Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/65e543-7e7a-4aab-ac74-bc6794e95e5a/1/WmPQld-coiRvXCf-mGavzR9A3V0.roa
File:                     WmPQld-coiRvXCf-mGavzR9A3V0.roa (raw, json)
Hash identifier:          MRZUousPg/dms04xcrQySsRmUHVVCjTxxePwTJf+EjE=
Subject key identifier:   5A:63:D0:95:DF:9C:A2:24:6F:5C:27:FE:98:66:AF:CD:1F:40:DD:5D
Certificate issuer:       /CN=17b5042fc20d9bab1676e09af7ff1ba5bfadae75
Certificate serial:       018CC56E7CF67B50AC9C591AA6E6E5ECBF0F
Authority key identifier: 17:B5:04:2F:C2:0D:9B:AB:16:76:E0:9A:F7:FF:1B:A5:BF:AD:AE:75
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/F7UEL8INm6sWduCa9_8bpb-trnU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b1/65e543-7e7a-4aab-ac74-bc6794e95e5a/1/WmPQld-coiRvXCf-mGavzR9A3V0.roa
Signing time:             Mon 01 Jan 2024 14:30:01 +0000
ROA not before:           Mon 01 Jan 2024 14:30:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60064
IP address blocks:        146.19.7.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b1/65e543-7e7a-4aab-ac74-bc6794e95e5a/1/F7UEL8INm6sWduCa9_8bpb-trnU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b1/65e543-7e7a-4aab-ac74-bc6794e95e5a/1/F7UEL8INm6sWduCa9_8bpb-trnU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/F7UEL8INm6sWduCa9_8bpb-trnU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 16:02:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:7c:f6:7b:50:ac:9c:59:1a:a6:e6:e5:ec:bf:0f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=17b5042fc20d9bab1676e09af7ff1ba5bfadae75
        Validity
            Not Before: Jan  1 14:30:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5a63d095df9ca2246f5c27fe9866afcd1f40dd5d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:6e:69:9a:c0:6b:7a:02:df:18:87:42:bb:e9:
                    6d:de:96:39:44:be:13:f5:08:46:c5:d9:ef:55:ad:
                    17:f2:d0:f7:2a:63:a6:57:92:26:ab:13:69:f2:45:
                    f2:fd:be:e8:80:4f:0a:a2:45:c2:ce:09:c0:f8:c7:
                    44:18:eb:31:98:df:a9:72:ba:2e:99:da:d4:72:2e:
                    6f:1b:c4:d5:ca:e3:45:4f:af:b7:62:7c:62:66:f9:
                    75:72:2c:1e:b2:8f:51:ad:b8:df:09:a9:40:90:18:
                    79:3a:a7:e6:3d:ed:71:6d:40:31:26:47:eb:b9:1f:
                    b8:37:46:73:db:a9:e4:45:5a:0e:45:ae:a9:e7:9d:
                    dc:7a:bb:a3:34:58:83:fe:28:2e:87:f3:f0:bb:09:
                    12:57:81:b1:d6:39:16:3d:ed:cb:7f:c0:cd:02:8a:
                    48:7a:6b:43:c3:e2:12:02:57:7d:d2:c4:a2:9a:99:
                    2b:6d:45:d1:c0:01:69:65:3e:a6:8c:13:22:7e:c0:
                    85:66:53:72:b2:72:6f:29:7b:25:52:ca:e6:78:24:
                    75:00:d7:ba:02:8f:47:28:f7:6f:dd:98:46:dd:a0:
                    52:58:e8:f2:ce:04:73:f9:d5:5c:63:ec:22:d2:b4:
                    98:a4:ad:c9:be:06:5c:ba:63:93:ca:d2:ec:32:d7:
                    36:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5A:63:D0:95:DF:9C:A2:24:6F:5C:27:FE:98:66:AF:CD:1F:40:DD:5D
            X509v3 Authority Key Identifier:
