Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/wv__O0LrxtiITXKKwLOwGQXLJ9o.roa
File:                     wv__O0LrxtiITXKKwLOwGQXLJ9o.roa (raw, json)
Hash identifier:          F4NmBcGcJ/5+ZFYxpNdtZOaf0kkCdBUR1H0RDa0e61E=
Subject key identifier:   C2:FF:FF:3B:42:EB:C6:D8:88:4D:72:8A:C0:B3:B0:19:05:CB:27:DA
Certificate issuer:       /CN=833e3f5ef825556b014a085d32565bb0cbc5ac8d
Certificate serial:       018F465094B73D0068A799424244CF4A1A82
Authority key identifier: 83:3E:3F:5E:F8:25:55:6B:01:4A:08:5D:32:56:5B:B0:CB:C5:AC:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/wv__O0LrxtiITXKKwLOwGQXLJ9o.roa
Signing time:             Sun 05 May 2024 01:13:57 +0000
ROA not before:           Sun 05 May 2024 01:13:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20473
IP address blocks:        212.23.206.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 06:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:46:50:94:b7:3d:00:68:a7:99:42:42:44:cf:4a:1a:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=833e3f5ef825556b014a085d32565bb0cbc5ac8d
        Validity
            Not Before: May  5 01:13:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c2ffff3b42ebc6d8884d728ac0b3b01905cb27da
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:c0:45:fa:76:75:2f:69:e4:85:55:b6:9d:7c:
                    28:e3:05:6d:ea:cc:e1:40:ae:d1:89:fc:93:4d:09:
                    ad:62:62:64:8b:70:68:1c:85:dc:e8:29:2c:09:74:
                    5e:fe:c7:80:35:fe:d9:d6:b9:bd:7d:ac:07:4c:1b:
                    be:9c:af:74:a9:53:3c:aa:9e:12:8b:d8:04:a0:4f:
                    9f:bc:4a:16:df:8a:67:b6:09:21:a9:95:59:87:df:
                    08:80:e5:67:c3:53:ea:ff:96:5c:5a:b9:61:c6:15:
                    93:9f:93:e2:7f:67:7c:2a:1f:85:a6:28:31:3e:eb:
                    a9:c0:8b:3c:62:32:c8:19:79:8a:8f:0d:56:2a:6e:
                    c7:03:d0:24:f0:b1:0a:37:6a:cb:df:af:00:54:19:
                    67:87:3e:05:bc:9b:a8:1f:41:54:9b:23:4c:0d:b5:
                    db:f4:78:a7:07:c0:f9:c0:cd:c0:84:ba:6c:9e:aa:
                    6a:04:08:fc:4c:1b:58:19:b7:dc:c8:5e:6f:a5:74:
                    da:39:00:96:02:0d:57:79:c0:43:3f:6c:db:e4:6f:
                    ce:9b:44:37:27:f4:cc:a9:94:6f:2b:e9:47:c0:44:
                    31:f8:4c:e5:1c:32:ec:2d:e8:c4:88:8c:f4:51:80:
                    a0:dc:cf:62:ae:d9:18:05:44:87:5e:b2:38:da:28:
                    f4:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C2:FF:FF:3B:42:EB:C6:D8:88:4D:72:8A:C0:B3:B0:19:05:CB:27:DA
            X509v3 Authority Key Identifier:
                keyid:83:3E:3F:5E:F8:25:55:6B:01:4A:08:5D:32:56:5B:B0:CB:C5:AC:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/wv__O0LrxtiITXKKwLOwGQXLJ9o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.23.206.0/24

