Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e0/3f9528-ba1a-4253-8507-7db8f816d077/1/wbqhybBO_xPSaMzgHILPyPu_lVk.roa
File:                     wbqhybBO_xPSaMzgHILPyPu_lVk.roa (raw, json)
Hash identifier:          T8e0rgAAfGkals7Y+8Vz4ryC1ntmJsW1QtiAuj6wjeE=
Subject key identifier:   C1:BA:A1:C9:B0:4E:FF:13:D2:68:CC:E0:1C:82:CF:C8:FB:BF:95:59
Certificate issuer:       /CN=eab05011722d25c1249e658b2caecc118c29e822
Certificate serial:       01918EB3A1C25CE5691991D4FACF8E3EA64B
Authority key identifier: EA:B0:50:11:72:2D:25:C1:24:9E:65:8B:2C:AE:CC:11:8C:29:E8:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6rBQEXItJcEknmWLLK7MEYwp6CI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e0/3f9528-ba1a-4253-8507-7db8f816d077/1/wbqhybBO_xPSaMzgHILPyPu_lVk.roa
Signing time:             Mon 26 Aug 2024 12:40:22 +0000
ROA not before:           Mon 26 Aug 2024 12:40:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     59543
IP address blocks:        194.53.166.0/23 maxlen: 23
                          194.53.168.0/22 maxlen: 22
                          2001:67c:2cec::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e0/3f9528-ba1a-4253-8507-7db8f816d077/1/6rBQEXItJcEknmWLLK7MEYwp6CI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e0/3f9528-ba1a-4253-8507-7db8f816d077/1/6rBQEXItJcEknmWLLK7MEYwp6CI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6rBQEXItJcEknmWLLK7MEYwp6CI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:8e:b3:a1:c2:5c:e5:69:19:91:d4:fa:cf:8e:3e:a6:4b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eab05011722d25c1249e658b2caecc118c29e822
        Validity
            Not Before: Aug 26 12:40:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c1baa1c9b04eff13d268cce01c82cfc8fbbf9559
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:c0:16:2e:27:9c:33:20:ad:20:2a:88:4e:c6:
                    83:07:22:4a:70:54:d0:6f:49:7e:1f:9a:88:ec:e4:
                    75:c3:ec:2a:24:40:7c:be:27:2f:8a:bf:ee:83:6a:
                    29:7b:96:cc:52:0d:fe:ac:7e:26:6e:79:2a:e1:b3:
                    ee:36:ba:ba:d7:2a:6d:9f:03:c4:47:39:9c:ae:44:
                    9e:19:ab:aa:cb:62:9e:4c:17:8b:85:db:d6:2b:87:
                    b6:fa:51:ac:8d:fe:8c:9c:43:4b:a5:e7:84:75:9c:
                    34:22:19:8c:43:0f:c4:7e:1c:4f:fe:9f:7d:c7:80:
                    20:a0:d3:49:0e:17:09:c6:d0:ce:83:9a:2c:e5:a2:
                    3b:38:aa:49:8f:0c:e5:1d:ff:25:28:4c:af:b8:d1:
                    44:78:68:88:42:1f:7e:77:9b:73:90:12:8f:b5:cd:
                    af:3a:14:ed:0a:b1:58:a0:03:64:75:27:98:af:f4:
                    64:97:c6:be:bd:b4:58:c3:61:69:95:2d:61:1e:cf:
                    f4:1e:4e:97:5e:6c:3a:b2:bf:78:c7:c9:47:a3:ba:
                    84:51:85:ed:fd:ff:35:61:8c:32:df:c5:28:d7:5b:
                    ac:52:46:28:a7:ea:e4:d6:fe:fe:b6:c8:3b:f2:35:
                    78:10:46:6a:9f:ec:9f:b8:5c:14:2d:77:6d:8e:ec:
                    9c:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:BA:A1:C9:B0:4E:FF:13:D2:68:CC:E0:1C:82:CF:C8:FB:BF:95:59
            X509v3 Authority Key Identifier:
                keyid:EA:B0:50:11:72:2D:25:C1:24:9E:65:8B:2C:AE:CC:11:8C:29:E8:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6rBQEXItJcEknmWLLK7MEYwp6CI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/3f9528-ba1a-4253-8507-7db8f816d077/1/wbqhybBO_xPSaMzgHILPyPu_lVk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/3f9528-ba1a-4253-8507-7db8f816d077/1/6rBQEXItJcEknmWLLK7MEYwp6CI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.53.166.0-194.53.171.255
                IPv6:
                  2001:67c:2cec::/48

    Signature Algorithm: sha256WithRSAEncryption
         4c:c4:cf:ef:b9:f7:b2:6d:08:f9:76:16:bb:1c:1b:a3:65:e9:
         78:47:8a:00:1a:ac:f4:26:7e:9d:07:d8:43:02:33:eb:3a:18:
         4b:68:77:85:63:cc:4b:8e:47:87:47:88:9b:07:f6:88:00:76:
         19:9c:a6:e5:a5:ec:d3:ec:a7:6c:ea:05:57:90:af:25:c6:8e:
         9d:d8:62:26:ec:78:45:89:2f:c8:bf:b9:dc:40:c1:d2:bf:15:
         0f:18:f9:3a:4d:8a:d7:02:92:91:e8:80:fb:75:05:3b:29:0e:
         0a:07:db:79:34:a8:a6:03:b6:d4:8b:30:8c:35:f2:9e:96:0b:
         1c:17:79:66:d1:e4:7d:4d:d7:b1:e8:4c:60:ae:61:07:6a:05:
         b9:70:77:7d:bc:31:a5:4f:5d:be:5d:fc:49:e5:29:8f:55:66:
         5d:a7:a8:0d:d7:a1:7b:ee:b8:7b:dc:29:e3:4d:4f:ff:83:29:
         fb:31:f0:d2:e9:86:ad:ee:0f:9c:87:9b:2c:77:21:4f:ad:6d:
         d6:a2:ff:2d:7e:7e:ad:6b:0c:f8:a6:36:06:6c:0d:4b:b1:6c:
         eb:20:93:8e:28:c5:f1:e3:22:47:35:27:c0:e5:7c:65:7f:cf:
         9a:5e:6c:31:11:46:96:18:74:a4:ee:43:5c:b4:18:e6:05:0e:
         9b:cd:8d:a3
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZGOs6HCXOVpGZHU+s+OPqZLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVhYjA1MDExNzIyZDI1YzEyNDllNjU4YjJjYWVjYzExOGMy
OWU4MjIwHhcNMjQwODI2MTI0MDIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMWJhYTFjOWIwNGVmZjEzZDI2OGNjZTAxYzgyY2ZjOGZiYmY5NTU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvcAWLiecMyCtICqITsaDByJKcFTQ
b0l+H5qI7OR1w+wqJEB8vicvir/ug2ope5bMUg3+rH4mbnkq4bPuNrq61yptnwPE
RzmcrkSeGauqy2KeTBeLhdvWK4e2+lGsjf6MnENLpeeEdZw0IhmMQw/EfhxP/p99
x4AgoNNJDhcJxtDOg5os5aI7OKpJjwzlHf8lKEyvuNFEeGiIQh9+d5tzkBKPtc2v
OhTtCrFYoANkdSeYr/Rkl8a+vbRYw2FplS1hHs/0Hk6XXmw6sr94x8lHo7qEUYXt
/f81YYwy38Uo11usUkYop+rk1v7+tsg78jV4EEZqn+yfuFwULXdtjuycEwIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFMG6ocmwTv8T0mjM4ByCz8j7v5VZMB8GA1UdIwQY
MBaAFOqwUBFyLSXBJJ5liyyuzBGMKegiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNnJCUUVYSXRKY0Vrbm1XTExLN01FWXdwNkNJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMC8zZjk1MjgtYmExYS00MjUzLTg1MDct
N2RiOGY4MTZkMDc3LzEvd2JxaHliQk9feFBTYU16Z0hJTFB5UHVfbFZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMC8zZjk1MjgtYmExYS00MjUzLTg1MDctN2RiOGY4MTZkMDc3
LzEvNnJCUUVYSXRKY0Vrbm1XTExLN01FWXdwNkNJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDgGCCsGAQUFBwEHAQH/BCkwJzAUBAIAATAOMAwDBAHCNaYD
BALCNagwDwQCAAIwCQMHACABBnws7DANBgkqhkiG9w0BAQsFAAOCAQEATMTP77n3
sm0I+XYWuxwbo2XpeEeKABqs9CZ+nQfYQwIz6zoYS2h3hWPMS45Hh0eImwf2iAB2
GZym5aXs0+ynbOoFV5CvJcaOndhiJux4RYkvyL+53EDB0r8VDxj5Ok2K1wKSkeiA
+3UFOykOCgfbeTSopgO21IswjDXynpYLHBd5ZtHkfU3XsehMYK5hB2oFuXB3fbwx
pU9dvl38SeUpj1VmXaeoDdehe+64e9wp401P/4Mp+zHw0umGre4PnIebLHchT61t
1qL/LX5+rWsM+KY2BmwNS7Fs6yCTjijF8eMiRzUnwOV8ZX/Pml5sMRFGlhh0pO5D
XLQY5gUOm82Now==
-----END CERTIFICATE-----