Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/46169f-cf94-4d1b-b2d7-72125297af28/1/WfKLL7wz2DOgkT7IfTSlQf8B74A.roa
File:                     WfKLL7wz2DOgkT7IfTSlQf8B74A.roa (raw, json)
Hash identifier:          1mvgKkN4svaiWVjYa89IH+weUNYlBhz5vdkmzkzEC+4=
Subject key identifier:   59:F2:8B:2F:BC:33:D8:33:A0:91:3E:C8:7D:34:A5:41:FF:01:EF:80
Certificate issuer:       /CN=1a537a0c0a331091b307253c6f07e8f82854e6b0
Certificate serial:       018CCA2BD32E69C70F269902B49D378F41FC
Authority key identifier: 1A:53:7A:0C:0A:33:10:91:B3:07:25:3C:6F:07:E8:F8:28:54:E6:B0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GlN6DAozEJGzByU8bwfo-ChU5rA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/eb/46169f-cf94-4d1b-b2d7-72125297af28/1/WfKLL7wz2DOgkT7IfTSlQf8B74A.roa
Signing time:             Tue 02 Jan 2024 12:35:18 +0000
ROA not before:           Tue 02 Jan 2024 12:35:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     680
IP address blocks:        141.35.0.0/16 maxlen: 16

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/eb/46169f-cf94-4d1b-b2d7-72125297af28/1/GlN6DAozEJGzByU8bwfo-ChU5rA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/eb/46169f-cf94-4d1b-b2d7-72125297af28/1/GlN6DAozEJGzByU8bwfo-ChU5rA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GlN6DAozEJGzByU8bwfo-ChU5rA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 04:02:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:d3:2e:69:c7:0f:26:99:02:b4:9d:37:8f:41:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1a537a0c0a331091b307253c6f07e8f82854e6b0
        Validity
            Not Before: Jan  2 12:35:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=59f28b2fbc33d833a0913ec87d34a541ff01ef80
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:3a:33:55:a1:59:ed:fd:12:a6:1f:06:58:df:
                    e6:ab:d9:30:42:c5:f9:61:13:f0:17:5d:fb:e0:a8:
                    fb:0a:55:f1:68:41:f7:f2:0e:75:1a:11:5a:af:77:
                    8c:6e:bf:d1:0d:47:61:25:e1:70:74:62:c6:a7:b4:
                    9c:78:ed:79:df:bc:de:b6:82:30:8a:70:22:cd:07:
                    6a:ff:3a:fd:36:5e:5e:b5:d6:c5:fd:6a:0e:1b:47:
                    a3:79:18:e1:b4:01:06:f0:a1:b6:2a:c8:ef:1e:c3:
                    19:f2:ab:26:51:3b:f8:68:8f:da:ee:34:59:a5:03:
                    c1:04:40:6f:de:f6:f6:33:b7:5f:2f:70:b1:82:5e:
                    8d:d1:01:0d:f6:66:61:29:9f:53:99:52:fb:f8:2a:
                    92:88:39:bf:0d:f8:74:b5:88:2e:e8:2e:0f:f1:6c:
                    ce:cd:03:3e:c9:65:0b:7e:83:2d:68:fb:a9:72:e1:
                    e0:92:28:21:91:f1:c1:69:24:6f:04:07:14:47:98:
                    01:08:3f:f8:26:ad:2f:d2:89:25:f4:2c:5e:4e:6f:
                    8a:9e:e9:26:84:b0:89:4b:79:bb:be:ae:63:a1:80:
                    2f:8e:44:68:1d:86:f6:48:4c:76:34:92:02:8f:8d:
                    98:34:59:46:a9:15:71:93:f0:74:86:4a:e3:f6:cb:
                    1f:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:F2:8B:2F:BC:33:D8:33:A0:91:3E:C8:7D:34:A5:41:FF:01:EF:80
            X509v3 Authority Key Identifier:
                keyid:1A:53:7A:0C:0A:33:10:91:B3:07:25:3C:6F:07:E8:F8:28:54:E6:B0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GlN6DAozEJGzByU8bwfo-ChU5rA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/46169f-cf94-4d1b-b2d7-72125297af28/1/WfKLL7wz2DOgkT7IfTSlQf8B74A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/46169f-cf94-4d1b-b2d7-72125297af28/1/GlN6DAozEJGzByU8bwfo-ChU5rA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.35.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         58:89:d0:ad:8e:8f:ec:c0:1e:63:6a:b6:77:6f:ac:96:6f:0f:
         c1:67:3f:fd:e7:e6:b2:94:85:04:53:77:10:bc:0a:a6:28:32:
         e3:6a:de:a5:46:df:4b:da:01:65:f6:77:3c:ea:b3:d7:a1:f5:
         58:ee:78:da:18:d0:7c:b2:31:a0:11:24:15:9a:d1:c6:ac:f2:
         14:36:49:37:b3:78:5b:2e:6d:fd:85:02:bf:cb:2a:33:9e:30:
         0b:d7:5c:05:10:de:e2:5b:6a:b8:08:65:9e:b6:4f:ca:8f:e1:
         9d:ba:f0:4f:46:6b:c1:bf:11:c5:3e:36:d1:38:34:25:25:c4:
         d7:2a:75:4f:3a:b7:af:e9:32:93:56:3f:a7:6a:80:71:40:d4:
         e3:9f:f2:94:b4:fd:25:5b:f8:38:fb:c5:d1:cc:36:e6:31:62:
         4f:49:e6:9a:0b:70:c3:6f:62:1a:a3:eb:d6:1c:8f:a0:10:da:
         4a:0e:e7:0e:a8:b4:9b:1c:18:2d:03:cb:74:10:63:9d:2d:b0:
         5b:b6:a3:9e:00:ab:e2:54:40:62:8d:f8:1b:f0:cb:49:43:bb:
         39:25:65:df:6d:f5:89:3f:df:81:16:25:3b:86:bd:74:cb:c9:
         39:60:b8:cc:44:a4:f2:8a:e0:c5:57:10:2d:58:b8:78:68:68:
         dd:6c:e4:2f
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAYzKK9MuaccPJpkCtJ03j0H8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFhNTM3YTBjMGEzMzEwOTFiMzA3MjUzYzZmMDdlOGY4Mjg1
NGU2YjAwHhcNMjQwMTAyMTIzNTE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OWYyOGIyZmJjMzNkODMzYTA5MTNlYzg3ZDM0YTU0MWZmMDFlZjgwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsjozVaFZ7f0Sph8GWN/mq9kwQsX5
YRPwF1374Kj7ClXxaEH38g51GhFar3eMbr/RDUdhJeFwdGLGp7SceO1537zetoIw
inAizQdq/zr9Nl5etdbF/WoOG0ejeRjhtAEG8KG2KsjvHsMZ8qsmUTv4aI/a7jRZ
pQPBBEBv3vb2M7dfL3Cxgl6N0QEN9mZhKZ9TmVL7+CqSiDm/Dfh0tYgu6C4P8WzO
zQM+yWULfoMtaPupcuHgkighkfHBaSRvBAcUR5gBCD/4Jq0v0okl9CxeTm+Knukm
hLCJS3m7vq5joYAvjkRoHYb2SEx2NJICj42YNFlGqRVxk/B0hkrj9ssfLwIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFFnyiy+8M9gzoJE+yH00pUH/Ae+AMB8GA1UdIwQY
MBaAFBpTegwKMxCRswclPG8H6PgoVOawMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR2xONkRBb3pFSkd6QnlVOGJ3Zm8tQ2hVNXJBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi80NjE2OWYtY2Y5NC00ZDFiLWIyZDct
NzIxMjUyOTdhZjI4LzEvV2ZLTEw3d3oyRE9na1Q3SWZUU2xRZjhCNzRBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi80NjE2OWYtY2Y5NC00ZDFiLWIyZDctNzIxMjUyOTdhZjI4
LzEvR2xONkRBb3pFSkd6QnlVOGJ3Zm8tQ2hVNXJBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAjSMwDQYJ
KoZIhvcNAQELBQADggEBAFiJ0K2Oj+zAHmNqtndvrJZvD8FnP/3n5rKUhQRTdxC8
CqYoMuNq3qVG30vaAWX2dzzqs9eh9VjueNoY0HyyMaARJBWa0cas8hQ2STezeFsu
bf2FAr/LKjOeMAvXXAUQ3uJbargIZZ62T8qP4Z268E9Ga8G/EcU+NtE4NCUlxNcq
dU86t6/pMpNWP6dqgHFA1OOf8pS0/SVb+Dj7xdHMNuYxYk9J5poLcMNvYhqj69Yc
j6AQ2koO5w6otJscGC0Dy3QQY50tsFu2o54Aq+JUQGKN+Bvwy0lDuzklZd9t9Yk/
34EWJTuGvXTLyTlguMxEpPKK4MVXEC1YuHhoaN1s5C8=
-----END CERTIFICATE-----