Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/wuPRywJiir-VnjJ-3P_SqfYZsj4.roa
File:                     wuPRywJiir-VnjJ-3P_SqfYZsj4.roa (raw, json)
Hash identifier:          wEBZO7IpMbJF3aPQILWxE8U38LbV8YW6FYDy01vD/f8=
Subject key identifier:   C2:E3:D1:CB:02:62:8A:BF:95:9E:32:7E:DC:FF:D2:A9:F6:19:B2:3E
Certificate issuer:       /CN=6c8fd1a8ae5996c1e5692c1a8c42bfe9c3ba5745
Certificate serial:       018CCA2B529C663EA270BA11F970821CBE8D
Authority key identifier: 6C:8F:D1:A8:AE:59:96:C1:E5:69:2C:1A:8C:42:BF:E9:C3:BA:57:45
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/wuPRywJiir-VnjJ-3P_SqfYZsj4.roa
Signing time:             Tue 02 Jan 2024 12:34:46 +0000
ROA not before:           Tue 02 Jan 2024 12:34:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43350
IP address blocks:        185.142.141.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:52:9c:66:3e:a2:70:ba:11:f9:70:82:1c:be:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6c8fd1a8ae5996c1e5692c1a8c42bfe9c3ba5745
        Validity
            Not Before: Jan  2 12:34:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c2e3d1cb02628abf959e327edcffd2a9f619b23e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:44:b7:05:22:3c:be:88:87:a8:98:45:68:98:
                    22:67:52:5d:0c:bd:0f:25:b8:0a:0b:ba:ea:22:db:
                    fd:09:57:d6:6a:e9:40:d8:ef:18:f0:bb:9c:36:ba:
                    51:bf:ed:de:88:d5:ad:34:47:b7:89:96:a3:93:02:
                    f2:41:da:7d:83:00:49:07:35:e2:65:8d:8b:f4:bd:
                    bd:9b:8f:bd:88:a3:55:c7:fa:9d:87:30:b3:6a:0a:
                    39:d0:78:78:02:2a:cc:30:9b:4d:c3:31:63:10:08:
                    89:37:9d:63:f3:cc:3f:da:19:8d:3d:a0:8f:d0:e1:
                    d3:7c:8b:e5:5a:7d:e1:6b:5f:87:94:f3:78:fe:20:
                    b3:f1:c1:16:cb:e6:66:ab:fa:0f:16:f0:a2:55:28:
                    38:a0:70:dd:8b:10:ed:83:c3:f9:27:f0:ec:c9:56:
                    63:6d:e5:85:48:69:4b:f0:db:1f:72:65:36:9f:d3:
                    23:9c:98:b5:b6:75:60:15:9f:2d:ca:d4:d7:f9:1d:
                    41:d8:70:cf:62:5f:0e:17:61:b7:59:87:6f:c4:5f:
                    a6:d8:fb:3e:c4:d4:46:a7:86:cd:ba:cc:84:ef:6b:
                    fa:4b:10:1c:7e:c4:10:a1:8a:5e:5e:4e:35:2b:55:
                    6d:d2:c5:21:de:77:e2:02:6d:a5:3c:c5:6d:56:32:
                    17:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C2:E3:D1:CB:02:62:8A:BF:95:9E:32:7E:DC:FF:D2:A9:F6:19:B2:3E
            X509v3 Authority Key Identifier:
                keyid:6C:8F:D1:A8:AE:59:96:C1:E5:69:2C:1A:8C:42:BF:E9:C3:BA:57:45

