Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c2/00e33e-fd74-4583-984e-c6b84cc58610/1/WzPXO7PxsN1YNBHmDVszV56sKso.roa
File:                     WzPXO7PxsN1YNBHmDVszV56sKso.roa (raw, json)
Hash identifier:          TUnA69hvmT+IOh1JARJCgyPA9aHb3ztmOU83V5qOXRs=
Subject key identifier:   5B:33:D7:3B:B3:F1:B0:DD:58:34:11:E6:0D:5B:33:57:9E:AC:2A:CA
Certificate issuer:       /CN=04a5ec5f52668be50b4518b687cf8bd95930ae39
Certificate serial:       018CC4938BD2E025FF5C4AF48C1A4B3E98FD
Authority key identifier: 04:A5:EC:5F:52:66:8B:E5:0B:45:18:B6:87:CF:8B:D9:59:30:AE:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BKXsX1Jmi-ULRRi2h8-L2Vkwrjk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c2/00e33e-fd74-4583-984e-c6b84cc58610/1/WzPXO7PxsN1YNBHmDVszV56sKso.roa
Signing time:             Mon 01 Jan 2024 10:30:53 +0000
ROA not before:           Mon 01 Jan 2024 10:30:53 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     25415
IP address blocks:        185.60.21.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c2/00e33e-fd74-4583-984e-c6b84cc58610/1/BKXsX1Jmi-ULRRi2h8-L2Vkwrjk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c2/00e33e-fd74-4583-984e-c6b84cc58610/1/BKXsX1Jmi-ULRRi2h8-L2Vkwrjk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BKXsX1Jmi-ULRRi2h8-L2Vkwrjk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 15:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:8b:d2:e0:25:ff:5c:4a:f4:8c:1a:4b:3e:98:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=04a5ec5f52668be50b4518b687cf8bd95930ae39
        Validity
            Not Before: Jan  1 10:30:53 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5b33d73bb3f1b0dd583411e60d5b33579eac2aca
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:03:a9:a8:56:62:a5:9b:04:b6:0f:20:6e:b5:
                    dc:86:27:e6:20:3f:55:0d:40:54:97:cd:40:be:9c:
                    ea:6f:02:f6:17:17:ea:8a:01:db:78:9f:44:e6:5b:
                    59:97:f2:8c:5f:1a:a3:f7:49:14:d9:00:b3:b8:f9:
                    90:5c:b0:1c:8f:81:4a:53:55:81:42:f3:69:88:f6:
                    4b:c9:75:3b:59:a8:ad:03:37:46:03:d0:52:28:26:
                    38:96:f9:e5:ed:be:80:3c:7a:2e:22:d4:68:09:2a:
                    9b:12:e4:26:94:39:eb:69:c3:ca:39:41:93:36:21:
                    f1:69:a2:43:b2:b9:ad:03:6d:f7:f7:8d:09:2f:ce:
                    6d:55:c7:ff:c3:f6:30:31:a4:3c:87:c4:bd:25:38:
                    9a:13:fc:8e:92:e0:78:d8:fb:00:82:da:06:51:d2:
                    5d:ea:00:97:d2:2c:4e:e3:6e:d6:71:70:88:2e:4a:
                    c8:67:30:2c:95:05:d3:be:7b:6a:ff:8a:6e:f1:e3:
                    5a:ef:68:2f:90:69:52:a5:ff:ba:a0:41:ec:fb:33:
                    78:83:33:d3:94:01:b5:11:24:8d:98:fe:ac:51:6b:
                    a0:e6:66:df:7b:76:64:a5:50:38:50:1b:56:f0:33:
                    9a:0d:0e:00:08:eb:fc:8d:aa:02:93:3a:21:c1:97:
                    30:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:33:D7:3B:B3:F1:B0:DD:58:34:11:E6:0D:5B:33:57:9E:AC:2A:CA
            X509v3 Authority Key Identifier:
