Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fe/672af8-3348-4213-b47c-0618c9a8cac4/1/wpdtJSzHd6eQ3ucqWeh8naPQwMM.roa
File:                     wpdtJSzHd6eQ3ucqWeh8naPQwMM.roa (raw, json)
Hash identifier:          Zj2yd7ZZrnviH6kLlMcluo32LUAUvOeQLn8evJfzWM4=
Subject key identifier:   C2:97:6D:25:2C:C7:77:A7:90:DE:E7:2A:59:E8:7C:9D:A3:D0:C0:C3
Certificate issuer:       /CN=8a08c28be15516290b9da5135e58f55fbb80ffb4
Certificate serial:       018CC87146F972E3F7ED496D075AADB12899
Authority key identifier: 8A:08:C2:8B:E1:55:16:29:0B:9D:A5:13:5E:58:F5:5F:BB:80:FF:B4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/igjCi-FVFikLnaUTXlj1X7uA_7Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fe/672af8-3348-4213-b47c-0618c9a8cac4/1/wpdtJSzHd6eQ3ucqWeh8naPQwMM.roa
Signing time:             Tue 02 Jan 2024 04:31:56 +0000
ROA not before:           Tue 02 Jan 2024 04:31:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     21449
IP address blocks:        160.53.75.0/24 maxlen: 24
                          160.53.0.0/16 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fe/672af8-3348-4213-b47c-0618c9a8cac4/1/igjCi-FVFikLnaUTXlj1X7uA_7Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fe/672af8-3348-4213-b47c-0618c9a8cac4/1/igjCi-FVFikLnaUTXlj1X7uA_7Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/igjCi-FVFikLnaUTXlj1X7uA_7Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 19 Jun 2024 04:03:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:71:46:f9:72:e3:f7:ed:49:6d:07:5a:ad:b1:28:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8a08c28be15516290b9da5135e58f55fbb80ffb4
        Validity
            Not Before: Jan  2 04:31:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c2976d252cc777a790dee72a59e87c9da3d0c0c3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:68:14:0c:40:8c:70:d7:59:46:a8:6a:0c:c8:
                    8b:75:41:29:9b:d8:be:69:19:6d:27:92:19:3d:01:
                    57:34:78:f4:e2:d0:66:5d:c8:c4:6c:a6:9c:3c:8b:
                    fa:79:76:41:cc:85:db:eb:3c:5a:f3:69:f3:02:17:
                    66:f3:ce:ca:44:07:a5:83:26:8a:03:d3:07:ef:e3:
                    ea:cb:25:f2:df:16:3d:d4:0e:51:17:95:7c:3a:81:
                    a9:f1:6b:20:9a:ed:90:11:47:04:37:14:a6:3b:f6:
                    d9:fb:a2:6b:b1:f5:7b:09:91:00:9f:87:15:05:85:
                    85:35:fa:99:ed:7c:df:51:fc:9a:21:e0:9e:58:7f:
                    f1:d2:fd:ac:89:fb:b0:5a:88:c0:b0:ce:d5:ae:ed:
                    80:61:a3:28:3b:c9:b7:91:7a:bc:50:7e:3b:42:94:
                    b1:93:5f:45:80:7a:e6:12:bf:b3:bb:45:8e:5a:28:
                    36:40:0a:95:31:c8:37:e4:1e:9c:79:9f:72:69:a7:
                    fd:6a:c9:de:cd:3e:03:1a:21:87:51:a1:ce:5a:4b:
                    3d:11:5c:38:51:01:5f:2e:af:12:a5:4c:7c:ce:8b:
                    9c:6d:c9:79:73:87:b6:04:ac:66:aa:18:d9:30:2f:
                    c5:6e:25:9b:27:8d:66:80:52:97:13:46:80:8d:3f:
                    99:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C2:97:6D:25:2C:C7:77:A7:90:DE:E7:2A:59:E8:7C:9D:A3:D0:C0:C3
            X509v3 Authority Key Identifier:
                keyid:8A:08:C2:8B:E1:55:16:29:0B:9D:A5:13:5E:58:F5:5F:BB:80:FF:B4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/igjCi-FVFikLnaUTXlj1X7uA_7Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/672af8-3348-4213-b47c-0618c9a8cac4/1/wpdtJSzHd6eQ3ucqWeh8naPQwMM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/672af8-3348-4213-b47c-0618c9a8cac4/1/igjCi-FVFikLnaUTXlj1X7uA_7Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  160.53.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         4e:22:7c:a2:bb:2e:ac:e1:e1:51:5e:9b:74:84:4d:02:46:83:
         f9:4f:36:cb:d8:7d:47:10:27:49:04:da:9e:d4:d9:14:b5:59:
         c8:cd:f2:6b:5d:a4:c1:0f:b8:1c:eb:ab:c8:e0:81:11:62:eb:
         1e:17:19:26:22:ab:54:84:84:94:cb:a4:34:22:bc:e6:d3:40:
         2c:df:7f:d8:1c:f3:c1:43:60:6a:f4:ac:37:a5:66:f0:b4:32:
         df:53:49:7d:d4:3d:b6:7b:d1:80:31:f8:5f:eb:ec:34:94:37:
         ef:1f:4b:5b:d6:3c:02:c8:ab:d7:62:21:23:23:0e:22:e7:2c:
         02:6c:78:0e:87:92:70:65:3b:76:af:be:3d:73:1a:ae:c7:a1:
         4a:5a:20:9f:9c:ce:71:8b:5f:10:e8:c1:c7:cc:09:89:51:d4:
         9b:93:d8:3d:43:aa:cb:9f:ea:15:eb:f1:cb:8b:b9:d4:df:5c:
         cd:f5:07:2f:98:d9:90:63:67:03:20:72:c4:90:56:25:51:8e:
         d7:fb:a6:c1:18:c5:ca:a2:6f:84:a9:31:ed:3f:47:b3:14:04:
         3a:9d:72:67:0c:46:da:d4:49:7f:55:b1:dc:5a:96:24:0b:f4:
         20:8a:d2:4a:f1:d4:d1:32:d3:37:bd:f2:e1:52:88:6b:36:77:
         4f:6c:21:a8
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAYzIcUb5cuP37UltB1qtsSiZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhhMDhjMjhiZTE1NTE2MjkwYjlkYTUxMzVlNThmNTVmYmI4
MGZmYjQwHhcNMjQwMTAyMDQzMTU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMjk3NmQyNTJjYzc3N2E3OTBkZWU3MmE1OWU4N2M5ZGEzZDBjMGMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzWgUDECMcNdZRqhqDMiLdUEpm9i+
aRltJ5IZPQFXNHj04tBmXcjEbKacPIv6eXZBzIXb6zxa82nzAhdm887KRAelgyaK
A9MH7+PqyyXy3xY91A5RF5V8OoGp8Wsgmu2QEUcENxSmO/bZ+6JrsfV7CZEAn4cV
BYWFNfqZ7XzfUfyaIeCeWH/x0v2sifuwWojAsM7Vru2AYaMoO8m3kXq8UH47QpSx
k19FgHrmEr+zu0WOWig2QAqVMcg35B6ceZ9yaaf9asnezT4DGiGHUaHOWks9EVw4
UQFfLq8SpUx8zoucbcl5c4e2BKxmqhjZMC/FbiWbJ41mgFKXE0aAjT+Z9QIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFMKXbSUsx3enkN7nKlnofJ2j0MDDMB8GA1UdIwQY
MBaAFIoIwovhVRYpC52lE15Y9V+7gP+0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaWdqQ2ktRlZGaWtMbmFVVFhsajFYN3VBXzdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZS82NzJhZjgtMzM0OC00MjEzLWI0N2Mt
MDYxOGM5YThjYWM0LzEvd3BkdEpTekhkNmVRM3VjcVdlaDhuYVBRd01NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZS82NzJhZjgtMzM0OC00MjEzLWI0N2MtMDYxOGM5YThjYWM0
LzEvaWdqQ2ktRlZGaWtMbmFVVFhsajFYN3VBXzdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAoDUwDQYJ
KoZIhvcNAQELBQADggEBAE4ifKK7Lqzh4VFem3SETQJGg/lPNsvYfUcQJ0kE2p7U
2RS1WcjN8mtdpMEPuBzrq8jggRFi6x4XGSYiq1SEhJTLpDQivObTQCzff9gc88FD
YGr0rDelZvC0Mt9TSX3UPbZ70YAx+F/r7DSUN+8fS1vWPALIq9diISMjDiLnLAJs
eA6HknBlO3avvj1zGq7HoUpaIJ+cznGLXxDowcfMCYlR1JuT2D1Dqsuf6hXr8cuL
udTfXM31By+Y2ZBjZwMgcsSQViVRjtf7psEYxcqib4SpMe0/R7MUBDqdcmcMRtrU
SX9VsdxaliQL9CCK0krx1NEy0ze98uFSiGs2d09sIag=
-----END CERTIFICATE-----