Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0e/b05667-e850-4c45-aee3-aded1c469eaf/1/w-aqpbqWfkl74xzFMPDeoY_yHk8.roa
File:                     w-aqpbqWfkl74xzFMPDeoY_yHk8.roa (raw, json)
Hash identifier:          NL2W0FK1OP7GNcCG7TCwREe/LpMv7d4+lKIiCsfp0RU=
Subject key identifier:   C3:E6:AA:A5:BA:96:7E:49:7B:E3:1C:C5:30:F0:DE:A1:8F:F2:1E:4F
Certificate issuer:       /CN=e1ef9694aa48d81279e8ede430795f2768d2dd52
Certificate serial:       018CC86EFAB811FE22E0A9E483087083B721
Authority key identifier: E1:EF:96:94:AA:48:D8:12:79:E8:ED:E4:30:79:5F:27:68:D2:DD:52
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4e-WlKpI2BJ56O3kMHlfJ2jS3VI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0e/b05667-e850-4c45-aee3-aded1c469eaf/1/w-aqpbqWfkl74xzFMPDeoY_yHk8.roa
Signing time:             Tue 02 Jan 2024 04:29:25 +0000
ROA not before:           Tue 02 Jan 2024 04:29:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61317
IP address blocks:        194.76.115.0/24 maxlen: 24
                          194.76.114.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0e/b05667-e850-4c45-aee3-aded1c469eaf/1/4e-WlKpI2BJ56O3kMHlfJ2jS3VI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0e/b05667-e850-4c45-aee3-aded1c469eaf/1/4e-WlKpI2BJ56O3kMHlfJ2jS3VI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4e-WlKpI2BJ56O3kMHlfJ2jS3VI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 20:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6e:fa:b8:11:fe:22:e0:a9:e4:83:08:70:83:b7:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e1ef9694aa48d81279e8ede430795f2768d2dd52
        Validity
            Not Before: Jan  2 04:29:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c3e6aaa5ba967e497be31cc530f0dea18ff21e4f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:6d:29:f1:42:04:ab:de:a1:78:09:f0:08:7d:
                    32:a5:8c:a6:46:3d:5e:47:c5:32:4b:75:29:94:4e:
                    65:bf:46:a9:63:62:01:f5:ad:20:c4:aa:14:58:5b:
                    95:f5:10:2d:6f:19:3e:cc:52:c2:8d:8d:73:43:bb:
                    20:c4:ce:64:76:c8:f7:a0:12:65:84:7f:49:12:a1:
                    28:b5:3e:39:3e:b7:31:7b:7c:63:49:16:6b:1f:52:
                    04:72:ee:e1:ec:44:ca:c3:b1:c3:12:e4:fa:53:09:
                    6b:9c:05:5d:12:cb:40:64:24:b6:e5:4c:9d:3b:fa:
                    25:3c:a1:c9:3a:84:a6:a9:67:a4:ce:3b:25:24:37:
                    e5:fb:c3:8f:83:c9:43:3a:c2:93:6c:02:ba:55:95:
                    9b:14:23:77:f3:2f:4f:e1:cc:b0:45:0b:ca:c2:34:
                    d2:ce:56:57:12:28:07:3d:b9:c4:a4:84:f8:2b:32:
                    3a:52:97:e7:a6:b0:66:e5:e3:bb:5f:5b:5c:d4:e8:
                    ac:05:14:bd:c5:ef:ac:90:98:8a:b1:5c:f7:0a:00:
                    62:15:7d:9a:40:c3:19:c1:7f:e8:28:b9:5a:54:fb:
                    b1:f8:e4:17:ba:5c:45:f5:2b:e9:88:5a:09:aa:c2:
                    4f:ec:f2:72:46:31:26:2e:bf:b7:3d:70:cb:13:c6:
                    3d:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C3:E6:AA:A5:BA:96:7E:49:7B:E3:1C:C5:30:F0:DE:A1:8F:F2:1E:4F
            X509v3 Authority Key Identifier:
                keyid:E1:EF:96:94:AA:48:D8:12:79:E8:ED:E4:30:79:5F:27:68:D2:DD:52

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e-WlKpI2BJ56O3kMHlfJ2jS3VI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/b05667-e850-4c45-aee3-aded1c469eaf/1/w-aqpbqWfkl74xzFMPDeoY_yHk8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/b05667-e850-4c45-aee3-aded1c469eaf/1/4e-WlKpI2BJ56O3kMHlfJ2jS3VI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.76.114.0/23

    Signature Algorithm: sha256WithRSAEncryption
         60:c6:3c:86:a9:ac:8d:7d:66:ab:3c:9f:2c:91:a5:49:17:23:
         f0:79:25:22:df:56:c3:fd:99:00:a4:2b:11:cc:a2:09:ce:13:
         3d:d8:a9:28:fa:01:7a:e9:df:25:bc:0c:d6:dc:b5:8a:50:96:
         ca:1c:f1:c0:3b:9b:54:65:a2:43:09:55:bc:bd:72:30:ed:39:
         db:8a:ae:98:3e:f9:bf:2a:51:a4:28:38:1f:b4:87:00:a4:27:
         c6:ca:a2:18:22:66:be:b8:2a:a3:e4:8e:33:b9:41:ee:6c:59:
         9c:c1:3c:0c:30:af:6c:31:03:aa:bb:4e:11:32:65:c7:73:76:
         87:0b:df:24:b3:30:c5:c8:83:f7:2f:16:d0:84:92:b5:de:27:
         1d:cd:40:50:40:94:22:7e:73:34:ae:2b:ab:46:05:ed:65:bc:
         36:07:68:73:d0:d6:8b:69:d8:00:07:8c:4d:2e:cc:8b:37:a7:
         17:34:36:c9:17:96:eb:6d:7d:53:18:99:7b:b5:c2:00:25:69:
         c1:a6:ed:bb:bc:57:7e:d9:a4:51:be:d9:af:83:8b:1b:33:c9:
         e9:4e:5e:06:38:3d:0b:75:b3:8b:1d:48:0a:0c:fa:5a:3d:fa:
         6e:25:85:8d:f8:1f:04:c4:98:d4:06:54:90:8a:e1:db:2a:4a:
         6e:a3:9f:d9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIbvq4Ef4i4Knkgwhwg7chMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUxZWY5Njk0YWE0OGQ4MTI3OWU4ZWRlNDMwNzk1ZjI3Njhk
MmRkNTIwHhcNMjQwMTAyMDQyOTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjM2U2YWFhNWJhOTY3ZTQ5N2JlMzFjYzUzMGYwZGVhMThmZjIxZTRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtW0p8UIEq96heAnwCH0ypYymRj1e
R8UyS3UplE5lv0apY2IB9a0gxKoUWFuV9RAtbxk+zFLCjY1zQ7sgxM5kdsj3oBJl
hH9JEqEotT45Prcxe3xjSRZrH1IEcu7h7ETKw7HDEuT6UwlrnAVdEstAZCS25Uyd
O/olPKHJOoSmqWekzjslJDfl+8OPg8lDOsKTbAK6VZWbFCN38y9P4cywRQvKwjTS
zlZXEigHPbnEpIT4KzI6UpfnprBm5eO7X1tc1OisBRS9xe+skJiKsVz3CgBiFX2a
QMMZwX/oKLlaVPux+OQXulxF9SvpiFoJqsJP7PJyRjEmLr+3PXDLE8Y9mQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMPmqqW6ln5Je+McxTDw3qGP8h5PMB8GA1UdIwQY
MBaAFOHvlpSqSNgSeejt5DB5Xydo0t1SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNGUtV2xLcEkyQko1Nk8za01IbGZKMmpTM1ZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZS9iMDU2NjctZTg1MC00YzQ1LWFlZTMt
YWRlZDFjNDY5ZWFmLzEvdy1hcXBicVdma2w3NHh6Rk1QRGVvWV95SGs4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZS9iMDU2NjctZTg1MC00YzQ1LWFlZTMtYWRlZDFjNDY5ZWFm
LzEvNGUtV2xLcEkyQko1Nk8za01IbGZKMmpTM1ZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwkxyMA0G
CSqGSIb3DQEBCwUAA4IBAQBgxjyGqayNfWarPJ8skaVJFyPweSUi31bD/ZkApCsR
zKIJzhM92Kko+gF66d8lvAzW3LWKUJbKHPHAO5tUZaJDCVW8vXIw7Tnbiq6YPvm/
KlGkKDgftIcApCfGyqIYIma+uCqj5I4zuUHubFmcwTwMMK9sMQOqu04RMmXHc3aH
C98kszDFyIP3LxbQhJK13icdzUBQQJQifnM0riurRgXtZbw2B2hz0NaLadgAB4xN
LsyLN6cXNDbJF5brbX1TGJl7tcIAJWnBpu27vFd+2aRRvtmvg4sbM8npTl4GOD0L
dbOLHUgKDPpaPfpuJYWN+B8ExJjUBlSQiuHbKkpuo5/Z
-----END CERTIFICATE-----