Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/WiFJe8wPbpg0uNO73V6zaCK2sm0.roa
File:                     WiFJe8wPbpg0uNO73V6zaCK2sm0.roa (raw, json)
Hash identifier:          5RFDWSdds4IR+grrKrZRTHJu09xd19h0rvERqrUALk4=
Subject key identifier:   5A:21:49:7B:CC:0F:6E:98:34:B8:D3:BB:DD:5E:B3:68:22:B6:B2:6D
Certificate issuer:       /CN=1aca63df248b7adf3ddd07e8c2d3eedd02cef933
Certificate serial:       018CC7276185ADD4B1AF07C93D95A479AC0B
Authority key identifier: 1A:CA:63:DF:24:8B:7A:DF:3D:DD:07:E8:C2:D3:EE:DD:02:CE:F9:33
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Gspj3ySLet893QfowtPu3QLO-TM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/WiFJe8wPbpg0uNO73V6zaCK2sm0.roa
Signing time:             Mon 01 Jan 2024 22:31:35 +0000
ROA not before:           Mon 01 Jan 2024 22:31:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     6873
IP address blocks:        89.174.75.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/Gspj3ySLet893QfowtPu3QLO-TM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/Gspj3ySLet893QfowtPu3QLO-TM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Gspj3ySLet893QfowtPu3QLO-TM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 14:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:61:85:ad:d4:b1:af:07:c9:3d:95:a4:79:ac:0b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1aca63df248b7adf3ddd07e8c2d3eedd02cef933
        Validity
            Not Before: Jan  1 22:31:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5a21497bcc0f6e9834b8d3bbdd5eb36822b6b26d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:b9:f6:af:e0:53:35:11:e1:9b:dc:dc:e8:52:
                    46:bc:13:3c:a3:92:18:a0:cb:4c:36:bd:f9:fc:2b:
                    7e:3f:14:25:b0:f0:8f:35:9b:e6:0a:96:0a:ac:d7:
                    d3:0e:7d:01:0f:ab:49:e4:92:25:d6:1b:e6:07:2d:
                    0e:80:0b:51:bc:72:7b:24:51:06:f6:78:63:8f:13:
                    c3:8e:3a:43:e7:a2:eb:05:b5:e6:08:90:27:42:c4:
                    18:cc:95:e8:65:ec:c4:2b:4a:22:1c:90:63:31:c4:
                    30:d8:3f:7a:00:7c:b6:4c:92:ba:20:a8:55:ba:98:
                    c9:70:2f:c5:78:1d:9c:22:d2:3e:64:9c:76:18:5a:
                    ac:c7:17:8a:ec:30:2a:38:25:c0:c4:83:c4:52:d9:
                    30:e3:45:27:e1:73:17:71:31:8e:7d:8a:69:c9:4c:
                    ef:3b:01:98:47:92:f2:56:28:18:ae:52:e1:f6:c1:
                    53:30:29:70:45:de:b4:7e:71:8e:19:fa:a8:64:0c:
                    3f:93:a4:31:b1:c1:b1:63:8c:ec:13:b8:11:78:a1:
                    5f:4a:0b:ea:f9:92:95:f0:f9:5b:11:22:8b:42:07:
                    77:fc:72:06:3d:43:02:34:e0:2c:6a:c8:ae:8c:97:
                    a0:9c:00:d6:03:8d:58:0e:b7:ad:9f:f4:f0:d4:49:
                    d6:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5A:21:49:7B:CC:0F:6E:98:34:B8:D3:BB:DD:5E:B3:68:22:B6:B2:6D
            X509v3 Authority Key Identifier:
                keyid:1A:CA:63:DF:24:8B:7A:DF:3D:DD:07:E8:C2:D3:EE:DD:02:CE:F9:33

