Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f9/e11224-61c7-4786-86e9-238fee692430/1/W9JU_UZ8Xbu6KerjGGJkpjA7I-8.roa
File:                     W9JU_UZ8Xbu6KerjGGJkpjA7I-8.roa (raw, json)
Hash identifier:          uBYrnZx1bKn2oAJbJPUJGLjC291Jv2l8CSBzawJoqcY=
Subject key identifier:   5B:D2:54:FD:46:7C:5D:BB:BA:29:EA:E3:18:62:64:A6:30:3B:23:EF
Certificate issuer:       /CN=0e2e4fd219f5b77ce80cdfaf9e3a6441dec50042
Certificate serial:       018DB626F16DA5F68FE16F55D9DB64BC8B0E
Authority key identifier: 0E:2E:4F:D2:19:F5:B7:7C:E8:0C:DF:AF:9E:3A:64:41:DE:C5:00:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Di5P0hn1t3zoDN-vnjpkQd7FAEI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f9/e11224-61c7-4786-86e9-238fee692430/1/W9JU_UZ8Xbu6KerjGGJkpjA7I-8.roa
Signing time:             Sat 17 Feb 2024 08:20:21 +0000
ROA not before:           Sat 17 Feb 2024 08:20:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     396982
IP address blocks:        193.227.246.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f9/e11224-61c7-4786-86e9-238fee692430/1/Di5P0hn1t3zoDN-vnjpkQd7FAEI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f9/e11224-61c7-4786-86e9-238fee692430/1/Di5P0hn1t3zoDN-vnjpkQd7FAEI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Di5P0hn1t3zoDN-vnjpkQd7FAEI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 01:03:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:b6:26:f1:6d:a5:f6:8f:e1:6f:55:d9:db:64:bc:8b:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0e2e4fd219f5b77ce80cdfaf9e3a6441dec50042
        Validity
            Not Before: Feb 17 08:20:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5bd254fd467c5dbbba29eae3186264a6303b23ef
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:15:dc:7b:c9:32:e3:d7:b6:c2:16:aa:cd:dc:
                    98:52:04:38:84:5a:5a:29:5a:c7:7d:60:d6:42:68:
                    26:b7:ff:00:98:74:7d:f2:fd:49:93:f6:20:5f:d0:
                    55:99:94:79:9a:c0:35:e0:cb:a0:31:07:8e:ee:f6:
                    50:15:ba:ab:fc:27:5f:2d:94:cb:c1:8c:6e:00:3a:
                    2d:6d:90:c0:3f:3a:c7:7d:e1:2e:29:fc:bf:ff:98:
                    6c:ab:d6:cc:cf:6e:ad:98:0c:fb:5e:1e:e5:d4:bc:
                    ab:d6:27:fa:b4:e7:7b:68:bf:9f:c0:c1:92:ef:67:
                    2c:1e:a6:ab:73:ff:d9:4a:ba:d1:b2:74:7b:79:84:
                    31:7a:7e:19:d3:dc:0f:32:86:de:da:dd:59:ea:7c:
                    5e:d9:f1:3a:58:d2:68:b6:f7:d3:2a:c7:45:b4:e0:
                    a3:2d:7a:72:09:8f:16:da:29:d8:86:13:db:58:2c:
                    c6:76:c5:b8:08:4a:f7:58:b8:30:a2:12:c9:af:a9:
                    d8:eb:b8:1e:25:75:9c:9e:0b:c6:a6:f9:7d:97:0b:
                    d7:bf:7c:f7:39:9d:37:e7:00:57:da:b6:86:ba:00:
                    c4:72:25:7b:5f:0a:00:ee:7c:43:a1:17:97:d8:38:
                    8c:ed:89:a3:2c:e4:cb:4a:62:f1:c5:d6:84:d3:3b:
                    b1:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:D2:54:FD:46:7C:5D:BB:BA:29:EA:E3:18:62:64:A6:30:3B:23:EF
            X509v3 Authority Key Identifier:
                keyid:0E:2E:4F:D2:19:F5:B7:7C:E8:0C:DF:AF:9E:3A:64:41:DE:C5:00:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Di5P0hn1t3zoDN-vnjpkQd7FAEI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/e11224-61c7-4786-86e9-238fee692430/1/W9JU_UZ8Xbu6KerjGGJkpjA7I-8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/e11224-61c7-4786-86e9-238fee692430/1/Di5P0hn1t3zoDN-vnjpkQd7FAEI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.227.246.0/23

    Signature Algorithm: sha256WithRSAEncryption
         4e:f8:20:73:8a:0a:44:51:46:aa:a4:13:7a:92:0d:5b:4a:05:
         7e:87:fd:78:2c:43:78:24:44:da:c2:fc:4d:54:a4:99:b3:b1:
         63:bf:2d:6a:64:16:18:3d:33:07:c9:28:b9:b0:ba:a3:97:84:
         01:fa:82:04:7e:a1:08:5e:94:21:da:4a:90:b1:6b:5b:b7:4c:
         be:fe:40:08:8a:2b:9a:ea:38:ad:df:aa:22:34:15:38:c1:70:
         e4:07:7c:06:cb:d2:49:b8:53:cf:74:55:1d:cb:cc:fa:95:ae:
         6b:a1:f4:09:4b:e4:04:74:08:ec:16:6a:78:8d:4e:f4:f3:1d:
         54:8b:c6:19:30:97:da:f0:7a:fb:11:90:44:c5:66:b2:6e:15:
         53:99:69:04:ec:ab:8b:5e:78:a9:1e:38:ae:42:9a:e3:5f:e2:
         0a:9e:07:59:be:3b:c1:7f:f3:e0:a4:bc:d2:24:a4:1e:fc:92:
         b9:ab:ca:1b:16:03:30:76:b7:57:ec:33:48:3d:77:f4:96:84:
         fd:f5:c9:35:3a:1a:ad:0c:85:b6:a6:1f:58:f5:5f:1b:4e:04:
         9e:86:ac:f7:58:c5:b8:12:8b:ad:b1:75:25:fe:bf:66:91:aa:
         49:b0:48:e7:22:fd:49:8c:f6:b3:9f:dc:d2:01:e6:04:ae:4e:
         41:e6:67:16
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY22JvFtpfaP4W9V2dtkvIsOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBlMmU0ZmQyMTlmNWI3N2NlODBjZGZhZjllM2E2NDQxZGVj
NTAwNDIwHhcNMjQwMjE3MDgyMDIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YmQyNTRmZDQ2N2M1ZGJiYmEyOWVhZTMxODYyNjRhNjMwM2IyM2VmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqRXce8ky49e2whaqzdyYUgQ4hFpa
KVrHfWDWQmgmt/8AmHR98v1Jk/YgX9BVmZR5msA14MugMQeO7vZQFbqr/CdfLZTL
wYxuADotbZDAPzrHfeEuKfy//5hsq9bMz26tmAz7Xh7l1Lyr1if6tOd7aL+fwMGS
72csHqarc//ZSrrRsnR7eYQxen4Z09wPMobe2t1Z6nxe2fE6WNJotvfTKsdFtOCj
LXpyCY8W2inYhhPbWCzGdsW4CEr3WLgwohLJr6nY67geJXWcngvGpvl9lwvXv3z3
OZ035wBX2raGugDEciV7XwoA7nxDoReX2DiM7YmjLOTLSmLxxdaE0zuxHwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFvSVP1GfF27uinq4xhiZKYwOyPvMB8GA1UdIwQY
MBaAFA4uT9IZ9bd86Azfr546ZEHexQBCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRGk1UDBobjF0M3pvRE4tdm5qcGtRZDdGQUVJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOS9lMTEyMjQtNjFjNy00Nzg2LTg2ZTkt
MjM4ZmVlNjkyNDMwLzEvVzlKVV9VWjhYYnU2S2VyakdHSmtwakE3SS04LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOS9lMTEyMjQtNjFjNy00Nzg2LTg2ZTktMjM4ZmVlNjkyNDMw
LzEvRGk1UDBobjF0M3pvRE4tdm5qcGtRZDdGQUVJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBweP2MA0G
CSqGSIb3DQEBCwUAA4IBAQBO+CBzigpEUUaqpBN6kg1bSgV+h/14LEN4JETawvxN
VKSZs7Fjvy1qZBYYPTMHySi5sLqjl4QB+oIEfqEIXpQh2kqQsWtbt0y+/kAIiiua
6jit36oiNBU4wXDkB3wGy9JJuFPPdFUdy8z6la5rofQJS+QEdAjsFmp4jU708x1U
i8YZMJfa8Hr7EZBExWaybhVTmWkE7KuLXnipHjiuQprjX+IKngdZvjvBf/PgpLzS
JKQe/JK5q8obFgMwdrdX7DNIPXf0loT99ck1OhqtDIW2ph9Y9V8bTgSehqz3WMW4
EoutsXUl/r9mkapJsEjnIv1JjPazn9zSAeYErk5B5mcW
-----END CERTIFICATE-----