Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/6c0530-1074-4b35-be0c-cd7d61913288/1/WIDm3PPjv4BfL9mlLDSqy7LaiQs.roa
File:                     WIDm3PPjv4BfL9mlLDSqy7LaiQs.roa (raw, json)
Hash identifier:          g2ssmiqwGQuGyAi3l4HzDEXnN4mTTAuAFrlyy5sWSWo=
Subject key identifier:   58:80:E6:DC:F3:E3:BF:80:5F:2F:D9:A5:2C:34:AA:CB:B2:DA:89:0B
Certificate issuer:       /CN=72c26abc9e06c1afef9b5fd2da40412e7aee6b47
Certificate serial:       018CC9BB0A855C5CDD7FBE6F2D9488A75A37
Authority key identifier: 72:C2:6A:BC:9E:06:C1:AF:EF:9B:5F:D2:DA:40:41:2E:7A:EE:6B:47
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/csJqvJ4Gwa_vm1_S2kBBLnrua0c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/6c0530-1074-4b35-be0c-cd7d61913288/1/WIDm3PPjv4BfL9mlLDSqy7LaiQs.roa
Signing time:             Tue 02 Jan 2024 10:32:07 +0000
ROA not before:           Tue 02 Jan 2024 10:32:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     5405
IP address blocks:        45.153.82.0/23 maxlen: 24
                          45.153.81.0/24 maxlen: 24
                          91.247.160.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/6c0530-1074-4b35-be0c-cd7d61913288/1/csJqvJ4Gwa_vm1_S2kBBLnrua0c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/6c0530-1074-4b35-be0c-cd7d61913288/1/csJqvJ4Gwa_vm1_S2kBBLnrua0c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/csJqvJ4Gwa_vm1_S2kBBLnrua0c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 09 Jun 2024 07:00:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bb:0a:85:5c:5c:dd:7f:be:6f:2d:94:88:a7:5a:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72c26abc9e06c1afef9b5fd2da40412e7aee6b47
        Validity
            Not Before: Jan  2 10:32:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5880e6dcf3e3bf805f2fd9a52c34aacbb2da890b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:45:88:58:4c:f4:f6:4b:1d:1e:90:f9:34:8e:
                    d1:a4:ed:72:ff:fa:41:81:66:13:42:9a:75:35:eb:
                    80:13:d9:bf:92:d4:d0:38:33:37:de:e0:0a:b5:9d:
                    43:c3:4d:16:27:52:e4:1d:ba:8d:f0:64:5e:26:e3:
                    18:1b:d7:c4:f8:cc:73:88:fe:dd:74:8e:6c:aa:9c:
                    cd:9d:d7:a9:31:3c:2a:5a:3b:32:4d:ed:5c:e8:21:
                    eb:ad:2e:6e:11:35:d5:6b:d6:95:49:92:69:3f:8c:
                    8c:59:fc:ac:25:59:d6:b8:24:74:91:e5:dd:bf:e0:
                    39:0d:90:39:3b:7d:fe:e2:1a:20:6f:72:ff:a6:b9:
                    05:65:cf:17:b1:31:8b:7e:0d:a2:87:de:b5:d1:54:
                    f0:9f:32:12:a4:51:b2:b7:06:88:da:66:ae:10:4b:
                    a9:ff:db:8b:9d:5c:83:20:53:1f:82:b6:73:8f:ca:
                    88:86:18:dc:3f:55:80:70:a6:53:92:87:23:2d:95:
                    55:8e:69:56:05:05:43:6e:5f:93:d0:28:a2:6a:17:
                    4d:0d:0d:22:fa:0a:d2:d6:a6:20:63:2b:a5:c3:fb:
                    64:12:c1:fa:09:9a:95:06:05:e4:95:b3:9f:a0:6f:
                    72:29:9d:8e:da:6e:0f:75:21:3f:34:67:d7:5d:56:
                    42:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:80:E6:DC:F3:E3:BF:80:5F:2F:D9:A5:2C:34:AA:CB:B2:DA:89:0B
            X509v3 Authority Key Identifier:
