Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cd/599366-b524-456b-bfaa-10f597928806/1/rWD1Q4WpDY97p5cJYasLV_qVlOA.roa
File:                     rWD1Q4WpDY97p5cJYasLV_qVlOA.roa (raw, json)
Hash identifier:          YM7InRZaLYBrcjHzIwkF1bnXXmQQxzOevJegejAHZvw=
Subject key identifier:   AD:60:F5:43:85:A9:0D:8F:7B:A7:97:09:61:AB:0B:57:FA:95:94:E0
Certificate issuer:       /CN=10987e74a4da45fe59e6aef7cf2785ea010de15b
Certificate serial:       018CC64AB36D9618504B67CB377B4B5CA96D
Authority key identifier: 10:98:7E:74:A4:DA:45:FE:59:E6:AE:F7:CF:27:85:EA:01:0D:E1:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EJh-dKTaRf5Z5q73zyeF6gEN4Vs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cd/599366-b524-456b-bfaa-10f597928806/1/rWD1Q4WpDY97p5cJYasLV_qVlOA.roa
Signing time:             Mon 01 Jan 2024 18:30:33 +0000
ROA not before:           Mon 01 Jan 2024 18:30:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50438
IP address blocks:        193.58.255.0/24 maxlen: 24
                          2001:67c:18a8::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cd/599366-b524-456b-bfaa-10f597928806/1/EJh-dKTaRf5Z5q73zyeF6gEN4Vs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cd/599366-b524-456b-bfaa-10f597928806/1/EJh-dKTaRf5Z5q73zyeF6gEN4Vs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EJh-dKTaRf5Z5q73zyeF6gEN4Vs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:b3:6d:96:18:50:4b:67:cb:37:7b:4b:5c:a9:6d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=10987e74a4da45fe59e6aef7cf2785ea010de15b
        Validity
            Not Before: Jan  1 18:30:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ad60f54385a90d8f7ba7970961ab0b57fa9594e0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:be:da:31:72:96:5c:1f:fe:df:a2:75:50:32:
                    b7:4d:9c:dc:69:eb:2d:e5:79:72:1f:18:f9:17:e3:
                    49:8e:e3:92:d1:c7:68:eb:69:60:b2:a7:8b:91:21:
                    5d:cc:3e:f0:ec:f5:be:1b:fe:fc:ef:5c:41:80:1d:
                    b5:22:17:13:d0:4a:62:b0:8b:3d:63:78:5c:54:bd:
                    24:0a:12:3b:94:a5:cc:4c:b9:38:f0:da:32:3b:f3:
                    9c:af:65:64:53:8a:d3:38:54:50:18:d6:49:b6:d6:
                    c8:b2:c7:f7:c1:d1:6e:11:67:0a:00:00:72:09:58:
                    0d:d7:3c:f3:7d:4e:cb:dd:78:9c:a2:21:eb:e1:79:
                    bd:a2:fb:d8:22:dd:1a:70:b2:6b:3b:ed:e5:cf:99:
                    22:29:3d:2b:ff:4f:8a:28:db:06:59:0a:55:4a:87:
                    79:b6:b1:42:42:52:2c:a3:5a:82:ba:28:5b:ce:e3:
                    53:9d:e1:7a:5d:4b:10:73:8e:f9:2a:c2:b8:e2:fc:
                    19:47:88:8e:0e:3f:0e:ff:31:5d:48:42:08:e9:5c:
                    1b:f9:dc:a4:df:40:be:14:19:ef:0e:53:73:13:c3:
                    a6:b9:3e:62:46:44:0c:8d:f9:0c:19:c5:3c:a7:97:
                    87:dd:2c:d2:20:74:79:63:29:2f:cc:97:11:36:f3:
                    e2:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:60:F5:43:85:A9:0D:8F:7B:A7:97:09:61:AB:0B:57:FA:95:94:E0
            X509v3 Authority Key Identifier:
                keyid:10:98:7E:74:A4:DA:45:FE:59:E6:AE:F7:CF:27:85:EA:01:0D:E1:5B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EJh-dKTaRf5Z5q73zyeF6gEN4Vs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/599366-b524-456b-bfaa-10f597928806/1/rWD1Q4WpDY97p5cJYasLV_qVlOA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/599366-b524-456b-bfaa-10f597928806/1/EJh-dKTaRf5Z5q73zyeF6gEN4Vs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.58.255.0/24
                IPv6:
                  2001:67c:18a8::/48

    Signature Algorithm: sha256WithRSAEncryption
         0b:3c:60:d5:d8:a9:01:5e:cf:f3:f5:d2:32:de:1b:78:f0:76:
         1f:9a:4f:c1:b9:cf:c3:ce:f1:08:5c:31:4f:77:d9:5e:d7:e7:
         fa:f9:92:e5:ae:22:d8:bb:19:ea:35:41:46:46:46:d1:76:4e:
         a1:99:bd:4a:98:20:80:7f:16:b2:d2:55:52:f5:f6:cb:06:37:
         49:94:74:84:4a:c3:ba:28:8b:00:ba:40:33:ac:9a:41:34:e9:
         41:b3:8e:9a:af:85:37:14:af:7f:02:5b:5d:bd:b2:7e:9a:9d:
         46:9c:7d:82:bb:3e:68:3e:56:45:17:f0:77:9f:8a:bc:ac:ab:
         79:0c:8b:b9:32:fe:e9:ec:29:3d:c9:38:c4:41:02:63:cf:24:
         d2:71:3c:18:d2:fb:d3:21:57:bf:58:db:5f:ef:6b:6a:31:76:
         19:aa:e7:91:07:76:7b:3e:e0:a1:9c:cf:f9:24:a6:f1:b2:b1:
         5d:f6:9e:d7:90:11:87:70:5d:02:b4:e3:b9:a0:0a:7a:91:33:
         67:f9:d6:5c:14:74:40:7c:65:7a:6b:f5:69:a0:98:19:38:3e:
         c3:c0:8c:d2:65:e1:25:75:32:1f:ae:f0:2d:25:8e:3e:2b:43:
         4d:80:93:f4:a9:cb:3d:c1:45:23:c4:ff:a6:6a:f1:6b:17:20:
         4c:7a:e9:2d
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzGSrNtlhhQS2fLN3tLXKltMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEwOTg3ZTc0YTRkYTQ1ZmU1OWU2YWVmN2NmMjc4NWVhMDEw
ZGUxNWIwHhcNMjQwMTAxMTgzMDMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZDYwZjU0Mzg1YTkwZDhmN2JhNzk3MDk2MWFiMGI1N2ZhOTU5NGUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmr7aMXKWXB/+36J1UDK3TZzcaest
5XlyHxj5F+NJjuOS0cdo62lgsqeLkSFdzD7w7PW+G/7871xBgB21IhcT0EpisIs9
Y3hcVL0kChI7lKXMTLk48NoyO/Ocr2VkU4rTOFRQGNZJttbIssf3wdFuEWcKAABy
CVgN1zzzfU7L3XicoiHr4Xm9ovvYIt0acLJrO+3lz5kiKT0r/0+KKNsGWQpVSod5
trFCQlIso1qCuihbzuNTneF6XUsQc475KsK44vwZR4iODj8O/zFdSEII6Vwb+dyk
30C+FBnvDlNzE8OmuT5iRkQMjfkMGcU8p5eH3SzSIHR5YykvzJcRNvPipQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFK1g9UOFqQ2Pe6eXCWGrC1f6lZTgMB8GA1UdIwQY
MBaAFBCYfnSk2kX+Weau988nheoBDeFbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRUpoLWRLVGFSZjVaNXE3M3p5ZUY2Z0VONFZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZC81OTkzNjYtYjUyNC00NTZiLWJmYWEt
MTBmNTk3OTI4ODA2LzEvcldEMVE0V3BEWTk3cDVjSllhc0xWX3FWbE9BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZC81OTkzNjYtYjUyNC00NTZiLWJmYWEtMTBmNTk3OTI4ODA2
LzEvRUpoLWRLVGFSZjVaNXE3M3p5ZUY2Z0VONFZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAwTr/MA8E
AgACMAkDBwAgAQZ8GKgwDQYJKoZIhvcNAQELBQADggEBAAs8YNXYqQFez/P10jLe
G3jwdh+aT8G5z8PO8QhcMU932V7X5/r5kuWuIti7Geo1QUZGRtF2TqGZvUqYIIB/
FrLSVVL19ssGN0mUdIRKw7ooiwC6QDOsmkE06UGzjpqvhTcUr38CW129sn6anUac
fYK7Pmg+VkUX8Hefirysq3kMi7ky/unsKT3JOMRBAmPPJNJxPBjS+9MhV79Y21/v
a2oxdhmq55EHdns+4KGcz/kkpvGysV32nteQEYdwXQK047mgCnqRM2f51lwUdEB8
ZXpr9WmgmBk4PsPAjNJl4SV1Mh+u8C0ljj4rQ02Ak/Spyz3BRSPE/6Zq8WsXIEx6
6S0=
-----END CERTIFICATE-----