Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b4/9002e2-dc04-4c39-9235-54d5d04e346d/1/WU49IE_7GcOYNYwRw3RP3mN1H3Q.roa
File:                     WU49IE_7GcOYNYwRw3RP3mN1H3Q.roa (raw, json)
Hash identifier:          YHH8Jth9g+JM0DsX4aa0KhMxLXNyRppab/vddrDAjIE=
Subject key identifier:   59:4E:3D:20:4F:FB:19:C3:98:35:8C:11:C3:74:4F:DE:63:75:1F:74
Certificate issuer:       /CN=d922d8d45f985dc3896c9176a7d48d7658cb4f68
Certificate serial:       018CC94D7EF805D472B1B68330665EE8EECF
Authority key identifier: D9:22:D8:D4:5F:98:5D:C3:89:6C:91:76:A7:D4:8D:76:58:CB:4F:68
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2SLY1F-YXcOJbJF2p9SNdljLT2g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b4/9002e2-dc04-4c39-9235-54d5d04e346d/1/WU49IE_7GcOYNYwRw3RP3mN1H3Q.roa
Signing time:             Tue 02 Jan 2024 08:32:28 +0000
ROA not before:           Tue 02 Jan 2024 08:32:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43790
IP address blocks:        185.154.71.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b4/9002e2-dc04-4c39-9235-54d5d04e346d/1/2SLY1F-YXcOJbJF2p9SNdljLT2g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b4/9002e2-dc04-4c39-9235-54d5d04e346d/1/2SLY1F-YXcOJbJF2p9SNdljLT2g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2SLY1F-YXcOJbJF2p9SNdljLT2g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 11:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:7e:f8:05:d4:72:b1:b6:83:30:66:5e:e8:ee:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d922d8d45f985dc3896c9176a7d48d7658cb4f68
        Validity
            Not Before: Jan  2 08:32:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=594e3d204ffb19c398358c11c3744fde63751f74
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:ec:43:03:a9:fe:b7:31:0a:45:b3:60:74:70:
                    b1:97:69:6f:11:ec:a4:9a:0f:68:f9:ac:0f:08:f7:
                    a4:21:96:d4:86:26:f0:7c:b0:3d:ed:81:a2:b3:d5:
                    eb:3d:ec:5c:50:3d:cb:8e:f7:dd:ba:e6:c3:00:c1:
                    fd:58:91:6c:c4:48:04:6e:19:e6:36:55:03:42:e0:
                    38:20:59:b1:c9:37:88:fc:76:39:17:c1:6e:3c:eb:
                    1e:ad:72:fd:89:af:c5:ea:d6:71:e0:93:f0:3f:5f:
                    c9:b7:3b:57:24:8a:59:7f:2c:37:82:5a:e5:a1:bc:
                    a9:5a:8d:fd:81:94:39:80:ec:f9:74:67:3d:7b:87:
                    66:29:a5:c6:80:25:ae:95:ed:43:1d:98:3b:8b:6c:
                    62:2f:4d:a1:87:fe:68:6c:a3:28:90:52:ee:4d:e1:
                    f7:d9:52:1e:d0:a2:00:da:e5:88:f6:12:35:2b:6e:
                    ef:af:cd:4c:fc:12:7a:58:02:22:c8:5b:b0:a8:44:
                    21:23:10:d3:4e:8f:d5:24:d7:07:01:22:f5:f8:8f:
                    b2:b1:1f:f6:ec:d8:46:ee:68:74:b8:54:cc:87:6d:
                    09:54:f2:a2:4e:eb:4c:8d:72:fc:af:ca:1a:22:18:
                    42:c4:fc:94:1f:a2:e6:61:af:5c:d6:71:00:80:e2:
                    8b:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:4E:3D:20:4F:FB:19:C3:98:35:8C:11:C3:74:4F:DE:63:75:1F:74
            X509v3 Authority Key Identifier:
                keyid:D9:22:D8:D4:5F:98:5D:C3:89:6C:91:76:A7:D4:8D:76:58:CB:4F:68

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2SLY1F-YXcOJbJF2p9SNdljLT2g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/9002e2-dc04-4c39-9235-54d5d04e346d/1/WU49IE_7GcOYNYwRw3RP3mN1H3Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/9002e2-dc04-4c39-9235-54d5d04e346d/1/2SLY1F-YXcOJbJF2p9SNdljLT2g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.154.71.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0e:89:a3:e3:87:39:57:a1:1e:99:0e:46:98:bb:1b:6b:78:9b:
         5d:ce:a3:5f:13:ea:4b:b4:cb:bd:3a:14:94:77:61:db:bb:ca:
         80:9d:54:23:5c:f3:fe:61:35:6b:6f:93:cf:5d:1c:c0:b4:36:
         ff:4f:f4:63:52:ad:db:9c:08:08:1f:60:71:b1:7e:cb:44:c0:
         2b:e0:c1:c9:6a:d1:06:ab:6d:ff:19:d5:2e:8a:e9:eb:e0:d5:
         50:7d:b1:77:d0:a5:36:a4:99:97:3f:03:80:35:3a:eb:73:c9:
         87:c4:9c:2f:92:60:99:5b:00:27:f3:08:1d:9c:5b:18:ac:20:
         36:ca:9a:b2:38:73:b6:c6:b8:16:ea:34:78:d0:53:57:45:77:
         54:90:9e:b8:08:33:df:af:11:97:ff:09:9a:08:92:7d:b7:0e:
         7d:6d:f4:4a:97:6b:0e:ac:a7:7f:82:b5:8d:b9:d0:01:06:e8:
         ca:a1:17:13:6d:4e:48:cb:d8:0b:4a:25:f8:20:e1:06:3e:59:
         e8:89:3d:65:ad:08:63:88:b1:b3:7f:13:27:5a:43:75:00:45:
         59:ae:db:06:39:85:ae:2d:bf:85:b6:d8:07:f5:aa:72:f2:d6:
         be:58:5b:83:20:59:6c:3c:e5:55:e7:8b:ab:21:34:b6:63:ca:
         44:f8:14:60
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTX74BdRysbaDMGZe6O7PMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ5MjJkOGQ0NWY5ODVkYzM4OTZjOTE3NmE3ZDQ4ZDc2NThj
YjRmNjgwHhcNMjQwMTAyMDgzMjI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OTRlM2QyMDRmZmIxOWMzOTgzNThjMTFjMzc0NGZkZTYzNzUxZjc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh+xDA6n+tzEKRbNgdHCxl2lvEeyk
mg9o+awPCPekIZbUhibwfLA97YGis9XrPexcUD3LjvfduubDAMH9WJFsxEgEbhnm
NlUDQuA4IFmxyTeI/HY5F8FuPOserXL9ia/F6tZx4JPwP1/JtztXJIpZfyw3glrl
obypWo39gZQ5gOz5dGc9e4dmKaXGgCWule1DHZg7i2xiL02hh/5obKMokFLuTeH3
2VIe0KIA2uWI9hI1K27vr81M/BJ6WAIiyFuwqEQhIxDTTo/VJNcHASL1+I+ysR/2
7NhG7mh0uFTMh20JVPKiTutMjXL8r8oaIhhCxPyUH6LmYa9c1nEAgOKLdwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFlOPSBP+xnDmDWMEcN0T95jdR90MB8GA1UdIwQY
MBaAFNki2NRfmF3DiWyRdqfUjXZYy09oMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMlNMWTFGLVlYY09KYkpGMnA5U05kbGpMVDJnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNC85MDAyZTItZGMwNC00YzM5LTkyMzUt
NTRkNWQwNGUzNDZkLzEvV1U0OUlFXzdHY09ZTll3UnczUlAzbU4xSDNRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNC85MDAyZTItZGMwNC00YzM5LTkyMzUtNTRkNWQwNGUzNDZk
LzEvMlNMWTFGLVlYY09KYkpGMnA5U05kbGpMVDJnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuZpHMA0G
CSqGSIb3DQEBCwUAA4IBAQAOiaPjhzlXoR6ZDkaYuxtreJtdzqNfE+pLtMu9OhSU
d2Hbu8qAnVQjXPP+YTVrb5PPXRzAtDb/T/RjUq3bnAgIH2BxsX7LRMAr4MHJatEG
q23/GdUuiunr4NVQfbF30KU2pJmXPwOANTrrc8mHxJwvkmCZWwAn8wgdnFsYrCA2
ypqyOHO2xrgW6jR40FNXRXdUkJ64CDPfrxGX/wmaCJJ9tw59bfRKl2sOrKd/grWN
udABBujKoRcTbU5Iy9gLSiX4IOEGPlnoiT1lrQhjiLGzfxMnWkN1AEVZrtsGOYWu
Lb+FttgH9apy8ta+WFuDIFlsPOVV54urITS2Y8pE+BRg
-----END CERTIFICATE-----