Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/WVzIJqlMZLO9nhTD6kMChlSSA5w.roa
File:                     WVzIJqlMZLO9nhTD6kMChlSSA5w.roa (raw, json)
Hash identifier:          EIvQWV9PL6AU0LO44zE5MSxFRQKBxrJ+Xe7XOLxSq5o=
Subject key identifier:   59:5C:C8:26:A9:4C:64:B3:BD:9E:14:C3:EA:43:02:86:54:92:03:9C
Certificate issuer:       /CN=870c589a4f22a9ca2ff99b4c48f8bdf492871725
Certificate serial:       018CC5DC1E5072FC0D9031ABBD9F7E919AB6
Authority key identifier: 87:0C:58:9A:4F:22:A9:CA:2F:F9:9B:4C:48:F8:BD:F4:92:87:17:25
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hwxYmk8iqcov-ZtMSPi99JKHFyU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/WVzIJqlMZLO9nhTD6kMChlSSA5w.roa
Signing time:             Mon 01 Jan 2024 16:29:46 +0000
ROA not before:           Mon 01 Jan 2024 16:29:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61022
IP address blocks:        80.121.202.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/hwxYmk8iqcov-ZtMSPi99JKHFyU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/hwxYmk8iqcov-ZtMSPi99JKHFyU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hwxYmk8iqcov-ZtMSPi99JKHFyU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 09 Jun 2024 05:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:1e:50:72:fc:0d:90:31:ab:bd:9f:7e:91:9a:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=870c589a4f22a9ca2ff99b4c48f8bdf492871725
        Validity
            Not Before: Jan  1 16:29:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=595cc826a94c64b3bd9e14c3ea4302865492039c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:97:a8:c8:8e:00:48:90:57:e9:6b:fb:d4:80:
                    b8:d5:df:91:3a:0f:b0:29:47:6b:16:6c:ad:a4:e8:
                    1a:dd:8b:98:bc:52:ff:84:f0:99:d6:18:3f:1b:f0:
                    a2:df:71:24:a5:15:4f:48:7e:57:f1:2c:7a:d2:b5:
                    bf:1d:1b:a4:8e:08:fb:93:a2:bf:7a:48:55:74:cf:
                    f9:d2:0f:7d:da:60:1b:34:30:05:5b:22:59:b1:5c:
                    b9:15:da:ea:6f:ab:bb:9a:c6:27:57:95:d6:73:1b:
                    17:fd:13:d8:9e:91:cb:4a:a1:5d:fc:b2:e3:25:2c:
                    44:35:8d:5b:bc:03:8f:ef:a1:0f:19:8d:e8:6f:3e:
                    e2:e3:7c:0c:9b:30:40:39:fd:7d:a4:4a:2c:b2:93:
                    6a:12:96:a3:d5:7c:17:00:e8:cd:d9:4a:87:c7:17:
                    b7:b1:8f:36:f0:ab:73:e7:41:0a:f1:a4:71:a7:c8:
                    ca:33:bc:2a:c5:c8:00:f5:97:be:da:fa:96:8c:27:
                    ed:65:3f:3d:e2:7f:41:99:f6:23:81:e6:db:df:95:
                    24:5b:73:b3:87:84:a5:96:df:56:bf:08:a2:16:e3:
                    27:c9:e0:71:7a:48:59:c9:cd:93:e9:47:2b:e1:39:
                    e2:29:52:55:8c:14:26:6b:c6:79:1e:a8:25:84:10:
                    fc:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:5C:C8:26:A9:4C:64:B3:BD:9E:14:C3:EA:43:02:86:54:92:03:9C
            X509v3 Authority Key Identifier:
                keyid:87:0C:58:9A:4F:22:A9:CA:2F:F9:9B:4C:48:F8:BD:F4:92:87:17:25