                keyid:04:A5:EC:5F:52:66:8B:E5:0B:45:18:B6:87:CF:8B:D9:59:30:AE:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BKXsX1Jmi-ULRRi2h8-L2Vkwrjk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/00e33e-fd74-4583-984e-c6b84cc58610/1/WzPXO7PxsN1YNBHmDVszV56sKso.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/00e33e-fd74-4583-984e-c6b84cc58610/1/BKXsX1Jmi-ULRRi2h8-L2Vkwrjk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.60.21.0/24

    Signature Algorithm: sha256WithRSAEncryption
         70:ac:04:a1:b9:fe:66:98:d1:14:d3:26:db:88:c6:8f:9e:00:
         29:4f:fa:07:67:0d:85:4c:c6:80:b8:93:88:17:a7:f2:5b:85:
         02:c7:94:e1:1d:b9:b7:f2:87:0b:cd:e7:4b:88:11:8e:2d:51:
         05:ff:25:e6:68:60:cc:05:e3:98:6b:3d:40:ed:40:18:e9:b5:
         2f:34:8e:5c:f0:81:e8:90:ed:0d:ee:93:76:b4:8e:af:72:c9:
         ce:27:26:5f:9a:50:ed:65:0e:a6:da:c3:37:34:b1:44:fd:4e:
         4d:95:c4:68:af:89:17:e7:69:99:1f:78:8e:41:39:c9:27:b7:
         d8:ae:89:7c:4c:ff:b7:5e:16:e4:ec:e0:e8:ba:54:de:75:ee:
         53:03:2b:40:ea:3d:c3:56:84:32:e7:d1:94:89:33:1c:51:c3:
         e3:23:23:08:99:6a:ad:42:ae:63:79:46:93:c0:93:cf:17:c7:
         51:b8:b4:f2:2f:c4:1a:01:0c:49:e4:f4:ff:1e:e4:c8:34:16:
         2d:16:54:31:c7:41:b6:74:1c:ed:36:67:86:3a:ba:b3:bb:de:
         87:1a:72:27:5f:8e:83:3a:6f:a5:42:37:06:8f:b7:8c:45:a9:
         b7:0d:81:54:1f:9f:8c:0c:02:9d:57:7f:2b:fa:88:bc:b7:d0:
         7f:5c:2e:32
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEk4vS4CX/XEr0jBpLPpj9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA0YTVlYzVmNTI2NjhiZTUwYjQ1MThiNjg3Y2Y4YmQ5NTkz
MGFlMzkwHhcNMjQwMTAxMTAzMDUzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YjMzZDczYmIzZjFiMGRkNTgzNDExZTYwZDViMzM1NzllYWMyYWNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnwOpqFZipZsEtg8gbrXchifmID9V
DUBUl81AvpzqbwL2FxfqigHbeJ9E5ltZl/KMXxqj90kU2QCzuPmQXLAcj4FKU1WB
QvNpiPZLyXU7WaitAzdGA9BSKCY4lvnl7b6APHouItRoCSqbEuQmlDnracPKOUGT
NiHxaaJDsrmtA233940JL85tVcf/w/YwMaQ8h8S9JTiaE/yOkuB42PsAgtoGUdJd
6gCX0ixO427WcXCILkrIZzAslQXTvntq/4pu8eNa72gvkGlSpf+6oEHs+zN4gzPT
lAG1ESSNmP6sUWug5mbfe3ZkpVA4UBtW8DOaDQ4ACOv8jaoCkzohwZcwgQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFsz1zuz8bDdWDQR5g1bM1eerCrKMB8GA1UdIwQY
MBaAFASl7F9SZovlC0UYtofPi9lZMK45MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQktYc1gxSm1pLVVMUlJpMmg4LUwyVmt3cmprLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMi8wMGUzM2UtZmQ3NC00NTgzLTk4NGUt
YzZiODRjYzU4NjEwLzEvV3pQWE83UHhzTjFZTkJIbURWc3pWNTZzS3NvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMi8wMGUzM2UtZmQ3NC00NTgzLTk4NGUtYzZiODRjYzU4NjEw
LzEvQktYc1gxSm1pLVVMUlJpMmg4LUwyVmt3cmprLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuTwVMA0G
CSqGSIb3DQEBCwUAA4IBAQBwrAShuf5mmNEU0ybbiMaPngApT/oHZw2FTMaAuJOI
F6fyW4UCx5ThHbm38ocLzedLiBGOLVEF/yXmaGDMBeOYaz1A7UAY6bUvNI5c8IHo
kO0N7pN2tI6vcsnOJyZfmlDtZQ6m2sM3NLFE/U5NlcRor4kX52mZH3iOQTnJJ7fY
rol8TP+3Xhbk7ODoulTede5TAytA6j3DVoQy59GUiTMcUcPjIyMImWqtQq5jeUaT
wJPPF8dRuLTyL8QaAQxJ5PT/HuTINBYtFlQxx0G2dBztNmeGOrqzu96HGnInX46D
Om+lQjcGj7eMRam3DYFUH5+MDAKdV38r+oi8t9B/XC4y
-----END CERTIFICATE-----