Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fb/77264e-4964-4f68-92e5-ffa4339bce4f/1/W_DdXaDUpUu0ztDuNWJhTQiWmHI.roa
File:                     W_DdXaDUpUu0ztDuNWJhTQiWmHI.roa (raw, json)
Hash identifier:          A4pdx7j5jCMrZf4ACgNIBSG9IxybTBtIq0Q/EzAZVYo=
Subject key identifier:   5B:F0:DD:5D:A0:D4:A5:4B:B4:CE:D0:EE:35:62:61:4D:08:96:98:72
Certificate issuer:       /CN=eac5447c0431a75ee7bb5940a2183c18438eb6b1
Certificate serial:       018DEA22B0DD0B8E778B5D1B739402BDD88A
Authority key identifier: EA:C5:44:7C:04:31:A7:5E:E7:BB:59:40:A2:18:3C:18:43:8E:B6:B1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6sVEfAQxp17nu1lAohg8GEOOtrE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fb/77264e-4964-4f68-92e5-ffa4339bce4f/1/W_DdXaDUpUu0ztDuNWJhTQiWmHI.roa
Signing time:             Tue 27 Feb 2024 10:35:58 +0000
ROA not before:           Tue 27 Feb 2024 10:35:58 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203421
IP address blocks:        62.3.52.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fb/77264e-4964-4f68-92e5-ffa4339bce4f/1/6sVEfAQxp17nu1lAohg8GEOOtrE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fb/77264e-4964-4f68-92e5-ffa4339bce4f/1/6sVEfAQxp17nu1lAohg8GEOOtrE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6sVEfAQxp17nu1lAohg8GEOOtrE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:ea:22:b0:dd:0b:8e:77:8b:5d:1b:73:94:02:bd:d8:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eac5447c0431a75ee7bb5940a2183c18438eb6b1
        Validity
            Not Before: Feb 27 10:35:58 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5bf0dd5da0d4a54bb4ced0ee3562614d08969872
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:35:06:83:95:15:aa:8f:3e:68:8e:ee:05:91:
                    d8:ae:3a:4c:13:8c:a7:96:b5:20:8f:6b:a8:99:1f:
                    87:dc:2e:46:df:d4:ec:0b:37:75:02:76:51:e6:44:
                    98:10:ff:e1:3e:f9:e3:27:b9:c7:21:20:2e:e5:00:
                    7c:fd:bd:27:82:fa:63:56:21:a8:8b:9e:69:55:9f:
                    23:d3:0c:e4:97:27:7f:0c:b6:b0:27:3e:71:1b:ff:
                    7d:8d:b6:23:30:88:e8:d4:cb:d0:9d:2c:0c:e4:1b:
                    2d:da:e1:2c:b8:42:9d:c4:25:de:8e:0e:ce:dd:8c:
                    a6:47:96:59:bf:ba:f2:f4:e9:0d:fc:c8:4c:d5:cb:
                    94:94:49:82:e0:8f:40:1a:9e:90:93:5c:e5:a7:96:
                    e6:34:5b:ab:1c:cb:09:12:2c:7e:ac:d0:e5:fe:6e:
                    4a:6b:ed:61:21:8d:db:ad:c7:ac:22:7f:3b:5e:ec:
                    5e:53:1f:9d:50:a0:6d:ad:fa:99:32:bd:8b:fb:a2:
                    3d:ad:d4:ab:8d:7d:46:1c:85:2b:9e:67:d3:f7:13:
                    6b:73:db:bf:38:f6:af:6c:13:85:a3:74:ea:c7:c3:
                    77:8b:69:ab:af:8b:8f:f3:e6:c5:f2:52:0a:53:c4:
                    b7:5c:fe:09:9e:e2:31:fa:fa:ed:f8:5b:9d:09:68:
                    21:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:F0:DD:5D:A0:D4:A5:4B:B4:CE:D0:EE:35:62:61:4D:08:96:98:72
            X509v3 Authority Key Identifier:
                keyid:EA:C5:44:7C:04:31:A7:5E:E7:BB:59:40:A2:18:3C:18:43:8E:B6:B1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6sVEfAQxp17nu1lAohg8GEOOtrE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/77264e-4964-4f68-92e5-ffa4339bce4f/1/W_DdXaDUpUu0ztDuNWJhTQiWmHI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/77264e-4964-4f68-92e5-ffa4339bce4f/1/6sVEfAQxp17nu1lAohg8GEOOtrE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.3.52.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9f:f5:64:1a:ad:84:fd:9b:93:a1:5f:5c:31:75:a4:bc:a0:af:
         18:f3:c1:c4:1d:77:73:1f:dd:d5:f9:97:8e:55:51:93:05:0f:
         45:af:d3:6f:8d:96:ef:7c:c3:80:66:9c:00:3c:02:f1:9a:12:
         17:ee:fd:ad:e8:a1:25:f0:b2:71:1f:2c:0f:e2:b9:6a:ab:74:
         1f:26:d6:19:55:5e:98:1b:9c:2a:a2:b4:08:51:c1:37:a2:28:
         4b:e4:94:77:5a:75:8a:e9:e6:12:e1:a2:d9:f8:98:48:35:4a:
         6d:11:d4:8a:84:30:c7:46:93:1d:94:58:53:86:fa:50:a0:47:
         28:03:32:e7:82:ec:05:b5:96:55:72:cf:ff:24:74:05:d6:58:
         ee:5e:90:8c:ec:09:f6:61:f2:8d:aa:6d:db:7d:d8:48:ef:c8:
         21:a1:d3:2e:40:17:ce:bf:7c:a3:e6:da:af:60:0a:19:47:1c:
         5a:fa:5a:f3:e2:93:90:73:d0:f0:f6:3b:bb:99:59:ce:2c:4a:
         77:a5:b6:8f:c6:a9:03:d0:c1:27:f6:de:4c:ca:cb:47:b9:95:
         6a:b2:c0:74:3a:2f:10:ef:80:3d:9c:b9:9e:78:07:66:9b:6f:
         a4:33:08:fe:60:90:d7:49:ce:03:14:ee:7a:d6:cf:5a:33:2b:
         3a:30:b4:86
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY3qIrDdC453i10bc5QCvdiKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVhYzU0NDdjMDQzMWE3NWVlN2JiNTk0MGEyMTgzYzE4NDM4
ZWI2YjEwHhcNMjQwMjI3MTAzNTU4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YmYwZGQ1ZGEwZDRhNTRiYjRjZWQwZWUzNTYyNjE0ZDA4OTY5ODcyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjzUGg5UVqo8+aI7uBZHYrjpME4yn
lrUgj2uomR+H3C5G39TsCzd1AnZR5kSYEP/hPvnjJ7nHISAu5QB8/b0ngvpjViGo
i55pVZ8j0wzklyd/DLawJz5xG/99jbYjMIjo1MvQnSwM5Bst2uEsuEKdxCXejg7O
3YymR5ZZv7ry9OkN/MhM1cuUlEmC4I9AGp6Qk1zlp5bmNFurHMsJEix+rNDl/m5K
a+1hIY3brcesIn87XuxeUx+dUKBtrfqZMr2L+6I9rdSrjX1GHIUrnmfT9xNrc9u/
OPavbBOFo3Tqx8N3i2mrr4uP8+bF8lIKU8S3XP4JnuIx+vrt+FudCWghbQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFvw3V2g1KVLtM7Q7jViYU0IlphyMB8GA1UdIwQY
MBaAFOrFRHwEMade57tZQKIYPBhDjraxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNnNWRWZBUXhwMTdudTFsQW9oZzhHRU9PdHJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYi83NzI2NGUtNDk2NC00ZjY4LTkyZTUt
ZmZhNDMzOWJjZTRmLzEvV19EZFhhRFVwVXUwenREdU5XSmhUUWlXbUhJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYi83NzI2NGUtNDk2NC00ZjY4LTkyZTUtZmZhNDMzOWJjZTRm
LzEvNnNWRWZBUXhwMTdudTFsQW9oZzhHRU9PdHJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAPgM0MA0G
CSqGSIb3DQEBCwUAA4IBAQCf9WQarYT9m5OhX1wxdaS8oK8Y88HEHXdzH93V+ZeO
VVGTBQ9Fr9NvjZbvfMOAZpwAPALxmhIX7v2t6KEl8LJxHywP4rlqq3QfJtYZVV6Y
G5wqorQIUcE3oihL5JR3WnWK6eYS4aLZ+JhINUptEdSKhDDHRpMdlFhThvpQoEco
AzLnguwFtZZVcs//JHQF1ljuXpCM7An2YfKNqm3bfdhI78ghodMuQBfOv3yj5tqv
YAoZRxxa+lrz4pOQc9Dw9ju7mVnOLEp3pbaPxqkD0MEn9t5MystHuZVqssB0Oi8Q
74A9nLmeeAdmm2+kMwj+YJDXSc4DFO561s9aMys6MLSG
-----END CERTIFICATE-----