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hwxYmk8iqcov-ZtMSPi99JKHFyU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/WVzIJqlMZLO9nhTD6kMChlSSA5w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/hwxYmk8iqcov-ZtMSPi99JKHFyU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.121.202.0/24

    Signature Algorithm: sha256WithRSAEncryption
         41:3e:fd:bf:64:4f:8d:94:df:be:19:f8:1a:52:9c:d8:49:09:
         54:34:bb:de:d3:15:5a:1e:7e:d5:b8:78:b1:7e:b3:88:15:c6:
         d9:1f:13:e0:32:fa:f8:fb:ab:96:d2:9b:06:0b:27:56:aa:05:
         bf:51:7e:88:46:ad:a2:2f:50:83:92:f8:83:e5:7c:d5:ed:28:
         52:6b:8d:64:c2:18:10:d4:df:7c:5d:4c:14:71:a2:54:07:35:
         71:41:7e:1f:8c:53:20:db:25:3c:79:75:0a:23:2c:4b:ee:92:
         60:10:21:b7:0e:c4:f5:c7:3e:8e:75:ff:e4:4d:2a:2b:9c:46:
         68:e2:05:fa:0e:04:2a:9a:15:29:b1:5a:86:e3:c5:75:fa:c9:
         d0:8b:67:78:a8:40:96:ba:57:50:5a:8f:8e:2b:11:ed:0d:1d:
         40:8f:32:8f:5d:df:63:22:84:4e:f8:0b:60:81:ab:58:86:4b:
         ee:a5:3f:8b:99:7b:6c:19:31:bc:1b:aa:54:43:a0:d3:4a:5c:
         b4:be:af:3c:f8:5d:62:c8:32:fa:d3:5c:b8:97:a7:2b:07:f3:
         db:1a:5b:22:59:56:67:c2:c0:55:42:49:66:07:f4:67:70:03:
         16:33:62:b7:ce:2f:d7:1e:3b:b8:24:b7:ee:b7:34:8e:67:62:
         e1:bf:e5:09
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3B5QcvwNkDGrvZ9+kZq2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg3MGM1ODlhNGYyMmE5Y2EyZmY5OWI0YzQ4ZjhiZGY0OTI4
NzE3MjUwHhcNMjQwMTAxMTYyOTQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OTVjYzgyNmE5NGM2NGIzYmQ5ZTE0YzNlYTQzMDI4NjU0OTIwMzljMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw5eoyI4ASJBX6Wv71IC41d+ROg+w
KUdrFmytpOga3YuYvFL/hPCZ1hg/G/Ci33EkpRVPSH5X8Sx60rW/HRukjgj7k6K/
ekhVdM/50g992mAbNDAFWyJZsVy5Fdrqb6u7msYnV5XWcxsX/RPYnpHLSqFd/LLj
JSxENY1bvAOP76EPGY3obz7i43wMmzBAOf19pEosspNqEpaj1XwXAOjN2UqHxxe3
sY828Ktz50EK8aRxp8jKM7wqxcgA9Ze+2vqWjCftZT894n9BmfYjgebb35UkW3Oz
h4Sllt9WvwiiFuMnyeBxekhZyc2T6Ucr4TniKVJVjBQma8Z5HqglhBD8vwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFlcyCapTGSzvZ4Uw+pDAoZUkgOcMB8GA1UdIwQY
MBaAFIcMWJpPIqnKL/mbTEj4vfSShxclMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHd4WW1rOGlxY292LVp0TVNQaTk5SktIRnlVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZC9mNTA1YjUtMGU0Ni00YjNmLWJmMWIt
ODQ5ZDNhNmI5YzJkLzEvV1Z6SUpxbE1aTE85bmhURDZrTUNobFNTQTV3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZC9mNTA1YjUtMGU0Ni00YjNmLWJmMWItODQ5ZDNhNmI5YzJk
LzEvaHd4WW1rOGlxY292LVp0TVNQaTk5SktIRnlVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUHnKMA0G
CSqGSIb3DQEBCwUAA4IBAQBBPv2/ZE+NlN++GfgaUpzYSQlUNLve0xVaHn7VuHix
frOIFcbZHxPgMvr4+6uW0psGCydWqgW/UX6IRq2iL1CDkviD5XzV7ShSa41kwhgQ
1N98XUwUcaJUBzVxQX4fjFMg2yU8eXUKIyxL7pJgECG3DsT1xz6Odf/kTSornEZo
4gX6DgQqmhUpsVqG48V1+snQi2d4qECWuldQWo+OKxHtDR1AjzKPXd9jIoRO+Atg
gatYhkvupT+LmXtsGTG8G6pUQ6DTSly0vq88+F1iyDL601y4l6crB/PbGlsiWVZn
wsBVQklmB/RncAMWM2K3zi/XHju4JLfutzSOZ2Lhv+UJ
-----END CERTIFICATE-----