Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9b/f55b57-ecba-4d3d-9a81-bd802fc4aa94/1/WE86tzBEYbvOR4Bblq1PcGur_OY.roa
File:                     WE86tzBEYbvOR4Bblq1PcGur_OY.roa (raw, json)
Hash identifier:          GwqTorbvNEcbmIf4kED3VVtV65f2CeQeK4xO9LS7lSU=
Subject key identifier:   58:4F:3A:B7:30:44:61:BB:CE:47:80:5B:96:AD:4F:70:6B:AB:FC:E6
Certificate issuer:       /CN=5c5d86974a7b624192ec8d834cf2906e1302e431
Certificate serial:       018CC56E86E5DA6A030D6A47F87A0758D3A7
Authority key identifier: 5C:5D:86:97:4A:7B:62:41:92:EC:8D:83:4C:F2:90:6E:13:02:E4:31
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XF2Gl0p7YkGS7I2DTPKQbhMC5DE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9b/f55b57-ecba-4d3d-9a81-bd802fc4aa94/1/WE86tzBEYbvOR4Bblq1PcGur_OY.roa
Signing time:             Mon 01 Jan 2024 14:30:04 +0000
ROA not before:           Mon 01 Jan 2024 14:30:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     24971
IP address blocks:        176.227.168.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9b/f55b57-ecba-4d3d-9a81-bd802fc4aa94/1/XF2Gl0p7YkGS7I2DTPKQbhMC5DE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9b/f55b57-ecba-4d3d-9a81-bd802fc4aa94/1/XF2Gl0p7YkGS7I2DTPKQbhMC5DE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XF2Gl0p7YkGS7I2DTPKQbhMC5DE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:86:e5:da:6a:03:0d:6a:47:f8:7a:07:58:d3:a7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5c5d86974a7b624192ec8d834cf2906e1302e431
        Validity
            Not Before: Jan  1 14:30:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=584f3ab7304461bbce47805b96ad4f706babfce6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:08:74:9e:c0:d1:81:b5:20:7f:3a:6c:18:7e:
                    79:63:02:88:50:c3:84:83:28:17:99:62:7f:77:86:
                    b4:61:6a:77:99:68:58:75:6f:c6:e0:da:ff:b3:eb:
                    b3:ba:f7:98:90:52:ea:0b:85:91:dc:45:fc:eb:f0:
                    c8:2f:0a:0e:b7:4e:11:28:b6:a4:bd:9d:e4:e9:3a:
                    f5:4f:46:52:93:4d:6e:b6:11:a0:db:23:5b:e9:d2:
                    27:ad:6a:05:82:ea:7d:a9:6b:44:a4:89:0b:c0:d6:
                    ff:a3:73:bf:40:94:08:53:10:be:19:a9:41:da:b7:
                    96:f1:94:af:ff:d8:15:09:0b:17:08:75:84:07:e7:
                    2d:cf:91:c6:2b:39:b8:a6:83:5d:bc:79:41:68:72:
                    96:99:26:52:81:4e:85:95:9d:41:8f:30:a0:6a:f2:
                    24:0c:ce:45:e2:70:92:28:72:24:af:d8:18:a7:16:
                    68:df:10:b5:0d:79:52:15:3d:54:32:11:ff:14:11:
                    d3:1e:2e:79:7c:2b:24:67:d2:64:6e:0f:05:94:af:
                    be:56:42:ba:23:46:6f:e7:ba:bd:13:2f:a3:92:1e:
                    78:67:fd:b5:ff:b9:8f:6f:dc:e9:5a:57:5f:34:06:
                    ea:31:a9:c7:5a:bd:df:ce:8c:95:d4:4c:97:81:cb:
                    c0:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:4F:3A:B7:30:44:61:BB:CE:47:80:5B:96:AD:4F:70:6B:AB:FC:E6
            X509v3 Authority Key Identifier:
                keyid:5C:5D:86:97:4A:7B:62:41:92:EC:8D:83:4C:F2:90:6E:13:02:E4:31

