Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/ad0116-7558-4656-9fb3-5199a711684d/1/WLQJ8zcZCMsER4r6hGR6_boxEBI.roa
File:                     WLQJ8zcZCMsER4r6hGR6_boxEBI.roa (raw, json)
Hash identifier:          8yJ5VPtEriA2v8Qxk3Uyit7MsAAT1OiV71AZSGLF2yM=
Subject key identifier:   58:B4:09:F3:37:19:08:CB:04:47:8A:FA:84:64:7A:FD:BA:31:10:12
Certificate issuer:       /CN=7069a025a84f42ef3ef0b6052de3fd65e8c08692
Certificate serial:       019420684F1CC04529179144AB1EC3F8C78D
Authority key identifier: 70:69:A0:25:A8:4F:42:EF:3E:F0:B6:05:2D:E3:FD:65:E8:C0:86:92
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cGmgJahPQu8-8LYFLeP9ZejAhpI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/be/ad0116-7558-4656-9fb3-5199a711684d/1/WLQJ8zcZCMsER4r6hGR6_boxEBI.roa
Signing time:             Wed 01 Jan 2025 05:48:14 +0000
ROA not before:           Wed 01 Jan 2025 05:48:14 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     13259
IP address blocks:        188.0.40.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/be/ad0116-7558-4656-9fb3-5199a711684d/1/cGmgJahPQu8-8LYFLeP9ZejAhpI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/be/ad0116-7558-4656-9fb3-5199a711684d/1/cGmgJahPQu8-8LYFLeP9ZejAhpI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cGmgJahPQu8-8LYFLeP9ZejAhpI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 21:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:68:4f:1c:c0:45:29:17:91:44:ab:1e:c3:f8:c7:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7069a025a84f42ef3ef0b6052de3fd65e8c08692
        Validity
            Not Before: Jan  1 05:48:14 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=58b409f3371908cb04478afa84647afdba311012
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:a7:f9:a6:ba:e7:15:27:7a:11:c3:89:a0:bf:
                    72:85:35:5d:0e:fc:33:d1:6e:cb:b9:60:d5:6e:95:
                    be:d5:43:a9:45:df:31:08:3c:7c:16:5d:f1:94:0c:
                    24:4c:71:e3:c9:ad:3b:b2:c2:ce:ca:49:ee:83:09:
                    da:d2:b9:67:f0:1a:24:b2:42:bb:1f:0e:9c:b1:12:
                    68:9b:02:1c:09:50:ec:53:87:13:e2:c6:88:68:ac:
                    0d:a4:6a:8c:ad:88:5c:48:7a:d4:05:37:c3:7b:d3:
                    9a:19:44:00:c2:14:d3:f2:c8:28:71:ab:88:24:da:
                    83:a0:6b:c4:5f:d1:d8:54:58:9e:60:85:b1:71:54:
                    71:ea:c3:1e:cf:37:2e:0b:eb:21:62:f6:02:22:8f:
                    5e:25:84:b1:1f:4d:fa:e6:80:58:19:95:83:f3:c5:
                    08:14:24:48:33:2f:6f:68:f4:8d:93:db:fd:93:57:
                    2e:75:b6:99:e9:f5:92:0b:1c:5e:ba:71:06:4b:b9:
                    37:0e:6b:03:ae:be:01:81:3a:a6:20:f4:65:80:c2:
                    61:13:44:86:69:cb:35:f0:16:3c:2e:f5:13:01:8c:
                    01:b5:09:8e:ea:2d:b8:9f:05:95:c3:3f:59:3f:50:
                    83:37:8a:5c:f0:fd:1c:5f:54:ef:67:9b:37:db:e6:
                    02:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:B4:09:F3:37:19:08:CB:04:47:8A:FA:84:64:7A:FD:BA:31:10:12
            X509v3 Authority Key Identifier:
                keyid:70:69:A0:25:A8:4F:42:EF:3E:F0:B6:05:2D:E3:FD:65:E8:C0:86:92

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cGmgJahPQu8-8LYFLeP9ZejAhpI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/ad0116-7558-4656-9fb3-5199a711684d/1/WLQJ8zcZCMsER4r6hGR6_boxEBI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/be/ad0116-7558-4656-9fb3-5199a711684d/1/cGmgJahPQu8-8LYFLeP9ZejAhpI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.0.40.0/21

    Signature Algorithm: sha256WithRSAEncryption
         66:97:76:3c:70:96:b5:52:81:9d:b9:51:b1:4a:2c:26:ed:27:
         43:8c:bb:15:7e:eb:ef:0d:e9:7b:75:2c:df:6b:b3:4f:9b:2d:
         5d:c8:17:e4:71:e0:36:1d:28:5b:e7:bf:74:a1:14:28:9d:0e:
         2c:b3:63:a3:e4:d8:2c:cd:2e:85:2c:de:f8:b3:7d:ea:ee:3b:
         34:ec:4c:2f:89:be:0e:ff:48:bc:07:46:a8:ed:f9:2f:88:e3:
         32:70:1a:c8:37:81:a0:5d:28:fc:67:0a:bf:d1:fb:db:1f:1f:
         a2:15:00:de:a8:97:4f:3d:36:cd:65:cc:0d:36:5a:91:91:35:
         ca:c5:a4:28:17:04:ff:ce:f2:44:57:5f:86:63:a8:01:24:3c:
         16:61:f3:09:f4:7a:79:c5:34:80:70:69:5f:32:73:e6:49:89:
         70:9c:c4:65:d3:d7:81:ff:7f:4b:b5:7a:09:e1:10:a9:fd:c7:
         bb:1b:18:1a:bc:f9:34:66:4a:59:5b:ae:08:55:fe:87:ab:2b:
         7c:c7:32:94:0f:60:9c:74:2f:48:67:36:54:38:2b:58:31:7b:
         2e:f0:37:84:60:00:6f:eb:f8:01:e0:91:8d:3b:43:77:45:a3:
         34:dc:25:ba:07:50:23:8c:bb:5e:48:a5:49:6e:6c:81:b7:11:
         95:eb:95:f7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQgaE8cwEUpF5FEqx7D+MeNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcwNjlhMDI1YTg0ZjQyZWYzZWYwYjYwNTJkZTNmZDY1ZThj
MDg2OTIwHhcNMjUwMTAxMDU0ODE0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OGI0MDlmMzM3MTkwOGNiMDQ0NzhhZmE4NDY0N2FmZGJhMzExMDEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvKf5prrnFSd6EcOJoL9yhTVdDvwz
0W7LuWDVbpW+1UOpRd8xCDx8Fl3xlAwkTHHjya07ssLOyknugwna0rln8BokskK7
Hw6csRJomwIcCVDsU4cT4saIaKwNpGqMrYhcSHrUBTfDe9OaGUQAwhTT8sgocauI
JNqDoGvEX9HYVFieYIWxcVRx6sMezzcuC+shYvYCIo9eJYSxH0365oBYGZWD88UI
FCRIMy9vaPSNk9v9k1cudbaZ6fWSCxxeunEGS7k3DmsDrr4BgTqmIPRlgMJhE0SG
acs18BY8LvUTAYwBtQmO6i24nwWVwz9ZP1CDN4pc8P0cX1TvZ5s32+YCewIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFi0CfM3GQjLBEeK+oRkev26MRASMB8GA1UdIwQY
MBaAFHBpoCWoT0LvPvC2BS3j/WXowIaSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY0dtZ0phaFBRdTgtOExZRkxlUDlaZWpBaHBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS9hZDAxMTYtNzU1OC00NjU2LTlmYjMt
NTE5OWE3MTE2ODRkLzEvV0xRSjh6Y1pDTXNFUjRyNmhHUjZfYm94RUJJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS9hZDAxMTYtNzU1OC00NjU2LTlmYjMtNTE5OWE3MTE2ODRk
LzEvY0dtZ0phaFBRdTgtOExZRkxlUDlaZWpBaHBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDvAAoMA0G
CSqGSIb3DQEBCwUAA4IBAQBml3Y8cJa1UoGduVGxSiwm7SdDjLsVfuvvDel7dSzf
a7NPmy1dyBfkceA2HShb5790oRQonQ4ss2Oj5NgszS6FLN74s33q7js07Ewvib4O
/0i8B0ao7fkviOMycBrIN4GgXSj8Zwq/0fvbHx+iFQDeqJdPPTbNZcwNNlqRkTXK
xaQoFwT/zvJEV1+GY6gBJDwWYfMJ9Hp5xTSAcGlfMnPmSYlwnMRl09eB/39LtXoJ
4RCp/ce7GxgavPk0ZkpZW64IVf6Hqyt8xzKUD2CcdC9IZzZUOCtYMXsu8DeEYABv
6/gB4JGNO0N3RaM03CW6B1AjjLteSKVJbmyBtxGV65X3
-----END CERTIFICATE-----