Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/fde2f5-af35-4a49-9b44-946d92c3f093/1/cWPUbNERoLN6EyAPJHUpZuusHaw.roa
File:                     cWPUbNERoLN6EyAPJHUpZuusHaw.roa (raw, json)
Hash identifier:          GJn+YusotQPUotkS/v85+EG6RtF2MPEDUHU8KZ3urtc=
Subject key identifier:   71:63:D4:6C:D1:11:A0:B3:7A:13:20:0F:24:75:29:66:EB:AC:1D:AC
Certificate issuer:       /CN=e9ee65ec66d90ff8fff8d1707320577402e85cc7
Certificate serial:       018CC500FC32047A32F7D56A0824B5A36325
Authority key identifier: E9:EE:65:EC:66:D9:0F:F8:FF:F8:D1:70:73:20:57:74:02:E8:5C:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6e5l7GbZD_j_-NFwcyBXdALoXMc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b1/fde2f5-af35-4a49-9b44-946d92c3f093/1/cWPUbNERoLN6EyAPJHUpZuusHaw.roa
Signing time:             Mon 01 Jan 2024 12:30:25 +0000
ROA not before:           Mon 01 Jan 2024 12:30:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42948
IP address blocks:        193.142.149.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b1/fde2f5-af35-4a49-9b44-946d92c3f093/1/6e5l7GbZD_j_-NFwcyBXdALoXMc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b1/fde2f5-af35-4a49-9b44-946d92c3f093/1/6e5l7GbZD_j_-NFwcyBXdALoXMc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6e5l7GbZD_j_-NFwcyBXdALoXMc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 18:00:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:fc:32:04:7a:32:f7:d5:6a:08:24:b5:a3:63:25
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e9ee65ec66d90ff8fff8d1707320577402e85cc7
        Validity
            Not Before: Jan  1 12:30:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7163d46cd111a0b37a13200f24752966ebac1dac
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ea:de:f4:07:94:d1:bd:d5:80:41:87:cf:46:ea:
                    7a:11:be:59:73:30:4c:69:fc:b6:79:2f:86:0d:6c:
                    01:a0:d5:dc:19:ba:a2:57:85:b8:10:ce:f3:29:d4:
                    8f:fb:10:ba:fb:09:cb:10:8f:88:fb:48:cd:be:aa:
                    36:27:3c:2e:fe:3a:f7:5a:bd:b1:4d:45:e1:41:55:
                    98:23:c3:59:66:24:a2:19:38:e5:d4:e1:63:77:72:
                    51:b8:93:09:7a:d9:e9:a8:10:35:4f:b5:cf:ef:22:
                    a6:b7:a8:1b:15:4a:d6:19:f0:38:bb:78:70:10:f0:
                    75:31:20:a1:b4:f2:62:b9:6b:c2:2a:16:8e:af:13:
                    ed:13:89:b4:ee:ff:7a:97:b3:01:e6:79:1d:8d:40:
                    70:69:16:89:89:4b:03:39:2d:52:7c:0e:18:ce:aa:
                    9b:ae:df:c7:9b:32:a5:14:6c:35:8f:c2:8f:51:49:
                    22:0f:fb:ce:3b:ad:74:9f:a1:13:fe:86:b4:1b:6d:
                    14:18:11:61:9c:be:03:a7:98:4a:dc:5d:a6:82:d8:
                    42:ae:52:b7:b5:9f:5a:54:56:7f:21:ba:f2:dd:f3:
                    88:18:49:9b:12:df:8d:b6:f5:d2:72:28:4d:8c:db:
                    11:52:be:aa:90:b5:34:ae:8f:80:06:ad:88:10:e8:
                    f8:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:63:D4:6C:D1:11:A0:B3:7A:13:20:0F:24:75:29:66:EB:AC:1D:AC
            X509v3 Authority Key Identifier:
                keyid:E9:EE:65:EC:66:D9:0F:F8:FF:F8:D1:70:73:20:57:74:02:E8:5C:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6e5l7GbZD_j_-NFwcyBXdALoXMc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/fde2f5-af35-4a49-9b44-946d92c3f093/1/cWPUbNERoLN6EyAPJHUpZuusHaw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/fde2f5-af35-4a49-9b44-946d92c3f093/1/6e5l7GbZD_j_-NFwcyBXdALoXMc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.142.149.0/24

    Signature Algorithm: sha256WithRSAEncryption
         aa:34:dc:14:a8:69:f3:e7:5d:7a:5e:ed:97:3e:82:97:6f:c8:
         b0:7b:be:ca:15:7a:df:24:f7:08:1f:91:53:65:0f:c5:be:95:
         91:3c:53:db:4e:80:9a:fc:ca:e1:48:58:5a:75:56:48:8c:83:
         b3:16:09:60:2c:7d:14:16:af:bc:fc:13:56:6b:25:bc:63:05:
         30:55:ef:bc:48:f7:e7:18:47:40:07:ef:ea:c0:4d:13:38:71:
         8c:42:d6:9d:c0:ff:4c:e8:bf:24:cd:2a:2b:32:81:1d:e6:54:
         c2:e6:09:fe:56:d7:c0:6e:68:78:67:de:03:d8:7b:9a:94:6a:
         96:c4:59:2d:de:c7:84:d6:be:05:0b:96:bf:f7:e1:5e:9b:c2:
         d2:99:5e:c5:b1:f5:5c:89:34:84:06:34:e8:f5:18:6c:9a:5d:
         b2:81:53:37:2c:01:6e:d3:13:1f:8f:ff:66:e6:07:5d:4a:35:
         68:7f:e1:37:00:74:81:b1:7b:6a:86:4b:17:5a:12:42:ab:9c:
         74:3c:e7:e1:a8:c8:44:00:fb:8c:0c:96:e8:c3:57:24:95:22:
         0d:4b:8e:47:a8:db:d2:4f:c5:5d:79:0b:21:34:7a:f0:a3:56:
         d1:47:0d:9b:66:66:7b:03:ff:bc:53:68:f3:ce:38:3f:61:01:
         d4:28:db:a0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAPwyBHoy99VqCCS1o2MlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU5ZWU2NWVjNjZkOTBmZjhmZmY4ZDE3MDczMjA1Nzc0MDJl
ODVjYzcwHhcNMjQwMTAxMTIzMDI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MTYzZDQ2Y2QxMTFhMGIzN2ExMzIwMGYyNDc1Mjk2NmViYWMxZGFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6t70B5TRvdWAQYfPRup6Eb5ZczBM
afy2eS+GDWwBoNXcGbqiV4W4EM7zKdSP+xC6+wnLEI+I+0jNvqo2Jzwu/jr3Wr2x
TUXhQVWYI8NZZiSiGTjl1OFjd3JRuJMJetnpqBA1T7XP7yKmt6gbFUrWGfA4u3hw
EPB1MSChtPJiuWvCKhaOrxPtE4m07v96l7MB5nkdjUBwaRaJiUsDOS1SfA4Yzqqb
rt/HmzKlFGw1j8KPUUkiD/vOO610n6ET/oa0G20UGBFhnL4Dp5hK3F2mgthCrlK3
tZ9aVFZ/Ibry3fOIGEmbEt+NtvXScihNjNsRUr6qkLU0ro+ABq2IEOj40QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHFj1GzREaCzehMgDyR1KWbrrB2sMB8GA1UdIwQY
MBaAFOnuZexm2Q/4//jRcHMgV3QC6FzHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNmU1bDdHYlpEX2pfLU5Gd2N5QlhkQUxvWE1jLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS9mZGUyZjUtYWYzNS00YTQ5LTliNDQt
OTQ2ZDkyYzNmMDkzLzEvY1dQVWJORVJvTE42RXlBUEpIVXBadXVzSGF3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS9mZGUyZjUtYWYzNS00YTQ5LTliNDQtOTQ2ZDkyYzNmMDkz
LzEvNmU1bDdHYlpEX2pfLU5Gd2N5QlhkQUxvWE1jLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwY6VMA0G
CSqGSIb3DQEBCwUAA4IBAQCqNNwUqGnz5116Xu2XPoKXb8iwe77KFXrfJPcIH5FT
ZQ/FvpWRPFPbToCa/MrhSFhadVZIjIOzFglgLH0UFq+8/BNWayW8YwUwVe+8SPfn
GEdAB+/qwE0TOHGMQtadwP9M6L8kzSorMoEd5lTC5gn+VtfAbmh4Z94D2HualGqW
xFkt3seE1r4FC5a/9+Fem8LSmV7FsfVciTSEBjTo9Rhsml2ygVM3LAFu0xMfj/9m
5gddSjVof+E3AHSBsXtqhksXWhJCq5x0POfhqMhEAPuMDJbow1cklSINS45HqNvS
T8VdeQshNHrwo1bRRw2bZmZ7A/+8U2jzzjg/YQHUKNug
-----END CERTIFICATE-----