Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a0/d94fce-547e-4242-b72c-b7ab686c076e/1/wT5-L8PE2N5iiFfil_JeYLJHmVo.roa
File:                     wT5-L8PE2N5iiFfil_JeYLJHmVo.roa (raw, json)
Hash identifier:          1cw3lKa0YHPFWSlXKMIwXpoyrxLqPu6704My0ShnVg4=
Subject key identifier:   C1:3E:7E:2F:C3:C4:D8:DE:62:88:57:E2:97:F2:5E:60:B2:47:99:5A
Certificate issuer:       /CN=081ca60e04847bd2f7c45c8687e5f5aad1fee8fb
Certificate serial:       018CC8030773BE16B245DAA04793F156CB55
Authority key identifier: 08:1C:A6:0E:04:84:7B:D2:F7:C4:5C:86:87:E5:F5:AA:D1:FE:E8:FB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CBymDgSEe9L3xFyGh-X1qtH-6Ps.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a0/d94fce-547e-4242-b72c-b7ab686c076e/1/wT5-L8PE2N5iiFfil_JeYLJHmVo.roa
Signing time:             Tue 02 Jan 2024 02:31:30 +0000
ROA not before:           Tue 02 Jan 2024 02:31:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     59690
IP address blocks:        176.124.252.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a0/d94fce-547e-4242-b72c-b7ab686c076e/1/CBymDgSEe9L3xFyGh-X1qtH-6Ps.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a0/d94fce-547e-4242-b72c-b7ab686c076e/1/CBymDgSEe9L3xFyGh-X1qtH-6Ps.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CBymDgSEe9L3xFyGh-X1qtH-6Ps.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 May 2024 22:00:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:03:07:73:be:16:b2:45:da:a0:47:93:f1:56:cb:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=081ca60e04847bd2f7c45c8687e5f5aad1fee8fb
        Validity
            Not Before: Jan  2 02:31:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c13e7e2fc3c4d8de628857e297f25e60b247995a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:90:39:c9:ce:d4:64:1b:8c:13:b0:04:eb:e1:
                    53:eb:27:7b:4f:90:eb:ee:7f:ce:61:71:df:d9:c8:
                    8c:a5:72:44:6e:fd:33:c7:9d:f8:67:c2:b6:63:4c:
                    a6:7a:8c:40:b8:e1:4b:da:e4:c4:36:e0:6b:8a:88:
                    32:78:98:72:79:a9:1a:b1:f1:5a:c2:b4:cb:96:90:
                    93:44:20:3a:bc:21:1f:18:3b:33:b4:2e:09:61:a0:
                    30:50:93:f5:9f:3b:54:3b:c0:35:76:3d:14:76:14:
                    c4:74:5a:52:9c:fc:ee:ca:98:3a:a2:31:26:35:7f:
                    51:32:14:fb:a0:d3:33:01:b0:4f:3f:76:5a:69:f0:
                    d9:ee:79:c6:60:a8:b6:2e:43:11:e8:06:33:59:24:
                    3f:97:14:ac:f4:69:08:f2:1d:46:88:e4:52:c3:da:
                    c1:64:28:c6:6f:76:0b:b0:83:78:0e:36:63:2d:87:
                    5b:bf:84:24:a0:4b:8e:82:d1:91:1d:1f:a2:fb:69:
                    9c:b1:8b:d0:4d:af:da:fa:f6:8a:1e:e1:9f:24:f7:
                    73:c0:ac:45:15:e7:44:01:6d:71:9c:e5:d2:ac:a7:
                    57:e6:5b:9b:fb:05:b2:e0:be:e0:3d:32:42:7c:d4:
                    71:f5:81:d9:aa:7b:5a:ae:9a:12:e8:d5:02:ab:c1:
                    1b:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:3E:7E:2F:C3:C4:D8:DE:62:88:57:E2:97:F2:5E:60:B2:47:99:5A
            X509v3 Authority Key Identifier:
                keyid:08:1C:A6:0E:04:84:7B:D2:F7:C4:5C:86:87:E5:F5:AA:D1:FE:E8:FB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CBymDgSEe9L3xFyGh-X1qtH-6Ps.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/d94fce-547e-4242-b72c-b7ab686c076e/1/wT5-L8PE2N5iiFfil_JeYLJHmVo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/d94fce-547e-4242-b72c-b7ab686c076e/1/CBymDgSEe9L3xFyGh-X1qtH-6Ps.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.124.252.0/24

    Signature Algorithm: sha256WithRSAEncryption
         27:af:ea:da:7a:5e:c0:3a:cd:b9:9d:35:01:4a:91:cd:fb:00:
         90:b5:ab:6e:b4:1c:78:67:75:c0:f1:2e:a3:c8:99:a0:ed:1c:
         ca:9b:ef:cb:bb:1c:08:93:e6:52:94:b0:9e:f7:3f:bd:d3:db:
         52:3a:36:0f:fa:18:e5:d7:87:1e:7d:d6:47:e8:2a:40:c8:aa:
         4a:96:72:cf:62:4a:13:3c:34:b7:15:1c:13:be:4f:0f:77:44:
         b8:98:57:a3:d3:be:fb:d0:37:2b:5a:94:bb:9a:89:9a:9d:98:
         0c:94:9f:d8:7c:3a:0b:c9:0f:08:ed:72:97:2d:30:40:5c:95:
         7d:44:df:d3:93:52:7d:2c:83:7d:b1:85:bc:15:8b:f1:4d:07:
         35:f0:1b:6d:91:4b:8b:6e:b6:7b:8e:b5:6a:af:98:4c:8d:af:
         9b:26:4e:96:27:fa:68:7a:93:ee:45:f6:1c:93:d2:5e:b6:96:
         59:b2:35:04:c9:2e:67:0d:23:2b:a7:7a:9a:48:a3:f6:55:9a:
         3e:d6:7a:9d:b6:4f:3d:bb:55:ce:5f:78:51:de:fb:0a:d1:09:
         da:43:78:bb:b8:2e:c8:ca:fa:1b:d7:98:42:cc:38:c6:aa:a4:
         27:c6:54:c7:58:77:97:27:2a:64:f1:21:ac:e3:ff:b8:5a:ab:
         78:06:5f:47
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAwdzvhayRdqgR5PxVstVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4MWNhNjBlMDQ4NDdiZDJmN2M0NWM4Njg3ZTVmNWFhZDFm
ZWU4ZmIwHhcNMjQwMTAyMDIzMTMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMTNlN2UyZmMzYzRkOGRlNjI4ODU3ZTI5N2YyNWU2MGIyNDc5OTVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2pA5yc7UZBuME7AE6+FT6yd7T5Dr
7n/OYXHf2ciMpXJEbv0zx534Z8K2Y0ymeoxAuOFL2uTENuBriogyeJhyeakasfFa
wrTLlpCTRCA6vCEfGDsztC4JYaAwUJP1nztUO8A1dj0UdhTEdFpSnPzuypg6ojEm
NX9RMhT7oNMzAbBPP3ZaafDZ7nnGYKi2LkMR6AYzWSQ/lxSs9GkI8h1GiORSw9rB
ZCjGb3YLsIN4DjZjLYdbv4QkoEuOgtGRHR+i+2mcsYvQTa/a+vaKHuGfJPdzwKxF
FedEAW1xnOXSrKdX5lub+wWy4L7gPTJCfNRx9YHZqntarpoS6NUCq8EbcwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFME+fi/DxNjeYohX4pfyXmCyR5laMB8GA1UdIwQY
MBaAFAgcpg4EhHvS98Rchofl9arR/uj7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0J5bURnU0VlOUwzeEZ5R2gtWDFxdEgtNlBzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMC9kOTRmY2UtNTQ3ZS00MjQyLWI3MmMt
YjdhYjY4NmMwNzZlLzEvd1Q1LUw4UEUyTjVpaUZmaWxfSmVZTEpIbVZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMC9kOTRmY2UtNTQ3ZS00MjQyLWI3MmMtYjdhYjY4NmMwNzZl
LzEvQ0J5bURnU0VlOUwzeEZ5R2gtWDFxdEgtNlBzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsHz8MA0G
CSqGSIb3DQEBCwUAA4IBAQAnr+rael7AOs25nTUBSpHN+wCQtatutBx4Z3XA8S6j
yJmg7RzKm+/LuxwIk+ZSlLCe9z+909tSOjYP+hjl14cefdZH6CpAyKpKlnLPYkoT
PDS3FRwTvk8Pd0S4mFej07770DcrWpS7momanZgMlJ/YfDoLyQ8I7XKXLTBAXJV9
RN/Tk1J9LIN9sYW8FYvxTQc18BttkUuLbrZ7jrVqr5hMja+bJk6WJ/poepPuRfYc
k9JetpZZsjUEyS5nDSMrp3qaSKP2VZo+1nqdtk89u1XOX3hR3vsK0QnaQ3i7uC7I
yvob15hCzDjGqqQnxlTHWHeXJypk8SGs4/+4Wqt4Bl9H
-----END CERTIFICATE-----