    Signature Algorithm: sha256WithRSAEncryption
         35:c8:94:dc:93:82:7d:8a:bf:3e:04:2b:20:8f:e3:ad:23:28:
         a5:e8:a2:55:2e:12:6b:7f:99:a6:fb:08:84:b0:b3:8e:8e:be:
         76:9c:a3:b9:33:d9:e1:d1:31:9a:8e:9c:fb:89:bb:cc:6c:ec:
         7d:10:c2:57:8c:67:d3:02:81:8f:71:09:48:29:25:db:d0:14:
         39:39:61:71:fa:60:01:8e:df:d5:f6:53:53:19:88:b2:ca:9f:
         95:d5:db:91:0e:3f:e4:ec:74:98:d0:ca:78:25:b9:73:c4:8f:
         c3:e9:ea:92:67:01:e1:80:ee:ae:ad:aa:72:45:9e:99:54:ce:
         ce:6b:3e:01:e5:4b:b5:59:c9:e2:56:75:46:3c:3d:ef:60:60:
         b9:b0:e4:13:42:5e:3e:46:75:57:27:f4:77:de:5f:6d:6e:53:
         b7:88:1c:6f:e3:3f:9f:13:7e:99:9f:d4:6d:c9:78:79:39:63:
         33:24:aa:6b:7d:40:d1:20:42:95:4d:1f:37:f1:a8:03:98:0d:
         c0:4a:cb:dc:2c:94:f0:f7:25:25:cc:a0:69:e9:09:9e:7a:be:
         0d:41:5f:b6:f4:76:8b:8e:19:00:7c:9e:85:47:70:db:e1:16:
         bf:ec:59:44:71:37:17:cb:c7:d6:9d:66:fd:06:67:1f:ca:c1:
         ac:82:10:68
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY9GUJS3PQBop5lCQkTPShqCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzM2UzZjVlZjgyNTU1NmIwMTRhMDg1ZDMyNTY1YmIwY2Jj
NWFjOGQwHhcNMjQwNTA1MDExMzU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMmZmZmYzYjQyZWJjNmQ4ODg0ZDcyOGFjMGIzYjAxOTA1Y2IyN2RhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArsBF+nZ1L2nkhVW2nXwo4wVt6szh
QK7RifyTTQmtYmJki3BoHIXc6CksCXRe/seANf7Z1rm9fawHTBu+nK90qVM8qp4S
i9gEoE+fvEoW34pntgkhqZVZh98IgOVnw1Pq/5ZcWrlhxhWTn5Pif2d8Kh+Fpigx
PuupwIs8YjLIGXmKjw1WKm7HA9Ak8LEKN2rL368AVBlnhz4FvJuoH0FUmyNMDbXb
9HinB8D5wM3AhLpsnqpqBAj8TBtYGbfcyF5vpXTaOQCWAg1XecBDP2zb5G/Om0Q3
J/TMqZRvK+lHwEQx+EzlHDLsLejEiIz0UYCg3M9irtkYBUSHXrI42ij01wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFML//ztC68bYiE1yisCzsBkFyyfaMB8GA1UdIwQY
MBaAFIM+P174JVVrAUoIXTJWW7DLxayNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ3o0X1h2Z2xWV3NCU2doZE1sWmJzTXZGckkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy9kMjY2MTgtYjM0MC00ZjUwLWIzMzAt
MzE4YTI2ZDRhOGM5LzEvd3ZfX08wTHJ4dGlJVFhLS3dMT3dHUVhMSjlvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy9kMjY2MTgtYjM0MC00ZjUwLWIzMzAtMzE4YTI2ZDRhOGM5
LzEvZ3o0X1h2Z2xWV3NCU2doZE1sWmJzTXZGckkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1BfOMA0G
CSqGSIb3DQEBCwUAA4IBAQA1yJTck4J9ir8+BCsgj+OtIyil6KJVLhJrf5mm+wiE
sLOOjr52nKO5M9nh0TGajpz7ibvMbOx9EMJXjGfTAoGPcQlIKSXb0BQ5OWFx+mAB
jt/V9lNTGYiyyp+V1duRDj/k7HSY0Mp4JblzxI/D6eqSZwHhgO6urapyRZ6ZVM7O
az4B5Uu1WcniVnVGPD3vYGC5sOQTQl4+RnVXJ/R33l9tblO3iBxv4z+fE36Zn9Rt
yXh5OWMzJKprfUDRIEKVTR838agDmA3ASsvcLJTw9yUlzKBp6Qmeer4NQV+29HaL
jhkAfJ6FR3Db4Ra/7FlEcTcXy8fWnWb9BmcfysGsghBo
-----END CERTIFICATE-----