Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/da/eede38-92a2-462d-b252-c83b5fc26545/1/WKnDJfLLMHqYnKjzcoqBUM8XyGg.roa
File:                     WKnDJfLLMHqYnKjzcoqBUM8XyGg.roa (raw, json)
Hash identifier:          3kepbJlc5hRhSjZo6eNtFlY+p2ivs3Hf4/wwEeadDnA=
Subject key identifier:   58:A9:C3:25:F2:CB:30:7A:98:9C:A8:F3:72:8A:81:50:CF:17:C8:68
Certificate issuer:       /CN=443b67b9d4c99c725e357d8174fb7e024a1502e2
Certificate serial:       018CC94D6945EECFBB1EB7950F690F0B9A88
Authority key identifier: 44:3B:67:B9:D4:C9:9C:72:5E:35:7D:81:74:FB:7E:02:4A:15:02:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RDtnudTJnHJeNX2BdPt-AkoVAuI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/da/eede38-92a2-462d-b252-c83b5fc26545/1/WKnDJfLLMHqYnKjzcoqBUM8XyGg.roa
Signing time:             Tue 02 Jan 2024 08:32:22 +0000
ROA not before:           Tue 02 Jan 2024 08:32:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20712
IP address blocks:        176.110.118.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/da/eede38-92a2-462d-b252-c83b5fc26545/1/RDtnudTJnHJeNX2BdPt-AkoVAuI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/da/eede38-92a2-462d-b252-c83b5fc26545/1/RDtnudTJnHJeNX2BdPt-AkoVAuI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RDtnudTJnHJeNX2BdPt-AkoVAuI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:69:45:ee:cf:bb:1e:b7:95:0f:69:0f:0b:9a:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=443b67b9d4c99c725e357d8174fb7e024a1502e2
        Validity
            Not Before: Jan  2 08:32:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=58a9c325f2cb307a989ca8f3728a8150cf17c868
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:08:5b:38:59:3c:fa:8d:e6:bf:c0:6d:14:23:
                    e8:f0:2d:fb:4d:2f:63:e0:9a:d2:c6:10:91:52:16:
                    77:ce:57:0b:66:17:08:a8:2e:3b:01:60:d7:32:08:
                    ea:ea:1e:a5:a8:bd:e1:23:f8:5a:ba:ab:22:72:2f:
                    3c:40:a5:56:31:b2:a7:96:5f:52:6d:d1:ff:27:94:
                    79:46:76:41:46:a8:8f:b3:4d:74:6c:63:8c:dc:de:
                    ec:b6:5a:1c:f9:cd:af:43:be:fb:4f:f6:93:2a:06:
                    91:ba:a7:c5:ec:6b:00:c7:15:15:7d:5c:d8:ac:20:
                    78:d4:a2:28:4d:94:d8:00:2e:73:d4:53:00:d3:60:
                    cd:e6:9a:da:d2:c8:fd:e0:b7:80:a9:01:44:3d:ec:
                    cc:0d:37:0e:9b:79:86:65:f3:a5:10:f4:47:75:b0:
                    8b:69:3a:ea:70:1c:dc:19:2d:d9:5f:c1:8b:a1:4c:
                    41:9a:1d:8f:e1:2e:d1:e5:3b:ba:3d:35:5f:08:36:
                    4b:81:ec:ed:d8:d9:ff:28:e4:2d:9e:18:f5:85:a6:
                    03:5e:ab:cb:5f:e6:57:94:5a:8f:68:5c:0c:7b:8e:
                    fc:45:8c:37:db:e5:40:97:a7:be:f4:1f:7a:98:fd:
                    cc:8e:da:f7:5c:f6:6c:1a:6e:20:bf:11:d3:f8:93:
                    1d:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:A9:C3:25:F2:CB:30:7A:98:9C:A8:F3:72:8A:81:50:CF:17:C8:68
            X509v3 Authority Key Identifier:
                keyid:44:3B:67:B9:D4:C9:9C:72:5E:35:7D:81:74:FB:7E:02:4A:15:02:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RDtnudTJnHJeNX2BdPt-AkoVAuI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/da/eede38-92a2-462d-b252-c83b5fc26545/1/WKnDJfLLMHqYnKjzcoqBUM8XyGg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/da/eede38-92a2-462d-b252-c83b5fc26545/1/RDtnudTJnHJeNX2BdPt-AkoVAuI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.110.118.0/24

    Signature Algorithm: sha256WithRSAEncryption
         59:f7:7b:5e:a0:f8:58:09:72:dd:65:47:fb:f7:ca:f0:22:ca:
         a4:95:67:dc:1a:08:20:ec:c9:cb:71:c4:6c:c1:0b:60:92:77:
         e0:d5:b3:fb:0b:76:f1:41:9a:03:1c:60:37:6a:c9:e3:8a:1b:
         62:c0:a8:ba:e1:60:2c:fc:18:63:cd:58:75:ef:6c:e1:b2:ed:
         21:82:9d:90:f0:45:ce:97:22:0c:fa:70:58:1d:0d:a4:2a:1c:
         c8:a2:0d:b3:16:fb:85:2d:df:cd:f4:d7:03:dd:da:77:bd:4e:
         fa:cc:3f:13:b1:cb:1b:ed:0b:f0:39:de:5c:e9:95:ce:c4:c3:
         02:50:70:16:29:47:af:07:a2:26:28:a3:3b:12:5c:11:e9:06:
         de:42:b2:1d:31:20:0f:82:57:be:ec:18:1d:5b:2f:9b:2b:b0:
         52:cd:fa:ba:2b:28:7a:aa:79:8a:3c:97:20:77:c4:d0:6c:1b:
         fd:2d:5f:6e:00:f8:70:b6:af:9c:d9:ff:ad:77:91:97:9f:1d:
         f2:dc:6f:08:a0:cb:dd:b6:5f:cb:e1:57:73:b2:dc:c7:8e:18:
         3b:a6:67:7a:30:f6:99:fb:2c:b9:89:4f:64:dc:8f:6b:84:9c:
         54:4d:2f:c8:17:1f:ae:6a:2a:d8:a7:74:a4:68:1d:2a:55:f8:
         18:0b:d4:c1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTWlF7s+7HreVD2kPC5qIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ0M2I2N2I5ZDRjOTljNzI1ZTM1N2Q4MTc0ZmI3ZTAyNGEx
NTAyZTIwHhcNMjQwMTAyMDgzMjIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OGE5YzMyNWYyY2IzMDdhOTg5Y2E4ZjM3MjhhODE1MGNmMTdjODY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuAhbOFk8+o3mv8BtFCPo8C37TS9j
4JrSxhCRUhZ3zlcLZhcIqC47AWDXMgjq6h6lqL3hI/hauqsici88QKVWMbKnll9S
bdH/J5R5RnZBRqiPs010bGOM3N7stloc+c2vQ777T/aTKgaRuqfF7GsAxxUVfVzY
rCB41KIoTZTYAC5z1FMA02DN5pra0sj94LeAqQFEPezMDTcOm3mGZfOlEPRHdbCL
aTrqcBzcGS3ZX8GLoUxBmh2P4S7R5Tu6PTVfCDZLgezt2Nn/KOQtnhj1haYDXqvL
X+ZXlFqPaFwMe478RYw32+VAl6e+9B96mP3Mjtr3XPZsGm4gvxHT+JMdOQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFipwyXyyzB6mJyo83KKgVDPF8hoMB8GA1UdIwQY
MBaAFEQ7Z7nUyZxyXjV9gXT7fgJKFQLiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUkR0bnVkVEpuSEplTlgyQmRQdC1Ba29WQXVJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYS9lZWRlMzgtOTJhMi00NjJkLWIyNTIt
YzgzYjVmYzI2NTQ1LzEvV0tuREpmTExNSHFZbktqemNvcUJVTThYeUdnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYS9lZWRlMzgtOTJhMi00NjJkLWIyNTItYzgzYjVmYzI2NTQ1
LzEvUkR0bnVkVEpuSEplTlgyQmRQdC1Ba29WQXVJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsG52MA0G
CSqGSIb3DQEBCwUAA4IBAQBZ93teoPhYCXLdZUf798rwIsqklWfcGggg7MnLccRs
wQtgknfg1bP7C3bxQZoDHGA3asnjihtiwKi64WAs/BhjzVh172zhsu0hgp2Q8EXO
lyIM+nBYHQ2kKhzIog2zFvuFLd/N9NcD3dp3vU76zD8Tscsb7QvwOd5c6ZXOxMMC
UHAWKUevB6ImKKM7ElwR6QbeQrIdMSAPgle+7BgdWy+bK7BSzfq6Kyh6qnmKPJcg
d8TQbBv9LV9uAPhwtq+c2f+td5GXnx3y3G8IoMvdtl/L4VdzstzHjhg7pmd6MPaZ
+yy5iU9k3I9rhJxUTS/IFx+uairYp3SkaB0qVfgYC9TB
-----END CERTIFICATE-----