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Gspj3ySLet893QfowtPu3QLO-TM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/WiFJe8wPbpg0uNO73V6zaCK2sm0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/Gspj3ySLet893QfowtPu3QLO-TM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.174.75.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7a:7d:fb:dd:c0:b6:d7:00:7e:79:93:23:0f:96:7e:28:13:39:
         17:af:67:3b:74:d8:4a:30:44:eb:72:f6:ab:ab:51:62:80:22:
         d8:4e:25:0a:c3:41:36:d1:4b:76:c9:59:f8:e2:5d:31:88:ab:
         7c:fc:62:f2:6e:d3:22:cf:a8:c9:75:50:83:03:a3:53:7b:91:
         2b:3a:ed:a5:4a:81:e2:48:af:2d:1f:f8:47:66:16:25:5f:77:
         6f:1b:6b:b4:36:a3:83:14:a3:ac:71:a1:2a:c8:1f:52:62:5c:
         5c:77:69:4b:f3:82:89:98:c8:ff:d6:d5:b2:a8:a5:9b:b6:19:
         d4:3a:b8:53:c8:4f:91:34:38:8c:9b:08:21:c2:d9:0b:ce:3c:
         99:30:a1:76:76:c1:95:77:32:9c:d3:f2:5f:8d:9f:d7:35:f6:
         4d:71:a7:9f:e9:b0:6e:e7:20:3e:0e:5f:b5:e0:fd:1b:77:7d:
         c1:f4:03:9f:c2:7a:ca:35:b5:ce:25:e7:bb:84:4d:fc:bc:8a:
         46:ba:51:3f:4b:9c:20:30:1d:9b:71:ff:10:a0:eb:14:a2:e4:
         d6:f8:19:31:99:e8:a1:ce:7d:59:46:14:c8:36:e6:91:4a:2c:
         90:d2:f5:4f:cb:e0:69:7b:5c:e2:b3:b4:ad:88:6e:a7:97:cc:
         33:37:81:04
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJ2GFrdSxrwfJPZWkeawLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFhY2E2M2RmMjQ4YjdhZGYzZGRkMDdlOGMyZDNlZWRkMDJj
ZWY5MzMwHhcNMjQwMTAxMjIzMTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YTIxNDk3YmNjMGY2ZTk4MzRiOGQzYmJkZDVlYjM2ODIyYjZiMjZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm7n2r+BTNRHhm9zc6FJGvBM8o5IY
oMtMNr35/Ct+PxQlsPCPNZvmCpYKrNfTDn0BD6tJ5JIl1hvmBy0OgAtRvHJ7JFEG
9nhjjxPDjjpD56LrBbXmCJAnQsQYzJXoZezEK0oiHJBjMcQw2D96AHy2TJK6IKhV
upjJcC/FeB2cItI+ZJx2GFqsxxeK7DAqOCXAxIPEUtkw40Un4XMXcTGOfYppyUzv
OwGYR5LyVigYrlLh9sFTMClwRd60fnGOGfqoZAw/k6QxscGxY4zsE7gReKFfSgvq
+ZKV8PlbESKLQgd3/HIGPUMCNOAsasiujJegnADWA41YDretn/Tw1EnW9wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFohSXvMD26YNLjTu91es2gitrJtMB8GA1UdIwQY
MBaAFBrKY98ki3rfPd0H6MLT7t0CzvkzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3NwajN5U0xldDg5M1Fmb3d0UHUzUUxPLVRNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS8xZjY0NTgtZGM3NS00YWRkLWFlNzIt
OTFlMzE4NGJiMGFiLzEvV2lGSmU4d1BicGcwdU5PNzNWNnphQ0syc20wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS8xZjY0NTgtZGM3NS00YWRkLWFlNzItOTFlMzE4NGJiMGFi
LzEvR3NwajN5U0xldDg5M1Fmb3d0UHUzUUxPLVRNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWa5LMA0G
CSqGSIb3DQEBCwUAA4IBAQB6ffvdwLbXAH55kyMPln4oEzkXr2c7dNhKMETrcvar
q1FigCLYTiUKw0E20Ut2yVn44l0xiKt8/GLybtMiz6jJdVCDA6NTe5ErOu2lSoHi
SK8tH/hHZhYlX3dvG2u0NqODFKOscaEqyB9SYlxcd2lL84KJmMj/1tWyqKWbthnU
OrhTyE+RNDiMmwghwtkLzjyZMKF2dsGVdzKc0/JfjZ/XNfZNcaef6bBu5yA+Dl+1
4P0bd33B9AOfwnrKNbXOJee7hE38vIpGulE/S5wgMB2bcf8QoOsUouTW+Bkxmeih
zn1ZRhTINuaRSiyQ0vVPy+Bpe1zis7StiG6nl8wzN4EE
-----END CERTIFICATE-----