Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e7/b41ab6-b9f3-4b4a-9b7b-1ed10954bd96/1/WNY5xL141lWbXznFBWmOqN_q6vc.roa
File:                     WNY5xL141lWbXznFBWmOqN_q6vc.roa (raw, json)
Hash identifier:          1FGVq8ZsLLjdbgExKEUK/FPa1R+SqyIhK37cbyq6JwY=
Subject key identifier:   58:D6:39:C4:BD:78:D6:55:9B:5F:39:C5:05:69:8E:A8:DF:EA:EA:F7
Certificate issuer:       /CN=5753c06290a371994d7577318685f5bc4a538d47
Certificate serial:       018CC6B90D16F9E725EE33B77D43888D02BF
Authority key identifier: 57:53:C0:62:90:A3:71:99:4D:75:77:31:86:85:F5:BC:4A:53:8D:47
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/V1PAYpCjcZlNdXcxhoX1vEpTjUc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e7/b41ab6-b9f3-4b4a-9b7b-1ed10954bd96/1/WNY5xL141lWbXznFBWmOqN_q6vc.roa
Signing time:             Mon 01 Jan 2024 20:31:05 +0000
ROA not before:           Mon 01 Jan 2024 20:31:05 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3352
IP address blocks:        193.148.144.0/20 maxlen: 20

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e7/b41ab6-b9f3-4b4a-9b7b-1ed10954bd96/1/V1PAYpCjcZlNdXcxhoX1vEpTjUc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e7/b41ab6-b9f3-4b4a-9b7b-1ed10954bd96/1/V1PAYpCjcZlNdXcxhoX1vEpTjUc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/V1PAYpCjcZlNdXcxhoX1vEpTjUc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 13:01:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b9:0d:16:f9:e7:25:ee:33:b7:7d:43:88:8d:02:bf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5753c06290a371994d7577318685f5bc4a538d47
        Validity
            Not Before: Jan  1 20:31:05 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=58d639c4bd78d6559b5f39c505698ea8dfeaeaf7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:3b:c0:d8:dc:af:3d:41:e0:76:24:71:a6:77:
                    8a:b3:0b:69:93:c6:27:44:0d:f1:b0:bb:3e:83:10:
                    39:00:4c:6e:24:74:4c:20:7c:84:63:38:d8:7d:02:
                    eb:62:59:40:85:f4:7c:5c:04:26:f8:f7:95:30:cb:
                    69:f2:95:f1:f8:a5:5c:99:e5:56:a1:e4:bd:33:f0:
                    92:1b:68:a5:19:48:1f:06:3a:10:46:10:aa:ab:be:
                    3b:f9:81:a3:29:ed:df:a8:db:b4:62:21:3a:5e:d3:
                    39:4c:24:bd:4f:c2:bf:27:9d:1f:61:f7:01:3e:d5:
                    0f:ac:79:22:90:04:ca:4e:05:5b:57:9b:8c:b4:15:
                    7a:e9:a3:58:8f:30:23:5d:8c:66:f4:17:76:d1:fa:
                    9a:cf:32:9f:f0:46:04:9d:c4:61:d8:54:ab:46:99:
                    de:25:9c:13:4c:6f:a9:68:32:0d:f1:be:95:30:f6:
                    14:da:6e:77:24:3a:44:17:74:cf:89:5a:00:74:b9:
                    08:99:db:13:90:75:aa:fd:22:96:e8:93:0e:d4:8b:
                    61:09:b8:63:47:ec:73:d6:ed:9d:8a:f6:c8:29:9f:
                    69:94:8a:01:04:6e:48:fb:06:1a:53:84:a8:2d:bb:
                    af:c7:3c:f0:98:63:0a:c1:08:ed:02:9c:68:ae:25:
                    20:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:D6:39:C4:BD:78:D6:55:9B:5F:39:C5:05:69:8E:A8:DF:EA:EA:F7
            X509v3 Authority Key Identifier:
                keyid:57:53:C0:62:90:A3:71:99:4D:75:77:31:86:85:F5:BC:4A:53:8D:47

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/V1PAYpCjcZlNdXcxhoX1vEpTjUc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/b41ab6-b9f3-4b4a-9b7b-1ed10954bd96/1/WNY5xL141lWbXznFBWmOqN_q6vc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/b41ab6-b9f3-4b4a-9b7b-1ed10954bd96/1/V1PAYpCjcZlNdXcxhoX1vEpTjUc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.148.144.0/20

