Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d4/98a5ed-905e-4bfa-9154-f1c33aa2fd50/1/WXDgeGFF9YMcrguXypEf21DGNx0.roa
File:                     WXDgeGFF9YMcrguXypEf21DGNx0.roa (raw, json)
Hash identifier:          eeWUJ3TzJMQ8AT+/Y97JiCkpHwwtBUzokc5Bukiapxg=
Subject key identifier:   59:70:E0:78:61:45:F5:83:1C:AE:0B:97:CA:91:1F:DB:50:C6:37:1D
Certificate issuer:       /CN=641975583b250362c8150f63adb30a0f6a0c6fc3
Certificate serial:       018F673FAAFE5AE0C133013716B345C6BCC4
Authority key identifier: 64:19:75:58:3B:25:03:62:C8:15:0F:63:AD:B3:0A:0F:6A:0C:6F:C3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZBl1WDslA2LIFQ9jrbMKD2oMb8M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d4/98a5ed-905e-4bfa-9154-f1c33aa2fd50/1/WXDgeGFF9YMcrguXypEf21DGNx0.roa
Signing time:             Sat 11 May 2024 10:42:56 +0000
ROA not before:           Sat 11 May 2024 10:42:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     1239
IP address blocks:        45.147.159.0/24 maxlen: 24
                          92.61.103.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d4/98a5ed-905e-4bfa-9154-f1c33aa2fd50/1/ZBl1WDslA2LIFQ9jrbMKD2oMb8M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d4/98a5ed-905e-4bfa-9154-f1c33aa2fd50/1/ZBl1WDslA2LIFQ9jrbMKD2oMb8M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZBl1WDslA2LIFQ9jrbMKD2oMb8M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 11:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:67:3f:aa:fe:5a:e0:c1:33:01:37:16:b3:45:c6:bc:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=641975583b250362c8150f63adb30a0f6a0c6fc3
        Validity
            Not Before: May 11 10:42:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5970e0786145f5831cae0b97ca911fdb50c6371d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:bd:41:32:71:48:14:d9:fe:5e:c8:eb:9a:03:
                    e7:71:76:fc:e5:e2:5a:d2:6e:1a:b4:58:16:29:78:
                    d8:c8:86:05:4d:ce:2a:57:a6:f2:94:da:d6:a5:44:
                    bf:61:b9:fe:10:a1:24:aa:2e:0f:8e:65:e0:3c:c9:
                    05:9b:12:0c:e1:58:b2:27:ad:7b:89:86:4d:aa:99:
                    11:fb:72:af:27:70:a6:a1:7f:bb:1f:49:66:69:96:
                    79:6e:79:52:63:e4:e2:c1:a5:98:70:c4:6a:bc:75:
                    fe:41:ee:02:2c:aa:26:d2:d4:65:50:87:28:56:d6:
                    eb:32:89:cf:c9:97:3e:2a:7b:5a:c6:02:55:76:94:
                    6f:91:29:c1:2f:49:cd:38:e5:18:e1:68:27:c3:a8:
                    59:d2:85:39:44:90:19:4e:fc:b3:d6:da:3f:3d:19:
                    99:69:b5:fb:18:6d:ba:4b:bb:f7:c0:ae:de:00:46:
                    d9:50:9c:e7:c8:9c:30:12:b1:3c:6d:72:a6:c2:d2:
                    33:b0:c7:99:45:ed:bf:62:50:9a:c3:b9:70:a6:ac:
                    39:65:91:42:96:41:b9:3f:92:5d:ec:bd:db:0c:2a:
                    eb:42:2c:ac:27:dd:ca:98:d8:f7:f5:2e:be:57:bc:
                    d1:04:d2:9e:34:ec:f0:de:31:ba:97:b1:12:4b:66:
                    62:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:70:E0:78:61:45:F5:83:1C:AE:0B:97:CA:91:1F:DB:50:C6:37:1D
            X509v3 Authority Key Identifier:
                keyid:64:19:75:58:3B:25:03:62:C8:15:0F:63:AD:B3:0A:0F:6A:0C:6F:C3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZBl1WDslA2LIFQ9jrbMKD2oMb8M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/98a5ed-905e-4bfa-9154-f1c33aa2fd50/1/WXDgeGFF9YMcrguXypEf21DGNx0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/98a5ed-905e-4bfa-9154-f1c33aa2fd50/1/ZBl1WDslA2LIFQ9jrbMKD2oMb8M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.147.159.0/24
                  92.61.103.0/24

    Signature Algorithm: sha256WithRSAEncryption
         88:80:e3:8b:38:68:99:90:70:c8:6c:bc:e4:ea:4e:28:a9:42:
         60:ee:22:f2:a2:73:80:42:36:d6:2a:5f:01:9a:92:c1:dd:98:
         fb:3a:b7:f1:3d:01:b1:65:2f:65:d9:00:85:0f:4e:9d:95:37:
         b8:9d:ad:0c:67:6a:74:38:5b:4c:87:33:8e:70:47:52:c7:6b:
         0d:e8:f4:36:de:b2:e0:2d:e8:70:b9:2c:9d:50:fa:48:b1:0b:
         9b:45:40:16:6e:45:f2:a9:e9:1c:ee:a3:45:5d:83:5f:a4:4b:
         50:49:2f:83:5f:32:bd:77:ba:c1:7e:79:2e:f4:b3:ed:88:ef:
         2f:2b:43:f7:dd:db:30:e4:d8:66:91:c3:c3:74:e3:8f:7b:89:
         37:0c:72:4e:21:1e:47:3d:98:f1:fa:41:c4:aa:b6:68:41:80:
         18:55:d1:05:be:b4:75:02:5e:49:a2:c7:a9:f7:51:c6:3b:14:
         1a:0a:44:84:83:cf:f8:aa:7f:2f:75:ad:c4:8a:a4:3b:7b:ac:
         01:f5:ed:36:10:58:dc:50:e8:8f:ad:66:52:5e:4c:8b:4d:5b:
         ea:26:6f:d0:2e:01:93:ed:a9:ba:5f:7f:bd:17:b4:d9:1e:e6:
         73:a8:e4:ac:df:36:0a:50:2e:e2:35:7e:ac:fc:3a:f0:33:5e:
         0c:47:d7:3f
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY9nP6r+WuDBMwE3FrNFxrzEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY0MTk3NTU4M2IyNTAzNjJjODE1MGY2M2FkYjMwYTBmNmEw
YzZmYzMwHhcNMjQwNTExMTA0MjU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OTcwZTA3ODYxNDVmNTgzMWNhZTBiOTdjYTkxMWZkYjUwYzYzNzFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwr1BMnFIFNn+XsjrmgPncXb85eJa
0m4atFgWKXjYyIYFTc4qV6bylNrWpUS/Ybn+EKEkqi4PjmXgPMkFmxIM4ViyJ617
iYZNqpkR+3KvJ3CmoX+7H0lmaZZ5bnlSY+TiwaWYcMRqvHX+Qe4CLKom0tRlUIco
VtbrMonPyZc+KntaxgJVdpRvkSnBL0nNOOUY4Wgnw6hZ0oU5RJAZTvyz1to/PRmZ
abX7GG26S7v3wK7eAEbZUJznyJwwErE8bXKmwtIzsMeZRe2/YlCaw7lwpqw5ZZFC
lkG5P5Jd7L3bDCrrQiysJ93KmNj39S6+V7zRBNKeNOzw3jG6l7ESS2Zi1wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFFlw4HhhRfWDHK4Ll8qRH9tQxjcdMB8GA1UdIwQY
MBaAFGQZdVg7JQNiyBUPY62zCg9qDG/DMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWkJsMVdEc2xBMkxJRlE5anJiTUtEMm9NYjhNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNC85OGE1ZWQtOTA1ZS00YmZhLTkxNTQt
ZjFjMzNhYTJmZDUwLzEvV1hEZ2VHRkY5WU1jcmd1WHlwRWYyMURHTngwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNC85OGE1ZWQtOTA1ZS00YmZhLTkxNTQtZjFjMzNhYTJmZDUw
LzEvWkJsMVdEc2xBMkxJRlE5anJiTUtEMm9NYjhNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALZOfAwQA
XD1nMA0GCSqGSIb3DQEBCwUAA4IBAQCIgOOLOGiZkHDIbLzk6k4oqUJg7iLyonOA
QjbWKl8BmpLB3Zj7OrfxPQGxZS9l2QCFD06dlTe4na0MZ2p0OFtMhzOOcEdSx2sN
6PQ23rLgLehwuSydUPpIsQubRUAWbkXyqekc7qNFXYNfpEtQSS+DXzK9d7rBfnku
9LPtiO8vK0P33dsw5NhmkcPDdOOPe4k3DHJOIR5HPZjx+kHEqrZoQYAYVdEFvrR1
Al5Josep91HGOxQaCkSEg8/4qn8vda3EiqQ7e6wB9e02EFjcUOiPrWZSXkyLTVvq
Jm/QLgGT7am6X3+9F7TZHuZzqOSs3zYKUC7iNX6s/DrwM14MR9c/
-----END CERTIFICATE-----