Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/a573fe-6e0e-4bff-99fc-2621d5c99cab/1/WO8CC1bQiYKRTUh2PpE1oH0WSMQ.roa
File:                     WO8CC1bQiYKRTUh2PpE1oH0WSMQ.roa (raw, json)
Hash identifier:          nMViXqwOYG1R0zYLbB3RNt6Y4a4tnW0J8OdzxZQ/asY=
Subject key identifier:   58:EF:02:0B:56:D0:89:82:91:4D:48:76:3E:91:35:A0:7D:16:48:C4
Certificate issuer:       /CN=dbe8cc8f5af1e7362d454f3dd91a82952919db61
Certificate serial:       018DCB70EDCD925E0912EBB62DFA11FE5F37
Authority key identifier: DB:E8:CC:8F:5A:F1:E7:36:2D:45:4F:3D:D9:1A:82:95:29:19:DB:61
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2-jMj1rx5zYtRU892RqClSkZ22E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/a573fe-6e0e-4bff-99fc-2621d5c99cab/1/WO8CC1bQiYKRTUh2PpE1oH0WSMQ.roa
Signing time:             Wed 21 Feb 2024 11:33:12 +0000
ROA not before:           Wed 21 Feb 2024 11:33:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     393427
IP address blocks:        88.135.96.0/20 maxlen: 24
                          94.26.110.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/a573fe-6e0e-4bff-99fc-2621d5c99cab/1/2-jMj1rx5zYtRU892RqClSkZ22E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/a573fe-6e0e-4bff-99fc-2621d5c99cab/1/2-jMj1rx5zYtRU892RqClSkZ22E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2-jMj1rx5zYtRU892RqClSkZ22E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 23 May 2024 14:15:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:cb:70:ed:cd:92:5e:09:12:eb:b6:2d:fa:11:fe:5f:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dbe8cc8f5af1e7362d454f3dd91a82952919db61
        Validity
            Not Before: Feb 21 11:33:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=58ef020b56d08982914d48763e9135a07d1648c4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:bb:12:c0:65:41:23:f3:02:02:bc:58:56:fc:
                    69:3d:10:c7:d7:85:25:91:a4:7e:02:24:f9:69:d3:
                    ee:ef:a0:21:e7:58:4b:13:29:82:ad:bf:32:aa:6f:
                    06:b2:67:94:22:d6:30:1c:71:0b:dc:65:f2:ac:55:
                    62:c9:e6:7a:d3:57:86:68:c3:7c:19:d7:e1:c1:27:
                    66:d9:21:08:4c:92:2d:16:d0:df:60:bf:1c:c9:7b:
                    31:76:ba:52:47:61:ea:45:e9:97:2d:34:40:05:77:
                    34:e6:c4:dd:8c:24:4e:d9:60:d7:4f:41:05:c4:1a:
                    f4:17:33:cd:81:3b:8f:08:7e:dd:34:14:51:f3:e8:
                    18:b0:b7:ec:c3:4a:ec:37:8e:ed:67:ef:72:ce:01:
                    99:b4:3f:4a:73:bd:85:ed:9e:d9:4f:59:80:fb:65:
                    98:aa:b5:50:60:0a:d8:62:87:88:95:96:ff:4a:4d:
                    53:cb:6d:3c:5e:fb:dc:ef:77:06:71:c0:0c:91:4d:
                    27:74:e9:fe:c9:82:a3:3c:80:d3:90:b4:95:79:49:
                    28:f1:d4:66:1f:10:76:78:0b:68:ab:7e:12:3d:97:
                    40:b1:a4:3f:9b:4f:6c:4d:24:96:d6:ad:73:46:48:
                    6c:57:bc:85:3d:46:e5:a1:d1:7d:54:7a:c0:0f:ef:
                    84:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:EF:02:0B:56:D0:89:82:91:4D:48:76:3E:91:35:A0:7D:16:48:C4
            X509v3 Authority Key Identifier:
                keyid:DB:E8:CC:8F:5A:F1:E7:36:2D:45:4F:3D:D9:1A:82:95:29:19:DB:61

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2-jMj1rx5zYtRU892RqClSkZ22E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/a573fe-6e0e-4bff-99fc-2621d5c99cab/1/WO8CC1bQiYKRTUh2PpE1oH0WSMQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/a573fe-6e0e-4bff-99fc-2621d5c99cab/1/2-jMj1rx5zYtRU892RqClSkZ22E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.135.96.0/20
                  94.26.110.0/23

    Signature Algorithm: sha256WithRSAEncryption
         d4:ff:b6:9b:d9:5a:68:db:58:85:09:a3:ca:a9:a8:64:6c:3c:
         28:5c:c2:dc:4b:7f:49:56:ee:f2:91:4a:c5:2d:81:97:87:66:
         64:b9:1e:be:f1:65:36:ed:27:39:68:5a:b9:53:6e:bd:da:2c:
         dc:77:41:9f:65:43:98:e5:e3:8d:06:dc:66:a8:e0:47:55:61:
         e5:cc:44:f3:a0:ce:d2:69:38:9b:96:cb:ce:00:8c:a7:eb:29:
         67:d5:60:d5:c2:4a:82:c9:3e:70:37:26:57:3b:c2:0f:e5:11:
         ca:d5:9f:7a:89:1d:19:13:9b:d7:d8:31:16:e0:4d:5e:1c:f4:
         11:0e:01:60:3f:99:3f:58:d6:38:b4:68:99:44:e3:b9:9c:45:
         02:30:72:29:24:27:69:6b:07:4d:e2:de:86:38:ed:89:8c:b0:
         da:72:97:49:04:2e:1b:98:5e:42:78:1c:c2:19:03:44:4f:3e:
         b0:0a:81:7e:de:16:81:a6:12:29:6a:0c:60:90:90:02:bc:30:
         58:e0:a4:c2:c5:03:9e:b7:5c:61:9d:d0:d9:e9:d9:fd:89:52:
         ac:7c:2d:b1:89:7d:58:f4:22:e1:47:c8:3d:a0:65:23:43:6a:
         0a:aa:03:46:fa:6a:68:f4:0e:17:b8:80:01:cd:7e:3f:bd:db:
         fb:9f:83:55
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY3LcO3Nkl4JEuu2LfoR/l83MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRiZThjYzhmNWFmMWU3MzYyZDQ1NGYzZGQ5MWE4Mjk1Mjkx
OWRiNjEwHhcNMjQwMjIxMTEzMzEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OGVmMDIwYjU2ZDA4OTgyOTE0ZDQ4NzYzZTkxMzVhMDdkMTY0OGM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzbsSwGVBI/MCArxYVvxpPRDH14Ul
kaR+AiT5adPu76Ah51hLEymCrb8yqm8GsmeUItYwHHEL3GXyrFViyeZ601eGaMN8
GdfhwSdm2SEITJItFtDfYL8cyXsxdrpSR2HqRemXLTRABXc05sTdjCRO2WDXT0EF
xBr0FzPNgTuPCH7dNBRR8+gYsLfsw0rsN47tZ+9yzgGZtD9Kc72F7Z7ZT1mA+2WY
qrVQYArYYoeIlZb/Sk1Ty208Xvvc73cGccAMkU0ndOn+yYKjPIDTkLSVeUko8dRm
HxB2eAtoq34SPZdAsaQ/m09sTSSW1q1zRkhsV7yFPUblodF9VHrAD++EDwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFFjvAgtW0ImCkU1Idj6RNaB9FkjEMB8GA1UdIwQY
MBaAFNvozI9a8ec2LUVPPdkagpUpGdthMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMi1qTWoxcng1ell0UlU4OTJScUNsU2taMjJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC9hNTczZmUtNmUwZS00YmZmLTk5ZmMt
MjYyMWQ1Yzk5Y2FiLzEvV084Q0MxYlFpWUtSVFVoMlBwRTFvSDBXU01RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC9hNTczZmUtNmUwZS00YmZmLTk5ZmMtMjYyMWQ1Yzk5Y2Fi
LzEvMi1qTWoxcng1ell0UlU4OTJScUNsU2taMjJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQEWIdgAwQB
XhpuMA0GCSqGSIb3DQEBCwUAA4IBAQDU/7ab2Vpo21iFCaPKqahkbDwoXMLcS39J
Vu7ykUrFLYGXh2ZkuR6+8WU27Sc5aFq5U2692izcd0GfZUOY5eONBtxmqOBHVWHl
zETzoM7SaTiblsvOAIyn6yln1WDVwkqCyT5wNyZXO8IP5RHK1Z96iR0ZE5vX2DEW
4E1eHPQRDgFgP5k/WNY4tGiZROO5nEUCMHIpJCdpawdN4t6GOO2JjLDacpdJBC4b
mF5CeBzCGQNETz6wCoF+3haBphIpagxgkJACvDBY4KTCxQOet1xhndDZ6dn9iVKs
fC2xiX1Y9CLhR8g9oGUjQ2oKqgNG+mpo9A4XuIABzX4/vdv7n4NV
-----END CERTIFICATE-----