Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d4/19c76f-2f67-421c-84ae-dd549f3b83bf/1/WchXc6L1vea6cWS3U4rZRVOtRiQ.roa
File:                     WchXc6L1vea6cWS3U4rZRVOtRiQ.roa (raw, json)
Hash identifier:          FP4411CHcmJCU8On0dpIT5sIq2a/jEowTvPpa9rm2NY=
Subject key identifier:   59:C8:57:73:A2:F5:BD:E6:BA:71:64:B7:53:8A:D9:45:53:AD:46:24
Certificate issuer:       /CN=2450bfbf798faeaa7d6a36058d013e24d4bb1d9d
Certificate serial:       018CC42503565B559D75C391EFF052F991B8
Authority key identifier: 24:50:BF:BF:79:8F:AE:AA:7D:6A:36:05:8D:01:3E:24:D4:BB:1D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JFC_v3mPrqp9ajYFjQE-JNS7HZ0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d4/19c76f-2f67-421c-84ae-dd549f3b83bf/1/WchXc6L1vea6cWS3U4rZRVOtRiQ.roa
Signing time:             Mon 01 Jan 2024 08:30:09 +0000
ROA not before:           Mon 01 Jan 2024 08:30:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        185.75.60.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d4/19c76f-2f67-421c-84ae-dd549f3b83bf/1/JFC_v3mPrqp9ajYFjQE-JNS7HZ0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d4/19c76f-2f67-421c-84ae-dd549f3b83bf/1/JFC_v3mPrqp9ajYFjQE-JNS7HZ0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JFC_v3mPrqp9ajYFjQE-JNS7HZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:03:56:5b:55:9d:75:c3:91:ef:f0:52:f9:91:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2450bfbf798faeaa7d6a36058d013e24d4bb1d9d
        Validity
            Not Before: Jan  1 08:30:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=59c85773a2f5bde6ba7164b7538ad94553ad4624
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:8f:2c:0e:b0:52:57:df:25:c0:ee:a4:04:ee:
                    10:29:24:96:ee:01:47:11:e4:b3:a5:3f:e2:d3:77:
                    10:c0:ea:a1:43:78:c3:03:53:7a:4c:5b:ce:24:22:
                    5e:6a:10:00:fc:fc:89:9b:fe:e9:d2:87:a4:52:02:
                    49:68:e2:c3:51:e6:d4:6b:60:b6:a9:d7:ab:4e:50:
                    06:10:6c:f7:bc:7a:4d:21:ca:44:9f:33:97:4b:26:
                    95:2c:0f:b5:02:a2:8e:fe:b0:72:76:b1:d0:8e:51:
                    69:fc:6a:ef:a7:f9:9a:ff:b2:ee:41:9d:9f:b8:21:
                    3b:2f:68:a0:94:eb:b2:58:33:27:1c:f0:0f:df:1e:
                    a6:98:a5:8a:27:34:40:c3:a6:37:24:07:2b:99:ee:
                    cc:c3:db:e8:d8:a9:bf:f9:b7:d7:b1:5b:4c:30:36:
                    8b:51:a5:03:8d:6c:99:79:95:51:f5:dc:38:4f:c8:
                    34:e4:b5:a1:b0:05:4c:c6:be:1f:dc:59:1d:07:b4:
                    6c:01:44:cb:bd:85:14:9f:8b:34:b0:64:af:4c:4a:
                    0c:1c:f6:5a:2f:a1:58:33:ec:19:58:64:9e:b8:84:
                    93:3f:b5:c1:eb:45:b8:26:c6:56:a4:84:55:7a:ad:
                    13:61:f9:00:d2:d7:5d:c0:87:ac:be:be:82:2c:1b:
                    2b:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:C8:57:73:A2:F5:BD:E6:BA:71:64:B7:53:8A:D9:45:53:AD:46:24
            X509v3 Authority Key Identifier:
                keyid:24:50:BF:BF:79:8F:AE:AA:7D:6A:36:05:8D:01:3E:24:D4:BB:1D:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JFC_v3mPrqp9ajYFjQE-JNS7HZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/19c76f-2f67-421c-84ae-dd549f3b83bf/1/WchXc6L1vea6cWS3U4rZRVOtRiQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/19c76f-2f67-421c-84ae-dd549f3b83bf/1/JFC_v3mPrqp9ajYFjQE-JNS7HZ0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.75.60.0/22

    Signature Algorithm: sha256WithRSAEncryption
         6c:7f:64:0a:71:aa:3f:57:63:8f:26:65:f6:e1:cb:e7:c2:fd:
         30:12:54:12:fa:f2:4e:be:a5:6d:69:93:9a:2e:68:87:d6:49:
         63:45:53:89:14:5d:e0:69:8b:4d:24:f8:fd:2a:74:5d:df:b4:
         3c:97:83:24:19:ac:a0:9a:ee:67:e0:fd:f4:61:c3:4a:b2:f2:
         aa:9d:e2:6c:5b:5c:e8:ec:bb:43:72:bc:67:a5:b3:10:df:eb:
         e1:92:6e:4a:95:04:7d:7b:b0:8b:eb:ca:fd:15:9c:fd:09:59:
         a4:c4:09:2f:59:3a:57:47:43:09:18:6e:d5:8a:2b:45:a2:e9:
         20:7b:48:9b:5d:0f:b1:b8:20:e1:20:26:78:b8:9e:80:57:34:
         37:95:19:ae:06:e3:39:d0:e7:aa:53:be:86:cc:e6:ea:93:bf:
         70:4f:e6:36:f8:e4:11:81:40:57:47:c8:80:5e:99:4e:b3:bf:
         fd:d4:91:36:38:83:89:2f:1a:fc:14:9a:d3:50:14:ab:72:40:
         72:ba:82:df:1b:d8:46:36:fd:3d:66:c4:e2:82:cc:5a:81:a0:
         4e:9f:af:b0:a3:3d:c1:bc:ad:b8:ce:50:aa:9f:ee:38:1f:26:
         cc:ab:bc:07:00:b6:af:00:dd:a2:a9:e4:70:60:da:f9:6a:9e:
         ee:2c:11:c7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJQNWW1WddcOR7/BS+ZG4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI0NTBiZmJmNzk4ZmFlYWE3ZDZhMzYwNThkMDEzZTI0ZDRi
YjFkOWQwHhcNMjQwMTAxMDgzMDA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OWM4NTc3M2EyZjViZGU2YmE3MTY0Yjc1MzhhZDk0NTUzYWQ0NjI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjo8sDrBSV98lwO6kBO4QKSSW7gFH
EeSzpT/i03cQwOqhQ3jDA1N6TFvOJCJeahAA/PyJm/7p0oekUgJJaOLDUebUa2C2
qderTlAGEGz3vHpNIcpEnzOXSyaVLA+1AqKO/rBydrHQjlFp/Grvp/ma/7LuQZ2f
uCE7L2iglOuyWDMnHPAP3x6mmKWKJzRAw6Y3JAcrme7Mw9vo2Km/+bfXsVtMMDaL
UaUDjWyZeZVR9dw4T8g05LWhsAVMxr4f3FkdB7RsAUTLvYUUn4s0sGSvTEoMHPZa
L6FYM+wZWGSeuISTP7XB60W4JsZWpIRVeq0TYfkA0tddwIesvr6CLBsrIwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFnIV3Oi9b3munFkt1OK2UVTrUYkMB8GA1UdIwQY
MBaAFCRQv795j66qfWo2BY0BPiTUux2dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSkZDX3YzbVBycXA5YWpZRmpRRS1KTlM3SFowLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNC8xOWM3NmYtMmY2Ny00MjFjLTg0YWUt
ZGQ1NDlmM2I4M2JmLzEvV2NoWGM2TDF2ZWE2Y1dTM1U0clpSVk90UmlRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNC8xOWM3NmYtMmY2Ny00MjFjLTg0YWUtZGQ1NDlmM2I4M2Jm
LzEvSkZDX3YzbVBycXA5YWpZRmpRRS1KTlM3SFowLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuUs8MA0G
CSqGSIb3DQEBCwUAA4IBAQBsf2QKcao/V2OPJmX24cvnwv0wElQS+vJOvqVtaZOa
LmiH1kljRVOJFF3gaYtNJPj9KnRd37Q8l4MkGaygmu5n4P30YcNKsvKqneJsW1zo
7LtDcrxnpbMQ3+vhkm5KlQR9e7CL68r9FZz9CVmkxAkvWTpXR0MJGG7ViitFoukg
e0ibXQ+xuCDhICZ4uJ6AVzQ3lRmuBuM50OeqU76GzObqk79wT+Y2+OQRgUBXR8iA
XplOs7/91JE2OIOJLxr8FJrTUBSrckByuoLfG9hGNv09ZsTigsxagaBOn6+woz3B
vK24zlCqn+44HybMq7wHALavAN2iqeRwYNr5ap7uLBHH
-----END CERTIFICATE-----