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XF2Gl0p7YkGS7I2DTPKQbhMC5DE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/f55b57-ecba-4d3d-9a81-bd802fc4aa94/1/WE86tzBEYbvOR4Bblq1PcGur_OY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/f55b57-ecba-4d3d-9a81-bd802fc4aa94/1/XF2Gl0p7YkGS7I2DTPKQbhMC5DE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.227.168.0/23

    Signature Algorithm: sha256WithRSAEncryption
         60:a1:2c:c0:c6:a8:78:50:59:43:cc:ff:fd:a6:86:1a:53:f4:
         41:e1:40:27:9f:90:63:88:05:18:11:2e:28:9e:c5:b5:4c:9f:
         6a:38:8f:4b:2d:e5:f7:87:23:83:54:d0:f1:7b:5e:f9:f4:6a:
         f1:0c:a0:cc:5e:34:72:34:28:99:f6:e7:2e:92:cd:18:a2:16:
         fa:fb:da:60:6c:04:11:ce:24:2a:ba:cb:ef:48:17:dd:83:30:
         db:3e:e7:08:e0:92:79:80:81:d5:bb:f8:f3:d9:1d:57:6c:8f:
         22:83:5f:25:8a:03:fc:0a:fd:2e:b3:d0:c8:4d:c8:a4:63:e8:
         04:3b:38:d8:2b:3f:aa:e9:ad:b2:7a:0c:f1:a7:85:43:0b:1f:
         d2:60:a1:30:7c:d2:2e:e5:4b:6e:bd:44:59:79:11:62:6c:70:
         57:f9:58:b4:a7:d5:fc:7d:95:64:47:d4:0e:0f:71:09:cd:c6:
         85:a6:a5:a4:ce:95:7d:d5:6b:1f:3a:a6:17:c3:3f:d1:fd:4e:
         a2:3f:e8:5d:eb:8e:f4:e5:b8:44:1b:1a:9e:10:c6:cd:a5:2b:
         ad:bf:8e:92:9b:ea:3b:3f:8a:c5:7a:f5:3c:74:eb:73:b7:f0:
         64:40:d7:d3:0c:84:f6:dc:b6:80:aa:51:b3:13:61:38:58:71:
         89:d6:28:41
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbobl2moDDWpH+HoHWNOnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVjNWQ4Njk3NGE3YjYyNDE5MmVjOGQ4MzRjZjI5MDZlMTMw
MmU0MzEwHhcNMjQwMTAxMTQzMDA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ODRmM2FiNzMwNDQ2MWJiY2U0NzgwNWI5NmFkNGY3MDZiYWJmY2U2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArAh0nsDRgbUgfzpsGH55YwKIUMOE
gygXmWJ/d4a0YWp3mWhYdW/G4Nr/s+uzuveYkFLqC4WR3EX86/DILwoOt04RKLak
vZ3k6Tr1T0ZSk01uthGg2yNb6dInrWoFgup9qWtEpIkLwNb/o3O/QJQIUxC+GalB
2reW8ZSv/9gVCQsXCHWEB+ctz5HGKzm4poNdvHlBaHKWmSZSgU6FlZ1BjzCgavIk
DM5F4nCSKHIkr9gYpxZo3xC1DXlSFT1UMhH/FBHTHi55fCskZ9Jkbg8FlK++VkK6
I0Zv57q9Ey+jkh54Z/21/7mPb9zpWldfNAbqManHWr3fzoyV1EyXgcvAqwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFhPOrcwRGG7zkeAW5atT3Brq/zmMB8GA1UdIwQY
MBaAFFxdhpdKe2JBkuyNg0zykG4TAuQxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWEYyR2wwcDdZa0dTN0kyRFRQS1FiaE1DNURFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yi9mNTViNTctZWNiYS00ZDNkLTlhODEt
YmQ4MDJmYzRhYTk0LzEvV0U4NnR6QkVZYnZPUjRCYmxxMVBjR3VyX09ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yi9mNTViNTctZWNiYS00ZDNkLTlhODEtYmQ4MDJmYzRhYTk0
LzEvWEYyR2wwcDdZa0dTN0kyRFRQS1FiaE1DNURFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBsOOoMA0G
CSqGSIb3DQEBCwUAA4IBAQBgoSzAxqh4UFlDzP/9poYaU/RB4UAnn5BjiAUYES4o
nsW1TJ9qOI9LLeX3hyODVNDxe1759GrxDKDMXjRyNCiZ9ucuks0Yohb6+9pgbAQR
ziQqusvvSBfdgzDbPucI4JJ5gIHVu/jz2R1XbI8ig18ligP8Cv0us9DITcikY+gE
OzjYKz+q6a2yegzxp4VDCx/SYKEwfNIu5UtuvURZeRFibHBX+Vi0p9X8fZVkR9QO
D3EJzcaFpqWkzpV91WsfOqYXwz/R/U6iP+hd64705bhEGxqeEMbNpSutv46Sm+o7
P4rFevU8dOtzt/BkQNfTDIT23LaAqlGzE2E4WHGJ1ihB
-----END CERTIFICATE-----