Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/93/be863f-b33b-4334-bbd2-4094106786a9/1/Op0vKBUQInXuyBsU97if5paLPQ8.roa
File:                     Op0vKBUQInXuyBsU97if5paLPQ8.roa (raw, json)
Hash identifier:          sii01+xRNVQpjta4oh1VLBNI3qdLwnrZZgxHggjw93M=
Subject key identifier:   3A:9D:2F:28:15:10:22:75:EE:C8:1B:14:F7:B8:9F:E6:96:8B:3D:0F
Certificate issuer:       /CN=58cbfe0834f8e66512f55bd78cc075b7ed56f409
Certificate serial:       018F344039C4E3EF40000FA21C91909C1599
Authority key identifier: 58:CB:FE:08:34:F8:E6:65:12:F5:5B:D7:8C:C0:75:B7:ED:56:F4:09
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WMv-CDT45mUS9VvXjMB1t-1W9Ak.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/93/be863f-b33b-4334-bbd2-4094106786a9/1/Op0vKBUQInXuyBsU97if5paLPQ8.roa
Signing time:             Wed 01 May 2024 13:02:55 +0000
ROA not before:           Wed 01 May 2024 13:02:55 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     4913
IP address blocks:        79.140.192.0/20 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/93/be863f-b33b-4334-bbd2-4094106786a9/1/WMv-CDT45mUS9VvXjMB1t-1W9Ak.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/93/be863f-b33b-4334-bbd2-4094106786a9/1/WMv-CDT45mUS9VvXjMB1t-1W9Ak.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WMv-CDT45mUS9VvXjMB1t-1W9Ak.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 07:02:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:34:40:39:c4:e3:ef:40:00:0f:a2:1c:91:90:9c:15:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=58cbfe0834f8e66512f55bd78cc075b7ed56f409
        Validity
            Not Before: May  1 13:02:55 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3a9d2f2815102275eec81b14f7b89fe6968b3d0f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:0b:c7:d7:56:ed:58:f8:dd:95:75:8a:c0:40:
                    8e:f2:d6:55:57:b8:21:cc:a9:22:ba:bd:87:81:d0:
                    87:52:69:0e:ad:6b:10:8c:ed:c2:1f:2d:ed:de:f9:
                    ee:12:8e:d1:b6:90:65:ca:02:4b:77:bc:40:77:23:
                    d4:2c:08:82:6c:c2:9c:4e:1c:a0:4e:47:10:e5:1e:
                    e2:17:93:c2:05:f8:ab:1f:cd:05:43:20:bd:6d:5b:
                    e1:05:c9:d1:93:e0:17:f5:43:f2:15:2a:90:c3:a7:
                    23:63:78:be:3e:c7:9c:b1:b0:82:d8:b2:3d:91:83:
                    ad:09:3e:25:27:bc:41:7b:af:76:59:0a:00:51:56:
                    c8:38:8c:b9:fc:b9:4d:eb:8b:4f:df:71:96:ad:9f:
                    f3:e7:7d:80:e2:b5:fa:83:7e:3b:da:57:66:53:1d:
                    ad:ed:2d:11:3b:38:07:f1:de:7c:44:70:dd:32:ce:
                    0a:cf:06:5a:e4:05:86:af:78:ff:4e:be:b0:3a:9c:
                    80:99:c7:8c:a0:4f:e6:1e:4c:c3:0c:94:9a:51:db:
                    1c:a7:b3:e9:d6:7e:df:6c:b1:bb:5f:b1:70:c6:04:
                    17:0f:e6:39:f7:e7:23:5c:9b:59:88:95:bd:c1:62:
                    76:a6:ff:80:14:6a:34:3a:2d:cf:a6:a9:fa:24:07:
                    d8:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:9D:2F:28:15:10:22:75:EE:C8:1B:14:F7:B8:9F:E6:96:8B:3D:0F
            X509v3 Authority Key Identifier:
