Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/758c8a-613e-4e2a-8fe1-91228620570e/1/WIKFcJoLFukFftupNa6s-CcmbS0.roa
File:                     WIKFcJoLFukFftupNa6s-CcmbS0.roa (raw, json)
Hash identifier:          oKdIMaxqIBFh8Sb/zv7Lb+boAEz6u1rFXLTWdnegk+U=
Subject key identifier:   58:82:85:70:9A:0B:16:E9:05:7E:DB:A9:35:AE:AC:F8:27:26:6D:2D
Certificate issuer:       /CN=c58afa22f98a37f6d8d0293a9b319416ec94d386
Certificate serial:       018CC56DF24758093A7F5C24131E4F3DF0BB
Authority key identifier: C5:8A:FA:22:F9:8A:37:F6:D8:D0:29:3A:9B:31:94:16:EC:94:D3:86
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xYr6IvmKN_bY0Ck6mzGUFuyU04Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/758c8a-613e-4e2a-8fe1-91228620570e/1/WIKFcJoLFukFftupNa6s-CcmbS0.roa
Signing time:             Mon 01 Jan 2024 14:29:26 +0000
ROA not before:           Mon 01 Jan 2024 14:29:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15542
IP address blocks:        194.13.240.0/20 maxlen: 24
                          2001:67c:2b0c::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bf/758c8a-613e-4e2a-8fe1-91228620570e/1/xYr6IvmKN_bY0Ck6mzGUFuyU04Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bf/758c8a-613e-4e2a-8fe1-91228620570e/1/xYr6IvmKN_bY0Ck6mzGUFuyU04Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xYr6IvmKN_bY0Ck6mzGUFuyU04Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6d:f2:47:58:09:3a:7f:5c:24:13:1e:4f:3d:f0:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c58afa22f98a37f6d8d0293a9b319416ec94d386
        Validity
            Not Before: Jan  1 14:29:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=588285709a0b16e9057edba935aeacf827266d2d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:c5:48:36:2c:54:c4:31:f6:5e:aa:d8:a8:0f:
                    81:b2:0b:c1:35:a7:75:37:e2:8c:bd:bd:89:f3:bf:
                    eb:78:ab:f5:f7:d4:6b:f9:c6:95:5b:d1:6e:c1:9f:
                    47:cd:74:5f:a2:14:f8:61:98:07:c5:02:2a:79:84:
                    08:bd:fe:0d:81:54:ce:c4:66:63:00:da:b6:04:d6:
                    20:42:e3:e5:60:e1:8c:33:9b:79:38:61:ff:76:d3:
                    b0:f0:89:cd:34:96:15:a4:1b:15:fa:49:8a:ca:fe:
                    2a:ea:7b:bd:c1:9b:5a:13:14:2f:c1:8f:7e:b1:04:
                    4b:b4:71:cf:98:af:5c:8a:70:ed:85:41:49:c2:42:
                    40:e2:89:69:ca:f8:fd:3b:de:64:ce:ee:16:e8:7c:
                    0a:c7:10:08:13:47:28:1f:ff:6a:8c:a1:37:3d:43:
                    57:2e:4a:eb:7f:20:7f:11:99:c7:5f:c8:10:67:dc:
                    86:aa:29:fe:ff:21:64:60:71:57:57:0b:2d:e3:9f:
                    6e:2f:a1:ab:36:c2:d3:7a:6d:9c:ca:2a:23:b1:13:
                    c5:a6:ca:1d:83:20:d6:37:3e:ee:49:aa:63:c4:26:
                    09:21:06:ef:ce:42:9b:dd:41:73:a8:de:e7:f4:31:
                    c5:b2:ba:c0:79:16:5e:64:4f:d5:e5:33:46:86:3c:
                    e2:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:82:85:70:9A:0B:16:E9:05:7E:DB:A9:35:AE:AC:F8:27:26:6D:2D
            X509v3 Authority Key Identifier:
                keyid:C5:8A:FA:22:F9:8A:37:F6:D8:D0:29:3A:9B:31:94:16:EC:94:D3:86

