Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/cc48f4-0d93-4b69-8a4f-8724ed5e903a/1/5-wbndOrhl430E9H1HOVQr15334.roa
File:                     5-wbndOrhl430E9H1HOVQr15334.roa (raw, json)
Hash identifier:          sT6O34+SFpUkSldiQ24MYwszFUBIB/cuKoI9DN9NR10=
Subject key identifier:   E7:EC:1B:9D:D3:AB:86:5E:37:D0:4F:47:D4:73:95:42:BD:79:DF:7E
Certificate issuer:       /CN=f3e36222ccbc6c7221360540bab3a9dba9f237a0
Certificate serial:       018CC5DBFD0E1EF8ECDFA459D60F73960EF4
Authority key identifier: F3:E3:62:22:CC:BC:6C:72:21:36:05:40:BA:B3:A9:DB:A9:F2:37:A0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8-NiIsy8bHIhNgVAurOp26nyN6A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/15/cc48f4-0d93-4b69-8a4f-8724ed5e903a/1/5-wbndOrhl430E9H1HOVQr15334.roa
Signing time:             Mon 01 Jan 2024 16:29:37 +0000
ROA not before:           Mon 01 Jan 2024 16:29:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     21396
IP address blocks:        193.223.78.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/15/cc48f4-0d93-4b69-8a4f-8724ed5e903a/1/8-NiIsy8bHIhNgVAurOp26nyN6A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/15/cc48f4-0d93-4b69-8a4f-8724ed5e903a/1/8-NiIsy8bHIhNgVAurOp26nyN6A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8-NiIsy8bHIhNgVAurOp26nyN6A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 16 May 2024 23:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:db:fd:0e:1e:f8:ec:df:a4:59:d6:0f:73:96:0e:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f3e36222ccbc6c7221360540bab3a9dba9f237a0
        Validity
            Not Before: Jan  1 16:29:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e7ec1b9dd3ab865e37d04f47d4739542bd79df7e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:fb:b7:dd:32:0e:c6:76:7b:b3:3b:56:39:4e:
                    52:5a:94:93:cb:53:65:08:f0:0e:bd:34:f5:18:d4:
                    62:7f:4c:c9:0b:62:d2:a7:b4:d2:c6:55:50:fc:c0:
                    27:a8:46:c9:de:3c:e8:71:af:9d:d2:66:ce:be:80:
                    fd:66:bf:bb:9f:a6:8d:4f:7e:f1:b8:d4:c4:76:1a:
                    84:e5:25:89:80:6a:36:ff:59:b2:65:48:8b:d3:03:
                    46:c0:62:cb:18:c1:33:df:ae:8d:8d:5c:e0:e3:7f:
                    9e:62:8b:c1:87:e9:9e:c0:e4:98:6d:13:83:5f:14:
                    a5:a7:86:ae:c3:c6:30:6a:13:c8:d8:e8:ea:47:40:
                    9c:fd:b2:15:3e:c2:5b:76:07:d0:e8:36:91:6f:7b:
                    fa:74:b8:02:c2:fb:4b:35:63:18:b8:07:4d:fc:b0:
                    4e:9e:03:98:0d:17:da:de:25:c4:5d:4b:ee:8e:11:
                    84:95:44:12:bd:fb:a2:33:af:f3:fa:eb:ac:3b:72:
                    30:2d:26:09:a9:87:33:15:66:84:e3:77:0d:fe:7f:
                    48:c5:93:9a:2c:c8:9c:c3:06:a5:03:4d:59:f5:28:
                    33:b1:87:40:b3:58:1a:a6:cc:c3:41:d3:05:d5:a6:
                    5c:2f:7e:4d:b8:07:ec:f2:49:c3:f4:d3:74:69:eb:
                    e4:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:EC:1B:9D:D3:AB:86:5E:37:D0:4F:47:D4:73:95:42:BD:79:DF:7E
            X509v3 Authority Key Identifier:
                keyid:F3:E3:62:22:CC:BC:6C:72:21:36:05:40:BA:B3:A9:DB:A9:F2:37:A0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8-NiIsy8bHIhNgVAurOp26nyN6A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/cc48f4-0d93-4b69-8a4f-8724ed5e903a/1/5-wbndOrhl430E9H1HOVQr15334.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/15/cc48f4-0d93-4b69-8a4f-8724ed5e903a/1/8-NiIsy8bHIhNgVAurOp26nyN6A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.223.78.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6f:76:8b:3d:64:d6:f7:c1:fd:ec:ef:d4:a5:dd:21:55:f5:6c:
         13:d9:d0:dc:44:a5:8c:2f:02:a1:5c:f1:99:a5:7f:2e:ba:4f:
         0b:f7:a2:f7:f0:9a:e4:31:48:a4:8b:41:0f:8d:1c:42:aa:95:
         37:c6:b6:8d:67:7d:19:ca:03:3f:40:6b:b7:9a:25:2f:0b:fd:
         16:4b:40:67:54:79:6a:39:c1:fc:74:3e:b9:6d:e7:3a:77:17:
         e2:06:0d:b9:5e:89:07:6e:96:0c:bb:b8:79:cb:e2:b4:4e:f9:
         1a:0a:e8:46:ac:02:e6:99:3f:4c:04:02:b6:9f:e3:6f:c1:66:
         9b:3d:46:ad:96:00:96:d6:da:d8:31:28:46:bf:d4:ac:d9:f6:
         df:92:09:a8:78:0e:36:89:7b:14:89:4c:38:7d:8d:65:a3:05:
         78:43:1a:8c:48:32:63:69:26:f1:4c:92:84:10:8d:df:07:e9:
         48:a3:b8:9d:6b:ad:0b:42:59:c9:87:5a:7e:0a:64:2f:f7:19:
         52:9b:b8:6d:74:00:a5:8d:04:51:42:78:42:62:a4:28:21:e7:
         76:1a:eb:a3:86:a2:62:1f:5d:33:48:d4:68:63:01:93:9d:98:
         8a:d2:44:b3:24:16:87:f3:fb:83:59:a8:e6:a4:19:a8:66:cf:
         56:80:3e:e3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF2/0OHvjs36RZ1g9zlg70MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYzZTM2MjIyY2NiYzZjNzIyMTM2MDU0MGJhYjNhOWRiYTlm
MjM3YTAwHhcNMjQwMTAxMTYyOTM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlN2VjMWI5ZGQzYWI4NjVlMzdkMDRmNDdkNDczOTU0MmJkNzlkZjdlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnPu33TIOxnZ7sztWOU5SWpSTy1Nl
CPAOvTT1GNRif0zJC2LSp7TSxlVQ/MAnqEbJ3jzoca+d0mbOvoD9Zr+7n6aNT37x
uNTEdhqE5SWJgGo2/1myZUiL0wNGwGLLGMEz366NjVzg43+eYovBh+mewOSYbROD
XxSlp4auw8YwahPI2OjqR0Cc/bIVPsJbdgfQ6DaRb3v6dLgCwvtLNWMYuAdN/LBO
ngOYDRfa3iXEXUvujhGElUQSvfuiM6/z+uusO3IwLSYJqYczFWaE43cN/n9IxZOa
LMicwwalA01Z9SgzsYdAs1gapszDQdMF1aZcL35NuAfs8knD9NN0aevkWwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOfsG53Tq4ZeN9BPR9RzlUK9ed9+MB8GA1UdIwQY
MBaAFPPjYiLMvGxyITYFQLqzqdup8jegMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOC1OaUlzeThiSEloTmdWQXVyT3AyNm55TjZBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNS9jYzQ4ZjQtMGQ5My00YjY5LThhNGYt
ODcyNGVkNWU5MDNhLzEvNS13Ym5kT3JobDQzMEU5SDFIT1ZRcjE1MzM0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNS9jYzQ4ZjQtMGQ5My00YjY5LThhNGYtODcyNGVkNWU5MDNh
LzEvOC1OaUlzeThiSEloTmdWQXVyT3AyNm55TjZBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwd9OMA0G
CSqGSIb3DQEBCwUAA4IBAQBvdos9ZNb3wf3s79Sl3SFV9WwT2dDcRKWMLwKhXPGZ
pX8uuk8L96L38JrkMUiki0EPjRxCqpU3xraNZ30ZygM/QGu3miUvC/0WS0BnVHlq
OcH8dD65bec6dxfiBg25XokHbpYMu7h5y+K0TvkaCuhGrALmmT9MBAK2n+NvwWab
PUatlgCW1trYMShGv9Ss2fbfkgmoeA42iXsUiUw4fY1lowV4QxqMSDJjaSbxTJKE
EI3fB+lIo7ida60LQlnJh1p+CmQv9xlSm7htdACljQRRQnhCYqQoIed2GuujhqJi
H10zSNRoYwGTnZiK0kSzJBaH8/uDWajmpBmoZs9WgD7j
-----END CERTIFICATE-----