Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d6/faa95f-3b32-41fe-abe3-c27c4a610bd3/1/WZTr2Y4NWQd9XwrH0MjfUUt7C-A.roa
File:                     WZTr2Y4NWQd9XwrH0MjfUUt7C-A.roa (raw, json)
Hash identifier:          qi0KSn/2sun1fmFcjMOwdostwxWFMXiQFlKIwxHlzq0=
Subject key identifier:   59:94:EB:D9:8E:0D:59:07:7D:5F:0A:C7:D0:C8:DF:51:4B:7B:0B:E0
Certificate issuer:       /CN=f01c8997a354bc7d4e5a60a9f42438a182fa998a
Certificate serial:       018CC64A40ABD3CB164B2748E3C8C10F5C8D
Authority key identifier: F0:1C:89:97:A3:54:BC:7D:4E:5A:60:A9:F4:24:38:A1:82:FA:99:8A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8ByJl6NUvH1OWmCp9CQ4oYL6mYo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d6/faa95f-3b32-41fe-abe3-c27c4a610bd3/1/WZTr2Y4NWQd9XwrH0MjfUUt7C-A.roa
Signing time:             Mon 01 Jan 2024 18:30:04 +0000
ROA not before:           Mon 01 Jan 2024 18:30:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60498
IP address blocks:        185.31.28.0/24 maxlen: 24
                          185.31.30.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d6/faa95f-3b32-41fe-abe3-c27c4a610bd3/1/8ByJl6NUvH1OWmCp9CQ4oYL6mYo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d6/faa95f-3b32-41fe-abe3-c27c4a610bd3/1/8ByJl6NUvH1OWmCp9CQ4oYL6mYo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8ByJl6NUvH1OWmCp9CQ4oYL6mYo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 30 May 2024 07:01:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:40:ab:d3:cb:16:4b:27:48:e3:c8:c1:0f:5c:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f01c8997a354bc7d4e5a60a9f42438a182fa998a
        Validity
            Not Before: Jan  1 18:30:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5994ebd98e0d59077d5f0ac7d0c8df514b7b0be0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:b8:83:82:49:3c:34:a1:93:f0:33:34:7c:c8:
                    b6:bb:10:e6:df:7e:35:be:b3:30:e3:57:ba:36:60:
                    da:d9:8a:25:a9:4d:02:61:88:ed:b3:fc:7c:5a:6d:
                    2f:23:ac:c2:47:bd:54:60:18:2c:8b:b5:4b:e5:69:
                    c8:84:3b:c4:63:cf:88:b1:c0:fb:11:cd:c0:6d:ef:
                    48:af:44:30:f2:1e:8d:97:fc:76:59:08:df:69:02:
                    6b:0c:12:57:e1:90:6b:2d:c7:8e:9d:3c:67:7c:89:
                    32:97:63:2f:e9:7e:26:87:11:26:8c:41:d7:35:03:
                    da:cb:3e:ec:a0:07:c9:a9:ab:b5:72:83:a5:2a:7c:
                    7e:72:bb:2e:2e:c4:67:77:a1:06:18:62:0f:cd:e0:
                    63:21:36:be:41:9b:c0:87:82:8d:3d:c2:88:ec:37:
                    d3:a0:98:75:03:34:40:0b:9c:e2:36:d3:c2:31:75:
                    55:7b:6c:7c:eb:02:2e:d1:74:98:72:d6:9f:52:96:
                    e5:f6:46:0a:06:1f:80:21:c4:c6:4d:a8:76:6b:17:
                    ec:45:2d:0f:8e:49:39:97:69:9d:ca:b4:73:80:3b:
                    7a:18:e0:da:c0:71:84:5d:cb:01:81:ec:a7:7b:38:
                    38:50:e9:af:19:99:26:11:52:96:ad:e2:f2:ca:ed:
                    c8:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:94:EB:D9:8E:0D:59:07:7D:5F:0A:C7:D0:C8:DF:51:4B:7B:0B:E0
            X509v3 Authority Key Identifier:
                keyid:F0:1C:89:97:A3:54:BC:7D:4E:5A:60:A9:F4:24:38:A1:82:FA:99:8A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8ByJl6NUvH1OWmCp9CQ4oYL6mYo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d6/faa95f-3b32-41fe-abe3-c27c4a610bd3/1/WZTr2Y4NWQd9XwrH0MjfUUt7C-A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d6/faa95f-3b32-41fe-abe3-c27c4a610bd3/1/8ByJl6NUvH1OWmCp9CQ4oYL6mYo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.31.28.0/24
                  185.31.30.0/24

    Signature Algorithm: sha256WithRSAEncryption
         90:2c:60:3f:bf:48:85:e6:d2:8b:88:ee:43:ab:ce:84:98:89:
         0c:d4:47:fd:f4:b7:f2:b9:80:0a:04:ba:75:41:40:9a:82:8d:
         c7:6c:8a:3f:e4:56:fc:93:42:ce:0d:e1:37:fd:cc:c9:b7:12:
         76:33:33:17:2f:fd:b6:30:7b:0c:5d:8a:81:fa:bd:17:65:f6:
         bc:65:09:02:b3:1d:45:67:6d:85:cd:08:29:9d:d1:a1:c9:8b:
         85:4c:96:0c:0d:59:65:2d:ce:d6:f0:8b:33:c3:af:05:e4:3a:
         41:17:7c:a4:18:f2:fc:57:e9:8d:ba:42:f0:cd:4f:1d:01:ac:
         dc:4d:9b:58:ed:c2:25:40:ea:ed:13:7b:41:aa:6b:c7:77:10:
         01:af:9a:cc:c1:59:b2:d3:14:92:70:b4:97:7f:fe:02:14:a0:
         0b:11:c0:18:bf:36:7a:f3:f2:72:ce:7f:af:fe:8b:94:11:95:
         5d:12:17:a1:9f:03:4f:b9:03:7b:bd:16:e1:19:bb:98:76:8e:
         f7:c2:87:51:45:42:d5:02:5c:0f:81:9d:cc:4a:47:5f:09:09:
         64:35:f4:ec:45:00:32:8a:1c:d7:7e:25:39:a5:7e:a4:67:56:
         cf:23:ca:5e:a3:49:6e:06:a4:65:db:dd:21:f3:93:c2:92:d2:
         80:67:d7:73
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzGSkCr08sWSydI48jBD1yNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwMWM4OTk3YTM1NGJjN2Q0ZTVhNjBhOWY0MjQzOGExODJm
YTk5OGEwHhcNMjQwMTAxMTgzMDA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OTk0ZWJkOThlMGQ1OTA3N2Q1ZjBhYzdkMGM4ZGY1MTRiN2IwYmUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlbiDgkk8NKGT8DM0fMi2uxDm3341
vrMw41e6NmDa2YolqU0CYYjts/x8Wm0vI6zCR71UYBgsi7VL5WnIhDvEY8+IscD7
Ec3Abe9Ir0Qw8h6Nl/x2WQjfaQJrDBJX4ZBrLceOnTxnfIkyl2Mv6X4mhxEmjEHX
NQPayz7soAfJqau1coOlKnx+crsuLsRnd6EGGGIPzeBjITa+QZvAh4KNPcKI7DfT
oJh1AzRAC5ziNtPCMXVVe2x86wIu0XSYctafUpbl9kYKBh+AIcTGTah2axfsRS0P
jkk5l2mdyrRzgDt6GODawHGEXcsBgeynezg4UOmvGZkmEVKWreLyyu3IuwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFFmU69mODVkHfV8Kx9DI31FLewvgMB8GA1UdIwQY
MBaAFPAciZejVLx9TlpgqfQkOKGC+pmKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEJ5Smw2TlV2SDFPV21DcDlDUTRvWUw2bVlvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNi9mYWE5NWYtM2IzMi00MWZlLWFiZTMt
YzI3YzRhNjEwYmQzLzEvV1pUcjJZNE5XUWQ5WHdySDBNamZVVXQ3Qy1BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNi9mYWE5NWYtM2IzMi00MWZlLWFiZTMtYzI3YzRhNjEwYmQz
LzEvOEJ5Smw2TlV2SDFPV21DcDlDUTRvWUw2bVlvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAuR8cAwQA
uR8eMA0GCSqGSIb3DQEBCwUAA4IBAQCQLGA/v0iF5tKLiO5Dq86EmIkM1Ef99Lfy
uYAKBLp1QUCago3HbIo/5Fb8k0LODeE3/czJtxJ2MzMXL/22MHsMXYqB+r0XZfa8
ZQkCsx1FZ22FzQgpndGhyYuFTJYMDVllLc7W8Iszw68F5DpBF3ykGPL8V+mNukLw
zU8dAazcTZtY7cIlQOrtE3tBqmvHdxABr5rMwVmy0xSScLSXf/4CFKALEcAYvzZ6
8/Jyzn+v/ouUEZVdEhehnwNPuQN7vRbhGbuYdo73wodRRULVAlwPgZ3MSkdfCQlk
NfTsRQAyihzXfiU5pX6kZ1bPI8peo0luBqRl290h85PCktKAZ9dz
-----END CERTIFICATE-----