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xYr6IvmKN_bY0Ck6mzGUFuyU04Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/758c8a-613e-4e2a-8fe1-91228620570e/1/WIKFcJoLFukFftupNa6s-CcmbS0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/758c8a-613e-4e2a-8fe1-91228620570e/1/xYr6IvmKN_bY0Ck6mzGUFuyU04Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.13.240.0/20
                IPv6:
                  2001:67c:2b0c::/48

    Signature Algorithm: sha256WithRSAEncryption
         d8:e9:9f:5a:97:c0:bc:7e:3a:db:4a:1e:e4:3a:09:4d:35:60:
         fa:c3:6f:0a:3f:c9:58:9a:82:3f:d5:7c:f8:d9:e9:f1:92:f5:
         0a:6b:b9:d7:a4:b4:9f:f6:5b:1f:2a:09:04:c5:f0:30:be:94:
         4b:cd:91:70:98:26:b3:9c:ba:e2:19:a9:c4:4c:75:57:b2:51:
         cb:64:7b:14:c8:e0:d1:27:da:62:e2:05:e5:d6:f3:21:ec:79:
         86:bd:79:c1:ac:82:68:33:c7:ae:99:86:b6:32:12:71:6c:ec:
         d5:4d:65:be:47:7b:d8:08:97:18:d5:47:79:7b:16:a3:5e:dc:
         41:32:ce:2a:3a:f5:21:7a:d8:0a:c5:43:fa:88:60:e5:16:45:
         f9:1e:5e:ff:93:7c:3a:65:af:c9:95:f0:5b:a8:27:76:b1:61:
         f3:4c:f7:c5:15:f3:64:2b:ce:8f:34:5d:5a:0f:17:6c:49:7f:
         71:c4:d5:0a:3c:59:55:d1:df:f2:b4:c2:75:80:ce:fc:6e:91:
         40:dc:cc:91:f7:72:cf:31:ee:f9:32:5e:9d:08:68:1c:f5:c6:
         b7:12:20:34:15:c1:0c:7b:2b:93:58:f6:3c:a9:84:84:ed:0c:
         92:0a:00:2e:ff:63:ac:b2:a3:f0:f9:2c:37:b4:6f:52:0b:f1:
         7c:6a:ce:5d
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzFbfJHWAk6f1wkEx5PPfC7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM1OGFmYTIyZjk4YTM3ZjZkOGQwMjkzYTliMzE5NDE2ZWM5
NGQzODYwHhcNMjQwMTAxMTQyOTI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ODgyODU3MDlhMGIxNmU5MDU3ZWRiYTkzNWFlYWNmODI3MjY2ZDJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApMVINixUxDH2XqrYqA+BsgvBNad1
N+KMvb2J87/reKv199Rr+caVW9FuwZ9HzXRfohT4YZgHxQIqeYQIvf4NgVTOxGZj
ANq2BNYgQuPlYOGMM5t5OGH/dtOw8InNNJYVpBsV+kmKyv4q6nu9wZtaExQvwY9+
sQRLtHHPmK9cinDthUFJwkJA4olpyvj9O95kzu4W6HwKxxAIE0coH/9qjKE3PUNX
LkrrfyB/EZnHX8gQZ9yGqin+/yFkYHFXVwst459uL6GrNsLTem2cyiojsRPFpsod
gyDWNz7uSapjxCYJIQbvzkKb3UFzqN7n9DHFsrrAeRZeZE/V5TNGhjzi5wIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFFiChXCaCxbpBX7bqTWurPgnJm0tMB8GA1UdIwQY
MBaAFMWK+iL5ijf22NApOpsxlBbslNOGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveFlyNkl2bUtOX2JZMENrNm16R1VGdXlVMDRZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi83NThjOGEtNjEzZS00ZTJhLThmZTEt
OTEyMjg2MjA1NzBlLzEvV0lLRmNKb0xGdWtGZnR1cE5hNnMtQ2NtYlMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi83NThjOGEtNjEzZS00ZTJhLThmZTEtOTEyMjg2MjA1NzBl
LzEveFlyNkl2bUtOX2JZMENrNm16R1VGdXlVMDRZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQEwg3wMA8E
AgACMAkDBwAgAQZ8KwwwDQYJKoZIhvcNAQELBQADggEBANjpn1qXwLx+OttKHuQ6
CU01YPrDbwo/yViagj/VfPjZ6fGS9QprudektJ/2Wx8qCQTF8DC+lEvNkXCYJrOc
uuIZqcRMdVeyUctkexTI4NEn2mLiBeXW8yHseYa9ecGsgmgzx66ZhrYyEnFs7NVN
Zb5He9gIlxjVR3l7FqNe3EEyzio69SF62ArFQ/qIYOUWRfkeXv+TfDplr8mV8Fuo
J3axYfNM98UV82Qrzo80XVoPF2xJf3HE1Qo8WVXR3/K0wnWAzvxukUDczJH3cs8x
7vkyXp0IaBz1xrcSIDQVwQx7K5NY9jyphITtDJIKAC7/Y6yyo/D5LDe0b1IL8Xxq
zl0=
-----END CERTIFICATE-----