Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/de/c2ad44-fe7d-46d9-913e-c794b5f87804/1/WBRlW3gVon5hNp_vNYdQK7qAiM8.roa
File:                     WBRlW3gVon5hNp_vNYdQK7qAiM8.roa (raw, json)
Hash identifier:          KTOWpm1y/o+TPzv3zp9mu4GdeQoupZu+Fl6LcqNiEes=
Subject key identifier:   58:14:65:5B:78:15:A2:7E:61:36:9F:EF:35:87:50:2B:BA:80:88:CF
Certificate issuer:       /CN=8df3df971aa7cb25dfb7cb55b29c87bcbe320829
Certificate serial:       018CC56E99FBB3E500F8BEDA2E99F78480F6
Authority key identifier: 8D:F3:DF:97:1A:A7:CB:25:DF:B7:CB:55:B2:9C:87:BC:BE:32:08:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jfPflxqnyyXft8tVspyHvL4yCCk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/de/c2ad44-fe7d-46d9-913e-c794b5f87804/1/WBRlW3gVon5hNp_vNYdQK7qAiM8.roa
Signing time:             Mon 01 Jan 2024 14:30:09 +0000
ROA not before:           Mon 01 Jan 2024 14:30:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199155
IP address blocks:        193.236.32.0/19 maxlen: 20
                          193.236.64.0/19 maxlen: 21

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/de/c2ad44-fe7d-46d9-913e-c794b5f87804/1/jfPflxqnyyXft8tVspyHvL4yCCk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/de/c2ad44-fe7d-46d9-913e-c794b5f87804/1/jfPflxqnyyXft8tVspyHvL4yCCk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jfPflxqnyyXft8tVspyHvL4yCCk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:99:fb:b3:e5:00:f8:be:da:2e:99:f7:84:80:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8df3df971aa7cb25dfb7cb55b29c87bcbe320829
        Validity
            Not Before: Jan  1 14:30:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5814655b7815a27e61369fef3587502bba8088cf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:c1:12:be:66:e0:cf:8b:6a:12:bd:a2:1d:a1:
                    aa:7f:d2:5e:83:e9:56:d6:85:26:04:3d:0e:12:7d:
                    d5:16:f1:fe:27:93:1d:4c:e9:02:0e:74:c9:26:44:
                    1c:6d:f8:10:89:3d:76:c4:1d:bf:25:a2:2e:d3:98:
                    82:02:b0:52:7a:12:e8:2a:61:44:16:e7:7a:15:2d:
                    d6:21:c2:7f:e4:ab:5a:b9:67:11:bd:20:f8:d0:bf:
                    fa:e1:f7:02:ad:45:b0:9d:8b:ed:10:9a:e7:6e:2b:
                    ea:20:b8:c3:06:86:a6:8f:bb:97:3f:51:06:d2:18:
                    e1:39:4a:38:06:9e:70:15:e5:8d:14:f3:c2:e0:57:
                    3a:54:ab:6a:6e:72:ac:cd:6a:b2:c8:c6:93:f8:04:
                    1b:d6:0e:04:27:ce:fe:0b:ad:82:98:27:dd:3f:5c:
                    45:a3:e7:c2:46:3d:ee:9a:df:15:15:fc:f0:e5:bd:
                    9b:52:96:fd:84:bc:54:58:bd:a2:c1:74:f7:4a:ba:
                    fd:25:d8:0a:d5:a1:2a:0a:16:ef:ed:f9:f2:b2:ba:
                    b7:b1:fc:55:90:b7:34:e0:04:81:28:93:9b:ed:98:
                    4e:51:d7:73:4b:d3:2f:d8:16:5c:ba:7c:e1:70:1c:
                    90:7d:a2:e1:ed:76:77:cf:d8:83:41:50:c2:25:ae:
                    4f:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:14:65:5B:78:15:A2:7E:61:36:9F:EF:35:87:50:2B:BA:80:88:CF
            X509v3 Authority Key Identifier:
