Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/84/4f1b27-326a-4679-a64b-da6153885f3b/1/LWvpP8ZMOjWYlfcaz6NCJsrkhD0.roa
File:                     LWvpP8ZMOjWYlfcaz6NCJsrkhD0.roa (raw, json)
Hash identifier:          NCH3zQIL/Zva4PyYhhUtJw6vz0zf7xhKkLxo/0iU8kg=
Subject key identifier:   2D:6B:E9:3F:C6:4C:3A:35:98:95:F7:1A:CF:A3:42:26:CA:E4:84:3D
Certificate issuer:       /CN=583d76051017d0afa915fcfb790a00f4667b0a88
Certificate serial:       018CCA2B82D5E2A4643ABDF3991A3A92B63B
Authority key identifier: 58:3D:76:05:10:17:D0:AF:A9:15:FC:FB:79:0A:00:F4:66:7B:0A:88
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WD12BRAX0K-pFfz7eQoA9GZ7Cog.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/84/4f1b27-326a-4679-a64b-da6153885f3b/1/LWvpP8ZMOjWYlfcaz6NCJsrkhD0.roa
Signing time:             Tue 02 Jan 2024 12:34:58 +0000
ROA not before:           Tue 02 Jan 2024 12:34:58 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     59441
IP address blocks:        194.225.78.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/84/4f1b27-326a-4679-a64b-da6153885f3b/1/WD12BRAX0K-pFfz7eQoA9GZ7Cog.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/84/4f1b27-326a-4679-a64b-da6153885f3b/1/WD12BRAX0K-pFfz7eQoA9GZ7Cog.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WD12BRAX0K-pFfz7eQoA9GZ7Cog.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 04 Jun 2024 18:54:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:82:d5:e2:a4:64:3a:bd:f3:99:1a:3a:92:b6:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=583d76051017d0afa915fcfb790a00f4667b0a88
        Validity
            Not Before: Jan  2 12:34:58 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2d6be93fc64c3a359895f71acfa34226cae4843d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:8a:f5:4f:e5:48:16:1d:fb:bb:24:59:64:69:
                    ff:a9:56:1c:4f:1e:a7:df:cb:04:a0:ed:8c:3d:c5:
                    bf:3d:e4:df:ac:6c:16:24:ca:ec:79:ec:47:a6:4d:
                    03:6b:85:15:0d:d1:b0:d8:96:cd:84:45:d7:9b:56:
                    6d:57:a0:a1:d7:46:88:c9:80:c9:4d:04:27:2d:85:
                    29:0e:47:c9:e2:ec:9a:1a:3d:41:45:64:5d:3d:cd:
                    9e:33:6a:3d:27:fb:fe:5d:11:50:44:df:74:ef:c9:
                    d3:25:f1:55:8f:53:68:a7:77:75:a8:51:00:52:d0:
                    be:c2:95:9c:39:06:17:8d:b1:e9:99:cc:d5:48:5a:
                    5a:db:9e:0e:39:a6:e1:cc:05:c1:00:e4:d9:da:0a:
                    22:22:7e:3a:a6:06:5f:63:41:16:21:7b:02:7b:44:
                    99:e4:43:df:c3:64:52:d3:32:a1:c2:60:85:ed:d2:
                    be:df:a3:92:a3:f7:a0:c5:34:be:66:82:93:7a:0f:
                    38:e7:8b:4a:83:4a:e0:ee:c6:a4:07:86:cf:d1:09:
                    74:98:a2:de:7b:83:36:fa:f2:b0:5f:e7:c4:97:de:
                    8c:b0:4c:00:1c:6d:cf:b4:d4:1a:f7:10:c2:44:35:
                    36:84:8a:d4:02:ad:63:8b:d9:47:30:87:34:91:21:
                    a1:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:6B:E9:3F:C6:4C:3A:35:98:95:F7:1A:CF:A3:42:26:CA:E4:84:3D
            X509v3 Authority Key Identifier:
                keyid:58:3D:76:05:10:17:D0:AF:A9:15:FC:FB:79:0A:00:F4:66:7B:0A:88

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WD12BRAX0K-pFfz7eQoA9GZ7Cog.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/84/4f1b27-326a-4679-a64b-da6153885f3b/1/LWvpP8ZMOjWYlfcaz6NCJsrkhD0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/84/4f1b27-326a-4679-a64b-da6153885f3b/1/WD12BRAX0K-pFfz7eQoA9GZ7Cog.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.225.78.0/24

    Signature Algorithm: sha256WithRSAEncryption
         37:13:13:9b:9d:66:ff:eb:b6:be:ab:f0:bc:4d:0a:33:d7:56:
         0c:d9:99:67:07:e9:ce:c2:4b:00:36:64:96:b9:4a:42:a0:37:
         a1:22:ff:f4:5d:b5:23:3a:f3:fa:ed:d3:36:01:ee:54:e6:f9:
         50:77:87:14:48:67:75:90:aa:90:21:a4:20:75:29:91:7c:db:
         5a:64:5e:93:65:24:51:6d:6d:dd:3d:98:81:37:fe:77:c0:05:
         ab:f3:da:d5:ea:82:36:00:cd:79:b1:72:22:72:e2:03:e4:8c:
         ef:2f:f3:20:ef:00:b6:2a:cc:37:93:fd:94:12:23:14:4b:0a:
         23:6b:d3:4c:81:41:21:41:29:91:55:0d:7e:f9:e6:67:d7:6d:
         a6:c1:8c:4e:b0:86:da:35:0b:37:d5:8e:cf:93:b0:e8:bd:01:
         88:60:f1:96:5d:4a:48:10:cb:02:83:94:21:07:c4:3b:7d:77:
         10:af:7c:4d:56:5c:e2:fe:ad:9c:d5:82:e7:8c:f1:bf:e5:f0:
         4c:45:9c:28:ff:8e:e4:44:89:68:9e:c1:85:e8:54:d3:fc:90:
         bd:f0:35:a4:c8:f0:9c:a0:e8:d8:d2:7f:51:fb:89:1d:26:b4:
         cd:01:7b:6d:67:f6:eb:79:7a:ef:89:f0:2c:8d:94:a9:c1:87:
         5c:c5:05:7a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKK4LV4qRkOr3zmRo6krY7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4M2Q3NjA1MTAxN2QwYWZhOTE1ZmNmYjc5MGEwMGY0NjY3
YjBhODgwHhcNMjQwMTAyMTIzNDU4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZDZiZTkzZmM2NGMzYTM1OTg5NWY3MWFjZmEzNDIyNmNhZTQ4NDNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoYr1T+VIFh37uyRZZGn/qVYcTx6n
38sEoO2MPcW/PeTfrGwWJMrseexHpk0Da4UVDdGw2JbNhEXXm1ZtV6Ch10aIyYDJ
TQQnLYUpDkfJ4uyaGj1BRWRdPc2eM2o9J/v+XRFQRN9078nTJfFVj1Nop3d1qFEA
UtC+wpWcOQYXjbHpmczVSFpa254OOabhzAXBAOTZ2goiIn46pgZfY0EWIXsCe0SZ
5EPfw2RS0zKhwmCF7dK+36OSo/egxTS+ZoKTeg8454tKg0rg7sakB4bP0Ql0mKLe
e4M2+vKwX+fEl96MsEwAHG3PtNQa9xDCRDU2hIrUAq1ji9lHMIc0kSGhtwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC1r6T/GTDo1mJX3Gs+jQibK5IQ9MB8GA1UdIwQY
MBaAFFg9dgUQF9CvqRX8+3kKAPRmewqIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0QxMkJSQVgwSy1wRmZ6N2VRb0E5R1o3Q29nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NC80ZjFiMjctMzI2YS00Njc5LWE2NGIt
ZGE2MTUzODg1ZjNiLzEvTFd2cFA4Wk1PaldZbGZjYXo2TkNKc3JraEQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NC80ZjFiMjctMzI2YS00Njc5LWE2NGItZGE2MTUzODg1ZjNi
LzEvV0QxMkJSQVgwSy1wRmZ6N2VRb0E5R1o3Q29nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwuFOMA0G
CSqGSIb3DQEBCwUAA4IBAQA3ExObnWb/67a+q/C8TQoz11YM2ZlnB+nOwksANmSW
uUpCoDehIv/0XbUjOvP67dM2Ae5U5vlQd4cUSGd1kKqQIaQgdSmRfNtaZF6TZSRR
bW3dPZiBN/53wAWr89rV6oI2AM15sXIicuID5IzvL/Mg7wC2Ksw3k/2UEiMUSwoj
a9NMgUEhQSmRVQ1++eZn122mwYxOsIbaNQs31Y7Pk7DovQGIYPGWXUpIEMsCg5Qh
B8Q7fXcQr3xNVlzi/q2c1YLnjPG/5fBMRZwo/47kRIlonsGF6FTT/JC98DWkyPCc
oOjY0n9R+4kdJrTNAXttZ/breXrvifAsjZSpwYdcxQV6
-----END CERTIFICATE-----