Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/834f9d-55b7-455b-96bb-9cccb7ef3b5b/1/wg-Ul1UR8R7bI-MxyDlLRWMqr3w.roa
File:                     wg-Ul1UR8R7bI-MxyDlLRWMqr3w.roa (raw, json)
Hash identifier:          1oEKbEFyFuN/StxX8Ozt++Fsq7bcVUkK4UadzSZ6Krg=
Subject key identifier:   C2:0F:94:97:55:11:F1:1E:DB:23:E3:31:C8:39:4B:45:63:2A:AF:7C
Certificate issuer:       /CN=dbc2ff6a461050d48f3fdb0b51387154b5d6cd0e
Certificate serial:       018CC9BBF2D7A2BF576B674ED7D0C86E9395
Authority key identifier: DB:C2:FF:6A:46:10:50:D4:8F:3F:DB:0B:51:38:71:54:B5:D6:CD:0E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/28L_akYQUNSPP9sLUThxVLXWzQ4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/eb/834f9d-55b7-455b-96bb-9cccb7ef3b5b/1/wg-Ul1UR8R7bI-MxyDlLRWMqr3w.roa
Signing time:             Tue 02 Jan 2024 10:33:06 +0000
ROA not before:           Tue 02 Jan 2024 10:33:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15576
IP address blocks:        193.43.183.0/24 maxlen: 24
                          2001:67c:66c::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/eb/834f9d-55b7-455b-96bb-9cccb7ef3b5b/1/28L_akYQUNSPP9sLUThxVLXWzQ4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/eb/834f9d-55b7-455b-96bb-9cccb7ef3b5b/1/28L_akYQUNSPP9sLUThxVLXWzQ4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/28L_akYQUNSPP9sLUThxVLXWzQ4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Jun 2024 15:27:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bb:f2:d7:a2:bf:57:6b:67:4e:d7:d0:c8:6e:93:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dbc2ff6a461050d48f3fdb0b51387154b5d6cd0e
        Validity
            Not Before: Jan  2 10:33:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c20f94975511f11edb23e331c8394b45632aaf7c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:dd:92:f6:0f:ac:22:9e:e1:a8:91:38:c5:c4:
                    5b:c7:9d:4a:7c:2d:14:e8:41:d4:61:eb:1f:d8:0e:
                    3d:8a:63:81:cb:31:ab:78:29:8f:d6:94:09:1c:2f:
                    6e:a7:b3:8c:50:6c:47:f2:8b:f4:be:4f:8b:38:de:
                    91:7e:b3:fe:c7:87:a9:34:d3:82:6d:85:4a:a0:7e:
                    61:6e:dd:ca:fc:64:86:62:52:eb:f5:66:f3:70:54:
                    87:d4:e5:bd:6d:f6:62:11:17:0d:62:c9:f6:e9:13:
                    74:82:f2:b5:76:29:39:73:14:7e:9f:cf:56:71:83:
                    11:ef:94:a2:e4:92:24:bd:8d:99:91:73:2a:a8:ac:
                    4f:68:e3:8d:50:87:65:df:de:3c:e2:f0:42:89:01:
                    d8:66:c7:7b:ad:52:9e:8a:e2:b8:fa:55:6c:5a:8d:
                    d5:fa:69:bb:01:3e:06:2c:c5:06:b6:26:0e:be:14:
                    20:0a:60:00:54:5a:da:b5:95:7e:96:50:e5:0b:06:
                    73:ce:34:e9:0c:c2:2c:84:67:c6:67:5f:eb:40:4f:
                    9f:40:5d:ee:88:3b:d8:2a:4b:ff:b6:fe:92:b8:6f:
                    be:08:c4:5f:17:13:7b:2b:04:01:49:66:32:aa:87:
                    e5:0c:92:92:39:c8:77:4c:de:b9:0c:9d:34:b8:0e:
                    2a:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C2:0F:94:97:55:11:F1:1E:DB:23:E3:31:C8:39:4B:45:63:2A:AF:7C
            X509v3 Authority Key Identifier:
                keyid:DB:C2:FF:6A:46:10:50:D4:8F:3F:DB:0B:51:38:71:54:B5:D6:CD:0E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/28L_akYQUNSPP9sLUThxVLXWzQ4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/834f9d-55b7-455b-96bb-9cccb7ef3b5b/1/wg-Ul1UR8R7bI-MxyDlLRWMqr3w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/834f9d-55b7-455b-96bb-9cccb7ef3b5b/1/28L_akYQUNSPP9sLUThxVLXWzQ4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.43.183.0/24
                IPv6:
                  2001:67c:66c::/48

    Signature Algorithm: sha256WithRSAEncryption
         46:fd:5c:a1:0c:af:37:74:4b:21:b9:51:62:9b:6f:b8:c5:79:
         42:6b:18:8f:76:15:4d:67:94:77:97:b2:d5:d0:3a:ca:69:e4:
         d5:4f:c0:8f:b9:8a:d5:05:59:58:0d:2c:04:68:58:d4:7f:77:
         8f:15:76:1f:d0:8d:89:90:87:c3:17:3b:1f:af:2d:b3:81:43:
         51:0b:0f:a3:e7:09:29:e0:c1:6c:7e:4d:92:10:40:2c:2e:60:
         e3:be:73:d8:ad:83:01:89:36:72:8c:78:e8:78:7d:3c:1a:8a:
         43:47:79:0d:5d:44:dd:76:74:ab:8f:4a:a6:43:8d:d2:45:f3:
         f7:7b:d1:73:31:db:71:76:f1:95:fe:78:08:b3:05:52:58:30:
         2e:ac:95:77:06:24:f1:1b:56:c5:d5:e1:8b:00:96:e9:87:aa:
         38:53:27:00:4d:5e:24:cc:1f:9b:29:fc:3c:b8:f1:a7:88:a7:
         d1:75:86:ec:2a:70:29:80:2e:b2:a5:b8:9d:12:72:32:1a:4d:
         9f:d4:89:c1:75:ab:df:0b:09:68:0b:72:22:b2:ce:12:ce:fc:
         9a:cb:0e:72:55:da:f8:13:fb:3c:b8:f4:94:a6:32:8e:30:23:
         27:56:27:d1:5c:71:96:34:27:cd:9d:05:78:38:ea:bf:d3:a4:
         26:d5:c0:b4
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzJu/LXor9Xa2dO19DIbpOVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRiYzJmZjZhNDYxMDUwZDQ4ZjNmZGIwYjUxMzg3MTU0YjVk
NmNkMGUwHhcNMjQwMTAyMTAzMzA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMjBmOTQ5NzU1MTFmMTFlZGIyM2UzMzFjODM5NGI0NTYzMmFhZjdjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq92S9g+sIp7hqJE4xcRbx51KfC0U
6EHUYesf2A49imOByzGreCmP1pQJHC9up7OMUGxH8ov0vk+LON6RfrP+x4epNNOC
bYVKoH5hbt3K/GSGYlLr9WbzcFSH1OW9bfZiERcNYsn26RN0gvK1dik5cxR+n89W
cYMR75Si5JIkvY2ZkXMqqKxPaOONUIdl39484vBCiQHYZsd7rVKeiuK4+lVsWo3V
+mm7AT4GLMUGtiYOvhQgCmAAVFratZV+llDlCwZzzjTpDMIshGfGZ1/rQE+fQF3u
iDvYKkv/tv6SuG++CMRfFxN7KwQBSWYyqoflDJKSOch3TN65DJ00uA4qwwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFMIPlJdVEfEe2yPjMcg5S0VjKq98MB8GA1UdIwQY
MBaAFNvC/2pGEFDUjz/bC1E4cVS11s0OMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMjhMX2FrWVFVTlNQUDlzTFVUaHhWTFhXelE0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi84MzRmOWQtNTViNy00NTViLTk2YmIt
OWNjY2I3ZWYzYjViLzEvd2ctVWwxVVI4UjdiSS1NeHlEbExSV01xcjN3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi84MzRmOWQtNTViNy00NTViLTk2YmItOWNjY2I3ZWYzYjVi
LzEvMjhMX2FrWVFVTlNQUDlzTFVUaHhWTFhXelE0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAwSu3MA8E
AgACMAkDBwAgAQZ8BmwwDQYJKoZIhvcNAQELBQADggEBAEb9XKEMrzd0SyG5UWKb
b7jFeUJrGI92FU1nlHeXstXQOspp5NVPwI+5itUFWVgNLARoWNR/d48Vdh/QjYmQ
h8MXOx+vLbOBQ1ELD6PnCSngwWx+TZIQQCwuYOO+c9itgwGJNnKMeOh4fTwaikNH
eQ1dRN12dKuPSqZDjdJF8/d70XMx23F28ZX+eAizBVJYMC6slXcGJPEbVsXV4YsA
lumHqjhTJwBNXiTMH5sp/Dy48aeIp9F1huwqcCmALrKluJ0ScjIaTZ/UicF1q98L
CWgLciKyzhLO/JrLDnJV2vgT+zy49JSmMo4wIydWJ9FccZY0J82dBXg46r/TpCbV
wLQ=
-----END CERTIFICATE-----