Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/WtIZdpIxdJzn4CD7BdZaiRzH808.roa
File:                     WtIZdpIxdJzn4CD7BdZaiRzH808.roa (raw, json)
Hash identifier:          nYnjT0eJuzv7Yo5WCNzccV31rXto7yttma8NoZpzE04=
Subject key identifier:   5A:D2:19:76:92:31:74:9C:E7:E0:20:FB:05:D6:5A:89:1C:C7:F3:4F
Certificate issuer:       /CN=870c589a4f22a9ca2ff99b4c48f8bdf492871725
Certificate serial:       018CC5DC201F46641E41360D3C4BE9736F60
Authority key identifier: 87:0C:58:9A:4F:22:A9:CA:2F:F9:9B:4C:48:F8:BD:F4:92:87:17:25
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hwxYmk8iqcov-ZtMSPi99JKHFyU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/WtIZdpIxdJzn4CD7BdZaiRzH808.roa
Signing time:             Mon 01 Jan 2024 16:29:46 +0000
ROA not before:           Mon 01 Jan 2024 16:29:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201759
IP address blocks:        213.33.100.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/hwxYmk8iqcov-ZtMSPi99JKHFyU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/hwxYmk8iqcov-ZtMSPi99JKHFyU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hwxYmk8iqcov-ZtMSPi99JKHFyU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:20:1f:46:64:1e:41:36:0d:3c:4b:e9:73:6f:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=870c589a4f22a9ca2ff99b4c48f8bdf492871725
        Validity
            Not Before: Jan  1 16:29:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5ad219769231749ce7e020fb05d65a891cc7f34f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:8a:fc:83:96:d8:02:27:58:de:9a:d2:2b:02:
                    af:2d:90:6f:cc:ac:1f:7e:f1:61:4e:92:f0:ad:d9:
                    56:ad:a8:04:fe:01:b1:0c:a9:f6:e5:29:bc:b3:7e:
                    c9:ae:1d:86:09:23:72:89:cf:cf:5e:60:1b:bb:79:
                    67:db:64:a5:5d:2d:24:03:35:bc:9c:2f:b7:ef:3a:
                    bf:7d:eb:70:9a:b6:56:7b:b3:17:09:c4:f9:64:6c:
                    b9:4d:53:76:c5:24:ee:b9:15:5e:b7:0f:1b:f3:6f:
                    83:b1:51:3f:d9:e5:c5:e9:55:69:85:ec:4d:40:75:
                    d9:46:71:f0:51:08:75:b9:db:9a:7b:cf:a5:dc:75:
                    35:a0:ff:fd:0c:bc:82:e9:af:c1:e5:12:47:ae:e2:
                    39:17:da:30:69:8f:fe:e3:13:73:0c:97:f8:0c:bd:
                    a9:b2:ef:6a:59:d9:70:b2:ab:44:89:ba:11:5d:9a:
                    3d:9a:76:7c:a2:05:f2:03:d3:96:6e:eb:e3:64:3b:
                    67:25:0a:c7:17:44:f2:d1:97:03:72:11:c0:9f:1f:
                    b3:b0:4b:91:1d:66:97:ab:e5:fb:90:28:47:a8:45:
                    34:5c:0e:0e:84:52:78:f1:01:6f:b5:dd:58:b0:fd:
                    49:82:be:33:48:c3:73:e9:c7:1b:f0:21:cb:4c:76:
                    b2:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5A:D2:19:76:92:31:74:9C:E7:E0:20:FB:05:D6:5A:89:1C:C7:F3:4F
            X509v3 Authority Key Identifier:
                keyid:87:0C:58:9A:4F:22:A9:CA:2F:F9:9B:4C:48:F8:BD:F4:92:87:17:25

