:94:
                    93:2d:ab:e7:c9:d1:cf:50:e1:be:16:59:a7:bc:20:
                    dc:d8:93:82:cf:64:e0:ad:ce:2f:a3:1c:99:79:50:
                    c5:ae:38:e6:4f:ae:8c:7c:40:16:ee:37:eb:79:b5:
                    fe:b2:d7:8f:4e:24:a5:67:57:a2:eb:ca:3d:a8:14:
                    c9:72:06:a8:74:4c:5b:e4:93:98:48:cc:c4:4a:fc:
                    8d:e9:57:59:b6:96:d4:80:64:f3:aa:cf:e5:9d:b0:
                    91:52:37:37:53:1b:63:b7:44:97:d5:1f:27:7f:20:
                    9c:49:29:f3:7b:c2:1d:21:e2:00:eb:36:b8:72:b4:
                    9a:fd:37:19:31:d4:87:5b:92:1a:f0:2c:9c:4d:9f:
                    57:6d:e8:19:ff:40:88:46:f7:62:00:60:bd:d1:11:
                    ae:c3:d3:8e:d1:23:f1:cc:e5:2b:84:c9:8a:cc:ee:
                    c8:96:4c:1a:63:63:86:b2:62:39:04:a6:2b:95:46:
                    10:64:6e:3c:ab:24:f4:bb:25:71:cc:bf:20:fb:91:
                    38:7b:54:6a:3f:c4:4b:fa:37:a0:3c:3a:54:1f:ef:
                    04:fe:7e:20:9f:21:eb:53:6d:ed:c1:63:7b:b0:82:
                    03:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:E2:B5:CF:DE:F2:41:B3:D8:18:8A:3C:6A:FF:85:E0:95:11:68:AD
            X509v3 Authority Key Identifier:
                keyid:49:4A:85:65:27:6B:4A:25:1B:A5:73:DD:6D:5F:5F:87:82:38:EB:D2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SUqFZSdrSiUbpXPdbV9fh4I469I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/76/18a2fd-15f5-43e6-b786-c6d9f915bd8b/1/WeK1z97yQbPYGIo8av-F4JURaK0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/76/18a2fd-15f5-43e6-b786-c6d9f915bd8b/1/SUqFZSdrSiUbpXPdbV9fh4I469I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.3.53.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9b:9f:30:a9:50:bb:3b:7a:2f:cf:21:a6:44:e7:33:d2:82:60:
         82:55:ed:0f:db:0c:26:c2:86:d1:34:02:55:6a:73:da:c4:f4:
         29:dd:70:52:73:06:dd:66:b8:1c:d8:c8:c0:66:35:e0:49:18:
         a8:4d:e0:84:74:97:be:b0:4a:f8:98:2e:e7:27:60:14:2e:d2:
         71:49:be:29:f1:83:a5:6b:7d:32:b3:3d:28:d8:4d:01:72:12:
         86:84:41:27:3a:e5:85:15:1a:f0:e0:3c:a2:25:56:e4:af:de:
         38:dc:71:b0:78:b2:5a:60:18:f4:d7:a4:c0:80:5c:07:e7:a5:
         19:62:df:cd:de:d9:8d:f6:85:d4:38:04:cb:d6:3c:13:ab:70:
         c2:87:cd:b2:9b:6b:e9:5a:bf:c4:50:0a:cf:e4:e0:e5:7b:87:
         1e:4f:e7:6b:d4:a3:7b:b4:be:96:4e:02:74:3f:d6:0e:47:52:
         6d:76:88:f7:ff:e4:5f:a2:42:cf:45:ec:0b:14:e9:b4:06:16:
         0b:3b:dd:74:2d:dd:ba:16:fc:ee:0b:5e:1e:24:91:2d:59:3d:
         e2:f3:02:dc:d6:85:44:50:4e:f7:c3:64:28:2d:71:13:55:4a:
         3b:d1:7f:d9:99:81:fb:20:df:e9:6c:e6:3d:22:0c:69:d8:82:
         cf:00:2b:5c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3Re/WkNdjCaqtUnZflXIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ5NGE4NTY1Mjc2YjRhMjUxYmE1NzNkZDZkNWY1Zjg3ODIz
OGViZDIwHhcNMjQwMTAxMTYzMDUwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OWUyYjVjZmRlZjI0MWIzZDgxODhhM2M2YWZmODVlMDk1MTE2OGFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs8yV2eDf0yZMnLH1Hrm6Je4TWOFo
kT5YszFRPZSTLavnydHPUOG+FlmnvCDc2JOCz2Tgrc4voxyZeVDFrjjmT66MfEAW
7jfrebX+stePTiSlZ1ei68o9qBTJcgaodExb5JOYSMzESvyN6VdZtpbUgGTzqs/l
nbCRUjc3Uxtjt0SX1R8nfyCcSSnze8IdIeIA6za4crSa/TcZMdSHW5Ia8CycTZ9X
begZ/0CIRvdiAGC90RGuw9OO0SPxzOUrhMmKzO7IlkwaY2OGsmI5BKYrlUYQZG48
qyT0uyVxzL8g+5E4e1RqP8RL+jegPDpUH+8E/n4gnyHrU23twWN7sIIDlwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFnitc/e8kGz2BiKPGr/heCVEWitMB8GA1UdIwQY
MBaAFElKhWUna0olG6Vz3W1fX4eCOOvSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU1VxRlpTZHJTaVVicFhQZGJWOWZoNEk0NjlJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ni8xOGEyZmQtMTVmNS00M2U2LWI3ODYt
YzZkOWY5MTViZDhiLzEvV2VLMXo5N3lRYlBZR0lvOGF2LUY0SlVSYUswLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ni8xOGEyZmQtMTVmNS00M2U2LWI3ODYtYzZkOWY5MTViZDhi
LzEvU1VxRlpTZHJTaVVicFhQZGJWOWZoNEk0NjlJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwQM1MA0G
CSqGSIb3DQEBCwUAA4IBAQCbnzCpULs7ei/PIaZE5zPSgmCCVe0P2wwmwobRNAJV
anPaxPQp3XBScwbdZrgc2MjAZjXgSRioTeCEdJe+sEr4mC7nJ2AULtJxSb4p8YOl
a30ysz0o2E0BchKGhEEnOuWFFRrw4DyiJVbkr9443HGweLJaYBj016TAgFwH56UZ
Yt/N3tmN9oXUOATL1jwTq3DCh82ym2vpWr/EUArP5ODle4ceT+dr1KN7tL6WTgJ0
P9YOR1Jtdoj3/+RfokLPRewLFOm0BhYLO910Ld26FvzuC14eJJEtWT3i8wLc1oVE
UE73w2QoLXETVUo70X/ZmYH7IN/pbOY9Igxp2ILPACtc
-----END CERTIFICATE-----