Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/WFG1VInjmVkAlkcSJ7KCNOfU0ss.roa
File:                     WFG1VInjmVkAlkcSJ7KCNOfU0ss.roa (raw, json)
Hash identifier:          uLKeEaE+XM8IzCU94I+2S1E2W9TA4aHII9nM28X9xKM=
Subject key identifier:   58:51:B5:54:89:E3:99:59:00:96:47:12:27:B2:82:34:E7:D4:D2:CB
Certificate issuer:       /CN=3e6097698686e1555f51f6c883bc5a58549b2362
Certificate serial:       018CC500C0C028280E50AE9B9F009CF38A17
Authority key identifier: 3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/WFG1VInjmVkAlkcSJ7KCNOfU0ss.roa
Signing time:             Mon 01 Jan 2024 12:30:10 +0000
ROA not before:           Mon 01 Jan 2024 12:30:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199163
IP address blocks:        185.121.68.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 31 May 2024 12:01:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:c0:c0:28:28:0e:50:ae:9b:9f:00:9c:f3:8a:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3e6097698686e1555f51f6c883bc5a58549b2362
        Validity
            Not Before: Jan  1 12:30:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5851b55489e399590096471227b28234e7d4d2cb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:8d:43:ee:53:76:ab:24:1c:4c:03:cc:6d:8b:
                    6c:71:35:17:d1:cb:82:b4:91:b6:b0:36:38:9f:66:
                    87:3f:48:cc:67:09:d3:54:2f:a8:fc:ef:a2:a3:73:
                    4b:e7:12:fc:6b:8b:d1:a8:ea:a8:3c:23:bf:93:7b:
                    77:7c:7e:ea:93:26:b0:5d:27:79:4f:b3:61:6b:a4:
                    29:65:75:87:a1:45:66:e7:21:f3:83:d3:c9:c4:43:
                    9b:50:c7:02:bd:ea:99:c7:7a:73:ab:ff:63:8c:49:
                    ec:0d:d0:05:b7:60:07:3f:41:f2:ce:d8:a3:38:7c:
                    9b:81:bb:34:4b:e9:a7:ea:0a:39:83:8c:5e:bc:70:
                    78:c4:b4:35:13:f6:4e:b5:5f:35:3f:6b:d3:50:43:
                    12:03:25:13:d6:d7:ce:1d:53:d8:d6:86:1d:51:5a:
                    2e:15:f1:0a:13:48:ed:95:63:af:94:00:a0:0e:36:
                    34:2b:41:89:d8:52:a9:18:af:69:22:c6:73:00:2d:
                    23:df:c6:98:a5:a7:93:7c:e7:e8:ff:08:38:18:c8:
                    f9:90:2d:0f:4c:92:c4:ac:20:a5:e7:f6:89:d9:41:
                    8d:46:74:e3:69:e8:c8:3f:7a:00:39:c9:26:af:1f:
                    82:22:9b:9b:a8:6e:5f:3a:29:3e:f0:01:6c:e5:09:
                    d1:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:51:B5:54:89:E3:99:59:00:96:47:12:27:B2:82:34:E7:D4:D2:CB
            X509v3 Authority Key Identifier:
                keyid:3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/WFG1VInjmVkAlkcSJ7KCNOfU0ss.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.121.68.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7e:da:b7:87:ab:29:68:5e:e0:69:f7:67:dc:d6:ca:92:2e:b2:
         28:b3:d6:c9:67:d9:17:3f:86:3f:b2:43:58:85:9f:02:b4:71:
         80:2a:cc:a5:84:f6:d9:3d:75:94:e7:ed:dd:68:7e:a0:76:1c:
         d0:d3:06:48:f1:51:6c:c2:c0:ff:9b:45:71:dd:38:21:46:3d:
         11:16:8f:af:2a:d8:5c:5f:f0:b0:7e:44:f6:b2:b5:dc:d5:4f:
         6b:94:90:1a:42:50:61:86:df:12:8e:ef:6d:f7:8e:9f:be:99:
         51:e5:f2:e8:5f:21:3f:e3:97:26:e8:84:d6:da:3b:0a:d7:57:
         c9:35:92:32:9c:14:40:3f:b0:53:d3:73:d7:19:f3:7c:c2:23:
         5d:33:1f:a2:d0:08:86:fa:5b:e3:fb:16:fd:98:97:ee:a1:12:
         a6:6e:89:22:20:a5:19:8d:86:db:b2:c5:94:0f:c1:12:c6:d5:
         8e:6b:cd:2d:19:40:4c:f9:e4:5b:d1:3e:3a:8d:f7:fd:b2:a0:
         0c:da:6e:3d:1c:15:04:a3:c0:01:23:bf:63:33:45:9b:a8:bf:
         94:b5:9b:29:35:c1:ae:7b:61:02:b1:b8:e5:88:e9:4a:ca:b0:
         55:b5:24:eb:f7:db:7a:a6:41:26:32:cf:6f:8f:70:a1:f0:20:
         25:ac:cb:b0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAMDAKCgOUK6bnwCc84oXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlNjA5NzY5ODY4NmUxNTU1ZjUxZjZjODgzYmM1YTU4NTQ5
YjIzNjIwHhcNMjQwMTAxMTIzMDEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ODUxYjU1NDg5ZTM5OTU5MDA5NjQ3MTIyN2IyODIzNGU3ZDRkMmNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlI1D7lN2qyQcTAPMbYtscTUX0cuC
tJG2sDY4n2aHP0jMZwnTVC+o/O+io3NL5xL8a4vRqOqoPCO/k3t3fH7qkyawXSd5
T7Nha6QpZXWHoUVm5yHzg9PJxEObUMcCveqZx3pzq/9jjEnsDdAFt2AHP0Hyztij
OHybgbs0S+mn6go5g4xevHB4xLQ1E/ZOtV81P2vTUEMSAyUT1tfOHVPY1oYdUVou
FfEKE0jtlWOvlACgDjY0K0GJ2FKpGK9pIsZzAC0j38aYpaeTfOfo/wg4GMj5kC0P
TJLErCCl5/aJ2UGNRnTjaejIP3oAOckmrx+CIpubqG5fOik+8AFs5QnRCwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFhRtVSJ45lZAJZHEieygjTn1NLLMB8GA1UdIwQY
MBaAFD5gl2mGhuFVX1H2yIO8WlhUmyNiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGIt
ZTFiZDg4ZDNmZDA3LzEvV0ZHMVZJbmptVmtBbGtjU0o3S0NOT2ZVMHNzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGItZTFiZDg4ZDNmZDA3
LzEvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuXlEMA0G
CSqGSIb3DQEBCwUAA4IBAQB+2reHqyloXuBp92fc1sqSLrIos9bJZ9kXP4Y/skNY
hZ8CtHGAKsylhPbZPXWU5+3daH6gdhzQ0wZI8VFswsD/m0Vx3TghRj0RFo+vKthc
X/CwfkT2srXc1U9rlJAaQlBhht8Sju9t946fvplR5fLoXyE/45cm6ITW2jsK11fJ
NZIynBRAP7BT03PXGfN8wiNdMx+i0AiG+lvj+xb9mJfuoRKmbokiIKUZjYbbssWU
D8ESxtWOa80tGUBM+eRb0T46jff9sqAM2m49HBUEo8ABI79jM0WbqL+UtZspNcGu
e2ECsbjliOlKyrBVtSTr99t6pkEmMs9vj3Ch8CAlrMuw
-----END CERTIFICATE-----