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/wuPRywJiir-VnjJ-3P_SqfYZsj4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.142.141.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9a:ad:e0:82:6c:98:a8:1d:8b:f8:7a:80:69:11:3c:87:19:e2:
         27:e3:aa:f1:69:67:76:05:e8:83:7f:b1:60:2e:09:5c:56:db:
         ce:16:a7:a3:ed:60:ea:65:56:f2:a3:70:b8:b7:92:aa:ca:d2:
         cf:94:9b:33:3d:37:d1:0b:4d:85:87:56:b6:7c:66:85:2c:96:
         84:f4:36:ba:60:07:da:aa:5a:30:97:1e:f9:4d:d8:e4:1d:a0:
         58:94:2c:45:95:a3:e3:5e:4e:91:11:ef:6d:92:f0:7e:74:71:
         fc:e2:da:ee:13:1d:14:6c:27:9e:2b:42:ba:0e:d7:eb:7d:53:
         07:68:98:36:52:a5:28:63:89:9a:83:ef:8f:12:87:2b:0f:6b:
         79:f8:64:c3:90:75:0a:8f:87:f4:e2:61:28:23:e3:03:ac:bb:
         93:19:f0:06:fa:58:20:6c:a1:ce:98:7f:d6:3c:19:ab:b1:50:
         72:c8:3e:27:29:42:6e:f9:3c:55:fd:aa:42:f6:2a:ed:25:51:
         dc:90:5e:cd:d3:92:b4:76:e2:de:ac:25:33:f7:de:a9:8a:1c:
         4f:1e:fb:c7:93:dc:5b:b6:8a:01:7f:7c:1a:b6:c4:17:ef:71:
         a7:2d:dc:4e:e7:aa:11:27:1b:06:6f:38:8a:f0:26:8b:b5:22:
         bf:82:e9:40
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKK1KcZj6icLoR+XCCHL6NMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjOGZkMWE4YWU1OTk2YzFlNTY5MmMxYThjNDJiZmU5YzNi
YTU3NDUwHhcNMjQwMTAyMTIzNDQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMmUzZDFjYjAyNjI4YWJmOTU5ZTMyN2VkY2ZmZDJhOWY2MTliMjNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnES3BSI8voiHqJhFaJgiZ1JdDL0P
JbgKC7rqItv9CVfWaulA2O8Y8LucNrpRv+3eiNWtNEe3iZajkwLyQdp9gwBJBzXi
ZY2L9L29m4+9iKNVx/qdhzCzago50Hh4AirMMJtNwzFjEAiJN51j88w/2hmNPaCP
0OHTfIvlWn3ha1+HlPN4/iCz8cEWy+Zmq/oPFvCiVSg4oHDdixDtg8P5J/DsyVZj
beWFSGlL8NsfcmU2n9MjnJi1tnVgFZ8tytTX+R1B2HDPYl8OF2G3WYdvxF+m2Ps+
xNRGp4bNusyE72v6SxAcfsQQoYpeXk41K1Vt0sUh3nfiAm2lPMVtVjIXhQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMLj0csCYoq/lZ4yftz/0qn2GbI+MB8GA1UdIwQY
MBaAFGyP0aiuWZbB5WksGoxCv+nDuldFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYklfUnFLNVpsc0hsYVN3YWpFS182Y082VjBVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC80OTI1OTAtYTAyZi00NDNlLWFhYTMt
ZmVhYzI2ZWFlY2MyLzEvd3VQUnl3Smlpci1WbmpKLTNQX1NxZllac2o0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC80OTI1OTAtYTAyZi00NDNlLWFhYTMtZmVhYzI2ZWFlY2My
LzEvYklfUnFLNVpsc0hsYVN3YWpFS182Y082VjBVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuY6NMA0G
CSqGSIb3DQEBCwUAA4IBAQCareCCbJioHYv4eoBpETyHGeIn46rxaWd2BeiDf7Fg
LglcVtvOFqej7WDqZVbyo3C4t5KqytLPlJszPTfRC02Fh1a2fGaFLJaE9Da6YAfa
qlowlx75TdjkHaBYlCxFlaPjXk6REe9tkvB+dHH84truEx0UbCeeK0K6DtfrfVMH
aJg2UqUoY4mag++PEocrD2t5+GTDkHUKj4f04mEoI+MDrLuTGfAG+lggbKHOmH/W
PBmrsVByyD4nKUJu+TxV/apC9irtJVHckF7N05K0duLerCUz996pihxPHvvHk9xb
tooBf3watsQX73GnLdxO56oRJxsGbziK8CaLtSK/gulA
-----END CERTIFICATE-----