Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ae/c1c11c-2161-4afc-97a5-3f1a7c4f51b5/1/WeTNKnlahpzr3uTQzFaCJppe1F0.roa
File:                     WeTNKnlahpzr3uTQzFaCJppe1F0.roa (raw, json)
Hash identifier:          wpMQUGsEnArKUwaSnjxpHCHbUKP6Vp0u5RsE3W/uZkA=
Subject key identifier:   59:E4:CD:2A:79:5A:86:9C:EB:DE:E4:D0:CC:56:82:26:9A:5E:D4:5D
Certificate issuer:       /CN=a19b2d70233e0e5bdef6dbfbda91886d27b6a5ae
Certificate serial:       018F6281AD18EAFA4CA834F688DEC277EFE6
Authority key identifier: A1:9B:2D:70:23:3E:0E:5B:DE:F6:DB:FB:DA:91:88:6D:27:B6:A5:AE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/oZstcCM-Dlve9tv72pGIbSe2pa4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ae/c1c11c-2161-4afc-97a5-3f1a7c4f51b5/1/WeTNKnlahpzr3uTQzFaCJppe1F0.roa
Signing time:             Fri 10 May 2024 12:36:56 +0000
ROA not before:           Fri 10 May 2024 12:36:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15465
IP address blocks:        185.181.24.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ae/c1c11c-2161-4afc-97a5-3f1a7c4f51b5/1/oZstcCM-Dlve9tv72pGIbSe2pa4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ae/c1c11c-2161-4afc-97a5-3f1a7c4f51b5/1/oZstcCM-Dlve9tv72pGIbSe2pa4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/oZstcCM-Dlve9tv72pGIbSe2pa4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 28 Jun 2024 21:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:62:81:ad:18:ea:fa:4c:a8:34:f6:88:de:c2:77:ef:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a19b2d70233e0e5bdef6dbfbda91886d27b6a5ae
        Validity
            Not Before: May 10 12:36:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=59e4cd2a795a869cebdee4d0cc5682269a5ed45d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:a5:3c:61:c3:8c:39:84:6e:5f:e4:92:59:c4:
                    5a:a3:c4:0b:4c:63:da:4d:62:ce:37:28:60:c6:6d:
                    17:53:aa:ac:cb:ad:0c:e9:a6:c4:52:73:95:03:9c:
                    df:d4:1c:7d:6c:f9:22:66:e7:44:ee:19:04:36:37:
                    30:a1:88:dd:f3:44:7b:2e:e8:f2:bf:57:a3:a8:d0:
                    c7:00:bb:0e:79:88:01:41:90:bd:64:6e:0c:d5:33:
                    3f:3c:fa:d0:24:fd:44:c0:6b:52:5f:e2:65:60:68:
                    94:f8:c9:72:90:31:52:33:07:eb:94:0a:8b:c5:31:
                    08:85:d2:20:79:e4:fc:5a:96:90:e3:2e:d2:dc:85:
                    a9:6c:d5:85:24:e6:86:c1:cf:6a:84:d1:2f:3f:9f:
                    db:a2:10:ad:05:ae:53:13:72:3b:6a:92:7b:a2:7d:
                    24:30:1e:b4:68:1d:de:70:e6:36:cf:f4:bc:b0:1c:
                    ea:e7:8a:21:29:b3:f0:1d:5a:7b:53:00:25:67:9f:
                    44:fd:d9:10:51:ab:7d:f4:f5:5e:98:62:77:cb:85:
                    aa:03:f8:4e:74:47:e0:5d:e5:c0:32:93:a9:5c:2a:
                    19:c1:59:a4:b7:2a:ad:5b:8d:24:07:9d:ad:d5:67:
                    18:18:02:fa:36:53:b9:c7:61:39:55:8d:98:4d:0a:
                    eb:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:E4:CD:2A:79:5A:86:9C:EB:DE:E4:D0:CC:56:82:26:9A:5E:D4:5D
            X509v3 Authority Key Identifier:
                keyid:A1:9B:2D:70:23:3E:0E:5B:DE:F6:DB:FB:DA:91:88:6D:27:B6:A5:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oZstcCM-Dlve9tv72pGIbSe2pa4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/c1c11c-2161-4afc-97a5-3f1a7c4f51b5/1/WeTNKnlahpzr3uTQzFaCJppe1F0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/c1c11c-2161-4afc-97a5-3f1a7c4f51b5/1/oZstcCM-Dlve9tv72pGIbSe2pa4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.181.24.0/22

    Signature Algorithm: sha256WithRSAEncryption
         47:f2:eb:78:ee:03:5a:d1:44:c9:b9:b7:d1:34:47:65:b1:03:
         b9:0d:cf:6a:96:cb:7b:e3:21:04:63:7c:40:20:0a:a0:d8:ea:
         75:4d:fa:bd:a1:50:9e:5f:4b:91:4d:da:a1:c3:26:42:1d:4b:
         29:58:c7:99:db:48:76:0b:32:67:09:b2:0a:10:26:fe:18:28:
         db:f4:18:58:80:57:fe:d8:59:2d:69:20:4d:34:bf:5d:7d:07:
         c0:66:c6:90:d8:c8:0b:13:25:11:2f:ee:01:bf:29:ef:db:a5:
         34:12:d1:7a:c4:27:41:c7:70:dc:ad:8b:91:3a:f2:fe:d4:94:
         d6:b9:f2:2a:82:57:af:4c:4c:9e:c0:e8:fa:07:c3:fe:92:8b:
         e1:82:c8:27:cd:99:ea:26:12:a2:59:92:b4:e3:a5:02:a7:c2:
         61:0d:c3:32:ca:af:97:09:b2:a5:68:51:e2:ba:27:ae:53:ff:
         24:96:a4:e0:a6:64:f5:1e:e5:e8:04:0d:b3:8a:6e:69:db:26:
         a1:0c:1a:74:f4:39:c0:ad:48:71:45:f5:f7:74:9d:c5:8e:f7:
         cb:41:71:05:4f:3a:bc:92:f5:dd:31:9d:26:ef:32:f6:c5:86:
         28:e0:1f:39:e2:ff:b6:60:77:f4:a9:93:e7:ec:a0:e2:aa:9f:
         b1:71:a1:09
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY9iga0Y6vpMqDT2iN7Cd+/mMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGExOWIyZDcwMjMzZTBlNWJkZWY2ZGJmYmRhOTE4ODZkMjdi
NmE1YWUwHhcNMjQwNTEwMTIzNjU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OWU0Y2QyYTc5NWE4NjljZWJkZWU0ZDBjYzU2ODIyNjlhNWVkNDVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmKU8YcOMOYRuX+SSWcRao8QLTGPa
TWLONyhgxm0XU6qsy60M6abEUnOVA5zf1Bx9bPkiZudE7hkENjcwoYjd80R7Lujy
v1ejqNDHALsOeYgBQZC9ZG4M1TM/PPrQJP1EwGtSX+JlYGiU+MlykDFSMwfrlAqL
xTEIhdIgeeT8WpaQ4y7S3IWpbNWFJOaGwc9qhNEvP5/bohCtBa5TE3I7apJ7on0k
MB60aB3ecOY2z/S8sBzq54ohKbPwHVp7UwAlZ59E/dkQUat99PVemGJ3y4WqA/hO
dEfgXeXAMpOpXCoZwVmktyqtW40kB52t1WcYGAL6NlO5x2E5VY2YTQrraQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFnkzSp5Woac697k0MxWgiaaXtRdMB8GA1UdIwQY
MBaAFKGbLXAjPg5b3vbb+9qRiG0ntqWuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb1pzdGNDTS1EbHZlOXR2NzJwR0liU2UycGE0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZS9jMWMxMWMtMjE2MS00YWZjLTk3YTUt
M2YxYTdjNGY1MWI1LzEvV2VUTktubGFocHpyM3VUUXpGYUNKcHBlMUYwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZS9jMWMxMWMtMjE2MS00YWZjLTk3YTUtM2YxYTdjNGY1MWI1
LzEvb1pzdGNDTS1EbHZlOXR2NzJwR0liU2UycGE0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCubUYMA0G
CSqGSIb3DQEBCwUAA4IBAQBH8ut47gNa0UTJubfRNEdlsQO5Dc9qlst74yEEY3xA
IAqg2Op1Tfq9oVCeX0uRTdqhwyZCHUspWMeZ20h2CzJnCbIKECb+GCjb9BhYgFf+
2FktaSBNNL9dfQfAZsaQ2MgLEyURL+4Bvynv26U0EtF6xCdBx3DcrYuROvL+1JTW
ufIqglevTEyewOj6B8P+kovhgsgnzZnqJhKiWZK046UCp8JhDcMyyq+XCbKlaFHi
uieuU/8klqTgpmT1HuXoBA2zim5p2yahDBp09DnArUhxRfX3dJ3FjvfLQXEFTzq8
kvXdMZ0m7zL2xYYo4B854v+2YHf0qZPn7KDiqp+xcaEJ
-----END CERTIFICATE-----