Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/77/672883-feb4-414f-9d00-4d9127fba3ad/1/WIDqbDEiPCoSt2zexCylTpSTy30.roa
File:                     WIDqbDEiPCoSt2zexCylTpSTy30.roa (raw, json)
Hash identifier:          AXsJUyUMdtiaQdZCK7VY6RAFk6C3Rrqm+5tqcEaVP4U=
Subject key identifier:   58:80:EA:6C:31:22:3C:2A:12:B7:6C:DE:C4:2C:A5:4E:94:93:CB:7D
Certificate issuer:       /CN=c3abdcc49f7d9033b52904679f3c9b783d8c1358
Certificate serial:       018EC425C1346847D893094CDCB277ED1173
Authority key identifier: C3:AB:DC:C4:9F:7D:90:33:B5:29:04:67:9F:3C:9B:78:3D:8C:13:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w6vcxJ99kDO1KQRnnzybeD2ME1g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/77/672883-feb4-414f-9d00-4d9127fba3ad/1/WIDqbDEiPCoSt2zexCylTpSTy30.roa
Signing time:             Tue 09 Apr 2024 18:36:32 +0000
ROA not before:           Tue 09 Apr 2024 18:36:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     59729
IP address blocks:        5.42.210.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/77/672883-feb4-414f-9d00-4d9127fba3ad/1/w6vcxJ99kDO1KQRnnzybeD2ME1g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/77/672883-feb4-414f-9d00-4d9127fba3ad/1/w6vcxJ99kDO1KQRnnzybeD2ME1g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/w6vcxJ99kDO1KQRnnzybeD2ME1g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:c4:25:c1:34:68:47:d8:93:09:4c:dc:b2:77:ed:11:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c3abdcc49f7d9033b52904679f3c9b783d8c1358
        Validity
            Not Before: Apr  9 18:36:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5880ea6c31223c2a12b76cdec42ca54e9493cb7d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:43:48:f2:86:0b:f6:75:d8:7e:0c:72:0c:44:
                    62:0b:f8:a7:94:0a:ed:38:56:b4:d6:14:c0:4d:4b:
                    70:63:1d:a4:75:2e:11:83:46:8b:7a:1e:a4:fc:6a:
                    93:32:22:10:96:82:57:5f:14:e3:e4:02:61:39:6a:
                    38:09:fe:2e:67:48:9b:3d:5c:14:70:1b:ad:4d:f5:
                    96:4e:fa:05:16:c4:57:0a:43:db:e4:ea:95:cc:34:
                    95:a7:85:51:04:94:bb:d4:4a:9f:bf:d9:43:fc:fa:
                    d3:b8:48:94:7f:b0:64:4b:ce:40:5f:ec:0b:39:0d:
                    6c:66:a0:45:c7:6a:29:42:fa:cc:ad:77:f7:73:33:
                    47:69:d2:80:a9:9f:6a:d1:38:17:7d:ad:43:eb:1c:
                    54:14:ae:45:7d:ef:8d:f4:ab:e1:85:af:1e:6f:37:
                    65:94:d6:49:54:b4:69:1e:8e:95:2b:0f:6b:84:b3:
                    f0:a8:e6:c5:15:c4:e3:d6:f6:65:56:bf:de:2e:d3:
                    58:94:2f:be:01:85:8f:d2:e4:a0:d6:31:14:39:6d:
                    ef:92:f6:e2:a1:56:31:27:f3:d5:31:87:b5:85:cd:
                    81:5a:c1:cf:dc:e2:2f:06:cb:70:d7:89:9f:87:b2:
                    8f:fd:3e:d6:e4:f5:ed:a2:fa:e0:de:90:37:54:4c:
                    13:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:80:EA:6C:31:22:3C:2A:12:B7:6C:DE:C4:2C:A5:4E:94:93:CB:7D
            X509v3 Authority Key Identifier:
                keyid:C3:AB:DC:C4:9F:7D:90:33:B5:29:04:67:9F:3C:9B:78:3D:8C:13:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w6vcxJ99kDO1KQRnnzybeD2ME1g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/77/672883-feb4-414f-9d00-4d9127fba3ad/1/WIDqbDEiPCoSt2zexCylTpSTy30.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/77/672883-feb4-414f-9d00-4d9127fba3ad/1/w6vcxJ99kDO1KQRnnzybeD2ME1g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.42.210.0/24

    Signature Algorithm: sha256WithRSAEncryption
         81:00:b9:00:97:1e:68:23:8a:98:8d:cd:06:95:91:bc:5e:6e:
         41:5f:09:5f:59:82:70:21:90:c7:4f:d1:b2:4d:7d:de:1b:31:
         38:64:b2:fc:60:59:a7:df:ab:e6:c7:d1:c9:a6:0f:8b:e5:bd:
         8e:e3:c5:5b:c7:e5:c9:23:e8:a5:fd:21:4d:22:6b:8d:43:34:
         4a:43:20:b6:50:97:05:53:37:9d:8f:5a:d2:5f:5c:43:a1:14:
         62:d5:ba:25:51:e3:6a:53:11:b1:66:82:dd:e1:b1:cb:2f:48:
         63:15:86:10:5d:5f:d0:da:b0:a3:d0:34:00:15:e0:92:57:0d:
         8e:8a:2f:c5:ed:da:29:9d:92:7f:eb:3f:9a:98:15:2a:4c:d4:
         8e:67:4f:04:5f:e1:b4:5b:1e:33:87:19:0f:e7:73:26:4d:5f:
         08:c2:58:63:5d:3f:3a:c5:25:5f:72:59:5c:82:09:be:b3:e0:
         b4:dc:5b:31:ed:0b:ee:dd:97:d2:e4:c3:2e:97:45:d8:6f:9b:
         4b:fb:2a:f2:32:f9:b7:e0:c2:d6:21:c0:90:63:78:55:7a:d7:
         71:de:91:bd:e7:c2:2e:c9:3f:c0:eb:4c:e1:9c:30:41:a3:2c:
         38:10:6c:72:53:4c:8b:32:a5:c7:2b:8f:73:cf:4c:b2:0b:a7:
         fe:75:ae:9f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY7EJcE0aEfYkwlM3LJ37RFzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzYWJkY2M0OWY3ZDkwMzNiNTI5MDQ2NzlmM2M5Yjc4M2Q4
YzEzNTgwHhcNMjQwNDA5MTgzNjMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ODgwZWE2YzMxMjIzYzJhMTJiNzZjZGVjNDJjYTU0ZTk0OTNjYjdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqkNI8oYL9nXYfgxyDERiC/inlArt
OFa01hTATUtwYx2kdS4Rg0aLeh6k/GqTMiIQloJXXxTj5AJhOWo4Cf4uZ0ibPVwU
cButTfWWTvoFFsRXCkPb5OqVzDSVp4VRBJS71Eqfv9lD/PrTuEiUf7BkS85AX+wL
OQ1sZqBFx2opQvrMrXf3czNHadKAqZ9q0TgXfa1D6xxUFK5Ffe+N9Kvhha8ebzdl
lNZJVLRpHo6VKw9rhLPwqObFFcTj1vZlVr/eLtNYlC++AYWP0uSg1jEUOW3vkvbi
oVYxJ/PVMYe1hc2BWsHP3OIvBstw14mfh7KP/T7W5PXtovrg3pA3VEwT7wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFiA6mwxIjwqErds3sQspU6Uk8t9MB8GA1UdIwQY
MBaAFMOr3MSffZAztSkEZ588m3g9jBNYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzZ2Y3hKOTlrRE8xS1FSbm56eWJlRDJNRTFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ny82NzI4ODMtZmViNC00MTRmLTlkMDAt
NGQ5MTI3ZmJhM2FkLzEvV0lEcWJERWlQQ29TdDJ6ZXhDeWxUcFNUeTMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ny82NzI4ODMtZmViNC00MTRmLTlkMDAtNGQ5MTI3ZmJhM2Fk
LzEvdzZ2Y3hKOTlrRE8xS1FSbm56eWJlRDJNRTFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABSrSMA0G
CSqGSIb3DQEBCwUAA4IBAQCBALkAlx5oI4qYjc0GlZG8Xm5BXwlfWYJwIZDHT9Gy
TX3eGzE4ZLL8YFmn36vmx9HJpg+L5b2O48Vbx+XJI+il/SFNImuNQzRKQyC2UJcF
Uzedj1rSX1xDoRRi1bolUeNqUxGxZoLd4bHLL0hjFYYQXV/Q2rCj0DQAFeCSVw2O
ii/F7dopnZJ/6z+amBUqTNSOZ08EX+G0Wx4zhxkP53MmTV8IwlhjXT86xSVfcllc
ggm+s+C03Fsx7Qvu3ZfS5MMul0XYb5tL+yryMvm34MLWIcCQY3hVetdx3pG958Iu
yT/A60zhnDBBoyw4EGxyU0yLMqXHK49zz0yyC6f+da6f
-----END CERTIFICATE-----