                keyid:58:CB:FE:08:34:F8:E6:65:12:F5:5B:D7:8C:C0:75:B7:ED:56:F4:09

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WMv-CDT45mUS9VvXjMB1t-1W9Ak.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/93/be863f-b33b-4334-bbd2-4094106786a9/1/Op0vKBUQInXuyBsU97if5paLPQ8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/93/be863f-b33b-4334-bbd2-4094106786a9/1/WMv-CDT45mUS9VvXjMB1t-1W9Ak.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.140.192.0/20

    Signature Algorithm: sha256WithRSAEncryption
         6c:de:38:c9:c0:9a:8a:04:9a:3f:72:1d:3f:6a:b0:9d:75:db:
         44:4a:37:bd:d2:56:9f:27:04:e8:d8:05:8a:8e:ae:9e:8a:8b:
         a5:50:ac:88:0d:5d:f8:c3:5c:ba:44:c1:4e:8b:16:79:84:0c:
         04:03:1c:93:8d:8a:cd:b8:9b:50:c8:17:42:6a:0b:7b:75:9c:
         0c:47:30:d3:c8:9f:b5:03:d7:4b:df:81:76:26:f7:5d:90:3f:
         9f:f8:25:e6:b9:1f:d4:41:68:2a:3c:d6:69:23:92:d7:72:f8:
         a1:b7:bc:03:e5:ce:44:29:8c:f4:ae:78:b2:4a:56:83:00:10:
         f7:93:e3:0e:11:9f:02:b1:05:3b:96:3b:07:39:99:26:5f:74:
         72:14:ae:22:ed:55:d1:ce:bb:2b:ac:d2:e1:77:72:cd:93:af:
         63:ee:7b:18:49:70:42:0d:81:ce:5a:9f:ef:65:b2:95:73:2d:
         9d:84:da:ef:b3:9e:d2:00:c1:19:b7:15:8c:ae:a2:9d:40:04:
         2f:1e:11:58:fd:d5:36:3e:e0:d2:ce:21:62:be:3b:ce:4c:9b:
         1d:c7:90:c8:af:40:ee:c8:76:ad:35:fe:42:5d:25:b4:df:aa:
         1c:9e:39:c3:61:2e:3f:db:3c:f9:66:55:14:84:87:5f:a9:63:
         22:35:43:0c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY80QDnE4+9AAA+iHJGQnBWZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4Y2JmZTA4MzRmOGU2NjUxMmY1NWJkNzhjYzA3NWI3ZWQ1
NmY0MDkwHhcNMjQwNTAxMTMwMjU1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYTlkMmYyODE1MTAyMjc1ZWVjODFiMTRmN2I4OWZlNjk2OGIzZDBmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApgvH11btWPjdlXWKwECO8tZVV7gh
zKkiur2HgdCHUmkOrWsQjO3CHy3t3vnuEo7RtpBlygJLd7xAdyPULAiCbMKcThyg
TkcQ5R7iF5PCBfirH80FQyC9bVvhBcnRk+AX9UPyFSqQw6cjY3i+PsecsbCC2LI9
kYOtCT4lJ7xBe692WQoAUVbIOIy5/LlN64tP33GWrZ/z532A4rX6g3472ldmUx2t
7S0ROzgH8d58RHDdMs4KzwZa5AWGr3j/Tr6wOpyAmceMoE/mHkzDDJSaUdscp7Pp
1n7fbLG7X7FwxgQXD+Y59+cjXJtZiJW9wWJ2pv+AFGo0Oi3Ppqn6JAfYWQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDqdLygVECJ17sgbFPe4n+aWiz0PMB8GA1UdIwQY
MBaAFFjL/gg0+OZlEvVb14zAdbftVvQJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV012LUNEVDQ1bVVTOVZ2WGpNQjF0LTFXOUFrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85My9iZTg2M2YtYjMzYi00MzM0LWJiZDIt
NDA5NDEwNjc4NmE5LzEvT3AwdktCVVFJblh1eUJzVTk3aWY1cGFMUFE4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85My9iZTg2M2YtYjMzYi00MzM0LWJiZDItNDA5NDEwNjc4NmE5
LzEvV012LUNEVDQ1bVVTOVZ2WGpNQjF0LTFXOUFrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQET4zAMA0G
CSqGSIb3DQEBCwUAA4IBAQBs3jjJwJqKBJo/ch0/arCdddtESje90lafJwTo2AWK
jq6eioulUKyIDV34w1y6RMFOixZ5hAwEAxyTjYrNuJtQyBdCagt7dZwMRzDTyJ+1
A9dL34F2JvddkD+f+CXmuR/UQWgqPNZpI5LXcviht7wD5c5EKYz0rniySlaDABD3
k+MOEZ8CsQU7ljsHOZkmX3RyFK4i7VXRzrsrrNLhd3LNk69j7nsYSXBCDYHOWp/v
ZbKVcy2dhNrvs57SAMEZtxWMrqKdQAQvHhFY/dU2PuDSziFivjvOTJsdx5DIr0Du
yHatNf5CXSW036ocnjnDYS4/2zz5ZlUUhIdfqWMiNUMM
-----END CERTIFICATE-----