                keyid:8D:F3:DF:97:1A:A7:CB:25:DF:B7:CB:55:B2:9C:87:BC:BE:32:08:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jfPflxqnyyXft8tVspyHvL4yCCk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/de/c2ad44-fe7d-46d9-913e-c794b5f87804/1/WBRlW3gVon5hNp_vNYdQK7qAiM8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/de/c2ad44-fe7d-46d9-913e-c794b5f87804/1/jfPflxqnyyXft8tVspyHvL4yCCk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.236.32.0-193.236.95.255

    Signature Algorithm: sha256WithRSAEncryption
         04:08:99:de:1a:98:75:62:a8:1c:47:96:d0:96:cf:e2:83:12:
         b8:74:6c:10:47:45:1d:52:8f:97:c4:09:8a:c7:53:93:9a:65:
         e2:1f:9a:6f:fd:da:06:11:28:f3:a0:e7:29:0d:aa:8c:48:94:
         4e:22:23:cc:60:8f:a1:fe:51:6a:ad:48:e5:44:ee:cf:62:b5:
         28:e4:f2:4c:1e:72:2a:c8:dc:c6:6e:e4:a2:5f:4c:41:69:35:
         c8:b9:8a:87:a0:f8:20:66:2a:59:d8:1e:8c:11:3e:85:b5:ce:
         3b:96:1c:2c:08:7a:37:e7:a4:81:09:1b:6f:a2:39:6c:f2:58:
         73:68:ee:49:12:51:26:4f:6d:ed:1b:c3:16:05:81:ee:f0:69:
         e2:e4:89:26:4c:a2:39:4e:e7:16:14:30:06:01:43:6b:fe:87:
         dc:59:29:7e:f3:88:9d:97:7f:09:d9:8c:e8:f7:c4:5a:51:8a:
         16:85:0c:ba:57:35:44:e6:8e:39:da:57:4a:d4:a9:4f:d4:32:
         85:17:f1:15:07:d1:54:fb:00:b0:61:91:3b:71:a5:58:fe:6b:
         c3:2d:e5:d7:7a:f5:84:a5:34:18:29:bc:16:7d:37:f4:50:e2:
         76:f9:9f:94:9a:0d:43:dd:8b:7b:35:19:45:41:c6:ae:c8:f9:
         fe:c6:4a:ee
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzFbpn7s+UA+L7aLpn3hID2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkZjNkZjk3MWFhN2NiMjVkZmI3Y2I1NWIyOWM4N2JjYmUz
MjA4MjkwHhcNMjQwMTAxMTQzMDA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ODE0NjU1Yjc4MTVhMjdlNjEzNjlmZWYzNTg3NTAyYmJhODA4OGNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqcESvmbgz4tqEr2iHaGqf9Jeg+lW
1oUmBD0OEn3VFvH+J5MdTOkCDnTJJkQcbfgQiT12xB2/JaIu05iCArBSehLoKmFE
Fud6FS3WIcJ/5KtauWcRvSD40L/64fcCrUWwnYvtEJrnbivqILjDBoamj7uXP1EG
0hjhOUo4Bp5wFeWNFPPC4Fc6VKtqbnKszWqyyMaT+AQb1g4EJ87+C62CmCfdP1xF
o+fCRj3umt8VFfzw5b2bUpb9hLxUWL2iwXT3Srr9JdgK1aEqChbv7fnysrq3sfxV
kLc04ASBKJOb7ZhOUddzS9Mv2BZcunzhcByQfaLh7XZ3z9iDQVDCJa5PiQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFFgUZVt4FaJ+YTaf7zWHUCu6gIjPMB8GA1UdIwQY
MBaAFI3z35cap8sl37fLVbKch7y+MggpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvamZQZmx4cW55eVhmdDh0VnNweUh2TDR5Q0NrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZS9jMmFkNDQtZmU3ZC00NmQ5LTkxM2Ut
Yzc5NGI1Zjg3ODA0LzEvV0JSbFczZ1ZvbjVoTnBfdk5ZZFFLN3FBaU04LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZS9jMmFkNDQtZmU3ZC00NmQ5LTkxM2UtYzc5NGI1Zjg3ODA0
LzEvamZQZmx4cW55eVhmdDh0VnNweUh2TDR5Q0NrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAXB7CAD
BAXB7EAwDQYJKoZIhvcNAQELBQADggEBAAQImd4amHViqBxHltCWz+KDErh0bBBH
RR1Sj5fECYrHU5OaZeIfmm/92gYRKPOg5ykNqoxIlE4iI8xgj6H+UWqtSOVE7s9i
tSjk8kwecirI3MZu5KJfTEFpNci5ioeg+CBmKlnYHowRPoW1zjuWHCwIejfnpIEJ
G2+iOWzyWHNo7kkSUSZPbe0bwxYFge7waeLkiSZMojlO5xYUMAYBQ2v+h9xZKX7z
iJ2XfwnZjOj3xFpRihaFDLpXNUTmjjnaV0rUqU/UMoUX8RUH0VT7ALBhkTtxpVj+
a8Mt5dd69YSlNBgpvBZ9N/RQ4nb5n5SaDUPdi3s1GUVBxq7I+f7GSu4=
-----END CERTIFICATE-----