    Signature Algorithm: sha256WithRSAEncryption
         8f:38:4b:4a:90:dd:e5:49:cc:42:5c:fa:7d:94:9f:af:d9:ea:
         86:15:46:95:3a:12:e8:4f:2f:84:47:90:ec:6d:0c:8f:a6:07:
         4c:c7:6c:48:b0:69:c0:ea:39:e5:45:93:a2:96:6f:e2:0a:64:
         5c:9e:3f:bf:b8:e4:21:2f:07:cd:a8:16:25:e6:f5:11:1e:b9:
         c7:64:20:85:77:7b:c8:19:f4:a1:06:5d:49:79:79:ae:5e:dd:
         98:4e:11:63:a3:00:12:03:eb:32:55:d5:f1:93:ed:6d:c1:fb:
         be:87:29:d6:47:a2:74:9e:d5:64:e2:fc:fd:b9:d6:1f:2c:79:
         0b:e7:bc:02:be:25:fb:66:9e:89:02:0e:bc:2b:dc:fb:1f:65:
         88:ca:a0:72:b0:93:75:eb:24:b2:a5:31:53:0b:59:11:85:3e:
         39:d4:ee:7c:60:96:c9:e2:ac:fb:17:e9:d4:03:88:ed:ee:b4:
         c4:8f:ac:57:24:4d:47:3a:5b:e4:7b:7f:75:40:11:2c:c2:ec:
         2f:6b:80:f6:bc:ed:10:a1:38:f4:b9:fe:f3:8f:22:69:2c:25:
         44:bb:e5:33:80:30:9e:fe:1c:49:30:1b:9e:e1:de:eb:a9:a6:
         c4:9d:0c:91:f2:7d:d5:62:ca:07:02:e8:63:b0:c9:88:ea:12:
         fd:30:bc:bc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGuQ0W+ecl7jO3fUOIjQK/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU3NTNjMDYyOTBhMzcxOTk0ZDc1NzczMTg2ODVmNWJjNGE1
MzhkNDcwHhcNMjQwMTAxMjAzMTA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OGQ2MzljNGJkNzhkNjU1OWI1ZjM5YzUwNTY5OGVhOGRmZWFlYWY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4zvA2NyvPUHgdiRxpneKswtpk8Yn
RA3xsLs+gxA5AExuJHRMIHyEYzjYfQLrYllAhfR8XAQm+PeVMMtp8pXx+KVcmeVW
oeS9M/CSG2ilGUgfBjoQRhCqq747+YGjKe3fqNu0YiE6XtM5TCS9T8K/J50fYfcB
PtUPrHkikATKTgVbV5uMtBV66aNYjzAjXYxm9Bd20fqazzKf8EYEncRh2FSrRpne
JZwTTG+paDIN8b6VMPYU2m53JDpEF3TPiVoAdLkImdsTkHWq/SKW6JMO1IthCbhj
R+xz1u2divbIKZ9plIoBBG5I+wYaU4SoLbuvxzzwmGMKwQjtApxoriUgEwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFjWOcS9eNZVm185xQVpjqjf6ur3MB8GA1UdIwQY
MBaAFFdTwGKQo3GZTXV3MYaF9bxKU41HMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVjFQQVlwQ2pjWmxOZFhjeGhvWDF2RXBUalVjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNy9iNDFhYjYtYjlmMy00YjRhLTliN2It
MWVkMTA5NTRiZDk2LzEvV05ZNXhMMTQxbFdiWHpuRkJXbU9xTl9xNnZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNy9iNDFhYjYtYjlmMy00YjRhLTliN2ItMWVkMTA5NTRiZDk2
LzEvVjFQQVlwQ2pjWmxOZFhjeGhvWDF2RXBUalVjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEwZSQMA0G
CSqGSIb3DQEBCwUAA4IBAQCPOEtKkN3lScxCXPp9lJ+v2eqGFUaVOhLoTy+ER5Ds
bQyPpgdMx2xIsGnA6jnlRZOilm/iCmRcnj+/uOQhLwfNqBYl5vURHrnHZCCFd3vI
GfShBl1JeXmuXt2YThFjowASA+syVdXxk+1twfu+hynWR6J0ntVk4vz9udYfLHkL
57wCviX7Zp6JAg68K9z7H2WIyqBysJN16ySypTFTC1kRhT451O58YJbJ4qz7F+nU
A4jt7rTEj6xXJE1HOlvke391QBEswuwva4D2vO0QoTj0uf7zjyJpLCVEu+UzgDCe
/hxJMBue4d7rqabEnQyR8n3VYsoHAuhjsMmI6hL9MLy8
-----END CERTIFICATE-----