Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cd/58a19b-70c4-4a0e-b8ab-58c3f418f3fd/1/WYQXYH2x7k0gADTpAOoH1LbpL5E.roa
File:                     WYQXYH2x7k0gADTpAOoH1LbpL5E.roa (raw, json)
Hash identifier:          3OPWwCIhNzBSfwiALgTGR482xmEenJwzt5CBpMRRpHg=
Subject key identifier:   59:84:17:60:7D:B1:EE:4D:20:00:34:E9:00:EA:07:D4:B6:E9:2F:91
Certificate issuer:       /CN=a65f995603663a569430ccc617287e919df144a0
Certificate serial:       018CC56E1AA8AFA1E20D225503D3022E86A6
Authority key identifier: A6:5F:99:56:03:66:3A:56:94:30:CC:C6:17:28:7E:91:9D:F1:44:A0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pl-ZVgNmOlaUMMzGFyh-kZ3xRKA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cd/58a19b-70c4-4a0e-b8ab-58c3f418f3fd/1/WYQXYH2x7k0gADTpAOoH1LbpL5E.roa
Signing time:             Mon 01 Jan 2024 14:29:36 +0000
ROA not before:           Mon 01 Jan 2024 14:29:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62269
IP address blocks:        193.56.133.0/24 maxlen: 24
                          2a11:5b00::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cd/58a19b-70c4-4a0e-b8ab-58c3f418f3fd/1/pl-ZVgNmOlaUMMzGFyh-kZ3xRKA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cd/58a19b-70c4-4a0e-b8ab-58c3f418f3fd/1/pl-ZVgNmOlaUMMzGFyh-kZ3xRKA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pl-ZVgNmOlaUMMzGFyh-kZ3xRKA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 20:01:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:1a:a8:af:a1:e2:0d:22:55:03:d3:02:2e:86:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a65f995603663a569430ccc617287e919df144a0
        Validity
            Not Before: Jan  1 14:29:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=598417607db1ee4d200034e900ea07d4b6e92f91
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:a5:62:18:36:05:1c:a4:9b:01:73:08:01:b0:
                    ef:87:6b:7a:87:08:a2:00:61:26:c8:11:af:77:c0:
                    87:e5:06:04:f8:6a:98:32:14:87:38:fb:94:65:27:
                    30:ef:f3:19:52:97:39:4b:42:3d:74:ca:e7:09:8e:
                    5e:f2:67:f2:85:a2:ed:b7:6b:68:bd:ed:8e:cf:e9:
                    0f:3a:ec:55:b0:e6:c8:f0:0d:94:84:c2:9d:0b:3d:
                    9b:ee:5e:4c:42:2f:76:e9:66:ca:06:fb:41:88:02:
                    7d:86:ad:0f:68:4b:fe:d1:6f:6d:06:cb:a7:67:82:
                    81:d1:47:71:93:ea:73:79:ee:56:61:37:0a:db:9e:
                    ba:b2:33:0c:9d:73:81:5d:81:f1:b3:1c:a3:52:96:
                    25:d8:19:89:8e:9f:41:b7:9b:9a:92:bf:1d:09:c9:
                    5d:4d:b6:37:6b:69:c8:9e:be:e9:50:1c:b0:4a:5e:
                    cc:dd:14:82:b0:e3:5d:d0:13:93:a7:09:d2:22:8b:
                    f6:9e:a5:e8:bd:9b:d9:d6:33:f4:bb:49:87:ea:88:
                    c3:2a:b2:b4:02:d6:2f:78:70:95:ab:18:bc:24:66:
                    76:d7:5e:fd:fd:20:e9:86:09:9e:f6:3d:5d:53:f0:
                    5d:44:80:d8:47:93:8c:80:53:f2:31:0e:89:0b:50:
                    cf:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:84:17:60:7D:B1:EE:4D:20:00:34:E9:00:EA:07:D4:B6:E9:2F:91
            X509v3 Authority Key Identifier:
                keyid:A6:5F:99:56:03:66:3A:56:94:30:CC:C6:17:28:7E:91:9D:F1:44:A0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pl-ZVgNmOlaUMMzGFyh-kZ3xRKA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/58a19b-70c4-4a0e-b8ab-58c3f418f3fd/1/WYQXYH2x7k0gADTpAOoH1LbpL5E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/58a19b-70c4-4a0e-b8ab-58c3f418f3fd/1/pl-ZVgNmOlaUMMzGFyh-kZ3xRKA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.56.133.0/24
                IPv6:
                  2a11:5b00::/32

    Signature Algorithm: sha256WithRSAEncryption
         92:ab:7a:fb:39:8f:fb:a4:9a:16:8d:c3:1f:4c:b8:13:37:44:
         ea:78:1b:b2:b6:0a:ad:c1:a7:ff:c5:59:6b:4a:7d:17:86:c0:
         52:7d:54:f6:fa:1c:58:e4:24:59:e8:84:d6:bd:4b:e5:9e:f0:
         ec:98:ec:f6:0e:ad:51:23:93:4e:10:19:d1:5c:98:17:a5:ba:
         df:3a:5b:5b:3a:97:b4:75:b5:fa:a1:cb:9a:1a:a0:eb:fe:e5:
         83:18:c8:4f:fa:20:85:78:76:6f:75:dd:19:d5:3c:28:70:a6:
         2f:7b:2a:8c:76:f8:ce:9f:22:5d:9a:fe:fd:c8:22:76:85:8b:
         93:b8:66:df:12:b0:d3:5c:23:80:b0:79:59:46:00:a8:b8:69:
         ef:1e:72:59:fe:b6:4d:2c:ee:09:80:6b:f3:f8:f9:fe:cb:c5:
         94:87:54:72:2b:d8:ba:34:60:61:68:bc:89:fc:80:4f:7b:7d:
         d2:3b:e3:96:0c:c6:79:2e:73:f7:da:c4:69:f2:50:01:9c:e1:
         84:23:0b:50:83:32:77:e4:24:9d:b7:e6:21:c2:08:c1:4e:1f:
         3a:73:1e:10:b0:25:76:26:f1:c9:ad:f2:a0:02:1e:2d:45:32:
         aa:29:45:86:e1:55:2b:2b:1a:02:ed:87:f9:e3:65:e4:96:fc:
         29:92:ab:d4
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzFbhqor6HiDSJVA9MCLoamMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE2NWY5OTU2MDM2NjNhNTY5NDMwY2NjNjE3Mjg3ZTkxOWRm
MTQ0YTAwHhcNMjQwMTAxMTQyOTM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OTg0MTc2MDdkYjFlZTRkMjAwMDM0ZTkwMGVhMDdkNGI2ZTkyZjkxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgKViGDYFHKSbAXMIAbDvh2t6hwii
AGEmyBGvd8CH5QYE+GqYMhSHOPuUZScw7/MZUpc5S0I9dMrnCY5e8mfyhaLtt2to
ve2Oz+kPOuxVsObI8A2UhMKdCz2b7l5MQi926WbKBvtBiAJ9hq0PaEv+0W9tBsun
Z4KB0Udxk+pzee5WYTcK2566sjMMnXOBXYHxsxyjUpYl2BmJjp9Bt5uakr8dCcld
TbY3a2nInr7pUBywSl7M3RSCsONd0BOTpwnSIov2nqXovZvZ1jP0u0mH6ojDKrK0
AtYveHCVqxi8JGZ21179/SDphgme9j1dU/BdRIDYR5OMgFPyMQ6JC1DP0wIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFFmEF2B9se5NIAA06QDqB9S26S+RMB8GA1UdIwQY
MBaAFKZfmVYDZjpWlDDMxhcofpGd8USgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcGwtWlZnTm1PbGFVTU16R0Z5aC1rWjN4UktBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZC81OGExOWItNzBjNC00YTBlLWI4YWIt
NThjM2Y0MThmM2ZkLzEvV1lRWFlIMng3azBnQURUcEFPb0gxTGJwTDVFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZC81OGExOWItNzBjNC00YTBlLWI4YWItNThjM2Y0MThmM2Zk
LzEvcGwtWlZnTm1PbGFVTU16R0Z5aC1rWjN4UktBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAwTiFMA0E
AgACMAcDBQAqEVsAMA0GCSqGSIb3DQEBCwUAA4IBAQCSq3r7OY/7pJoWjcMfTLgT
N0TqeBuytgqtwaf/xVlrSn0XhsBSfVT2+hxY5CRZ6ITWvUvlnvDsmOz2Dq1RI5NO
EBnRXJgXpbrfOltbOpe0dbX6ocuaGqDr/uWDGMhP+iCFeHZvdd0Z1TwocKYveyqM
dvjOnyJdmv79yCJ2hYuTuGbfErDTXCOAsHlZRgCouGnvHnJZ/rZNLO4JgGvz+Pn+
y8WUh1RyK9i6NGBhaLyJ/IBPe33SO+OWDMZ5LnP32sRp8lABnOGEIwtQgzJ35CSd
t+YhwgjBTh86cx4QsCV2JvHJrfKgAh4tRTKqKUWG4VUrKxoC7Yf542XklvwpkqvU
-----END CERTIFICATE-----