Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e1/eacce5-e4dd-4d9f-8ec1-47120b9069b7/1/WX7RfXOXvnurCte4loFrHEs_fnU.roa
File:                     WX7RfXOXvnurCte4loFrHEs_fnU.roa (raw, json)
Hash identifier:          3crzgS7BqPgjkVIOHf44g2UDoAtngj+2PbVPw/auPaY=
Subject key identifier:   59:7E:D1:7D:73:97:BE:7B:AB:0A:D7:B8:96:81:6B:1C:4B:3F:7E:75
Certificate issuer:       /CN=411dea53467b6c7143eb23d284569a8183b2e82f
Certificate serial:       01931AB876552F33D170C2AD632BBEAA7E46
Authority key identifier: 41:1D:EA:53:46:7B:6C:71:43:EB:23:D2:84:56:9A:81:83:B2:E8:2F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QR3qU0Z7bHFD6yPShFaagYOy6C8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e1/eacce5-e4dd-4d9f-8ec1-47120b9069b7/1/WX7RfXOXvnurCte4loFrHEs_fnU.roa
Signing time:             Mon 11 Nov 2024 10:15:16 +0000
ROA not before:           Mon 11 Nov 2024 10:15:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        84.239.61.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e1/eacce5-e4dd-4d9f-8ec1-47120b9069b7/1/QR3qU0Z7bHFD6yPShFaagYOy6C8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e1/eacce5-e4dd-4d9f-8ec1-47120b9069b7/1/QR3qU0Z7bHFD6yPShFaagYOy6C8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QR3qU0Z7bHFD6yPShFaagYOy6C8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:1a:b8:76:55:2f:33:d1:70:c2:ad:63:2b:be:aa:7e:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=411dea53467b6c7143eb23d284569a8183b2e82f
        Validity
            Not Before: Nov 11 10:15:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=597ed17d7397be7bab0ad7b896816b1c4b3f7e75
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:5e:91:31:06:05:ef:cd:d2:84:08:b0:a4:6c:
                    83:3b:59:93:cb:60:2d:d4:b8:f9:31:78:aa:db:34:
                    29:a0:db:84:9f:28:63:e0:74:30:fa:89:05:24:40:
                    83:8e:b5:ea:25:73:49:ce:5d:95:30:d8:ed:99:96:
                    97:34:2a:ef:8c:f4:7e:00:e6:1f:b1:03:62:79:b5:
                    90:8c:da:de:08:50:c7:ad:03:b6:42:6d:1f:cd:ba:
                    d2:8b:70:9d:9d:9c:f3:0c:6a:99:36:5f:3d:a4:b7:
                    26:81:3c:01:20:ac:b6:3e:2a:02:ac:80:8a:ad:0d:
                    b1:80:4c:c5:43:34:37:eb:06:6b:d1:79:c5:95:82:
                    20:ff:9b:d4:2d:0c:56:86:77:01:95:7c:32:80:02:
                    d2:98:72:b7:5f:c8:cd:a2:5d:a9:ed:d3:ab:10:2b:
                    c3:58:ff:ca:ad:5e:1a:b4:ca:45:34:e3:aa:a8:51:
                    f3:c5:97:0a:1a:0d:56:c3:f6:14:b2:fc:5e:1a:90:
                    95:97:bf:3b:90:8e:ed:89:88:67:76:14:5c:be:0d:
                    03:14:ec:4d:b7:c4:8f:04:46:b5:37:f5:b9:67:e2:
                    14:80:70:77:f7:48:89:8a:c2:8e:08:fe:c6:3d:b1:
                    69:3b:1d:94:6d:9f:2f:53:9e:fc:33:e2:41:70:ff:
                    cd:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:7E:D1:7D:73:97:BE:7B:AB:0A:D7:B8:96:81:6B:1C:4B:3F:7E:75
            X509v3 Authority Key Identifier:
                keyid:41:1D:EA:53:46:7B:6C:71:43:EB:23:D2:84:56:9A:81:83:B2:E8:2F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QR3qU0Z7bHFD6yPShFaagYOy6C8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/eacce5-e4dd-4d9f-8ec1-47120b9069b7/1/WX7RfXOXvnurCte4loFrHEs_fnU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/eacce5-e4dd-4d9f-8ec1-47120b9069b7/1/QR3qU0Z7bHFD6yPShFaagYOy6C8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.239.61.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8b:46:18:a7:16:2c:11:9d:79:64:02:aa:58:93:a5:00:4f:a5:
         4f:46:01:d8:d8:fe:97:3a:74:d6:28:19:5f:2c:b9:88:d7:9e:
         e5:20:a1:9e:68:bd:63:c1:20:66:a4:ef:4c:60:d0:5f:4d:da:
         b4:68:90:8d:63:8d:0a:f4:f7:ec:83:ac:9a:83:4f:b6:a1:fa:
         66:7d:a3:41:76:81:cc:2d:21:bf:4f:a9:ea:5a:80:d1:85:b5:
         9e:13:1f:40:35:4e:61:47:f2:fe:79:07:6f:e9:9c:06:0e:d9:
         37:17:c4:f8:c5:fe:a7:bc:d0:55:4c:8e:3f:e5:ca:9a:d5:e9:
         29:bd:7c:5f:46:c1:75:cf:17:df:77:76:d2:a1:d1:97:6b:bb:
         04:98:35:45:5f:1a:c4:e0:b8:73:2e:16:f5:15:0a:44:45:88:
         f0:93:d5:2f:01:18:f3:61:73:a4:5b:3b:f7:eb:32:59:ad:a7:
         01:38:15:5c:21:ee:5c:3b:4e:ff:78:cb:bd:b4:2d:b2:eb:10:
         a2:48:e8:25:52:cf:92:cb:16:36:59:a1:b9:3d:48:ba:ad:ca:
         ba:11:19:a4:86:2b:2b:ee:ca:51:52:d3:a4:10:6d:f9:a7:a4:
         1a:00:27:b2:cd:f7:f3:f6:85:c8:04:87:f2:00:36:76:b8:22:
         5b:d9:2f:c0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZMauHZVLzPRcMKtYyu+qn5GMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQxMWRlYTUzNDY3YjZjNzE0M2ViMjNkMjg0NTY5YTgxODNi
MmU4MmYwHhcNMjQxMTExMTAxNTE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OTdlZDE3ZDczOTdiZTdiYWIwYWQ3Yjg5NjgxNmIxYzRiM2Y3ZTc1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoV6RMQYF783ShAiwpGyDO1mTy2At
1Lj5MXiq2zQpoNuEnyhj4HQw+okFJECDjrXqJXNJzl2VMNjtmZaXNCrvjPR+AOYf
sQNiebWQjNreCFDHrQO2Qm0fzbrSi3CdnZzzDGqZNl89pLcmgTwBIKy2PioCrICK
rQ2xgEzFQzQ36wZr0XnFlYIg/5vULQxWhncBlXwygALSmHK3X8jNol2p7dOrECvD
WP/KrV4atMpFNOOqqFHzxZcKGg1Ww/YUsvxeGpCVl787kI7tiYhndhRcvg0DFOxN
t8SPBEa1N/W5Z+IUgHB390iJisKOCP7GPbFpOx2UbZ8vU578M+JBcP/NkQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFl+0X1zl757qwrXuJaBaxxLP351MB8GA1UdIwQY
MBaAFEEd6lNGe2xxQ+sj0oRWmoGDsugvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUVIzcVUwWjdiSEZENnlQU2hGYWFnWU95NkM4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMS9lYWNjZTUtZTRkZC00ZDlmLThlYzEt
NDcxMjBiOTA2OWI3LzEvV1g3UmZYT1h2bnVyQ3RlNGxvRnJIRXNfZm5VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMS9lYWNjZTUtZTRkZC00ZDlmLThlYzEtNDcxMjBiOTA2OWI3
LzEvUVIzcVUwWjdiSEZENnlQU2hGYWFnWU95NkM4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVO89MA0G
CSqGSIb3DQEBCwUAA4IBAQCLRhinFiwRnXlkAqpYk6UAT6VPRgHY2P6XOnTWKBlf
LLmI157lIKGeaL1jwSBmpO9MYNBfTdq0aJCNY40K9Pfsg6yag0+2ofpmfaNBdoHM
LSG/T6nqWoDRhbWeEx9ANU5hR/L+eQdv6ZwGDtk3F8T4xf6nvNBVTI4/5cqa1ekp
vXxfRsF1zxffd3bSodGXa7sEmDVFXxrE4LhzLhb1FQpERYjwk9UvARjzYXOkWzv3
6zJZracBOBVcIe5cO07/eMu9tC2y6xCiSOglUs+SyxY2WaG5PUi6rcq6ERmkhisr
7spRUtOkEG35p6QaACeyzffz9oXIBIfyADZ2uCJb2S/A
-----END CERTIFICATE-----