Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b6/ba6b0b-382e-440f-8db9-35afb5c248b6/1/WIrHEz8qkQxa8wSLQPcTadapNBE.roa
File:                     WIrHEz8qkQxa8wSLQPcTadapNBE.roa (raw, json)
Hash identifier:          qZTJZEki+dV5Hpaeyj92maQY2k2xG6qIbUXrG4FPSMA=
Subject key identifier:   58:8A:C7:13:3F:2A:91:0C:5A:F3:04:8B:40:F7:13:69:D6:A9:34:11
Certificate issuer:       /CN=44818ef06efd6e22d471404ab538a4b9c807efe0
Certificate serial:       018CCA2A483190C3343B28F7A9B5885AE5E6
Authority key identifier: 44:81:8E:F0:6E:FD:6E:22:D4:71:40:4A:B5:38:A4:B9:C8:07:EF:E0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RIGO8G79biLUcUBKtTikucgH7-A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b6/ba6b0b-382e-440f-8db9-35afb5c248b6/1/WIrHEz8qkQxa8wSLQPcTadapNBE.roa
Signing time:             Tue 02 Jan 2024 12:33:37 +0000
ROA not before:           Tue 02 Jan 2024 12:33:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12290
IP address blocks:        178.250.72.0/21 maxlen: 21
                          2a02:1658::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b6/ba6b0b-382e-440f-8db9-35afb5c248b6/1/RIGO8G79biLUcUBKtTikucgH7-A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b6/ba6b0b-382e-440f-8db9-35afb5c248b6/1/RIGO8G79biLUcUBKtTikucgH7-A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RIGO8G79biLUcUBKtTikucgH7-A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 01:02:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:48:31:90:c3:34:3b:28:f7:a9:b5:88:5a:e5:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=44818ef06efd6e22d471404ab538a4b9c807efe0
        Validity
            Not Before: Jan  2 12:33:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=588ac7133f2a910c5af3048b40f71369d6a93411
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:9b:b9:70:e1:e4:c2:2b:b3:b7:45:22:77:17:
                    3c:9a:bc:dd:00:30:b2:80:46:bb:89:5a:f2:a0:62:
                    52:61:6f:b7:6a:12:cd:69:2a:2d:5c:6b:be:e9:3f:
                    94:4b:f7:10:30:67:92:e3:63:ea:b9:08:ed:cc:a9:
                    ec:83:84:8e:6a:5e:e1:33:fb:c4:7d:31:7d:24:3f:
                    26:ff:a5:9e:96:dc:79:b1:fc:b4:30:f9:ba:1f:7a:
                    7e:a7:01:0f:07:bf:70:01:e5:d6:7a:db:da:29:6a:
                    b7:c7:37:72:2c:35:71:8f:0d:3f:3c:97:91:1c:31:
                    69:8d:83:c6:1a:88:26:d2:fc:98:c6:72:a2:c4:ec:
                    3f:f5:41:a1:d4:4e:b8:c6:e0:99:3e:30:d1:4a:8d:
                    73:4b:b6:b9:b9:12:8f:16:a5:09:be:60:a1:18:ae:
                    6e:4b:a7:f3:5d:86:ee:b2:d2:c3:39:eb:3d:e5:1c:
                    ed:3f:22:10:a4:58:f9:fd:1f:79:7c:7c:b3:2b:09:
                    d9:2d:7a:23:03:c9:a9:45:60:d2:20:d9:b8:c5:6b:
                    e4:f0:33:b6:c0:3e:68:60:3c:f7:b6:06:bf:d7:57:
                    7d:3b:ba:d3:23:0f:e6:02:48:c6:20:36:22:53:f1:
                    32:f8:bf:a8:df:e6:01:df:f5:7b:40:c1:1b:65:e3:
                    93:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:8A:C7:13:3F:2A:91:0C:5A:F3:04:8B:40:F7:13:69:D6:A9:34:11
            X509v3 Authority Key Identifier:
                keyid:44:81:8E:F0:6E:FD:6E:22:D4:71:40:4A:B5:38:A4:B9:C8:07:EF:E0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RIGO8G79biLUcUBKtTikucgH7-A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/ba6b0b-382e-440f-8db9-35afb5c248b6/1/WIrHEz8qkQxa8wSLQPcTadapNBE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/ba6b0b-382e-440f-8db9-35afb5c248b6/1/RIGO8G79biLUcUBKtTikucgH7-A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.250.72.0/21
                IPv6:
                  2a02:1658::/32

    Signature Algorithm: sha256WithRSAEncryption
         b8:70:96:0f:31:d0:91:51:86:62:34:a3:36:08:5f:96:ab:ca:
         71:6b:88:3f:56:4f:54:45:90:f9:d5:d1:c9:f9:8a:39:1c:17:
         54:a8:4d:2d:38:7c:7d:cb:26:b5:51:0f:d1:5c:54:81:d7:97:
         29:e5:4a:24:4a:97:65:9c:25:bc:ce:f5:41:a7:75:35:ac:6a:
         d7:77:54:6c:36:02:c4:a6:f9:fb:38:1d:50:76:f7:26:83:d5:
         77:2a:71:f4:75:bc:42:ef:1d:94:ea:63:33:45:bf:6c:0a:38:
         de:ef:4b:39:8b:6a:74:6e:1c:f6:d0:a1:18:30:ea:93:5b:27:
         a4:12:bb:f5:77:6e:b7:ec:d4:de:72:ea:d6:d0:17:7a:68:b5:
         c2:82:63:b7:cf:69:05:0e:0e:83:75:d8:3d:ee:6e:ef:b4:6c:
         99:cc:7d:27:88:c9:b4:db:de:8a:7b:9c:d7:fe:d1:5d:e1:f2:
         d5:90:bf:ff:2c:08:01:0d:08:35:e8:c9:91:7e:f4:b3:f6:76:
         c7:7e:23:8d:a8:ad:41:27:7d:8c:23:91:01:01:a4:a8:ff:12:
         5e:2f:86:a5:a3:81:0e:1a:fb:0d:a3:3c:e2:ab:f7:e8:6f:aa:
         dc:4a:c0:c9:23:fa:a5:9d:ee:2a:e4:3d:47:3c:b6:7b:d1:b6:
         8f:c1:ce:11
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzKKkgxkMM0Oyj3qbWIWuXmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ0ODE4ZWYwNmVmZDZlMjJkNDcxNDA0YWI1MzhhNGI5Yzgw
N2VmZTAwHhcNMjQwMTAyMTIzMzM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ODhhYzcxMzNmMmE5MTBjNWFmMzA0OGI0MGY3MTM2OWQ2YTkzNDExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlZu5cOHkwiuzt0Uidxc8mrzdADCy
gEa7iVryoGJSYW+3ahLNaSotXGu+6T+US/cQMGeS42PquQjtzKnsg4SOal7hM/vE
fTF9JD8m/6Weltx5sfy0MPm6H3p+pwEPB79wAeXWetvaKWq3xzdyLDVxjw0/PJeR
HDFpjYPGGogm0vyYxnKixOw/9UGh1E64xuCZPjDRSo1zS7a5uRKPFqUJvmChGK5u
S6fzXYbustLDOes95RztPyIQpFj5/R95fHyzKwnZLXojA8mpRWDSINm4xWvk8DO2
wD5oYDz3tga/11d9O7rTIw/mAkjGIDYiU/Ey+L+o3+YB3/V7QMEbZeOTAwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFFiKxxM/KpEMWvMEi0D3E2nWqTQRMB8GA1UdIwQY
MBaAFESBjvBu/W4i1HFASrU4pLnIB+/gMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUklHTzhHNzliaUxVY1VCS3RUaWt1Y2dINy1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNi9iYTZiMGItMzgyZS00NDBmLThkYjkt
MzVhZmI1YzI0OGI2LzEvV0lySEV6OHFrUXhhOHdTTFFQY1RhZGFwTkJFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNi9iYTZiMGItMzgyZS00NDBmLThkYjktMzVhZmI1YzI0OGI2
LzEvUklHTzhHNzliaUxVY1VCS3RUaWt1Y2dINy1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQDsvpIMA0E
AgACMAcDBQAqAhZYMA0GCSqGSIb3DQEBCwUAA4IBAQC4cJYPMdCRUYZiNKM2CF+W
q8pxa4g/Vk9URZD51dHJ+Yo5HBdUqE0tOHx9yya1UQ/RXFSB15cp5UokSpdlnCW8
zvVBp3U1rGrXd1RsNgLEpvn7OB1Qdvcmg9V3KnH0dbxC7x2U6mMzRb9sCjje70s5
i2p0bhz20KEYMOqTWyekErv1d2637NTecurW0Bd6aLXCgmO3z2kFDg6Dddg97m7v
tGyZzH0niMm0296Ke5zX/tFd4fLVkL//LAgBDQg16MmRfvSz9nbHfiONqK1BJ32M
I5EBAaSo/xJeL4alo4EOGvsNozziq/fob6rcSsDJI/qlne4q5D1HPLZ70baPwc4R
-----END CERTIFICATE-----