Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bb/41e9b0-62e7-4718-b966-1f9ae055646f/1/WJhSPfwP3gOw8o1WN23ZhgNdQJc.roa
File:                     WJhSPfwP3gOw8o1WN23ZhgNdQJc.roa (raw, json)
Hash identifier:          GUtVmRGh8HWdQYnD7xb/UsUV/lRJmkekQOt1WX7eciM=
Subject key identifier:   58:98:52:3D:FC:0F:DE:03:B0:F2:8D:56:37:6D:D9:86:03:5D:40:97
Certificate issuer:       /CN=8aa1fe9a4c03d015aec974e2d29709a979eb82f1
Certificate serial:       018CC26D0D14B9D6EDD0E75B2CB3F1B2737E
Authority key identifier: 8A:A1:FE:9A:4C:03:D0:15:AE:C9:74:E2:D2:97:09:A9:79:EB:82:F1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iqH-mkwD0BWuyXTi0pcJqXnrgvE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bb/41e9b0-62e7-4718-b966-1f9ae055646f/1/WJhSPfwP3gOw8o1WN23ZhgNdQJc.roa
Signing time:             Mon 01 Jan 2024 00:29:35 +0000
ROA not before:           Mon 01 Jan 2024 00:29:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     33309
IP address blocks:        185.241.46.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bb/41e9b0-62e7-4718-b966-1f9ae055646f/1/iqH-mkwD0BWuyXTi0pcJqXnrgvE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bb/41e9b0-62e7-4718-b966-1f9ae055646f/1/iqH-mkwD0BWuyXTi0pcJqXnrgvE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iqH-mkwD0BWuyXTi0pcJqXnrgvE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:0d:14:b9:d6:ed:d0:e7:5b:2c:b3:f1:b2:73:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8aa1fe9a4c03d015aec974e2d29709a979eb82f1
        Validity
            Not Before: Jan  1 00:29:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5898523dfc0fde03b0f28d56376dd986035d4097
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:1a:97:84:6a:ad:85:53:13:05:ac:d1:28:f2:
                    4b:4c:ad:0b:03:31:d4:5d:6a:6f:4c:06:96:43:d6:
                    68:ce:cf:fe:45:92:b7:e9:6f:16:7c:7e:ba:65:9c:
                    46:a9:c9:b8:97:6e:bd:69:8c:52:d1:0f:c4:94:2a:
                    b7:bb:c8:b0:f4:f0:97:f2:06:74:b0:8e:c1:9b:a7:
                    f7:54:b4:e0:74:d8:1a:53:9c:67:7d:41:c9:84:c9:
                    fe:3a:9f:a1:c7:3b:fd:11:58:25:2b:b2:d1:2c:e7:
                    65:60:59:a5:75:77:94:a3:54:51:b4:a7:81:4c:e4:
                    ce:9d:92:88:08:9d:e5:a0:13:8d:66:13:78:68:64:
                    93:9d:66:b4:47:52:7e:cd:7f:5d:0a:d0:9c:36:c4:
                    b7:b3:13:8c:03:a9:66:bb:01:68:04:30:de:12:e9:
                    00:40:21:49:51:11:b0:98:aa:9d:ce:fa:27:5b:47:
                    34:b4:c7:09:57:1a:a1:1d:7f:a0:83:85:e2:78:e3:
                    83:f4:70:08:bd:8d:ae:44:b6:07:aa:fe:b0:8b:76:
                    e5:e5:8f:42:ef:2c:e0:67:74:76:9d:1c:58:ff:1e:
                    52:a2:8a:a7:1d:c1:07:52:54:16:22:3a:bd:7b:9c:
                    fb:38:1a:03:41:bd:ea:b2:28:fe:83:8b:42:8f:73:
                    01:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:98:52:3D:FC:0F:DE:03:B0:F2:8D:56:37:6D:D9:86:03:5D:40:97
            X509v3 Authority Key Identifier:
                keyid:8A:A1:FE:9A:4C:03:D0:15:AE:C9:74:E2:D2:97:09:A9:79:EB:82:F1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iqH-mkwD0BWuyXTi0pcJqXnrgvE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/41e9b0-62e7-4718-b966-1f9ae055646f/1/WJhSPfwP3gOw8o1WN23ZhgNdQJc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/41e9b0-62e7-4718-b966-1f9ae055646f/1/iqH-mkwD0BWuyXTi0pcJqXnrgvE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.241.46.0/24

    Signature Algorithm: sha256WithRSAEncryption
         89:f9:87:f1:b7:17:55:9b:57:7c:1b:9c:d4:90:2e:6c:78:1f:
         fa:91:f8:d4:c2:70:65:5b:ac:41:ef:15:f3:26:5e:99:0c:eb:
         5c:1c:6f:ef:c6:4b:75:9e:1b:e6:da:00:59:a3:02:d3:3a:ff:
         e9:21:33:27:78:ac:ff:ef:c5:4d:b2:17:0a:ee:39:07:54:ee:
         ef:4f:c7:06:4c:cc:ea:91:66:74:e5:3a:cd:10:8c:6d:43:9a:
         75:f2:a9:cf:46:65:ca:fa:0e:9f:3d:45:0c:84:83:af:2c:08:
         69:0a:09:65:89:d9:b7:47:fe:bc:52:78:90:55:9a:ac:5d:1d:
         16:b3:f6:f6:38:a8:52:3a:29:09:df:c8:09:b1:79:16:0c:89:
         0e:e1:07:8e:8c:c9:61:4c:d4:ab:3f:80:70:38:fd:41:a1:43:
         75:a7:7f:1e:2c:4c:1d:50:a7:30:ce:c4:2b:2e:84:f7:b3:fd:
         1a:6a:c2:87:c4:14:68:dc:26:da:d1:d6:2a:26:db:a1:ef:80:
         35:47:bf:7d:1c:36:91:2d:15:c3:41:14:ca:ad:39:c3:ab:a6:
         95:88:48:10:e7:41:eb:ac:1d:dd:b3:41:47:7f:7a:77:e7:b4:
         95:31:ee:13:9f:c8:bc:3b:ae:ea:80:2d:3d:0a:7b:56:f7:2e:
         26:96:6f:30
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbQ0Uudbt0OdbLLPxsnN+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhhYTFmZTlhNGMwM2QwMTVhZWM5NzRlMmQyOTcwOWE5Nzll
YjgyZjEwHhcNMjQwMTAxMDAyOTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ODk4NTIzZGZjMGZkZTAzYjBmMjhkNTYzNzZkZDk4NjAzNWQ0MDk3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlhqXhGqthVMTBazRKPJLTK0LAzHU
XWpvTAaWQ9Zozs/+RZK36W8WfH66ZZxGqcm4l269aYxS0Q/ElCq3u8iw9PCX8gZ0
sI7Bm6f3VLTgdNgaU5xnfUHJhMn+Op+hxzv9EVglK7LRLOdlYFmldXeUo1RRtKeB
TOTOnZKICJ3loBONZhN4aGSTnWa0R1J+zX9dCtCcNsS3sxOMA6lmuwFoBDDeEukA
QCFJURGwmKqdzvonW0c0tMcJVxqhHX+gg4XieOOD9HAIvY2uRLYHqv6wi3bl5Y9C
7yzgZ3R2nRxY/x5SooqnHcEHUlQWIjq9e5z7OBoDQb3qsij+g4tCj3MB5wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFiYUj38D94DsPKNVjdt2YYDXUCXMB8GA1UdIwQY
MBaAFIqh/ppMA9AVrsl04tKXCal564LxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaXFILW1rd0QwQld1eVhUaTBwY0pxWG5yZ3ZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYi80MWU5YjAtNjJlNy00NzE4LWI5NjYt
MWY5YWUwNTU2NDZmLzEvV0poU1Bmd1AzZ093OG8xV04yM1poZ05kUUpjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYi80MWU5YjAtNjJlNy00NzE4LWI5NjYtMWY5YWUwNTU2NDZm
LzEvaXFILW1rd0QwQld1eVhUaTBwY0pxWG5yZ3ZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAufEuMA0G
CSqGSIb3DQEBCwUAA4IBAQCJ+YfxtxdVm1d8G5zUkC5seB/6kfjUwnBlW6xB7xXz
Jl6ZDOtcHG/vxkt1nhvm2gBZowLTOv/pITMneKz/78VNshcK7jkHVO7vT8cGTMzq
kWZ05TrNEIxtQ5p18qnPRmXK+g6fPUUMhIOvLAhpCgllidm3R/68UniQVZqsXR0W
s/b2OKhSOikJ38gJsXkWDIkO4QeOjMlhTNSrP4BwOP1BoUN1p38eLEwdUKcwzsQr
LoT3s/0aasKHxBRo3Cba0dYqJtuh74A1R799HDaRLRXDQRTKrTnDq6aViEgQ50Hr
rB3ds0FHf3p357SVMe4Tn8i8O67qgC09CntW9y4mlm8w
-----END CERTIFICATE-----