Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a2/a945f7-53b3-4db5-ae04-23772e7f92e3/1/WFCq_LysNx-pl32Lrxwn2wjXD6M.roa
File:                     WFCq_LysNx-pl32Lrxwn2wjXD6M.roa (raw, json)
Hash identifier:          Of7QR5IE4+8Cm0bfPeyFWX3a0kjmvb8W1VHtfhK9INE=
Subject key identifier:   58:50:AA:FC:BC:AC:37:1F:A9:97:7D:8B:AF:1C:27:DB:08:D7:0F:A3
Certificate issuer:       /CN=1fe90fde9784a91d93a7a2af59d4d043f1171fba
Certificate serial:       018CC56E8B2F87A33A968F68B6C254B33E9C
Authority key identifier: 1F:E9:0F:DE:97:84:A9:1D:93:A7:A2:AF:59:D4:D0:43:F1:17:1F:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/H-kP3peEqR2Tp6KvWdTQQ_EXH7o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a2/a945f7-53b3-4db5-ae04-23772e7f92e3/1/WFCq_LysNx-pl32Lrxwn2wjXD6M.roa
Signing time:             Mon 01 Jan 2024 14:30:05 +0000
ROA not before:           Mon 01 Jan 2024 14:30:05 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44307
IP address blocks:        83.126.0.0/21 maxlen: 21

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a2/a945f7-53b3-4db5-ae04-23772e7f92e3/1/H-kP3peEqR2Tp6KvWdTQQ_EXH7o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a2/a945f7-53b3-4db5-ae04-23772e7f92e3/1/H-kP3peEqR2Tp6KvWdTQQ_EXH7o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/H-kP3peEqR2Tp6KvWdTQQ_EXH7o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:8b:2f:87:a3:3a:96:8f:68:b6:c2:54:b3:3e:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1fe90fde9784a91d93a7a2af59d4d043f1171fba
        Validity
            Not Before: Jan  1 14:30:05 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5850aafcbcac371fa9977d8baf1c27db08d70fa3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:14:0b:e0:b7:7d:c4:f2:7b:6f:97:c2:41:f2:
                    9c:5d:02:24:78:8e:4b:ad:39:9c:87:8f:b8:24:56:
                    dc:38:c1:40:a5:1c:6b:93:54:c2:1b:7f:11:a5:14:
                    11:aa:83:d3:60:40:8f:e0:12:28:bb:e9:30:7f:b8:
                    55:22:df:60:72:5d:7d:54:88:96:07:87:86:42:d2:
                    cf:de:2d:1a:81:96:de:66:d5:d1:bf:2e:7b:07:b7:
                    aa:bc:ab:cd:2b:d2:87:06:d2:94:ba:77:2c:db:e0:
                    73:06:63:97:30:d3:d4:cf:c6:c2:1d:c0:10:45:f7:
                    7b:0b:6b:57:81:16:8a:a0:39:bd:c1:37:80:7b:bc:
                    91:ff:66:c3:89:d5:4d:2b:8f:56:18:80:67:31:ca:
                    8d:1d:56:3b:60:3b:01:21:d5:62:7d:2a:da:ed:38:
                    f5:5b:f4:8f:bc:b8:20:d0:b2:cc:9e:9c:5d:99:10:
                    24:80:c4:d4:cb:f5:56:13:0f:5d:a1:35:63:af:db:
                    b2:73:6f:6c:96:68:8c:44:78:a5:5d:b6:d3:55:85:
                    91:a8:76:c0:ad:bd:9a:6f:53:72:5f:84:94:d4:5f:
                    cc:08:fa:47:b3:52:84:0e:21:9c:05:91:02:70:0e:
                    a5:4e:aa:b2:92:23:04:88:8d:f0:ec:e6:7d:30:8e:
                    c7:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:50:AA:FC:BC:AC:37:1F:A9:97:7D:8B:AF:1C:27:DB:08:D7:0F:A3
            X509v3 Authority Key Identifier:
                keyid:1F:E9:0F:DE:97:84:A9:1D:93:A7:A2:AF:59:D4:D0:43:F1:17:1F:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/H-kP3peEqR2Tp6KvWdTQQ_EXH7o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/a945f7-53b3-4db5-ae04-23772e7f92e3/1/WFCq_LysNx-pl32Lrxwn2wjXD6M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/a945f7-53b3-4db5-ae04-23772e7f92e3/1/H-kP3peEqR2Tp6KvWdTQQ_EXH7o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.126.0.0/21

    Signature Algorithm: sha256WithRSAEncryption
         67:8a:9e:a5:e0:a1:ed:53:72:bf:9a:74:bc:8a:6d:c8:36:a2:
         1c:34:b1:ad:0f:cc:4f:02:55:33:7f:b3:13:ec:34:ab:87:a3:
         78:8a:e7:57:cb:3d:cf:e5:87:c6:44:f2:ee:28:1f:fb:a9:07:
         76:8f:d2:c5:f0:80:ff:48:e7:00:93:30:e0:e3:88:73:b7:b4:
         4e:0b:14:61:9f:df:ae:12:d3:2f:e8:92:1a:fe:5a:52:29:7c:
         eb:0d:20:2a:3c:34:9d:63:00:34:2c:f4:d5:58:b3:eb:3f:c4:
         b3:1f:6a:61:48:84:d8:7e:c2:82:52:2a:54:2e:0a:75:c0:4b:
         c6:af:43:38:cc:fa:62:33:ca:01:c5:3a:48:a2:4d:6c:7c:27:
         3e:ad:ba:7f:e3:d0:26:0f:7c:b8:b3:96:38:ef:25:50:4e:b9:
         2f:64:9e:07:4f:8d:5c:55:92:8b:2f:cf:19:d1:4d:3d:5f:15:
         cf:0a:56:a9:85:6d:5a:74:26:31:36:e1:a1:f1:07:72:27:f2:
         4d:43:41:0d:78:87:28:0c:d2:8e:23:da:23:2c:e4:c4:00:31:
         79:31:e8:12:80:36:ba:34:a5:2f:52:4e:8d:88:c1:da:e7:2f:
         03:09:8c:64:53:b3:96:c7:92:4e:f0:dc:77:67:1a:a9:c6:11:
         c7:7c:e8:ca
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbosvh6M6lo9otsJUsz6cMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFmZTkwZmRlOTc4NGE5MWQ5M2E3YTJhZjU5ZDRkMDQzZjEx
NzFmYmEwHhcNMjQwMTAxMTQzMDA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ODUwYWFmY2JjYWMzNzFmYTk5NzdkOGJhZjFjMjdkYjA4ZDcwZmEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzRQL4Ld9xPJ7b5fCQfKcXQIkeI5L
rTmch4+4JFbcOMFApRxrk1TCG38RpRQRqoPTYECP4BIou+kwf7hVIt9gcl19VIiW
B4eGQtLP3i0agZbeZtXRvy57B7eqvKvNK9KHBtKUuncs2+BzBmOXMNPUz8bCHcAQ
Rfd7C2tXgRaKoDm9wTeAe7yR/2bDidVNK49WGIBnMcqNHVY7YDsBIdVifSra7Tj1
W/SPvLgg0LLMnpxdmRAkgMTUy/VWEw9doTVjr9uyc29slmiMRHilXbbTVYWRqHbA
rb2ab1NyX4SU1F/MCPpHs1KEDiGcBZECcA6lTqqykiMEiI3w7OZ9MI7HVwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFhQqvy8rDcfqZd9i68cJ9sI1w+jMB8GA1UdIwQY
MBaAFB/pD96XhKkdk6eir1nU0EPxFx+6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSC1rUDNwZUVxUjJUcDZLdldkVFFRX0VYSDdvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMi9hOTQ1ZjctNTNiMy00ZGI1LWFlMDQt
MjM3NzJlN2Y5MmUzLzEvV0ZDcV9MeXNOeC1wbDMyTHJ4d24yd2pYRDZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMi9hOTQ1ZjctNTNiMy00ZGI1LWFlMDQtMjM3NzJlN2Y5MmUz
LzEvSC1rUDNwZUVxUjJUcDZLdldkVFFRX0VYSDdvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDU34AMA0G
CSqGSIb3DQEBCwUAA4IBAQBnip6l4KHtU3K/mnS8im3INqIcNLGtD8xPAlUzf7MT
7DSrh6N4iudXyz3P5YfGRPLuKB/7qQd2j9LF8ID/SOcAkzDg44hzt7ROCxRhn9+u
EtMv6JIa/lpSKXzrDSAqPDSdYwA0LPTVWLPrP8SzH2phSITYfsKCUipULgp1wEvG
r0M4zPpiM8oBxTpIok1sfCc+rbp/49AmD3y4s5Y47yVQTrkvZJ4HT41cVZKLL88Z
0U09XxXPClaphW1adCYxNuGh8QdyJ/JNQ0ENeIcoDNKOI9ojLOTEADF5MegSgDa6
NKUvUk6NiMHa5y8DCYxkU7OWx5JO8Nx3ZxqpxhHHfOjK
-----END CERTIFICATE-----