                keyid:72:C2:6A:BC:9E:06:C1:AF:EF:9B:5F:D2:DA:40:41:2E:7A:EE:6B:47

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/csJqvJ4Gwa_vm1_S2kBBLnrua0c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/6c0530-1074-4b35-be0c-cd7d61913288/1/WIDm3PPjv4BfL9mlLDSqy7LaiQs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/6c0530-1074-4b35-be0c-cd7d61913288/1/csJqvJ4Gwa_vm1_S2kBBLnrua0c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.153.81.0-45.153.83.255
                  91.247.160.0/24

    Signature Algorithm: sha256WithRSAEncryption
         39:99:01:12:68:97:7e:cd:55:12:0e:49:56:eb:c9:9c:03:52:
         3d:01:c3:20:82:75:de:61:52:b1:c0:fa:29:aa:bf:45:a8:f0:
         36:03:bd:8a:99:56:06:48:42:20:03:d1:b7:98:e6:ee:06:4e:
         f2:3a:91:85:c5:69:65:c6:23:5e:9f:15:c3:33:42:cf:6b:7b:
         2f:cd:38:97:a6:f0:f2:63:47:ea:88:7f:59:6b:63:7a:38:20:
         c5:91:3c:f6:4c:c9:da:d0:52:05:91:b1:81:98:09:c3:0a:e8:
         f0:be:a1:25:0a:1e:32:d0:b0:5a:a4:22:61:7e:b3:ca:0c:c4:
         1c:67:6d:7d:3d:08:78:78:64:55:d8:2f:d7:99:38:11:00:db:
         2f:ec:cd:2e:1e:c2:12:55:59:2d:8a:48:53:50:a0:c2:77:2e:
         4e:3d:0d:9f:23:ad:05:c6:49:dc:70:14:47:81:91:94:7d:48:
         09:b1:48:e2:31:d6:43:c8:37:28:d9:c2:34:c4:d5:38:fb:39:
         9f:29:a2:a2:ea:3a:ac:36:7a:46:67:35:6e:b1:83:88:01:ba:
         9f:8e:05:50:2a:3f:48:2e:e6:49:f3:c8:b9:5f:70:fc:fb:4c:
         08:c3:86:9e:97:14:9f:d9:17:e5:45:4c:7b:2e:a8:45:01:ea:
         9e:5b:af:48
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAYzJuwqFXFzdf75vLZSIp1o3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyYzI2YWJjOWUwNmMxYWZlZjliNWZkMmRhNDA0MTJlN2Fl
ZTZiNDcwHhcNMjQwMTAyMTAzMjA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ODgwZTZkY2YzZTNiZjgwNWYyZmQ5YTUyYzM0YWFjYmIyZGE4OTBiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjEWIWEz09ksdHpD5NI7RpO1y//pB
gWYTQpp1NeuAE9m/ktTQODM33uAKtZ1Dw00WJ1LkHbqN8GReJuMYG9fE+MxziP7d
dI5sqpzNndepMTwqWjsyTe1c6CHrrS5uETXVa9aVSZJpP4yMWfysJVnWuCR0keXd
v+A5DZA5O33+4hogb3L/prkFZc8XsTGLfg2ih9610VTwnzISpFGytwaI2mauEEup
/9uLnVyDIFMfgrZzj8qIhhjcP1WAcKZTkocjLZVVjmlWBQVDbl+T0CiiahdNDQ0i
+grS1qYgYyulw/tkEsH6CZqVBgXklbOfoG9yKZ2O2m4PdSE/NGfXXVZCwQIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFFiA5tzz47+AXy/ZpSw0qsuy2okLMB8GA1UdIwQY
MBaAFHLCaryeBsGv75tf0tpAQS567mtHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY3NKcXZKNEd3YV92bTFfUzJrQkJMbnJ1YTBjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny82YzA1MzAtMTA3NC00YjM1LWJlMGMt
Y2Q3ZDYxOTEzMjg4LzEvV0lEbTNQUGp2NEJmTDltbExEU3F5N0xhaVFzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny82YzA1MzAtMTA3NC00YjM1LWJlMGMtY2Q3ZDYxOTEzMjg4
LzEvY3NKcXZKNEd3YV92bTFfUzJrQkJMbnJ1YTBjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUMAwDBAAtmVED
BAItmVADBABb96AwDQYJKoZIhvcNAQELBQADggEBADmZARJol37NVRIOSVbryZwD
Uj0BwyCCdd5hUrHA+imqv0Wo8DYDvYqZVgZIQiAD0beY5u4GTvI6kYXFaWXGI16f
FcMzQs9rey/NOJem8PJjR+qIf1lrY3o4IMWRPPZMydrQUgWRsYGYCcMK6PC+oSUK
HjLQsFqkImF+s8oMxBxnbX09CHh4ZFXYL9eZOBEA2y/szS4ewhJVWS2KSFNQoMJ3
Lk49DZ8jrQXGSdxwFEeBkZR9SAmxSOIx1kPINyjZwjTE1Tj7OZ8poqLqOqw2ekZn
NW6xg4gBup+OBVAqP0gu5knzyLlfcPz7TAjDhp6XFJ/ZF+VFTHsuqEUB6p5br0g=
-----END CERTIFICATE-----