Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e0/26761e-7c6f-488e-a21d-be3917c5e2f7/1/CWAk7KvOD7qWhxQxwRBZi6plOuU.roa
File:                     CWAk7KvOD7qWhxQxwRBZi6plOuU.roa (raw, json)
Hash identifier:          p7+C5FXpKSQ0ySuZUvdBMPqxLMzzFsAbtucQBmjbfkI=
Subject key identifier:   09:60:24:EC:AB:CE:0F:BA:96:87:14:31:C1:10:59:8B:AA:65:3A:E5
Certificate issuer:       /CN=1f430fc09a713b249acaa7678911e8d1e3233afd
Certificate serial:       018CC2DB533D4D1CB6BD372978AB9935F7FE
Authority key identifier: 1F:43:0F:C0:9A:71:3B:24:9A:CA:A7:67:89:11:E8:D1:E3:23:3A:FD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/H0MPwJpxOySayqdniRHo0eMjOv0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e0/26761e-7c6f-488e-a21d-be3917c5e2f7/1/CWAk7KvOD7qWhxQxwRBZi6plOuU.roa
Signing time:             Mon 01 Jan 2024 02:30:02 +0000
ROA not before:           Mon 01 Jan 2024 02:30:02 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     59933
IP address blocks:        185.39.248.0/22 maxlen: 23
                          2a01:4ae0::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e0/26761e-7c6f-488e-a21d-be3917c5e2f7/1/H0MPwJpxOySayqdniRHo0eMjOv0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e0/26761e-7c6f-488e-a21d-be3917c5e2f7/1/H0MPwJpxOySayqdniRHo0eMjOv0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/H0MPwJpxOySayqdniRHo0eMjOv0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:53:3d:4d:1c:b6:bd:37:29:78:ab:99:35:f7:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1f430fc09a713b249acaa7678911e8d1e3233afd
        Validity
            Not Before: Jan  1 02:30:02 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=096024ecabce0fba96871431c110598baa653ae5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:39:32:62:47:9e:ec:13:7f:6e:5b:0f:85:07:
                    ba:78:c6:eb:75:54:33:91:cc:41:4f:31:b6:78:f5:
                    d7:d6:a3:ce:93:67:2a:2d:27:ae:79:51:d3:f0:27:
                    1a:df:2e:d5:02:0c:87:9d:9f:19:ba:41:0b:78:ef:
                    b6:71:d0:a9:2a:85:eb:14:ba:75:dc:9e:22:64:63:
                    03:01:de:f6:86:da:14:c8:a2:74:f8:ff:12:af:cd:
                    ae:ff:20:a3:b8:19:5b:37:c5:f7:c9:c5:48:9e:0f:
                    ab:5e:fe:ca:bd:33:a3:32:85:96:30:f9:87:68:2a:
                    ed:64:a9:1f:f2:7e:0f:71:0c:02:3d:3d:b4:14:46:
                    28:21:fe:5e:57:7f:f1:c2:82:71:8e:f9:ba:ac:e7:
                    d8:74:1a:4c:fb:71:eb:e8:74:06:9f:a7:a1:cf:a8:
                    eb:c6:ca:72:ef:16:a4:aa:9a:e5:b8:91:22:70:e1:
                    59:7a:d6:9d:f1:31:a8:cb:25:71:38:2f:b2:60:49:
                    f5:25:cf:9f:6c:a9:40:2f:ae:f1:71:a4:87:8d:01:
                    49:ea:94:a4:30:2a:ae:28:78:2f:57:dc:04:4b:c0:
                    97:f0:d7:e0:2c:1b:55:eb:a8:cc:05:f6:de:e0:68:
                    96:4a:eb:84:f6:7a:1a:65:fa:1e:17:f5:f5:1b:18:
                    b6:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:60:24:EC:AB:CE:0F:BA:96:87:14:31:C1:10:59:8B:AA:65:3A:E5
            X509v3 Authority Key Identifier:
                keyid:1F:43:0F:C0:9A:71:3B:24:9A:CA:A7:67:89:11:E8:D1:E3:23:3A:FD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/H0MPwJpxOySayqdniRHo0eMjOv0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/26761e-7c6f-488e-a21d-be3917c5e2f7/1/CWAk7KvOD7qWhxQxwRBZi6plOuU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/26761e-7c6f-488e-a21d-be3917c5e2f7/1/H0MPwJpxOySayqdniRHo0eMjOv0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.39.248.0/22
                IPv6:
                  2a01:4ae0::/32

    Signature Algorithm: sha256WithRSAEncryption
         31:bb:eb:13:57:3b:45:6d:dd:02:b0:76:0c:c9:56:a1:c1:72:
         b4:dd:16:17:9d:70:9c:21:6b:9e:7e:76:e7:77:04:de:07:6e:
         f7:8a:b9:62:d5:33:b2:c1:ff:5d:96:d6:3d:52:0e:e3:b7:19:
         a1:fd:a2:37:a6:3a:a4:03:ce:06:80:d0:4f:f7:a6:23:ba:09:
         8e:f4:c9:14:36:41:9e:ac:e2:73:f0:63:fb:96:d1:08:ed:43:
         e4:64:cf:37:d0:a8:bc:3d:9a:c6:a9:80:ca:78:06:9d:77:86:
         9e:74:72:b9:81:04:65:d7:e6:50:ea:ad:ae:f2:95:f5:3f:f6:
         df:08:9c:b5:c3:9c:94:47:c1:22:56:d2:d7:a2:61:bf:be:18:
         92:ae:11:72:45:d1:14:5c:bb:38:d9:f4:fd:84:94:b5:b7:64:
         11:78:ed:46:93:1d:df:34:f9:16:86:82:8b:f2:05:a9:1c:e4:
         9b:cd:34:db:c6:47:c7:0e:3e:16:09:1e:f1:1f:52:25:2a:b3:
         e8:4f:71:c1:16:52:3d:ab:e2:ea:3e:ab:a8:36:39:8a:d6:c3:
         69:23:19:a5:fc:a1:e0:30:f9:d4:48:43:3c:fb:cd:02:2b:33:
         ca:3c:59:9f:aa:1e:c2:be:f0:b0:9b:6f:9d:22:4d:e2:62:36:
         08:36:68:30
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzC21M9TRy2vTcpeKuZNff+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFmNDMwZmMwOWE3MTNiMjQ5YWNhYTc2Nzg5MTFlOGQxZTMy
MzNhZmQwHhcNMjQwMTAxMDIzMDAyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOTYwMjRlY2FiY2UwZmJhOTY4NzE0MzFjMTEwNTk4YmFhNjUzYWU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiTkyYkee7BN/blsPhQe6eMbrdVQz
kcxBTzG2ePXX1qPOk2cqLSeueVHT8Cca3y7VAgyHnZ8ZukELeO+2cdCpKoXrFLp1
3J4iZGMDAd72htoUyKJ0+P8Sr82u/yCjuBlbN8X3ycVIng+rXv7KvTOjMoWWMPmH
aCrtZKkf8n4PcQwCPT20FEYoIf5eV3/xwoJxjvm6rOfYdBpM+3Hr6HQGn6ehz6jr
xspy7xakqprluJEicOFZetad8TGoyyVxOC+yYEn1Jc+fbKlAL67xcaSHjQFJ6pSk
MCquKHgvV9wES8CX8NfgLBtV66jMBfbe4GiWSuuE9noaZfoeF/X1Gxi2RQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFAlgJOyrzg+6locUMcEQWYuqZTrlMB8GA1UdIwQY
MBaAFB9DD8CacTskmsqnZ4kR6NHjIzr9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSDBNUHdKcHhPeVNheXFkbmlSSG8wZU1qT3YwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMC8yNjc2MWUtN2M2Zi00ODhlLWEyMWQt
YmUzOTE3YzVlMmY3LzEvQ1dBazdLdk9EN3FXaHhReHdSQlppNnBsT3VVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMC8yNjc2MWUtN2M2Zi00ODhlLWEyMWQtYmUzOTE3YzVlMmY3
LzEvSDBNUHdKcHhPeVNheXFkbmlSSG8wZU1qT3YwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuSf4MA0E
AgACMAcDBQAqAUrgMA0GCSqGSIb3DQEBCwUAA4IBAQAxu+sTVztFbd0CsHYMyVah
wXK03RYXnXCcIWuefnbndwTeB273irli1TOywf9dltY9Ug7jtxmh/aI3pjqkA84G
gNBP96YjugmO9MkUNkGerOJz8GP7ltEI7UPkZM830Ki8PZrGqYDKeAadd4aedHK5
gQRl1+ZQ6q2u8pX1P/bfCJy1w5yUR8EiVtLXomG/vhiSrhFyRdEUXLs42fT9hJS1
t2QReO1Gkx3fNPkWhoKL8gWpHOSbzTTbxkfHDj4WCR7xH1IlKrPoT3HBFlI9q+Lq
PquoNjmK1sNpIxml/KHgMPnUSEM8+80CKzPKPFmfqh7CvvCwm2+dIk3iYjYINmgw
-----END CERTIFICATE-----