                keyid:17:B5:04:2F:C2:0D:9B:AB:16:76:E0:9A:F7:FF:1B:A5:BF:AD:AE:75

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/F7UEL8INm6sWduCa9_8bpb-trnU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/65e543-7e7a-4aab-ac74-bc6794e95e5a/1/WmPQld-coiRvXCf-mGavzR9A3V0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/65e543-7e7a-4aab-ac74-bc6794e95e5a/1/F7UEL8INm6sWduCa9_8bpb-trnU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.19.7.0/24

    Signature Algorithm: sha256WithRSAEncryption
         31:85:0c:87:a2:37:be:e3:ae:b1:88:f9:26:3a:42:07:ef:0a:
         52:97:bc:dd:a9:1f:49:e6:e5:d6:04:28:d3:aa:0b:07:e6:ad:
         d6:32:b3:5a:ec:82:df:91:ee:f5:d8:34:27:34:cc:d5:cf:c8:
         da:63:fd:ac:60:48:01:06:c8:b5:16:b5:b3:ea:c5:87:01:4a:
         11:bc:e6:8d:43:b9:5b:6d:70:51:2f:83:be:f7:7c:04:94:20:
         86:92:c0:97:58:03:e9:ed:ba:9c:07:65:8e:1e:ab:50:8e:9c:
         d4:71:fe:f5:8b:9a:4d:ef:35:1c:31:d2:dd:15:1f:01:03:3c:
         8e:59:e0:af:dc:eb:d7:ba:f5:77:7e:06:97:97:ba:b9:4e:9e:
         28:f3:a2:7c:48:60:e9:f3:1e:38:9d:67:56:a6:9e:2f:c7:c7:
         14:c3:b4:ee:90:ba:59:1a:21:48:d5:f2:3e:19:0c:dc:1a:20:
         55:49:b9:23:d3:2d:ff:72:f5:0d:cd:a0:8b:71:88:7e:d7:66:
         13:3f:94:80:bd:d7:b7:cf:84:75:0c:78:b9:1f:1f:44:41:43:
         2d:cb:2e:34:d2:b4:74:ab:c7:dd:4f:d3:1a:46:f8:b3:1e:da:
         08:4f:05:45:c9:2d:54:01:62:3c:5e:ad:76:ad:63:98:a6:38:
         bf:74:95:c2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbnz2e1CsnFkapubl7L8PMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3YjUwNDJmYzIwZDliYWIxNjc2ZTA5YWY3ZmYxYmE1YmZh
ZGFlNzUwHhcNMjQwMTAxMTQzMDAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YTYzZDA5NWRmOWNhMjI0NmY1YzI3ZmU5ODY2YWZjZDFmNDBkZDVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlG5pmsBregLfGIdCu+lt3pY5RL4T
9QhGxdnvVa0X8tD3KmOmV5ImqxNp8kXy/b7ogE8KokXCzgnA+MdEGOsxmN+pcrou
mdrUci5vG8TVyuNFT6+3YnxiZvl1ciweso9RrbjfCalAkBh5OqfmPe1xbUAxJkfr
uR+4N0Zz26nkRVoORa6p553cerujNFiD/iguh/PwuwkSV4Gx1jkWPe3Lf8DNAopI
emtDw+ISAld90sSimpkrbUXRwAFpZT6mjBMifsCFZlNysnJvKXslUsrmeCR1ANe6
Ao9HKPdv3ZhG3aBSWOjyzgRz+dVcY+wi0rSYpK3JvgZcumOTytLsMtc2BwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFpj0JXfnKIkb1wn/phmr80fQN1dMB8GA1UdIwQY
MBaAFBe1BC/CDZurFnbgmvf/G6W/ra51MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRjdVRUw4SU5tNnNXZHVDYTlfOGJwYi10cm5VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS82NWU1NDMtN2U3YS00YWFiLWFjNzQt
YmM2Nzk0ZTk1ZTVhLzEvV21QUWxkLWNvaVJ2WENmLW1HYXZ6UjlBM1YwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS82NWU1NDMtN2U3YS00YWFiLWFjNzQtYmM2Nzk0ZTk1ZTVh
LzEvRjdVRUw4SU5tNnNXZHVDYTlfOGJwYi10cm5VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAkhMHMA0G
CSqGSIb3DQEBCwUAA4IBAQAxhQyHoje+466xiPkmOkIH7wpSl7zdqR9J5uXWBCjT
qgsH5q3WMrNa7ILfke712DQnNMzVz8jaY/2sYEgBBsi1FrWz6sWHAUoRvOaNQ7lb
bXBRL4O+93wElCCGksCXWAPp7bqcB2WOHqtQjpzUcf71i5pN7zUcMdLdFR8BAzyO
WeCv3OvXuvV3fgaXl7q5Tp4o86J8SGDp8x44nWdWpp4vx8cUw7TukLpZGiFI1fI+
GQzcGiBVSbkj0y3/cvUNzaCLcYh+12YTP5SAvde3z4R1DHi5Hx9EQUMtyy400rR0
q8fdT9MaRvizHtoITwVFyS1UAWI8Xq12rWOYpji/dJXC
-----END CERTIFICATE-----