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hwxYmk8iqcov-ZtMSPi99JKHFyU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/WtIZdpIxdJzn4CD7BdZaiRzH808.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/hwxYmk8iqcov-ZtMSPi99JKHFyU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.33.100.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5e:79:ea:04:a6:d8:0b:37:09:2c:bd:a1:35:2e:4c:3e:0e:06:
         64:29:ae:9a:aa:21:7f:dc:50:ae:91:57:84:d5:7d:ea:6c:94:
         e9:0d:5b:f4:1f:fc:4a:af:22:8e:e8:3f:c7:62:a6:8b:ad:cb:
         2e:4d:a5:9c:ae:1d:d8:7f:8a:cc:83:98:1d:6e:c3:d5:b3:bb:
         9a:7d:e7:d8:a1:83:53:22:72:41:d4:c9:90:99:55:ba:a7:50:
         aa:0e:1b:cb:0b:27:5f:2f:a4:b9:d8:00:91:06:47:43:a3:08:
         7b:03:75:08:39:c4:c3:c3:07:8f:4e:79:9e:b1:0c:da:93:43:
         c0:1c:64:87:61:8c:86:24:99:4a:d3:ea:59:ed:23:2a:6d:c3:
         c1:71:6a:da:b6:17:b1:db:c4:fa:2b:6e:7e:e3:80:18:b8:4d:
         d5:0f:30:bd:b7:ec:7c:4e:f9:47:8a:fe:2f:85:75:66:cd:ad:
         ee:70:c1:21:6e:74:bb:8d:b3:53:5c:e5:4b:ec:a5:0a:e4:6d:
         bc:6b:a4:7c:6c:47:63:e9:ec:9b:71:4d:2c:f8:8e:24:13:4d:
         6f:73:e4:7e:45:f3:91:68:98:dd:b1:2e:0d:f2:d7:12:67:4b:
         0d:62:30:76:99:ee:38:2f:c8:d7:b6:5d:9f:6b:43:8b:ec:72:
         3d:07:80:c3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3CAfRmQeQTYNPEvpc29gMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg3MGM1ODlhNGYyMmE5Y2EyZmY5OWI0YzQ4ZjhiZGY0OTI4
NzE3MjUwHhcNMjQwMTAxMTYyOTQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YWQyMTk3NjkyMzE3NDljZTdlMDIwZmIwNWQ2NWE4OTFjYzdmMzRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArYr8g5bYAidY3prSKwKvLZBvzKwf
fvFhTpLwrdlWragE/gGxDKn25Sm8s37Jrh2GCSNyic/PXmAbu3ln22SlXS0kAzW8
nC+37zq/fetwmrZWe7MXCcT5ZGy5TVN2xSTuuRVetw8b82+DsVE/2eXF6VVphexN
QHXZRnHwUQh1uduae8+l3HU1oP/9DLyC6a/B5RJHruI5F9owaY/+4xNzDJf4DL2p
su9qWdlwsqtEiboRXZo9mnZ8ogXyA9OWbuvjZDtnJQrHF0Ty0ZcDchHAnx+zsEuR
HWaXq+X7kChHqEU0XA4OhFJ48QFvtd1YsP1Jgr4zSMNz6ccb8CHLTHayNQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFrSGXaSMXSc5+Ag+wXWWokcx/NPMB8GA1UdIwQY
MBaAFIcMWJpPIqnKL/mbTEj4vfSShxclMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHd4WW1rOGlxY292LVp0TVNQaTk5SktIRnlVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZC9mNTA1YjUtMGU0Ni00YjNmLWJmMWIt
ODQ5ZDNhNmI5YzJkLzEvV3RJWmRwSXhkSnpuNENEN0JkWmFpUnpIODA4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZC9mNTA1YjUtMGU0Ni00YjNmLWJmMWItODQ5ZDNhNmI5YzJk
LzEvaHd4WW1rOGlxY292LVp0TVNQaTk5SktIRnlVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1SFkMA0G
CSqGSIb3DQEBCwUAA4IBAQBeeeoEptgLNwksvaE1Lkw+DgZkKa6aqiF/3FCukVeE
1X3qbJTpDVv0H/xKryKO6D/HYqaLrcsuTaWcrh3Yf4rMg5gdbsPVs7uafefYoYNT
InJB1MmQmVW6p1CqDhvLCydfL6S52ACRBkdDowh7A3UIOcTDwwePTnmesQzak0PA
HGSHYYyGJJlK0+pZ7SMqbcPBcWrathex28T6K25+44AYuE3VDzC9t+x8TvlHiv4v
hXVmza3ucMEhbnS7jbNTXOVL7KUK5G28a6R8bEdj6eybcU0s+I4kE01vc+R+RfOR
aJjdsS4N8tcSZ0sNYjB2me44L8jXtl2fa0OL7HI9B4DD
-----END CERTIFICATE-----