Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d7/66f379-f598-4e60-b493-f9ca7124f098/1/WW1TiU5z_bxDE-8K5X3WcthrweQ.roa
File:                     WW1TiU5z_bxDE-8K5X3WcthrweQ.roa (raw, json)
Hash identifier:          uftZamEqBshzlsVid2A7Hoyn1mAIW2eVtypEVulLcNQ=
Subject key identifier:   59:6D:53:89:4E:73:FD:BC:43:13:EF:0A:E5:7D:D6:72:D8:6B:C1:E4
Certificate issuer:       /CN=35f1fd69e7196aef5e29ba795680dac3e34868c8
Certificate serial:       018CC26CFD1A39BAB535C3B0B94065432D9E
Authority key identifier: 35:F1:FD:69:E7:19:6A:EF:5E:29:BA:79:56:80:DA:C3:E3:48:68:C8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NfH9aecZau9eKbp5VoDaw-NIaMg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d7/66f379-f598-4e60-b493-f9ca7124f098/1/WW1TiU5z_bxDE-8K5X3WcthrweQ.roa
Signing time:             Mon 01 Jan 2024 00:29:31 +0000
ROA not before:           Mon 01 Jan 2024 00:29:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50862
IP address blocks:        194.29.78.0/24 maxlen: 24
                          194.29.73.0/24 maxlen: 24
                          91.229.49.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d7/66f379-f598-4e60-b493-f9ca7124f098/1/NfH9aecZau9eKbp5VoDaw-NIaMg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d7/66f379-f598-4e60-b493-f9ca7124f098/1/NfH9aecZau9eKbp5VoDaw-NIaMg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NfH9aecZau9eKbp5VoDaw-NIaMg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6c:fd:1a:39:ba:b5:35:c3:b0:b9:40:65:43:2d:9e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35f1fd69e7196aef5e29ba795680dac3e34868c8
        Validity
            Not Before: Jan  1 00:29:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=596d53894e73fdbc4313ef0ae57dd672d86bc1e4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:c5:60:ad:d4:63:c1:1a:bc:c9:55:84:00:5f:
                    84:d6:26:d7:8d:e4:30:9f:c6:0f:73:80:5b:f2:15:
                    1e:58:23:68:33:79:bf:c3:a1:f4:51:0d:10:bd:1e:
                    ac:85:50:61:a4:ae:73:7a:d4:6d:82:71:20:cd:e8:
                    3b:20:c4:37:ec:c2:c6:ef:fc:56:bb:80:09:57:2e:
                    cc:8e:5d:ce:8c:1f:7f:fe:b0:84:53:6a:0e:ae:b9:
                    64:1d:6b:d9:f8:8c:d6:f0:9f:20:50:fc:ed:d6:f4:
                    0d:74:c3:7d:03:ec:00:10:fe:2a:48:19:44:45:2c:
                    4a:b5:eb:75:49:cf:d3:aa:97:3a:d1:3b:c9:da:a3:
                    56:83:fc:9a:a0:fa:98:f0:14:23:96:37:88:46:eb:
                    33:a2:de:04:bc:1b:b8:a3:fb:77:89:d7:bd:54:63:
                    c1:d6:59:09:68:67:f0:9b:e4:b7:7c:6b:a0:f9:5d:
                    39:4d:8c:dd:d2:28:67:0c:b5:8b:97:d1:1e:66:fc:
                    ac:14:21:e5:ac:b8:c6:a9:44:8f:86:c1:9d:b1:ba:
                    72:7b:b2:ea:e3:8c:ed:76:fe:77:79:68:73:33:b5:
                    f2:50:4d:6f:07:7f:25:0e:e1:78:85:a8:94:76:64:
                    70:be:7f:27:67:ca:44:47:ff:32:c1:2b:bf:e5:a5:
                    4c:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:6D:53:89:4E:73:FD:BC:43:13:EF:0A:E5:7D:D6:72:D8:6B:C1:E4
            X509v3 Authority Key Identifier:
                keyid:35:F1:FD:69:E7:19:6A:EF:5E:29:BA:79:56:80:DA:C3:E3:48:68:C8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NfH9aecZau9eKbp5VoDaw-NIaMg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/66f379-f598-4e60-b493-f9ca7124f098/1/WW1TiU5z_bxDE-8K5X3WcthrweQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/66f379-f598-4e60-b493-f9ca7124f098/1/NfH9aecZau9eKbp5VoDaw-NIaMg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.229.49.0/24
                  194.29.73.0/24
                  194.29.78.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9a:0d:8f:32:5f:a4:4e:00:3d:3a:89:9c:c0:b9:28:f4:15:55:
         89:98:4e:52:db:35:8a:3b:8e:b1:aa:8e:92:3a:40:55:15:2f:
         99:be:5b:5b:e9:35:73:d3:0c:90:54:f3:18:74:cb:ad:a0:58:
         f0:f3:95:17:25:32:0d:27:e9:2b:23:47:fe:cb:fa:b6:7d:98:
         60:47:b0:c3:24:98:f4:3c:89:b6:17:57:d1:cc:b2:30:c4:50:
         94:af:eb:e8:ca:8a:57:7b:c2:b7:e7:bd:22:d3:d3:2b:97:45:
         40:33:ad:77:54:3a:cd:10:8d:c6:d5:ac:4f:47:c8:a4:bb:91:
         b8:8a:00:52:08:6e:7f:ba:0b:0f:25:31:bc:0b:9a:f0:ee:ef:
         62:d5:bc:08:5d:be:50:d9:35:60:68:f3:7c:b1:21:91:7c:61:
         12:45:18:bb:c6:f9:3d:5b:6d:6f:bc:b2:ff:e4:7e:d0:0c:2c:
         ad:75:cb:0d:d4:b3:62:1c:e5:aa:3b:9b:01:9a:56:e7:e6:de:
         b9:92:47:ec:56:69:7c:7f:41:d8:8e:c0:93:dd:cb:3d:2c:6f:
         96:18:90:6d:e8:cc:e3:0c:67:b2:45:32:2d:4f:a6:aa:ad:f9:
         0a:9c:e3:b7:11:62:76:d9:95:dc:0c:c1:28:5e:4e:6c:9c:37:
         61:9c:e5:ad
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzCbP0aObq1NcOwuUBlQy2eMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1ZjFmZDY5ZTcxOTZhZWY1ZTI5YmE3OTU2ODBkYWMzZTM0
ODY4YzgwHhcNMjQwMTAxMDAyOTMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OTZkNTM4OTRlNzNmZGJjNDMxM2VmMGFlNTdkZDY3MmQ4NmJjMWU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvsVgrdRjwRq8yVWEAF+E1ibXjeQw
n8YPc4Bb8hUeWCNoM3m/w6H0UQ0QvR6shVBhpK5zetRtgnEgzeg7IMQ37MLG7/xW
u4AJVy7Mjl3OjB9//rCEU2oOrrlkHWvZ+IzW8J8gUPzt1vQNdMN9A+wAEP4qSBlE
RSxKtet1Sc/Tqpc60TvJ2qNWg/yaoPqY8BQjljeIRuszot4EvBu4o/t3ide9VGPB
1lkJaGfwm+S3fGug+V05TYzd0ihnDLWLl9EeZvysFCHlrLjGqUSPhsGdsbpye7Lq
44ztdv53eWhzM7XyUE1vB38lDuF4haiUdmRwvn8nZ8pER/8ywSu/5aVMWwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFFltU4lOc/28QxPvCuV91nLYa8HkMB8GA1UdIwQY
MBaAFDXx/WnnGWrvXim6eVaA2sPjSGjIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTmZIOWFlY1phdTllS2JwNVZvRGF3LU5JYU1nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNy82NmYzNzktZjU5OC00ZTYwLWI0OTMt
ZjljYTcxMjRmMDk4LzEvV1cxVGlVNXpfYnhERS04SzVYM1djdGhyd2VRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNy82NmYzNzktZjU5OC00ZTYwLWI0OTMtZjljYTcxMjRmMDk4
LzEvTmZIOWFlY1phdTllS2JwNVZvRGF3LU5JYU1nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAW+UxAwQA
wh1JAwQAwh1OMA0GCSqGSIb3DQEBCwUAA4IBAQCaDY8yX6ROAD06iZzAuSj0FVWJ
mE5S2zWKO46xqo6SOkBVFS+Zvltb6TVz0wyQVPMYdMutoFjw85UXJTINJ+krI0f+
y/q2fZhgR7DDJJj0PIm2F1fRzLIwxFCUr+voyopXe8K3570i09Mrl0VAM613VDrN
EI3G1axPR8iku5G4igBSCG5/ugsPJTG8C5rw7u9i1bwIXb5Q2TVgaPN8sSGRfGES
RRi7xvk9W21vvLL/5H7QDCytdcsN1LNiHOWqO5sBmlbn5t65kkfsVml8f0HYjsCT
3cs9LG+WGJBt6MzjDGeyRTItT6aqrfkKnOO3EWJ22ZXcDMEoXk5snDdhnOWt
-----END CERTIFICATE-----