Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/649fdc-0d3a-41ec-a1ce-dce947e294b6/1/wlkr4xZ2U4Hv5fyUslILAPrjwbU.roa
File:                     wlkr4xZ2U4Hv5fyUslILAPrjwbU.roa (raw, json)
Hash identifier:          9KI0k0gAowP2Fbrp2FHXBNEODJTaUpDc8LLg/0BtJcQ=
Subject key identifier:   C2:59:2B:E3:16:76:53:81:EF:E5:FC:94:B2:52:0B:00:FA:E3:C1:B5
Certificate issuer:       /CN=f4d08a1e1cbc909254e9e6b9c939fd85a268b1e1
Certificate serial:       018E62287FF1F19934957E2F1353FB623A89
Authority key identifier: F4:D0:8A:1E:1C:BC:90:92:54:E9:E6:B9:C9:39:FD:85:A2:68:B1:E1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9NCKHhy8kJJU6ea5yTn9haJoseE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/649fdc-0d3a-41ec-a1ce-dce947e294b6/1/wlkr4xZ2U4Hv5fyUslILAPrjwbU.roa
Signing time:             Thu 21 Mar 2024 17:56:45 +0000
ROA not before:           Thu 21 Mar 2024 17:56:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     58061
IP address blocks:        78.142.216.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/649fdc-0d3a-41ec-a1ce-dce947e294b6/1/9NCKHhy8kJJU6ea5yTn9haJoseE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/649fdc-0d3a-41ec-a1ce-dce947e294b6/1/9NCKHhy8kJJU6ea5yTn9haJoseE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9NCKHhy8kJJU6ea5yTn9haJoseE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 16:46:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:62:28:7f:f1:f1:99:34:95:7e:2f:13:53:fb:62:3a:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f4d08a1e1cbc909254e9e6b9c939fd85a268b1e1
        Validity
            Not Before: Mar 21 17:56:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c2592be316765381efe5fc94b2520b00fae3c1b5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:af:0f:10:6b:ea:d7:35:a9:98:9a:ac:65:ad:
                    c6:3b:c4:45:28:e3:40:9f:61:e8:4f:43:04:b9:48:
                    13:55:77:78:21:a8:97:d3:f6:e8:a6:76:a0:91:41:
                    bf:2c:51:a5:58:37:e1:be:00:ee:db:61:4f:15:fe:
                    19:81:e3:dc:64:d7:6f:ac:b7:d0:78:67:85:77:ec:
                    99:ea:6a:cd:5b:47:95:5f:84:b9:10:fd:bc:f5:f3:
                    23:b5:52:f4:a4:d3:06:fa:3e:0a:e2:86:ce:1f:cf:
                    9b:95:89:a3:59:0b:ad:b8:27:e9:a8:7f:9f:de:cd:
                    dd:07:dd:54:8b:b7:55:0c:bf:20:eb:6d:8d:07:e2:
                    c2:49:bb:34:2d:7a:30:a6:ea:8c:91:53:0c:02:84:
                    f3:47:67:37:21:c2:05:47:d1:94:93:ea:bb:a2:c5:
                    1b:9b:3e:78:9c:2c:21:59:13:98:bc:47:7a:58:a7:
                    49:c2:44:1d:36:95:c6:0b:66:af:8f:10:db:ef:67:
                    25:98:49:11:da:47:78:3d:92:e4:ca:0c:77:23:d1:
                    32:98:f2:40:c7:d1:2b:9e:b3:e6:4b:30:ae:bd:86:
                    48:66:9c:18:66:65:66:2f:f0:1f:c0:63:08:0d:e9:
                    7f:a2:95:cd:3c:16:f7:81:a0:98:2a:be:88:be:11:
                    cf:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C2:59:2B:E3:16:76:53:81:EF:E5:FC:94:B2:52:0B:00:FA:E3:C1:B5
            X509v3 Authority Key Identifier:
                keyid:F4:D0:8A:1E:1C:BC:90:92:54:E9:E6:B9:C9:39:FD:85:A2:68:B1:E1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9NCKHhy8kJJU6ea5yTn9haJoseE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/649fdc-0d3a-41ec-a1ce-dce947e294b6/1/wlkr4xZ2U4Hv5fyUslILAPrjwbU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/649fdc-0d3a-41ec-a1ce-dce947e294b6/1/9NCKHhy8kJJU6ea5yTn9haJoseE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.142.216.0/24

    Signature Algorithm: sha256WithRSAEncryption
         81:f4:c2:a9:c9:fb:34:5a:89:09:3e:8a:df:e1:80:3f:46:a3:
         bd:5b:5b:6a:38:a9:be:75:d0:12:80:e0:54:a6:c5:b1:22:1b:
         d9:3b:c2:26:e8:62:22:95:0e:1b:f4:ad:db:75:c6:2b:84:29:
         7b:5b:2a:43:bf:a0:59:0e:e2:15:16:48:dd:db:77:1c:c3:81:
         15:28:f2:cb:d0:b1:b8:ce:cb:3a:d5:78:84:00:fd:f2:1c:94:
         03:3e:87:39:94:83:3c:fe:2e:ae:9c:8a:80:44:00:bd:d0:7c:
         e6:01:9c:39:21:c2:5b:39:a3:dc:4d:3c:b5:af:2d:58:10:f1:
         f3:85:e4:16:6b:68:b7:a7:b5:cb:9f:2c:12:fa:98:9f:d8:9c:
         36:31:10:da:ec:a5:df:e9:60:89:d1:b3:39:00:c0:34:3b:52:
         0f:ff:f4:7b:28:43:f0:ea:54:2a:ce:3c:9a:59:4e:3b:68:af:
         09:1e:a1:3d:55:19:a2:d9:53:87:41:47:df:74:b9:79:f5:c3:
         a0:37:06:be:cc:40:f8:aa:c8:35:e2:17:5b:97:6f:bc:45:d1:
         64:bc:55:d2:3c:a6:df:7c:84:e8:8d:ed:74:88:92:69:94:81:
         0c:3c:24:58:b0:c2:5b:58:0d:25:14:e5:fe:91:b8:47:a9:2a:
         78:17:40:6d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY5iKH/x8Zk0lX4vE1P7YjqJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY0ZDA4YTFlMWNiYzkwOTI1NGU5ZTZiOWM5MzlmZDg1YTI2
OGIxZTEwHhcNMjQwMzIxMTc1NjQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMjU5MmJlMzE2NzY1MzgxZWZlNWZjOTRiMjUyMGIwMGZhZTNjMWI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2q8PEGvq1zWpmJqsZa3GO8RFKONA
n2HoT0MEuUgTVXd4IaiX0/bopnagkUG/LFGlWDfhvgDu22FPFf4ZgePcZNdvrLfQ
eGeFd+yZ6mrNW0eVX4S5EP289fMjtVL0pNMG+j4K4obOH8+blYmjWQutuCfpqH+f
3s3dB91Ui7dVDL8g622NB+LCSbs0LXowpuqMkVMMAoTzR2c3IcIFR9GUk+q7osUb
mz54nCwhWROYvEd6WKdJwkQdNpXGC2avjxDb72clmEkR2kd4PZLkygx3I9EymPJA
x9ErnrPmSzCuvYZIZpwYZmVmL/AfwGMIDel/opXNPBb3gaCYKr6IvhHPiwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMJZK+MWdlOB7+X8lLJSCwD648G1MB8GA1UdIwQY
MBaAFPTQih4cvJCSVOnmuck5/YWiaLHhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOU5DS0hoeThrSkpVNmVhNXlUbjloYUpvc2VFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi82NDlmZGMtMGQzYS00MWVjLWExY2Ut
ZGNlOTQ3ZTI5NGI2LzEvd2xrcjR4WjJVNEh2NWZ5VXNsSUxBUHJqd2JVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi82NDlmZGMtMGQzYS00MWVjLWExY2UtZGNlOTQ3ZTI5NGI2
LzEvOU5DS0hoeThrSkpVNmVhNXlUbjloYUpvc2VFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATo7YMA0G
CSqGSIb3DQEBCwUAA4IBAQCB9MKpyfs0WokJPorf4YA/RqO9W1tqOKm+ddASgOBU
psWxIhvZO8Im6GIilQ4b9K3bdcYrhCl7WypDv6BZDuIVFkjd23ccw4EVKPLL0LG4
zss61XiEAP3yHJQDPoc5lIM8/i6unIqARAC90HzmAZw5IcJbOaPcTTy1ry1YEPHz
heQWa2i3p7XLnywS+pif2Jw2MRDa7KXf6WCJ0bM5AMA0O1IP//R7KEPw6lQqzjya
WU47aK8JHqE9VRmi2VOHQUffdLl59cOgNwa+zED4qsg14hdbl2+8RdFkvFXSPKbf
fIToje10iJJplIEMPCRYsMJbWA0lFOX+kbhHqSp4F0Bt
-----END CERTIFICATE-----