Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/3b9aff-f00d-4187-af94-5717b4544237/1/wdIDdUm8X7d1zvtwWSrYo1q1RC0.roa
File:                     wdIDdUm8X7d1zvtwWSrYo1q1RC0.roa (raw, json)
Hash identifier:          QCNCh0vPVR4Sw5sAFFjit8Rip2RVPDlHI7ZzbFOuuGg=
Subject key identifier:   C1:D2:03:75:49:BC:5F:B7:75:CE:FB:70:59:2A:D8:A3:5A:B5:44:2D
Certificate issuer:       /CN=25bbed0bff7ffeab67f302b411a00701854a6c30
Certificate serial:       01902C9AB48359808D3F6693483689D778BB
Authority key identifier: 25:BB:ED:0B:FF:7F:FE:AB:67:F3:02:B4:11:A0:07:01:85:4A:6C:30
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JbvtC_9__qtn8wK0EaAHAYVKbDA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a7/3b9aff-f00d-4187-af94-5717b4544237/1/wdIDdUm8X7d1zvtwWSrYo1q1RC0.roa
Signing time:             Tue 18 Jun 2024 18:27:34 +0000
ROA not before:           Tue 18 Jun 2024 18:27:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47263
IP address blocks:        194.104.138.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a7/3b9aff-f00d-4187-af94-5717b4544237/1/JbvtC_9__qtn8wK0EaAHAYVKbDA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a7/3b9aff-f00d-4187-af94-5717b4544237/1/JbvtC_9__qtn8wK0EaAHAYVKbDA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JbvtC_9__qtn8wK0EaAHAYVKbDA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 14:21:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:2c:9a:b4:83:59:80:8d:3f:66:93:48:36:89:d7:78:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=25bbed0bff7ffeab67f302b411a00701854a6c30
        Validity
            Not Before: Jun 18 18:27:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c1d2037549bc5fb775cefb70592ad8a35ab5442d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:d3:f7:b4:02:aa:bb:41:df:e9:f5:2b:3e:81:
                    2b:fb:01:f2:80:f0:14:9e:28:03:72:55:3f:6f:a3:
                    c6:d4:ce:25:21:63:32:80:da:33:1d:e5:c1:5e:6b:
                    26:61:f2:c4:ae:d7:e1:ee:b1:a4:eb:97:ff:68:29:
                    59:1d:f6:ae:8e:52:bf:be:2b:48:2c:1c:2f:85:b2:
                    da:69:fe:df:41:f5:8e:10:1c:01:d8:71:5b:09:bf:
                    e3:3d:93:50:68:97:d9:7d:48:6c:b8:5c:fe:88:5a:
                    b2:59:92:04:ad:57:73:eb:60:d9:22:c0:43:7d:c4:
                    4e:29:91:67:73:9b:42:ac:aa:5c:8a:d7:16:47:e7:
                    af:c4:5a:9d:d8:e7:64:c1:85:f8:a5:e0:e5:b6:74:
                    14:1c:57:75:9b:b0:77:b1:13:4a:0b:c7:18:38:6c:
                    a1:53:01:dd:da:1e:89:d9:46:f0:20:04:43:44:2c:
                    e7:f5:43:37:a4:12:80:f9:41:e2:95:09:42:6d:5b:
                    7a:68:b3:6e:cf:9b:96:a4:47:db:ec:49:e7:6f:37:
                    d9:e9:9c:a5:9d:02:16:3d:e0:0d:89:7b:ee:01:37:
                    08:4a:d2:4c:03:1c:d0:b1:70:d4:95:e6:3a:40:dd:
                    d3:c8:ee:d1:ad:7c:bd:61:24:0a:e8:7d:0e:fa:15:
                    8b:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:D2:03:75:49:BC:5F:B7:75:CE:FB:70:59:2A:D8:A3:5A:B5:44:2D
            X509v3 Authority Key Identifier:
                keyid:25:BB:ED:0B:FF:7F:FE:AB:67:F3:02:B4:11:A0:07:01:85:4A:6C:30

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JbvtC_9__qtn8wK0EaAHAYVKbDA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/3b9aff-f00d-4187-af94-5717b4544237/1/wdIDdUm8X7d1zvtwWSrYo1q1RC0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/3b9aff-f00d-4187-af94-5717b4544237/1/JbvtC_9__qtn8wK0EaAHAYVKbDA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.104.138.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3d:f6:bb:07:26:08:aa:70:46:8d:ca:e3:cc:c3:fb:87:53:03:
         07:2d:88:6b:e6:64:bb:85:ce:ff:36:2e:08:5c:28:16:0b:74:
         72:8c:da:09:57:d7:6f:7f:ca:3a:fc:95:67:33:ca:7e:b1:02:
         54:3b:91:1a:c2:06:dc:20:3f:cb:ed:87:49:32:81:4a:42:d9:
         7f:e4:90:6e:30:e4:9e:4a:35:d2:e5:c3:83:e8:9a:da:38:ef:
         c8:53:a3:5f:3b:e4:6a:3a:95:57:a6:67:bc:85:11:52:b7:98:
         c3:85:de:d8:73:65:56:d2:5e:7d:88:ad:0d:ea:39:23:62:5b:
         65:5a:80:36:c6:52:3c:72:19:aa:9e:21:50:45:85:5a:4f:a3:
         4b:d5:e3:de:f2:75:b8:75:7c:7c:07:65:69:9f:e7:a4:83:c4:
         08:8e:82:bf:71:69:7d:78:99:b7:d8:b1:9e:f9:11:1c:01:86:
         52:b4:71:bd:19:40:0b:a3:93:8d:c7:c8:07:2a:0d:57:96:cf:
         43:af:57:d2:ae:aa:71:27:a5:d9:1b:df:03:8f:84:7d:12:ea:
         e1:d8:e6:07:16:1f:da:95:dc:82:14:15:da:f2:7b:2b:27:b7:
         19:14:37:f7:00:b9:c2:94:42:19:3f:9b:09:17:78:df:da:27:
         09:40:d5:c7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZAsmrSDWYCNP2aTSDaJ13i7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI1YmJlZDBiZmY3ZmZlYWI2N2YzMDJiNDExYTAwNzAxODU0
YTZjMzAwHhcNMjQwNjE4MTgyNzM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMWQyMDM3NTQ5YmM1ZmI3NzVjZWZiNzA1OTJhZDhhMzVhYjU0NDJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA49P3tAKqu0Hf6fUrPoEr+wHygPAU
nigDclU/b6PG1M4lIWMygNozHeXBXmsmYfLErtfh7rGk65f/aClZHfaujlK/vitI
LBwvhbLaaf7fQfWOEBwB2HFbCb/jPZNQaJfZfUhsuFz+iFqyWZIErVdz62DZIsBD
fcROKZFnc5tCrKpcitcWR+evxFqd2OdkwYX4peDltnQUHFd1m7B3sRNKC8cYOGyh
UwHd2h6J2UbwIARDRCzn9UM3pBKA+UHilQlCbVt6aLNuz5uWpEfb7EnnbzfZ6Zyl
nQIWPeANiXvuATcIStJMAxzQsXDUleY6QN3TyO7RrXy9YSQK6H0O+hWLjQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMHSA3VJvF+3dc77cFkq2KNatUQtMB8GA1UdIwQY
MBaAFCW77Qv/f/6rZ/MCtBGgBwGFSmwwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSmJ2dENfOV9fcXRuOHdLMEVhQUhBWVZLYkRBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy8zYjlhZmYtZjAwZC00MTg3LWFmOTQt
NTcxN2I0NTQ0MjM3LzEvd2RJRGRVbThYN2QxenZ0d1dTcllvMXExUkMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy8zYjlhZmYtZjAwZC00MTg3LWFmOTQtNTcxN2I0NTQ0MjM3
LzEvSmJ2dENfOV9fcXRuOHdLMEVhQUhBWVZLYkRBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwmiKMA0G
CSqGSIb3DQEBCwUAA4IBAQA99rsHJgiqcEaNyuPMw/uHUwMHLYhr5mS7hc7/Ni4I
XCgWC3RyjNoJV9dvf8o6/JVnM8p+sQJUO5EawgbcID/L7YdJMoFKQtl/5JBuMOSe
SjXS5cOD6JraOO/IU6NfO+RqOpVXpme8hRFSt5jDhd7Yc2VW0l59iK0N6jkjYltl
WoA2xlI8chmqniFQRYVaT6NL1ePe8nW4dXx8B2Vpn+ekg8QIjoK/cWl9eJm32LGe
+REcAYZStHG9GUALo5ONx8gHKg1Xls9Dr1fSrqpxJ6XZG98Dj4R9Eurh2OYHFh/a
ldyCFBXa8nsrJ7cZFDf3ALnClEIZP5sJF3jf2icJQNXH
-----END CERTIFICATE-----